diff --git a/.acrolinx-config.edn b/.acrolinx-config.edn
index e680e14a80..c7880180f3 100644
--- a/.acrolinx-config.edn
+++ b/.acrolinx-config.edn
@@ -1,4 +1,5 @@
-{:allowed-branchname-matches ["main" "release-.*"]
+{:changed-files-limit 60
+ :allowed-branchname-matches ["main" "release-.*"]
  :allowed-filename-matches ["windows/"]
  
   :targets 
diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 63dce77b81..075a516838 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -239,5 +239,19 @@
   "need_generate_pdf_url_template": true,
   "contribution_branch_mappings": {},
   "need_generate_pdf": false,
-  "need_generate_intellisense": false
-}
\ No newline at end of file
+  "need_generate_intellisense": false,
+  "redirection_files": [
+    ".openpublishing.redirection.browsers.json",
+    ".openpublishing.redirection.education.json",
+    ".openpublishing.redirection.json",
+    ".openpublishing.redirection.store-for-business.json",
+    ".openpublishing.redirection.windows-application-management.json",
+    ".openpublishing.redirection.windows-client-management.json",
+    ".openpublishing.redirection.windows-configuration.json",
+    ".openpublishing.redirection.windows-deployment.json",
+    ".openpublishing.redirection.windows-hub.json",
+    ".openpublishing.redirection.windows-privacy.json",
+    ".openpublishing.redirection.windows-security.json",
+    ".openpublishing.redirection.windows-whats-new.json"
+  ]
+}
diff --git a/.openpublishing.redirection.browsers.json b/.openpublishing.redirection.browsers.json
new file mode 100644
index 0000000000..0a24f19eed
--- /dev/null
+++ b/.openpublishing.redirection.browsers.json
@@ -0,0 +1,174 @@
+{
+  "redirections": [
+    {
+      "source_path": "browsers/edge/about-microsoft-edge.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/about-microsoft-edge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/available-policies.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/available-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/change-history-for-microsoft-edge.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/change-history-for-microsoft-edge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/edge-technical-demos.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/edge-technical-demos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/emie-to-improve-compatibility.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/emie-to-improve-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md",
+      "redirect_url": "/microsoft-edge/deploy/emie-to-improve-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/address-bar-settings-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/address-bar-settings-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/adobe-settings-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/adobe-settings-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/books-library-management-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/books-library-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/browser-settings-management-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/browser-settings-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/developer-settings-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/developer-settings-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/extensions-management-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/extensions-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/favorites-management-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/favorites-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/home-button-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/home-button-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/interoperability-enterprise-guidance-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/new-tab-page-settings-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/new-tab-page-settings-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/prelaunch-preload-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/prelaunch-preload-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/search-engine-customization-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/search-engine-customization-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/security-privacy-management-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/security-privacy-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/start-pages-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/start-pages-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/sync-browser-settings-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/sync-browser-settings-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/group-policies/telemetry-management-gp.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/telemetry-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/hardware-and-software-requirements.md",
+      "redirect_url": "/microsoft-edge/deploy/about-microsoft-edge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/img-microsoft-edge-infographic-lg.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/img-microsoft-edge-infographic-lg",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/managing-group-policy-admx-files.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/managing-group-policy-admx-files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/microsoft-edge-forrester.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/microsoft-edge-forrester",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/microsoft-edge-kiosk-mode-deploy.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/microsoft-edge-kiosk-mode-deploy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/new-policies.md",
+      "redirect_url": "/microsoft-edge/deploy/change-history-for-microsoft-edge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/security-enhancements-microsoft-edge.md",
+      "redirect_url": "/microsoft-edge/deploy/group-policies/security-privacy-management-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/troubleshooting-microsoft-edge.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/troubleshooting-microsoft-edge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/use-powershell-to manage-group-policy.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/use-powershell-to manage-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/edge/web-app-compat-toolkit.md",
+      "redirect_url": "/previous-versions/windows/edge-legacy/web-app-compat-toolkit",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md",
+      "redirect_url": "/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md",
+      "redirect_url": "/internet-explorer/kb-support/ie-edge-faqs",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.education.json b/.openpublishing.redirection.education.json
new file mode 100644
index 0000000000..94b0deccdb
--- /dev/null
+++ b/.openpublishing.redirection.education.json
@@ -0,0 +1,164 @@
+{
+  "redirections": [
+    {
+      "source_path": "education/developers.yml",
+      "redirect_url": "/education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/change-history-ms-edu-get-started.md",
+      "redirect_url": "/microsoft-365/education/deploy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/configure-microsoft-store-for-education.md",
+      "redirect_url": "/microsoft-365/education/deploy/microsoft-store-for-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/enable-microsoft-teams.md",
+      "redirect_url": "/microsoft-365/education/deploy/set-up-teams-for-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/finish-setup-and-other-tasks.md",
+      "redirect_url": "/microsoft-365/education/deploy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/get-started-with-microsoft-education.md",
+      "redirect_url": "/microsoft-365/education/deploy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/inclusive-classroom-it-admin.md",
+      "redirect_url": "/microsoft-365/education/deploy/inclusive-classroom-it-admin",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/index.md",
+      "redirect_url": "/education/get-started/get-started-with-microsoft-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/set-up-office365-edu-tenant.md",
+      "redirect_url": "/microsoft-365/education/deploy/create-your-office-365-tenant",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/set-up-windows-10-education-devices.md",
+      "redirect_url": "/microsoft-365/education/deploy/set-up-windows-10-education-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/set-up-windows-education-devices.md",
+      "redirect_url": "/microsoft-365/education/deploy/set-up-windows-10-education-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/use-intune-for-education.md",
+      "redirect_url": "/microsoft-365/education/deploy/use-intune-for-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/get-started/use-school-data-sync.md",
+      "redirect_url": "/microsoft-365/education/deploy/school-data-sync",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/itadmins.yml",
+      "redirect_url": "/education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/partners.yml",
+      "redirect_url": "/education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/change-history-edu.md",
+      "redirect_url": "/education/windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/change-to-pro-education.md",
+      "redirect_url": "/education/windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/education-scenarios-store-for-business.md",
+      "redirect_url": "/windows/resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/enable-s-mode-on-surface-go-devices.md",
+      "redirect_url": "/windows/deployment/s-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/get-minecraft-device-promotion.md",
+      "redirect_url": "/education/windows/get-minecraft-for-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/s-mode-switch-to-edu.md",
+      "redirect_url": "/education/windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/school-get-minecraft.md",
+      "redirect_url": "/education/windows/get-minecraft-for-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md",
+      "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/switch-to-pro-education.md",
+      "redirect_url": "/education/windows/change-to-pro-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/swithc-to-pro-de.md",
+      "redirect_url": "/education/windows/switch-to-pro-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/take-a-test-multiple-pcs.md",
+      "redirect_url": "/education/windows/edu-take-a-test-kiosk-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/take-a-test-single-pc.md",
+      "redirect_url": "/education/windows/take-tests-in-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/take-tests-in-windows-10.md",
+      "redirect_url": "/education/windows/take-tests-in-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/teacher-get-minecraft.md",
+      "redirect_url": "/education/windows/get-minecraft-for-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/test-windows10s-for-edu.md",
+      "redirect_url": "/windows/deployment/s-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/windows-10-pro-to-pro-edu-upgrade.md",
+      "redirect_url": "/education/windows/change-to-pro-education",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "education/windows/windows-automatic-redeployment.md",
+      "redirect_url": "/education/windows/autopilot-reset",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 2e4f6df9c5..7cc99f80b3 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1,473 +1,8 @@
 {
   "redirections": [
     {
-      "source_path": "windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md",
-      "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/application-management/manage-windows-mixed-reality.md",
-      "redirect_url": "/windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/browserfavorite-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/remotelock-ddf-file.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/remotelock-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/registry-ddf-file.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/registry-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/maps-ddf-file.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/maps-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/hotspot-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/filesystem-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterpriseext-ddf.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterpriseext-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/deviceinstanceservice-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/cm-proxyentries-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/bootstrap-csp.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-textinput.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-shell.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-rcspresence.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-otherassets.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-nfc.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-multivariant.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-modemconfigurations.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-messaging.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-internetexplorer.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-initialsetup.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-deviceinfo.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-calling.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-callandmessagingenhancement.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-automatictime.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-theme.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/wcd/wcd-embeddedlockdownprofiles.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/configure-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/lockdown-xml.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/mobile-lockdown-designer.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/provisioning-configure-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/provisioning-nfc.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/provisioning-package-splitter.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/settings-that-can-be-locked-down.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/mobile-devices/start-layout-xml-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/windows-11.md",
-      "redirect_url": "/windows/whats-new/windows-11-whats-new",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/use-json-customize-start-menu-windows.md",
-      "redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/application-management/msix-app-packaging-tool.md",
-      "redirect_url": "/windows/application-management/apps-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/about-microsoft-edge.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/about-microsoft-edge",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/available-policies.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/available-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/change-history-for-microsoft-edge.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/change-history-for-microsoft-edge",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/edge-technical-demos.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/edge-technical-demos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/emie-to-improve-compatibility.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/emie-to-improve-compatibility",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/img-microsoft-edge-infographic-lg.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/img-microsoft-edge-infographic-lg",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/managing-group-policy-admx-files.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/managing-group-policy-admx-files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/microsoft-edge-forrester.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/microsoft-edge-forrester",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/microsoft-edge-kiosk-mode-deploy.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/microsoft-edge-kiosk-mode-deploy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/troubleshooting-microsoft-edge.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/troubleshooting-microsoft-edge",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/use-powershell-to manage-group-policy.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/use-powershell-to manage-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/web-app-compat-toolkit.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/web-app-compat-toolkit",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/address-bar-settings-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/address-bar-settings-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/adobe-settings-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/adobe-settings-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/books-library-management-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/books-library-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/browser-settings-management-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/browser-settings-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/developer-settings-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/developer-settings-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/extensions-management-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/extensions-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/favorites-management-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/favorites-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/home-button-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/home-button-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/interoperability-enterprise-guidance-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/new-tab-page-settings-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/new-tab-page-settings-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/prelaunch-preload-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/prelaunch-preload-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/search-engine-customization-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/search-engine-customization-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/security-privacy-management-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/security-privacy-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/start-pages-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/start-pages-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/sync-browser-settings-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/sync-browser-settings-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/group-policies/telemetry-management-gp.md",
-      "redirect_url": "/previous-versions/windows/edge-legacy/group-policies/telemetry-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/citool-commands.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-whats-new.md",
-      "redirect_url": "/hololens/hololens-release-notes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-upgrade-enterprise.md",
-      "redirect_url": "/hololens/hololens-requirements#upgrade-to-windows-holographic-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-install-localized.md",
-      "redirect_url": "/hololens/hololens1-install-localized",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-install-apps.md",
-      "redirect_url": "/hololens/holographic-store-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-setup.md",
-      "redirect_url": "/hololens/hololens1-setup",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-use-apps.md",
-      "redirect_url": "/hololens/holographic-home#using-apps-on-hololens",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-get-apps.md",
-      "redirect_url": "/hololens/holographic-store-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-spaces-on-hololens.md",
-      "redirect_url": "/hololens/hololens-spaces",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-clicker.md",
-      "redirect_url": "/hololens/hololens1-clicker",
+      "source_path": "devices/hololens/holographic-photos-and-video.md",
+      "redirect_url": "/hololens/holographic-photos-and-videos",
       "redirect_document_id": false
     },
     {
@@ -475,3429 +10,2999 @@
       "redirect_url": "/hololens/hololens1-clicker#restart-or-recover-the-clicker",
       "redirect_document_id": false
     },
+    {
+      "source_path": "devices/hololens/hololens-clicker.md",
+      "redirect_url": "/hololens/hololens1-clicker",
+      "redirect_document_id": false
+    },
     {
       "source_path": "devices/hololens/hololens-find-and-save-files.md",
       "redirect_url": "/hololens/holographic-data",
       "redirect_document_id": false
     },
+    {
+      "source_path": "devices/hololens/hololens-get-apps.md",
+      "redirect_url": "/hololens/holographic-store-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-install-apps.md",
+      "redirect_url": "/hololens/holographic-store-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-install-localized.md",
+      "redirect_url": "/hololens/hololens1-install-localized",
+      "redirect_document_id": false
+    },
     {
       "source_path": "devices/hololens/hololens-management-overview.md",
       "redirect_url": "/hololens",
       "redirect_document_id": false
     },
+    {
+      "source_path": "devices/hololens/hololens-microsoft-dynamics-365-layout-app.md",
+      "redirect_url": "/dynamics365/mixed-reality/layout/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-microsoft-layout-app.md",
+      "redirect_url": "/hololens/hololens-microsoft-dynamics-365-layout-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-microsoft-remote-assist-app.md",
+      "redirect_url": "/dynamics365/mixed-reality/remote-assist/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-public-preview-apps.md",
+      "redirect_url": "/dynamics365/#pivot=mixed-reality-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-restart-recover.md",
+      "redirect_url": "/hololens/hololens-recovery",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-setup.md",
+      "redirect_url": "/hololens/hololens1-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-spaces-on-hololens.md",
+      "redirect_url": "/hololens/hololens-spaces",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-upgrade-enterprise.md",
+      "redirect_url": "/hololens/hololens-requirements#upgrade-to-windows-holographic-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-use-apps.md",
+      "redirect_url": "/hololens/holographic-home#using-apps-on-hololens",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/hololens/hololens-whats-new.md",
+      "redirect_url": "/hololens/hololens-release-notes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md",
+      "redirect_url": "/surface-hub/finishing-your-surface-hub-meeting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface-hub/intro-to-surface-hub.md",
+      "redirect_url": "/surface-hub/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md",
+      "redirect_url": "/surface-hub/admin-group-management-for-surface-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md",
+      "redirect_url": "/surface-hub/provisioning-packages-for-surface-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface-hub/surface-hub-administrators-guide.md",
+      "redirect_url": "/surface-hub/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md",
+      "redirect_url": "/surface/manage-surface-driver-and-firmware-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface/manage-surface-dock-firmware-updates.md",
+      "redirect_url": "/surface/indexdevices/surface/update",
+      "redirect_document_id": false
+    },
     {
       "source_path": "devices/surface/manage-surface-pro-3-firmware-updates.md",
       "redirect_url": "/surface/manage-surface-driver-and-firmware-updates",
       "redirect_document_id": false
     },
+    {
+      "source_path": "devices/surface/surface-device-compatibility-with-windows-10-ltsb.md",
+      "redirect_url": "/surface/surface-device-compatibility-with-windows-10-ltsc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface/surface-diagnostic-toolkit.md",
+      "redirect_url": "/surface/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "devices/surface/surface-dock-updater.md",
+      "redirect_url": "/surface/surface-dock-firmware-update",
+      "redirect_document_id": false
+    },
     {
       "source_path": "devices/surface/update.md",
       "redirect_url": "/surface/manage-surface-driver-and-firmware-updates",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md",
-      "redirect_url": "/azure/active-directory/devices/device-registration-how-it-works",
+      "source_path": "devices/surface/using-the-sda-deployment-share.md",
+      "redirect_url": "/surface/microsoft-surface-deployment-accelerator",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-containers-help-protect-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md",
-      "redirect_url": "/microsoft-edge/deploy/emie-to-improve-compatibility",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-update-sources.md",
-      "redirect_url": "/windows/deployment/update/how-windows-update-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-perspectives.md",
-      "redirect_url": "/windows/deployment/update/update-compliance-using",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/hardware-and-software-requirements.md",
-      "redirect_url": "/microsoft-edge/deploy/about-microsoft-edge",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/security-enhancements-microsoft-edge.md",
-      "redirect_url": "/microsoft-edge/deploy/group-policies/security-privacy-management-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/edge/new-policies.md",
-      "redirect_url": "/microsoft-edge/deploy/change-history-for-microsoft-edge",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/av-tests.md",
-      "redirect_url": "/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md",
-      "redirect_url": "/microsoft-365/security/mtp/top-scoring-industry-tests",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/transparency-report.md",
-      "redirect_url": "/windows/security/threat-protection/intelligence/av-tests",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-windows-insider-for-business-aad.md",
-      "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-add",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-windows-insider-for-business-faq.md",
-      "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md",
-      "redirect_url": "/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/encrypted-hard-drive.md",
-      "redirect_url": "/windows/security/information-protection/encrypted-hard-drive",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/secure-the-windows-10-boot-process.md",
-      "redirect_url": "/windows/security/information-protection/secure-the-windows-10-boot-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md",
-      "redirect_url": "/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md",
-      "redirect_url": "/windows/security/information-protection/tpm/change-the-tpm-owner-password",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/how-windows-uses-the-tpm.md",
-      "redirect_url": "/windows/security/information-protection/tpm/how-windows-uses-the-tpm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md",
-      "redirect_url": "/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/manage-tpm-commands.md",
-      "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-commands",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/manage-tpm-lockout.md",
-      "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-lockout",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md",
-      "redirect_url": "/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/tpm-fundamentals.md",
-      "redirect_url": "/windows/security/information-protection/tpm/tpm-fundamentals",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/tpm-recommendations.md",
-      "redirect_url": "/windows/security/information-protection/tpm/tpm-recommendations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-overview.md",
-      "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md",
-      "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md",
-      "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-top-node",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-windows-insider-for-business.md",
-      "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/device-guard-signing-portal.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md",
+      "source_path": "security/threat-protection/windows-defender-application-control/signing-policies-with-signtool.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
+      "source_path": "smb/cloud-mode-business-setup.md",
+      "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management",
+      "source_path": "smb/index.md",
+      "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management",
+      "source_path": "surface/step-by-step-surface-deployment-accelerator.md",
+      "redirect_url": "/surface/microsoft-surface-deployment-accelerator",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
+      "source_path": "windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-intune",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "source_path": "windows-docs-pr/windows/client-management/mdm/remotering-csp.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "source_path": "windows/access-protection/access-control/access-control.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/access-control",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
+      "source_path": "windows/access-protection/access-control/active-directory-accounts.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/active-directory-accounts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
+      "source_path": "windows/access-protection/access-control/active-directory-security-groups.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/active-directory-security-groups",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/administer-applocker-using-mdm.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm",
+      "source_path": "windows/access-protection/access-control/dynamic-access-control.md",
+      "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/administer-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker",
+      "source_path": "windows/access-protection/access-control/local-accounts.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/local-accounts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-architecture-and-components.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components",
+      "source_path": "windows/access-protection/access-control/microsoft-accounts.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/microsoft-accounts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-functions.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions",
+      "source_path": "windows/access-protection/access-control/security-identifiers.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/security-identifiers",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-overview.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview",
+      "source_path": "windows/access-protection/access-control/security-principals.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/security-principals",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-policies-deployment-guide.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide",
+      "source_path": "windows/access-protection/access-control/service-accounts.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/service-accounts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-policies-design-guide.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide",
+      "source_path": "windows/access-protection/access-control/special-identities.md",
+      "redirect_url": "/windows/security/identity-protection/access-control/special-identities",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-policy-use-scenarios.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios",
+      "source_path": "windows/access-protection/change-history-for-access-protection.md",
+      "redirect_url": "/windows/security/identity-protection/change-history-for-access-protection",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-processes-and-interactions.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions",
+      "source_path": "windows/access-protection/configure-s-mime.md",
+      "redirect_url": "/windows/security/identity-protection/configure-s-mime",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-settings.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings",
+      "source_path": "windows/access-protection/credential-guard/additional-mitigations.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/additional-mitigations",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/applocker-technical-reference.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-considerations.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-considerations",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-how-it-works.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-how-it-works",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-known-issues.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-known-issues",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-manage.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-manage",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/configure-the-application-identity-service.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-not-protected-scenarios.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/configure-the-appLocker-reference-device.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-protection-limits.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-requirements.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition",
+      "source_path": "windows/access-protection/credential-guard/credential-guard-scripts.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-scripts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition",
+      "source_path": "windows/access-protection/credential-guard/credential-guard.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition",
+      "source_path": "windows/access-protection/enterprise-certificate-pinning.md",
+      "redirect_url": "/windows/security/identity-protection/enterprise-certificate-pinning",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-applocker-default-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-and-password-changes.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-and-password-changes",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group",
+      "source_path": "windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-your-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies",
+      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-adfs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/create-your-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-deploy-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/delete-an-applocker-rule.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule",
+      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-policy-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting",
+      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production",
+      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement",
+      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-validate-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer",
+      "source_path": "windows/access-protection/hello-for-business/hello-deployment-cert-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/determine-your-application-control-objectives.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives",
+      "source_path": "windows/access-protection/hello-for-business/hello-deployment-guide.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-deployment-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
+      "source_path": "windows/access-protection/hello-for-business/hello-deployment-key-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/dll-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement",
+      "source_path": "windows/access-protection/hello-for-business/hello-event-300.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-event-300",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/document-your-application-list.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list",
+      "source_path": "windows/access-protection/hello-for-business/hello-features.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-features",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/document-your-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-how-it-works.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-how-it-works",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/edit-an-applocker-policy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-new-install.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/edit-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/enable-the-dll-rule-collection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/enforce-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/executable-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/how-applocker-works-techref.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/maintain-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-new-install.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust-devreg.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-manually.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/monitor-application-usage-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/optimize-applocker-performance.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-provision.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/plan-for-applocker-policy-management.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/refresh-an-applocker-policy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/requirements-to-use-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard",
+      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/script-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-identity-verification.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-identity-verification",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/security-considerations-for-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-adfs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/select-types-of-rules-to-create.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create",
+      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-deploy-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy",
+      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-policy-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/test-and-update-an-applocker-policy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy",
+      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/tools-to-use-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker",
+      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understand-applocker-enforcement-settings.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings",
+      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-validate-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions",
+      "source_path": "windows/access-protection/hello-for-business/hello-manage-in-organization.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-manage-in-organization",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy",
+      "source_path": "windows/access-protection/hello-for-business/hello-overview.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process",
+      "source_path": "windows/access-protection/hello-for-business/hello-planning-guide.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-planning-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-prepare-people-to-use.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-default-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules",
+      "source_path": "windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-behavior.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior",
+      "source_path": "windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-collections.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections",
+      "source_path": "windows/access-protection/remote-credential-guard.md",
+      "redirect_url": "/windows/security/identity-protection/remote-credential-guard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types",
+      "source_path": "windows/access-protection/smart-cards/smart-card-and-remote-desktop-services.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions",
+      "source_path": "windows/access-protection/smart-cards/smart-card-architecture.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-architecture",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker",
+      "source_path": "windows/access-protection/smart-cards/smart-card-certificate-propagation-service.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker",
+      "source_path": "windows/access-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker",
+      "source_path": "windows/access-protection/smart-cards/smart-card-debugging-information.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-debugging-information",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies",
+      "source_path": "windows/access-protection/smart-cards/smart-card-events.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-events",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
+      "source_path": "windows/access-protection/smart-cards/smart-card-group-policy-and-registry-settings.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets",
+      "source_path": "windows/access-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/using-event-viewer-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker",
+      "source_path": "windows/access-protection/smart-cards/smart-card-removal-policy-service.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies",
+      "source_path": "windows/access-protection/smart-cards/smart-card-smart-cards-for-windows-service.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/what-is-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker",
+      "source_path": "windows/access-protection/smart-cards/smart-card-tools-and-settings.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/windows-installer-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker",
+      "source_path": "windows/access-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md",
+      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/working-with-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies",
+      "source_path": "windows/access-protection/user-account-control/how-user-account-control-works.md",
+      "redirect_url": "/windows/security/identity-protection/user-account-control/how-user-account-control-works",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/applocker/working-with-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules",
+      "source_path": "windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md",
+      "redirect_url": "/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control",
+      "source_path": "windows/access-protection/user-account-control/user-account-control-overview.md",
+      "redirect_url": "/windows/security/identity-protection/user-account-control/user-account-control-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
+      "source_path": "windows/access-protection/user-account-control/user-account-control-security-policy-settings.md",
+      "redirect_url": "/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-get-started.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-enable-virtualization-based-security.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/enable-virtualization-based-security",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-overview.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
+      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md",
+      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control",
+      "source_path": "windows/access-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information",
+      "source_path": "windows/access-protection/vpn/vpn-authentication.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-authentication",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health",
+      "source_path": "windows/access-protection/vpn/vpn-auto-trigger-profile.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-auto-trigger-profile",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-family-options.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options",
+      "source_path": "windows/access-protection/vpn/vpn-conditional-access.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-conditional-access",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection",
+      "source_path": "windows/access-protection/vpn/vpn-connection-type.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-connection-type",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications",
+      "source_path": "windows/access-protection/vpn/vpn-guide.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection",
+      "source_path": "windows/access-protection/vpn/vpn-name-resolution.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-name-resolution",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center",
+      "source_path": "windows/access-protection/vpn/vpn-profile-options.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-profile-options",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
+      "source_path": "windows/access-protection/vpn/vpn-routing.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-routing",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "source_path": "windows/access-protection/vpn/vpn-security-features.md",
+      "redirect_url": "/windows/security/identity-protection/vpn/vpn-security-features",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package",
+      "source_path": "windows/access-protection/windows-credential-theft-mitigation-guide-abstract.md",
+      "redirect_url": "/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/controlled-folders",
+      "source_path": "windows/access-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction",
+      "source_path": "windows/access-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-controlled-folders",
+      "source_path": "windows/access-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md",
-      "redirect_url": "/windows/security/microsoft-defender-atp/customize-exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/assign-security-group-filters-to-the-gpo",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/basic-firewall-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/basic-firewall-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/boundary-zone-gpos.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/boundary-zone-gpos",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction",
+      "source_path": "windows/access-protection/windows-firewall/boundary-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/boundary-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-controlled-folders",
+      "source_path": "windows/access-protection/windows-firewall/certificate-based-isolation-policy-design-example.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/certificate-based-isolation-policy-design-example",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/certificate-based-isolation-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/certificate-based-isolation-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-network-protection",
+      "source_path": "windows/access-protection/windows-firewall/change-rules-from-request-to-require-mode.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/change-rules-from-request-to-require-mode",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction",
+      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-basic-firewall-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access",
+      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-network-protection",
+      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/event-views",
+      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/checklist-creating-group-policy-objects.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-group-policy-objects",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/graphics.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-inbound-firewall-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/import-export-exploit-protection-emet-xml",
+      "source_path": "windows/access-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-outbound-firewall-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/network-protection",
+      "source_path": "windows/access-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/prerelease.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prerelease",
+      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-asr",
+      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
+      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-np",
+      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "source_path": "windows/access-protection/windows-firewall/configure-authentication-methods.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-authentication-methods",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/configure-data-protection-quick-mode-settings.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-data-protection-quick-mode-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-features",
+      "source_path": "windows/access-protection/windows-firewall/configure-key-exchange-main-mode-settings.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-key-exchange-main-mode-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-language",
+      "source_path": "windows/access-protection/windows-firewall/configure-the-rules-to-require-encryption.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-the-rules-to-require-encryption",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-best-practices",
+      "source_path": "windows/access-protection/windows-firewall/configure-the-windows-firewall-log.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-the-windows-firewall-log",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference",
+      "source_path": "windows/access-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-the-workstation-authentication-certificate-template",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-language",
+      "source_path": "windows/access-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-overview",
+      "source_path": "windows/access-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-overview",
+      "source_path": "windows/access-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference",
+      "source_path": "windows/access-protection/windows-firewall/create-a-group-account-in-active-directory.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-a-group-account-in-active-directory",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefilecertificateinfo-table",
+      "source_path": "windows/access-protection/windows-firewall/create-a-group-policy-object.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-a-group-policy-object",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessment-table",
+      "source_path": "windows/access-protection/windows-firewall/create-an-authentication-exemption-list-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-authentication-exemption-list-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
+      "source_path": "windows/access-protection/windows-firewall/create-an-authentication-request-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-authentication-request-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
+      "source_path": "windows/access-protection/windows-firewall/create-an-inbound-icmp-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-inbound-icmp-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
+      "source_path": "windows/access-protection/windows-firewall/create-an-inbound-port-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-inbound-port-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-supported-os",
+      "source_path": "windows/access-protection/windows-firewall/create-an-inbound-program-or-service-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-inbound-program-or-service-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table",
+      "source_path": "windows/access-protection/windows-firewall/create-an-outbound-port-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-outbound-port-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefileevents-table",
+      "source_path": "windows/access-protection/windows-firewall/create-an-outbound-program-or-service-rule.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-outbound-program-or-service-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceimageloadevents-table",
+      "source_path": "windows/access-protection/windows-firewall/create-inbound-rules-to-support-rpc.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-inbound-rules-to-support-rpc",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicelogonevents-table",
+      "source_path": "windows/access-protection/windows-firewall/create-wmi-filters-for-the-gpo.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-wmi-filters-for-the-gpo",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceinfo-table",
+      "source_path": "windows/access-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkinfo-table",
+      "source_path": "windows/access-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/determining-the-trusted-state-of-your-devices",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceevents-table",
+      "source_path": "windows/access-protection/windows-firewall/documenting-the-zones.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/documenting-the-zones",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkevents-table",
+      "source_path": "windows/access-protection/windows-firewall/domain-isolation-policy-design-example.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/domain-isolation-policy-design-example",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceprocessevents-table",
+      "source_path": "windows/access-protection/windows-firewall/domain-isolation-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/domain-isolation-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceregistryevents-table",
+      "source_path": "windows/access-protection/windows-firewall/enable-predefined-inbound-rules.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/enable-predefined-inbound-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/enable-predefined-outbound-rules.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/enable-predefined-outbound-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue",
+      "source_path": "windows/access-protection/windows-firewall/encryption-zone-gpos.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/encryption-zone-gpos",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue-endpoint-detection-response",
+      "source_path": "windows/access-protection/windows-firewall/encryption-zone.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/encryption-zone",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-portal-mapping",
+      "source_path": "windows/access-protection/windows-firewall/exempt-icmp-from-authentication.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/exempt-icmp-from-authentication",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/apis-intro.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/apis-intro",
+      "source_path": "windows/access-protection/windows-firewall/exemption-list.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/exemption-list",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/api-hello-world.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-hello-world",
+      "source_path": "windows/access-protection/windows-firewall/firewall-gpos.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/firewall-gpos",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/firewall-policy-design-example.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/firewall-policy-design-example",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-information-about-your-active-directory-deployment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/assign-portal-access",
+      "source_path": "windows/access-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-simulations",
+      "source_path": "windows/access-protection/windows-firewall/gathering-information-about-your-devices.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-information-about-your-devices",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/automated-investigations",
+      "source_path": "windows/access-protection/windows-firewall/gathering-other-relevant-information.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-other-relevant-information",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/basic-permissions",
+      "source_path": "windows/access-protection/windows-firewall/gathering-the-information-you-need.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-the-information-you-need",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-boundary.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-boundary",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/check-sensor-status",
+      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-encryption.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-encryption",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-firewall.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-firewall",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/community",
+      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-isolateddomain-clients",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/conditional-access",
+      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-isolateddomain-servers",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-arcsight",
+      "source_path": "windows/access-protection/windows-firewall/isolated-domain-gpos.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/isolated-domain-gpos",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-and-manage-tvm",
+      "source_path": "windows/access-protection/windows-firewall/isolated-domain.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/isolated-domain",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-dashboard-insights",
+      "source_path": "windows/access-protection/windows-firewall/isolating-apps-on-your-network.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/isolating-apps-on-your-network",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-attack-surface-reduction",
+      "source_path": "windows/access-protection/windows-firewall/link-the-gpo-to-the-domain.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/link-the-gpo-to-the-domain",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-conditional-access",
+      "source_path": "windows/access-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-email-notifications",
+      "source_path": "windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/open-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-windows-firewall-with-advanced-security",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/planning-certificate-based-authentication.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-certificate-based-authentication",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints",
+      "source_path": "windows/access-protection/windows-firewall/planning-domain-isolation-zones.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-domain-isolation-zones",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/planning-gpo-deployment.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-gpo-deployment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-gp",
+      "source_path": "windows/access-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/planning-isolation-groups-for-the-zones.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-isolation-groups-for-the-zones",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-mdm",
+      "source_path": "windows/access-protection/windows-firewall/planning-network-access-groups.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-network-access-groups",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/planning-server-isolation-zones.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-server-isolation-zones",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows",
+      "source_path": "windows/access-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/planning-the-gpos.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-the-gpos",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-sccm",
+      "source_path": "windows/access-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-script",
+      "source_path": "windows/access-protection/windows-firewall/procedures-used-in-this-guide.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/procedures-used-in-this-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection",
+      "source_path": "windows/access-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/protect-devices-from-unwanted-network-traffic",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-vdi",
+      "source_path": "windows/access-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-mssp-support",
+      "source_path": "windows/access-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-proxy-internet",
+      "source_path": "windows/access-protection/windows-firewall/restrict-access-to-only-trusted-devices.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/restrict-access-to-only-trusted-devices",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-proxy-internet",
+      "source_path": "windows/access-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-endpoints",
+      "source_path": "windows/access-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-endpoints",
+      "source_path": "windows/access-protection/windows-firewall/server-isolation-gpos.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/server-isolation-gpos",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "source_path": "windows/access-protection/windows-firewall/server-isolation-policy-design-example.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/server-isolation-policy-design-example",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "source_path": "windows/access-protection/windows-firewall/server-isolation-policy-design.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/server-isolation-policy-design",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "source_path": "windows/access-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-splunk",
+      "source_path": "windows/access-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "source_path": "windows/access-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/verify-that-network-traffic-is-authenticated",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-ti-api",
+      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-detection-rules",
+      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings",
+      "source_path": "windows/configure/basic-level-windows-diagnostic-events-and-fields-1703.md",
+      "redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings",
+      "source_path": "windows/configure/change-history-for-configure-windows-10.md",
+      "redirect_url": "/windows/configuration/change-history-for-configure-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/data-storage-privacy",
+      "source_path": "windows/configure/changes-to-start-policies-in-windows-10.md",
+      "redirect_url": "/windows/configuration/changes-to-start-policies-in-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/data-storage-privacy",
+      "source_path": "windows/configure/configure-devices-without-mdm.md",
+      "redirect_url": "/windows/configuration/configure-devices-without-mdm",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-compatibility",
+      "source_path": "windows/configure/configure-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-compatibility",
+      "source_path": "windows/configure/configure-windows-10-taskbar.md",
+      "redirect_url": "/windows/configuration/configure-windows-10-taskbar",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/deprecate.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deprecate",
+      "source_path": "windows/configure/configure-windows-telemetry-in-your-organization.md",
+      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/configure/cortana-at-work-crm.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-crm",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-custom-ti",
+      "source_path": "windows/configure/cortana-at-work-feedback.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-feedback",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/configure/cortana-at-work-o365.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-o365",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "source_path": "windows/configure/cortana-at-work-overview.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "source_path": "windows/configure/cortana-at-work-policy-settings.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-policy-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "source_path": "windows/configure/cortana-at-work-powerbi.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-powerbi",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "source_path": "windows/configure/cortana-at-work-scenario-1.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-1",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/evaluate-atp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-atp",
+      "source_path": "windows/configure/cortana-at-work-scenario-2.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-2",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/event-error-codes",
+      "source_path": "windows/configure/cortana-at-work-scenario-3.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-3",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/event-error-codes",
+      "source_path": "windows/configure/cortana-at-work-scenario-4.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-4",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/configure/cortana-at-work-scenario-5.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/experiment-custom-ti",
+      "source_path": "windows/configure/cortana-at-work-scenario-6.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-6",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/configure/cortana-at-work-scenario-7.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-7",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "source_path": "windows/configure/cortana-at-work-testing-scenarios.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "source_path": "windows/configure/cortana-at-work-voice-commands.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-voice-commands",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealthy-sensors.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "source_path": "windows/configure/customize-and-export-start-layout.md",
+      "redirect_url": "/windows/configuration/customize-and-export-start-layout",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection",
+      "source_path": "windows/configure/customize-windows-10-start-screens-by-using-group-policy.md",
+      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-group-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection",
+      "source_path": "windows/configure/customize-windows-10-start-screens-by-using-mobile-device-management.md",
+      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection",
+      "source_path": "windows/configure/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
+      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection",
+      "source_path": "windows/configure/guidelines-for-assigned-access-app.md",
+      "redirect_url": "/windows/configuration/guidelines-for-assigned-access-app",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinegroups-collection",
+      "source_path": "windows/configure/how-it-pros-can-use-configuration-service-providers.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinegroups-collection",
+      "source_path": "windows/configure/index.md",
+      "redirect_url": "/windows/configuration/index",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection",
+      "source_path": "windows/configure/kiosk-shared-pc.md",
+      "redirect_url": "/windows/configuration/kiosk-shared-pc",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection",
+      "source_path": "windows/configure/lock-down-windows-10-to-specific-apps.md",
+      "redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-in-windows-config",
+      "source_path": "windows/configure/lock-down-windows-10.md",
+      "redirect_url": "/windows/configuration/lock-down-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "source_path": "windows/configure/lockdown-features-windows-10.md",
+      "redirect_url": "/windows/configuration/lockdown-features-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-in-windows-overview",
+      "source_path": "windows/configure/lockdown-xml.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-alerts",
+      "source_path": "windows/configure/manage-connections-from-windows-operating-system-components-to-microsoft-services.md",
+      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-alerts",
+      "source_path": "windows/configure/manage-tips-and-suggestions.md",
+      "redirect_url": "/windows/configuration/manage-tips-and-suggestions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-domain",
+      "source_path": "windows/configure/manage-wifi-sense-in-enterprise.md",
+      "redirect_url": "/windows/configuration/manage-wifi-sense-in-enterprise",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-domain",
+      "source_path": "windows/configure/mobile-lockdown-designer.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-files",
+      "source_path": "windows/configure/product-ids-in-windows-10-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-files",
+      "source_path": "windows/configure/provision-pcs-for-initial-deployment.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-incidents",
+      "source_path": "windows/configure/provision-pcs-with-apps-and-certificates.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-ip",
+      "source_path": "windows/configure/provision-pcs-with-apps.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-ip",
+      "source_path": "windows/configure/provisioning-apply-package.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-apply-package",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-machines",
+      "source_path": "windows/configure/provisioning-command-line.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-command-line",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-machines",
+      "source_path": "windows/configure/provisioning-configure-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-user",
+      "source_path": "windows/configure/provisioning-create-package.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-create-package",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-user",
+      "source_path": "windows/configure/provisioning-how-it-works.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-how-it-works",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/production-deployment",
+      "source_path": "windows/configure/provisioning-install-icd.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-install-icd",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/licensing",
+      "source_path": "windows/configure/provisioning-multivariant.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-multivariant",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-groups",
+      "source_path": "windows/configure/provisioning-nfc.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-reports",
+      "source_path": "windows/configure/provisioning-package-splitter.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection",
+      "source_path": "windows/configure/provisioning-packages.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machines-view-overview",
+      "source_path": "windows/configure/provisioning-powershell.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-powershell",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-tags",
+      "source_path": "windows/configure/provisioning-script-to-install-app.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-script-to-install-app",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection",
+      "source_path": "windows/configure/provisioning-uninstall-package.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-alerts",
+      "source_path": "windows/configure/set-up-a-device-for-anyone-to-use.md",
+      "redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-auto-investigation",
+      "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
+      "redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-allowed-blocked-list",
+      "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-file-uploads",
+      "source_path": "windows/configure/set-up-shared-or-guest-pc.md",
+      "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-folder-exclusions",
+      "source_path": "windows/configure/settings-that-can-be-locked-down.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-edr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-edr",
+      "source_path": "windows/configure/start-layout-xml-desktop.md",
+      "redirect_url": "/windows/configuration/start-layout-xml-desktop",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-edrmanage-edr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
+      "source_path": "windows/configure/start-layout-xml-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/management-apis.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/management-apis",
+      "source_path": "windows/configure/start-secondary-tiles.md",
+      "redirect_url": "/windows/configuration/start-secondary-tiles",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-incidents",
+      "source_path": "windows/configure/start-taskbar-lockscreen.md",
+      "redirect_url": "/windows/configuration/start-taskbar-lockscreen",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-suppression-rules",
+      "source_path": "windows/configure/stop-employees-from-using-the-windows-store.md",
+      "redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection",
+      "source_path": "windows/configure/windows-10-start-layout-options-and-policies.md",
+      "redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/minimum-requirements",
+      "source_path": "windows/configure/windows-diagnostic-data-1703.md",
+      "redirect_url": "/windows/configuration/windows-diagnostic-data",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mssp-support",
+      "source_path": "windows/configure/windows-spotlight.md",
+      "redirect_url": "/windows/configuration/windows-spotlight",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt",
+      "source_path": "windows/deploy-windows-cm/upgrade-to-windows-with-configuraton-manager.md",
+      "redirect_url": "/windows/deploy-windows-cm/upgrade-to-windows-with-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machines",
+      "source_path": "windows/deploy/activate-forest-by-proxy-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/activate-forest-by-proxy-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/activate-forest-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/activate-forest-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/activate-using-active-directory-based-activation-client.md",
+      "redirect_url": "/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-configure",
+      "source_path": "windows/deploy/activate-using-key-management-service-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/activate-using-key-management-service-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-downlevel",
+      "source_path": "windows/deploy/activate-windows-10-clients-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/activate-windows-10-clients-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard",
+      "source_path": "windows/deploy/active-directory-based-activation-overview.md",
+      "redirect_url": "/windows/deployment/volume-activation/active-directory-based-activation-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-offline-machines",
+      "source_path": "windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview",
+      "source_path": "windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/add-manage-products-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/add-manage-products-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction",
+      "source_path": "windows/deploy/add-remove-computers-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/add-remove-computers-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
+      "source_path": "windows/deploy/add-remove-product-key-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/add-remove-product-key-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation",
+      "source_path": "windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md",
+      "redirect_url": "/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/assign-applications-using-roles-in-mdt-2013.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt-2013",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/secure-score-dashboard",
+      "source_path": "windows/deploy/assign-applications-using-roles-in-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-secure-score",
+      "source_path": "windows/deploy/change-history-for-deploy-windows-10.md",
+      "redirect_url": "/windows/deployment/change-history-for-deploy-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-score",
+      "source_path": "windows/deploy/configure-a-pxe-server-to-load-windows-pe.md",
+      "redirect_url": "/windows/deployment/configure-a-pxe-server-to-load-windows-pe",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configuration-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices",
+      "source_path": "windows/deploy/configure-client-computers-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/configure-client-computers-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-score",
+      "source_path": "windows/deploy/configure-mdt-2013-for-userexit-scripts.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-2013-for-userexit-scripts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices",
+      "source_path": "windows/deploy/configure-mdt-2013-settings.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-2013-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-score",
+      "source_path": "windows/deploy/configure-mdt-deployment-share-rules.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/partner-applications",
+      "source_path": "windows/deploy/configure-mdt-for-userexit-scripts.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/configure-mdt-settings.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/portal-overview",
+      "source_path": "windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/powerbi-reports",
+      "source_path": "windows/deploy/create-a-windows-10-reference-image.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-power-bi",
+      "source_path": "windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/deploy-a-windows-10-image-using-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/powershell-example-code",
+      "source_path": "windows/deploy/deploy-whats-new.md",
+      "redirect_url": "/windows/deployment/deploy-whats-new",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/deploy-windows-to-go.md",
+      "redirect_url": "/windows/deployment/deploy-windows-to-go",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-apis",
+      "source_path": "windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/preferences-setup",
+      "source_path": "windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease",
+      "source_path": "windows/deploy/getting-started-with-the-user-state-migration-tool.md",
+      "redirect_url": "/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/prerelease.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prerelease",
+      "source_path": "windows/deploy/import-export-vamt-data.md",
+      "redirect_url": "/windows/deployment/volume-activation/import-export-vamt-data",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/index.md",
+      "redirect_url": "/windows/deployment/index",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/preview",
+      "source_path": "windows/deploy/install-configure-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/install-configure-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/install-kms-client-key-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/install-kms-client-key-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/preview-settings",
+      "source_path": "windows/deploy/install-product-key-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/install-product-key-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/install-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/install-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api",
+      "source_path": "windows/deploy/introduction-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/introduction-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/key-features-in-mdt-2013.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/key-features-in-mdt-2013",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/python-example-code",
+      "source_path": "windows/deploy/key-features-in-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/key-features-in-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/python-example-code.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/deploy/kms-activation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/kms-activation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/rbac",
+      "source_path": "windows/deploy/local-reactivation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/local-reactivation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/manage-activations-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/manage-activations-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-file-alerts",
+      "source_path": "windows/deploy/manage-product-keys-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/manage-product-keys-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/manage-vamt-data.md",
+      "redirect_url": "/windows/deployment/volume-activation/manage-vamt-data",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-machine-alerts",
+      "source_path": "windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/response-actions.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-machine-alerts",
+      "source_path": "windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/mbr-to-gpt.md",
+      "redirect_url": "/windows/deployment/mbr-to-gpt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/mdt-2013-lite-touch-components.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/mdt-2013-lite-touch-components",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/response-actions",
+      "source_path": "windows/deploy/mdt-lite-touch-components.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/migrate-application-settings.md",
+      "redirect_url": "/windows/deployment/usmt/migrate-application-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-detection-test",
+      "source_path": "windows/deploy/migration-store-types-overview.md",
+      "redirect_url": "/windows/deployment/usmt/migration-store-types-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/monitor-activation-client.md",
+      "redirect_url": "/windows/deployment/volume-activation/monitor-activation-client",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/security-operations-dashboard",
+      "source_path": "windows/deploy/offline-migration-reference.md",
+      "redirect_url": "/windows/deployment/usmt/offline-migration-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/online-activation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/online-activation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/service-status",
+      "source_path": "windows/deploy/plan-for-volume-activation-client.md",
+      "redirect_url": "/windows/deployment/volume-activation/plan-for-volume-activation-client",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt-2013",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/supported-response-apis",
+      "source_path": "windows/deploy/prepare-for-windows-deployment-with-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
+      "source_path": "windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/provision-pcs-for-initial-deployment.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-indicator-concepts",
+      "source_path": "windows/deploy/provision-pcs-with-apps-and-certificates.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-integration",
+      "source_path": "windows/deploy/provisioning-apply-package.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-apply-package",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-reports",
+      "source_path": "windows/deploy/provisioning-command-line.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-command-line",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/provisioning-create-package.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-create-package",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/time-settings",
+      "source_path": "windows/deploy/provisioning-how-it-works.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-how-it-works",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/provisioning-install-icd.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-install-icd",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/provisioning-multivariant.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-multivariant",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/provisioning-nfc.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/provisioning-packages.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/provisioning-script-to-install-app.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-script-to-install-app",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-overview",
+      "source_path": "windows/deploy/provisioning-uninstall-package.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/proxy-activation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/proxy-activation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-custom-ti",
+      "source_path": "windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/deploy/refresh-a-windows-7-computer-with-windows-10.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/remove-products-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/remove-products-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding",
+      "source_path": "windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding-error-messages",
+      "source_path": "windows/deploy/resolve-windows-10-upgrade-errors.md",
+      "redirect_url": "/windows/deployment/upgrade/resolve-windows-10-upgrade-errors",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/scenario-kms-activation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/scenario-kms-activation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-siem",
+      "source_path": "windows/deploy/scenario-online-activation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/scenario-online-activation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/scenario-proxy-activation-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/scenario-proxy-activation-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use",
+      "source_path": "windows/deploy/set-up-mdt-2013-for-bitlocker.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/set-up-mdt-2013-for-bitlocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/deploy/set-up-mdt-for-bitlocker.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/deploy/sideload-apps-in-windows-10.md",
+      "redirect_url": "/windows/application-management/sideload-apps-in-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "source_path": "windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/user-roles",
+      "source_path": "windows/deploy/troubleshoot-upgrade-analytics.md",
+      "redirect_url": "/windows/deployment/upgrade/troubleshoot-upgrade-readiness",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/troubleshoot-upgrade-readiness.md",
+      "redirect_url": "/windows/deployment/upgrade/troubleshoot-upgrade-readiness",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/whats-new-in-microsoft-defender-atp",
+      "source_path": "windows/deploy/understanding-migration-xml-files.md",
+      "redirect_url": "/windows/deployment/usmt/understanding-migration-xml-files",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-config",
+      "source_path": "windows/deploy/update-product-status-vamt.md",
+      "redirect_url": "/windows/deployment/volume-activation/update-product-status-vamt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration",
+      "source_path": "windows/deploy/update-windows-10-images-with-provisioning-packages.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "source_path": "windows/deploy/upgrade-analytics-additional-insights.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-additional-insights",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center",
+      "source_path": "windows/deploy/upgrade-analytics-architecture.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-architecture",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-threat-experts",
+      "source_path": "windows/deploy/upgrade-analytics-deploy-windows.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deploy-windows",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-deployment-script.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deployment-script",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-get-started.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-get-started",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-guard/install-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-identify-apps.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-identify-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-prepare-your-environment.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-identify-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-release-notes.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview",
+      "source_path": "windows/deploy/upgrade-analytics-requirements.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-resolve-issues.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-resolve-issues",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-review-site-discovery.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-additional-insights",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard",
+      "source_path": "windows/deploy/upgrade-analytics-upgrade-overview.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-upgrade-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard",
+      "source_path": "windows/deploy/upgrade-readiness-additional-insights.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-additional-insights",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard",
+      "source_path": "windows/deploy/upgrade-readiness-architecture.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-architecture",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview",
+      "source_path": "windows/deploy/upgrade-readiness-data-sharing.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-data-sharing",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-diagnostic-data-update-compliance",
+      "source_path": "windows/deploy/upgrade-readiness-deploy-windows.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deploy-windows",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-deployment-script.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deployment-script",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-get-started.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-get-started",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-identify-apps.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-identify-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-release-notes.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-release-notes",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-requirements.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-resolve-issues.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-resolve-issues",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-readiness-upgrade-overview.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-upgrade-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md",
+      "redirect_url": "/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt-2013",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-orchestrator-runbooks-with-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-the-volume-activation-management-tool-client.md",
+      "redirect_url": "/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md",
+      "redirect_url": "/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md",
+      "redirect_url": "/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-vamt-in-windows-powershell.md",
+      "redirect_url": "/windows/deployment/volume-activation/use-vamt-in-windows-powershell",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
+      "source_path": "windows/deploy/use-web-services-in-mdt-2013.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt-2013",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/use-web-services-in-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-best-practices.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-best-practices",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-choose-migration-store-type.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-choose-migration-store-type",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-command-line-syntax.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-command-line-syntax",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-common-issues.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-common-issues",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-common-migration-scenarios.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-common-migration-scenarios",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-configxml-file.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-configxml-file",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-conflicts-and-precedence.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-conflicts-and-precedence",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-custom-xml-examples.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-custom-xml-examples",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-customize-xml-files.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-customize-xml-files",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-determine-what-to-migrate.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-determine-what-to-migrate",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-estimate-migration-store-size.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-estimate-migration-store-size",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-exclude-files-and-settings.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-exclude-files-and-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-faq.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-faq",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-general-conventions.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-general-conventions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-hard-link-migration-store.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-hard-link-migration-store",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-how-it-works.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-how-it-works",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-how-to.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-how-to",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-identify-application-settings.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-identify-application-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-identify-file-types-files-and-folders.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-identify-file-types-files-and-folders",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-reporting",
+      "source_path": "windows/deploy/usmt-identify-operating-system-settings.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-identify-operating-system-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-identify-users.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-identify-users",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-include-files-and-settings.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-include-files-and-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-loadstate-syntax.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-loadstate-syntax",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-log-files.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-log-files",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus",
+      "source_path": "windows/deploy/usmt-migrate-efs-files-and-certificates.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility",
+      "source_path": "windows/deploy/usmt-migrate-user-accounts.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-migrate-user-accounts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10",
+      "source_path": "windows/deploy/usmt-migration-store-encryption.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-migration-store-encryption",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
+      "source_path": "windows/deploy/usmt-overview.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-offline",
+      "source_path": "windows/deploy/usmt-plan-your-migration.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-plan-your-migration",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus",
+      "source_path": "windows/deploy/usmt-recognized-environment-variables.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-recognized-environment-variables",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/block-untrusted-fonts-in-enterprise.md",
-      "redirect_url": "/windows/security/threat-protection/block-untrusted-fonts-in-enterprise",
+      "source_path": "windows/deploy/usmt-reference.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/change-history-for-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/change-history-for-threat-protection",
+      "source_path": "windows/deploy/usmt-requirements.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/override-mitigation-options-for-app-related-security-policies.md",
-      "redirect_url": "/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies",
+      "source_path": "windows/deploy/usmt-reroute-files-and-settings.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-reroute-files-and-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/overview-of-threat-mitigations-in-windows-10.md",
-      "redirect_url": "/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10",
+      "source_path": "windows/deploy/usmt-resources.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-resources",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md",
-      "redirect_url": "/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection",
+      "source_path": "windows/deploy/usmt-return-codes.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-return-codes",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md",
-      "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/",
+      "source_path": "windows/deploy/usmt-scanstate-syntax.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-scanstate-syntax",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control",
+      "source_path": "windows/deploy/usmt-technical-reference.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-technical-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/access-credential-manager-as-a-trusted-caller.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller",
+      "source_path": "windows/deploy/usmt-test-your-migration.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-test-your-migration",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/access-this-computer-from-the-network.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network",
+      "source_path": "windows/deploy/usmt-topics.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-topics",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/account-lockout-duration.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-lockout-duration",
+      "source_path": "windows/deploy/usmt-troubleshooting.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-troubleshooting",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/account-lockout-policy.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-lockout-policy",
+      "source_path": "windows/deploy/usmt-utilities.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-utilities",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/account-lockout-threshold.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-lockout-threshold",
+      "source_path": "windows/deploy/usmt-what-does-usmt-migrate.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-what-does-usmt-migrate",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/account-policies.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-policies",
+      "source_path": "windows/deploy/usmt-xml-elements-library.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-xml-elements-library",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/accounts-administrator-account-status.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status",
+      "source_path": "windows/deploy/usmt-xml-reference.md",
+      "redirect_url": "/windows/deployment/usmt/usmt-xml-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/accounts-block-microsoft-accounts.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts",
+      "source_path": "windows/deploy/vamt-known-issues.md",
+      "redirect_url": "/windows/deployment/volume-activation/vamt-known-issues",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/accounts-guest-account-status.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status",
+      "source_path": "windows/deploy/vamt-requirements.md",
+      "redirect_url": "/windows/deployment/volume-activation/vamt-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only",
+      "source_path": "windows/deploy/vamt-step-by-step.md",
+      "redirect_url": "/windows/deployment/volume-activation/vamt-step-by-step",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/accounts-rename-administrator-account.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account",
+      "source_path": "windows/deploy/verify-the-condition-of-a-compressed-migration-store.md",
+      "redirect_url": "/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/accounts-rename-guest-account.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account",
+      "source_path": "windows/deploy/volume-activation-management-tool.md",
+      "redirect_url": "/windows/deployment/volume-activation/volume-activation-management-tool",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/act-as-part-of-the-operating-system.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system",
+      "source_path": "windows/deploy/volume-activation-windows-10.md",
+      "redirect_url": "/windows/deployment/volume-activation/volume-activation-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/add-workstations-to-domain.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain",
+      "source_path": "windows/deploy/windows-10-deployment-scenarios.md",
+      "redirect_url": "/windows/deployment/windows-10-deployment-scenarios",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process",
+      "source_path": "windows/deploy/windows-10-deployment-tools-reference.md",
+      "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/administer-security-policy-settings.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings",
+      "source_path": "windows/deploy/windows-10-edition-upgrades.md",
+      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/allow-log-on-locally.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/allow-log-on-locally",
+      "source_path": "windows/deploy/windows-10-enterprise-e3-overview.md",
+      "redirect_url": "/windows/deployment/windows-10-enterprise-e3-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/allow-log-on-through-remote-desktop-services.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services",
+      "source_path": "windows/deploy/windows-10-poc-mdt.md",
+      "redirect_url": "/windows/deployment/windows-10-poc-mdt",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/audit-audit-the-access-of-global-system-objects.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects",
+      "source_path": "windows/deploy/windows-10-poc-sc-config-mgr.md",
+      "redirect_url": "/windows/deployment/windows-10-poc-sc-config-mgr",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege",
+      "source_path": "windows/deploy/windows-10-poc.md",
+      "redirect_url": "/windows/deployment/windows-10-poc",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override",
+      "source_path": "windows/deploy/windows-10-upgrade-paths.md",
+      "redirect_url": "/windows/deployment/upgrade/windows-10-upgrade-paths",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/audit-policy.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-policy",
+      "source_path": "windows/deploy/windows-adk-scenarios-for-it-pros.md",
+      "redirect_url": "/windows/deployment/windows-adk-scenarios-for-it-pros",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits",
+      "source_path": "windows/deploy/windows-deployment-scenarios-and-tools.md",
+      "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/back-up-files-and-directories.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories",
+      "source_path": "windows/deploy/windows-upgrade-and-migration-considerations.md",
+      "redirect_url": "/windows/deployment/upgrade/windows-upgrade-and-migration-considerations",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/bypass-traverse-checking.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking",
+      "source_path": "windows/deploy/xml-file-requirements.md",
+      "redirect_url": "/windows/deployment/usmt/xml-file-requirements",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/change-the-system-time.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/change-the-system-time",
+      "source_path": "windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/change-the-time-zone.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/change-the-time-zone",
+      "source_path": "windows/device-security/applocker/administer-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/administer-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/create-a-pagefile.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-a-pagefile",
+      "source_path": "windows/device-security/applocker/applocker-architecture-and-components.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-architecture-and-components",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/create-a-token-object.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-a-token-object",
+      "source_path": "windows/device-security/applocker/applocker-functions.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-functions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/create-global-objects.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-global-objects",
+      "source_path": "windows/device-security/applocker/applocker-overview.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/create-permanent-shared-objects.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects",
+      "source_path": "windows/device-security/applocker/applocker-policies-deployment-guide.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-policies-deployment-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/create-symbolic-links.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-symbolic-links",
+      "source_path": "windows/device-security/applocker/applocker-policies-design-guide.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-policies-design-guide",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax",
+      "source_path": "windows/device-security/applocker/applocker-policy-use-scenarios.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-policy-use-scenarios",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax",
+      "source_path": "windows/device-security/applocker/applocker-processes-and-interactions.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-processes-and-interactions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/debug-programs.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/debug-programs",
+      "source_path": "windows/device-security/applocker/applocker-settings.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/deny-access-to-this-computer-from-the-network.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network",
+      "source_path": "windows/device-security/applocker/applocker-technical-reference.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/applocker-technical-reference",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/deny-log-on-as-a-batch-job.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job",
+      "source_path": "windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/deny-log-on-as-a-service.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service",
+      "source_path": "windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/deny-log-on-locally.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-locally",
+      "source_path": "windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/deny-log-on-through-remote-desktop-services.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services",
+      "source_path": "windows/device-security/applocker/configure-the-application-identity-service.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/configure-the-application-identity-service",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/devices-allow-undock-without-having-to-log-on.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on",
+      "source_path": "windows/device-security/applocker/configure-the-appLocker-reference-device.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/configure-the-appLocker-reference-device",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media",
+      "source_path": "windows/device-security/applocker/create-a-rule-for-packaged-apps.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers",
+      "source_path": "windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only",
+      "source_path": "windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only",
+      "source_path": "windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks",
+      "source_path": "windows/device-security/applocker/create-applocker-default-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-applocker-default-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-controller-ldap-server-signing-requirements.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements",
+      "source_path": "windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes",
+      "source_path": "windows/device-security/applocker/create-your-applocker-planning-document.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-your-applocker-planning-document",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always",
+      "source_path": "windows/device-security/applocker/create-your-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-your-applocker-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible",
+      "source_path": "windows/device-security/applocker/create-your-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/create-your-applocker-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible",
+      "source_path": "windows/device-security/applocker/delete-an-applocker-rule.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/delete-an-applocker-rule",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-member-disable-machine-account-password-changes.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes",
+      "source_path": "windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-member-maximum-machine-account-password-age.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age",
+      "source_path": "windows/device-security/applocker/deploy-the-applocker-policy-into-production.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key",
+      "source_path": "windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation",
+      "source_path": "windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/enforce-password-history.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/enforce-password-history",
+      "source_path": "windows/device-security/applocker/determine-your-application-control-objectives.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/determine-your-application-control-objectives",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/enforce-user-logon-restrictions.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions",
+      "source_path": "windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system",
+      "source_path": "windows/device-security/applocker/dll-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/dll-rules-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/generate-security-audits.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/generate-security-audits",
+      "source_path": "windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/how-to-configure-security-policy-settings.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings",
+      "source_path": "windows/device-security/applocker/document-your-application-control-management-processes.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/document-your-application-control-management-processes",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/impersonate-a-client-after-authentication.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication",
+      "source_path": "windows/device-security/applocker/document-your-application-list.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/document-your-application-list",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/increase-a-process-working-set.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set",
+      "source_path": "windows/device-security/applocker/document-your-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/document-your-applocker-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/increase-scheduling-priority.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority",
+      "source_path": "windows/device-security/applocker/edit-an-applocker-policy.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/edit-an-applocker-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked",
+      "source_path": "windows/device-security/applocker/edit-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/edit-applocker-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-do-not-display-last-user-name.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name",
+      "source_path": "windows/device-security/applocker/enable-the-dll-rule-collection.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/enable-the-dll-rule-collection",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del",
+      "source_path": "windows/device-security/applocker/enforce-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/enforce-applocker-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in",
+      "source_path": "windows/device-security/applocker/executable-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/executable-rules-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold",
+      "source_path": "windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-machine-inactivity-limit.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit",
+      "source_path": "windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on",
+      "source_path": "windows/device-security/applocker/how-applocker-works-techref.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/how-applocker-works-techref",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on",
+      "source_path": "windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available",
+      "source_path": "windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration",
+      "source_path": "windows/device-security/applocker/maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/maintain-applocker-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation",
+      "source_path": "windows/device-security/applocker/manage-packaged-apps-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-require-smart-card.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card",
+      "source_path": "windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/interactive-logon-smart-card-removal-behavior.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior",
+      "source_path": "windows/device-security/applocker/merge-applocker-policies-manually.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/merge-applocker-policies-manually",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/kerberos-policy.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/kerberos-policy",
+      "source_path": "windows/device-security/applocker/monitor-application-usage-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/monitor-application-usage-with-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/load-and-unload-device-drivers.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers",
+      "source_path": "windows/device-security/applocker/optimize-applocker-performance.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/optimize-applocker-performance",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/lock-pages-in-memory.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory",
+      "source_path": "windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/log-on-as-a-batch-job.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job",
+      "source_path": "windows/device-security/applocker/plan-for-applocker-policy-management.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/plan-for-applocker-policy-management",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/log-on-as-a-service.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/log-on-as-a-service",
+      "source_path": "windows/device-security/applocker/refresh-an-applocker-policy.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/refresh-an-applocker-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/manage-auditing-and-security-log.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log",
+      "source_path": "windows/device-security/applocker/requirements-for-deploying-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/maximum-lifetime-for-service-ticket.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket",
+      "source_path": "windows/device-security/applocker/requirements-to-use-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/requirements-to-use-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal",
+      "source_path": "windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/maximum-lifetime-for-user-ticket.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket",
+      "source_path": "windows/device-security/applocker/script-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/script-rules-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/maximum-password-age.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-password-age",
+      "source_path": "windows/device-security/applocker/security-considerations-for-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/security-considerations-for-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization",
+      "source_path": "windows/device-security/applocker/select-types-of-rules-to-create.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/select-types-of-rules-to-create",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "source_path": "windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "source_path": "windows/device-security/applocker/test-and-update-an-applocker-policy.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/test-and-update-an-applocker-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers",
+      "source_path": "windows/device-security/applocker/tools-to-use-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/tools-to-use-with-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session",
+      "source_path": "windows/device-security/applocker/understand-applocker-enforcement-settings.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understand-applocker-enforcement-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information",
+      "source_path": "windows/device-security/applocker/understand-applocker-policy-design-decisions.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "source_path": "windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "source_path": "windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire",
+      "source_path": "windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level",
+      "source_path": "windows/device-security/applocker/understanding-applocker-default-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-default-rules",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/minimum-password-age.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/minimum-password-age",
+      "source_path": "windows/device-security/applocker/understanding-applocker-rule-behavior.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-behavior",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/minimum-password-length.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/minimum-password-length",
+      "source_path": "windows/device-security/applocker/understanding-applocker-rule-collections.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-collections",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/modify-an-object-label.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/modify-an-object-label",
+      "source_path": "windows/device-security/applocker/understanding-applocker-rule-condition-types.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/modify-firmware-environment-values.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values",
+      "source_path": "windows/device-security/applocker/understanding-applocker-rule-exceptions.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-allow-anonymous-sidname-translation.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation",
+      "source_path": "windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares",
+      "source_path": "windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts",
+      "source_path": "windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication",
+      "source_path": "windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users",
+      "source_path": "windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously",
+      "source_path": "windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths",
+      "source_path": "windows/device-security/applocker/using-event-viewer-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/using-event-viewer-with-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-remotely-accessible-registry-paths.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths",
+      "source_path": "windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares",
+      "source_path": "windows/device-security/applocker/what-is-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/what-is-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls",
+      "source_path": "windows/device-security/applocker/windows-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/windows-installer-rules-in-applocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously",
+      "source_path": "windows/device-security/applocker/working-with-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/working-with-applocker-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-list-manager-policies.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-list-manager-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-lan-manager-authentication-level.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-ldap-client-signing-requirements.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/password-policy.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/password-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/perform-volume-maintenance-tasks.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/profile-single-process.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/profile-single-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/profile-system-performance.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/profile-system-performance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/remove-computer-from-docking-station.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/replace-a-process-level-token.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/reset-account-lockout-counter-after.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/restore-files-and-directories.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/restore-files-and-directories",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/secpol-advanced-security-audit-policy-settings.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/security-options.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/security-options",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/security-policy-settings-reference.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/security-policy-settings.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/security-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/shut-down-the-system.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/shut-down-the-system",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/store-passwords-using-reversible-encryption.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/synchronize-directory-service-data.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/system-settings-optional-subsystems.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/take-ownership-of-files-or-other-objects.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/security-policy-settings/user-rights-assignment.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-rights-assignment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-device-guard-enable-virtualization-based-security.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-managed-installer-for-device-guard.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/device-guard-deployment-guide.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/device-guard-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-exploit-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/steps-to-deploy-windows-defender-application-control.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy",
+      "source_path": "windows/device-security/applocker/working-with-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/applocker/working-with-applocker-rules",
       "redirect_document_id": false
     },
     {
@@ -4741,438 +3846,93 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
+      "source_path": "windows/device-security/bitlocker/bcd-settings-and-bitlocker.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/administer-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/administer-applocker",
+      "source_path": "windows/device-security/bitlocker/bitlocker-basic-deployment.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-basic-deployment",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-architecture-and-components.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-architecture-and-components",
+      "source_path": "windows/device-security/bitlocker/bitlocker-countermeasures.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-functions.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-functions",
+      "source_path": "windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-overview.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-overview",
+      "source_path": "windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-policies-deployment-guide.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-policies-deployment-guide",
+      "source_path": "windows/device-security/bitlocker/bitlocker-group-policy-settings.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-policies-design-guide.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-policies-design-guide",
+      "source_path": "windows/device-security/bitlocker/bitlocker-how-to-deploy-on-windows-server.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-policy-use-scenarios.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-policy-use-scenarios",
+      "source_path": "windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-processes-and-interactions.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-processes-and-interactions",
+      "source_path": "windows/device-security/bitlocker/bitlocker-management-for-enterprises.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-settings.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-settings",
+      "source_path": "windows/device-security/bitlocker/bitlocker-recovery-guide-plan.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/applocker-technical-reference.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/applocker-technical-reference",
+      "source_path": "windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only",
+      "source_path": "windows/device-security/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules",
+      "source_path": "windows/device-security/bitlocker/choose-the-right-bitlocker-countermeasure.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule",
+      "source_path": "windows/device-security/bitlocker/index.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/index",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/configure-the-application-identity-service.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/configure-the-application-identity-service",
+      "source_path": "windows/device-security/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/configure-the-appLocker-reference-device.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/configure-the-appLocker-reference-device",
+      "source_path": "windows/device-security/bitlocker/protect-bitlocker-from-pre-boot-attacks.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/create-a-rule-for-packaged-apps.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps",
+      "source_path": "windows/device-security/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-applocker-default-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-applocker-default-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-your-applocker-planning-document.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-your-applocker-planning-document",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-your-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-your-applocker-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/create-your-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/create-your-applocker-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/delete-an-applocker-rule.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/delete-an-applocker-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/deploy-the-applocker-policy-into-production.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/determine-your-application-control-objectives.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/determine-your-application-control-objectives",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/dll-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/dll-rules-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/document-your-application-control-management-processes.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/document-your-application-control-management-processes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/document-your-application-list.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/document-your-application-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/document-your-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/document-your-applocker-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/edit-an-applocker-policy.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/edit-an-applocker-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/edit-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/edit-applocker-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/enable-the-dll-rule-collection.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/enable-the-dll-rule-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/enforce-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/enforce-applocker-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/executable-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/executable-rules-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/how-applocker-works-techref.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/how-applocker-works-techref",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/maintain-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/maintain-applocker-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/manage-packaged-apps-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/merge-applocker-policies-manually.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/merge-applocker-policies-manually",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/monitor-application-usage-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/monitor-application-usage-with-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/optimize-applocker-performance.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/optimize-applocker-performance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/plan-for-applocker-policy-management.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/plan-for-applocker-policy-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/refresh-an-applocker-policy.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/refresh-an-applocker-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/requirements-for-deploying-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/requirements-to-use-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/requirements-to-use-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/script-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/script-rules-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/security-considerations-for-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/security-considerations-for-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/select-types-of-rules-to-create.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/select-types-of-rules-to-create",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/test-and-update-an-applocker-policy.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/test-and-update-an-applocker-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/tools-to-use-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/tools-to-use-with-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understand-applocker-enforcement-settings.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understand-applocker-enforcement-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understand-applocker-policy-design-decisions.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-applocker-default-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-default-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-applocker-rule-behavior.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-behavior",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-applocker-rule-collections.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-collections",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-applocker-rule-condition-types.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-applocker-rule-exceptions.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/using-event-viewer-with-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/using-event-viewer-with-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/what-is-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/what-is-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/windows-installer-rules-in-applocker.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/windows-installer-rules-in-applocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/working-with-applocker-policies.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/working-with-applocker-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/applocker/working-with-applocker-rules.md",
-      "redirect_url": "/windows/security/threat-protection/applocker/working-with-applocker-rules",
+      "source_path": "windows/device-security/bitlocker/types-of-attacks-for-volume-encryption-keys.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys",
       "redirect_document_id": false
     },
     {
@@ -5180,16 +3940,111 @@
       "redirect_url": "/windows/security/threat-protection/change-history-for-device-security",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-catalog-files-to-support-code-integrity-policies.md",
+      "redirect_url": "/windows/device-security/device-guard/deploy-catalog-files-to-support-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-code-integrity-policies-policy-rules-and-file-rules.md",
+      "redirect_url": "/windows/device-security/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-code-integrity-policies-steps.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-device-guard-deploy-code-integrity-policies.md",
+      "redirect_url": "/windows/device-security/device-guard/deploy-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-device-guard-enable-virtualization-based-security.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-device-guard-enable-virtualization-based-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-managed-installer-for-device-guard.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/deploy-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/device-guard-deployment-guide.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/device-guard-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md",
+      "redirect_url": "/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-code-integrity-policies.md",
+      "redirect_url": "/windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/planning-and-getting-started-on-the-device-guard-deployment-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/device-guard/steps-to-deploy-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/device-security/enable-virtualization-based-protection-of-code-integrity.md",
       "redirect_url": "/windows/security/threat-protection/enable-virtualization-based-protection-of-code-integrity",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/device-security/encrypted-hard-drive.md",
+      "redirect_url": "/windows/security/hardware-protection/encrypted-hard-drive",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/device-security/get-support-for-security-baselines.md",
       "redirect_url": "/windows/security/threat-protection/get-support-for-security-baselines",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/device-security/index.md",
+      "redirect_url": "/windows/security/threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/device-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md",
       "redirect_url": "/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices",
@@ -5201,138 +4056,843 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/windows-10-mobile-security-guide.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "source_path": "windows/device-security/security-policy-settings/access-credential-manager-as-a-trusted-caller.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/windows-security-baselines.md",
-      "redirect_url": "/windows/security/threat-protection/windows-security-baselines",
+      "source_path": "windows/device-security/security-policy-settings/access-this-computer-from-the-network.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/app-behavior-with-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/app-behavior-with-wip",
+      "source_path": "windows/device-security/security-policy-settings/account-lockout-duration.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-lockout-duration",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "source_path": "windows/device-security/security-policy-settings/account-lockout-policy.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-lockout-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
+      "source_path": "windows/device-security/security-policy-settings/account-lockout-threshold.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-lockout-threshold",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "source_path": "windows/device-security/security-policy-settings/account-policies.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/account-policies",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune",
+      "source_path": "windows/device-security/security-policy-settings/accounts-administrator-account-status.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "source_path": "windows/device-security/security-policy-settings/accounts-block-microsoft-accounts.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune",
+      "source_path": "windows/device-security/security-policy-settings/accounts-guest-account-status.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure",
+      "source_path": "windows/device-security/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm",
+      "source_path": "windows/device-security/security-policy-settings/accounts-rename-administrator-account.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "source_path": "windows/device-security/security-policy-settings/accounts-rename-guest-account.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune",
+      "source_path": "windows/device-security/security-policy-settings/act-as-part-of-the-operating-system.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "source_path": "windows/device-security/security-policy-settings/add-workstations-to-domain.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "source_path": "windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/limitations-with-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/limitations-with-wip",
+      "source_path": "windows/device-security/security-policy-settings/administer-security-policy-settings.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
+      "source_path": "windows/device-security/security-policy-settings/allow-log-on-locally.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/allow-log-on-locally",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/overview-create-wip-policy-sccm.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm",
+      "source_path": "windows/device-security/security-policy-settings/allow-log-on-through-remote-desktop-services.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/overview-create-wip-policy.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/overview-create-wip-policy",
+      "source_path": "windows/device-security/security-policy-settings/audit-audit-the-access-of-global-system-objects.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "source_path": "windows/device-security/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
+      "source_path": "windows/device-security/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
+      "source_path": "windows/device-security/security-policy-settings/audit-policy.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-policy",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/using-owa-with-wip.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/using-owa-with-wip",
+      "source_path": "windows/device-security/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md",
-      "redirect_url": "/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context",
+      "source_path": "windows/device-security/security-policy-settings/back-up-files-and-directories.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/encrypted-hard-drive.md",
-      "redirect_url": "/windows/security/hardware-protection/encrypted-hard-drive",
+      "source_path": "windows/device-security/security-policy-settings/bypass-traverse-checking.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/how-hardware-based-containers-help-protect-windows.md",
-      "redirect_url": "/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows",
+      "source_path": "windows/device-security/security-policy-settings/change-the-system-time.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/change-the-system-time",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/threat-protection/secure-the-windows-10-boot-process.md",
-      "redirect_url": "/windows/security/hardware-protection/secure-the-windows-10-boot-process",
+      "source_path": "windows/device-security/security-policy-settings/change-the-time-zone.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/change-the-time-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/create-a-pagefile.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-a-pagefile",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/create-a-token-object.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-a-token-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/create-global-objects.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-global-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/create-permanent-shared-objects.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/create-symbolic-links.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/create-symbolic-links",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/debug-programs.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/debug-programs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/deny-access-to-this-computer-from-the-network.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/deny-log-on-as-a-batch-job.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/deny-log-on-as-a-service.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/deny-log-on-locally.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-locally",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/deny-log-on-through-remote-desktop-services.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/devices-allow-undock-without-having-to-log-on.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-controller-ldap-server-signing-requirements.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-member-disable-machine-account-password-changes.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-member-maximum-machine-account-password-age.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/enforce-password-history.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/enforce-password-history",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/enforce-user-logon-restrictions.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/generate-security-audits.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/generate-security-audits",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/how-to-configure-security-policy-settings.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/impersonate-a-client-after-authentication.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/increase-a-process-working-set.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/increase-scheduling-priority.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-do-not-display-last-user-name.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-machine-inactivity-limit.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-require-smart-card.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/interactive-logon-smart-card-removal-behavior.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/kerberos-policy.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/kerberos-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/load-and-unload-device-drivers.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/lock-pages-in-memory.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/log-on-as-a-batch-job.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/log-on-as-a-service.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/log-on-as-a-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/manage-auditing-and-security-log.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/maximum-lifetime-for-service-ticket.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/maximum-lifetime-for-user-ticket.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/maximum-password-age.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-password-age",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/minimum-password-age.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/minimum-password-age",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/minimum-password-length.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/minimum-password-length",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/modify-an-object-label.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/modify-an-object-label",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/modify-firmware-environment-values.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-allow-anonymous-sidname-translation.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-remotely-accessible-registry-paths.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-list-manager-policies.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-list-manager-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-lan-manager-authentication-level.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-ldap-client-signing-requirements.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/password-policy.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/password-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/perform-volume-maintenance-tasks.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/profile-single-process.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/profile-single-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/profile-system-performance.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/profile-system-performance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/remove-computer-from-docking-station.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/replace-a-process-level-token.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/reset-account-lockout-counter-after.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/restore-files-and-directories.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/restore-files-and-directories",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/secpol-advanced-security-audit-policy-settings.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/security-options.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/security-options",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/security-policy-settings-reference.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/security-policy-settings.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/security-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/shut-down-the-system.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/shut-down-the-system",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/store-passwords-using-reversible-encryption.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/synchronize-directory-service-data.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/system-settings-optional-subsystems.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/take-ownership-of-files-or-other-objects.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/device-security/security-policy-settings/user-rights-assignment.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/user-rights-assignment",
       "redirect_document_id": false
     },
     {
@@ -5396,3793 +4956,18 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/device-security/bitlocker/bcd-settings-and-bitlocker.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-basic-deployment.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-basic-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-countermeasures.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-group-policy-settings.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-how-to-deploy-on-windows-server.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-management-for-enterprises.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-overview.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-recovery-guide-plan.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/choose-the-right-bitlocker-countermeasure.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/protect-bitlocker-from-pre-boot-attacks.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/bitlocker/types-of-attacks-for-volume-encryption-keys.md",
-      "redirect_url": "/windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-credential-theft-mitigation-guide-abstract.md",
-      "redirect_url": "/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/change-history-for-access-protection.md",
-      "redirect_url": "/windows/security/identity-protection/change-history-for-access-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/configure-s-mime.md",
-      "redirect_url": "/windows/security/identity-protection/configure-s-mime",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/enterprise-certificate-pinning.md",
-      "redirect_url": "/windows/security/identity-protection/enterprise-certificate-pinning",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/installing-digital-certificates-on-windows-10-mobile.md",
+      "source_path": "windows/device-security/windows-10-mobile-security-guide.md",
       "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/access-protection/remote-credential-guard.md",
-      "redirect_url": "/windows/security/identity-protection/remote-credential-guard",
+      "source_path": "windows/device-security/windows-security-baselines.md",
+      "redirect_url": "/windows/security/threat-protection/windows-security-baselines",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/access-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/assign-security-group-filters-to-the-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/basic-firewall-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/basic-firewall-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/boundary-zone-gpos.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/boundary-zone-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/boundary-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/boundary-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/certificate-based-isolation-policy-design-example.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/certificate-based-isolation-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/certificate-based-isolation-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/certificate-based-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/change-rules-from-request-to-require-mode.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/change-rules-from-request-to-require-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-basic-firewall-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-creating-group-policy-objects.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-group-policy-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-inbound-firewall-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-outbound-firewall-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-authentication-methods.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-authentication-methods",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-data-protection-quick-mode-settings.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-data-protection-quick-mode-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-key-exchange-main-mode-settings.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-key-exchange-main-mode-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-the-rules-to-require-encryption.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-the-rules-to-require-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-the-windows-firewall-log.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-the-windows-firewall-log",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-the-workstation-authentication-certificate-template",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-a-group-account-in-active-directory.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-a-group-account-in-active-directory",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-a-group-policy-object.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-a-group-policy-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-authentication-exemption-list-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-authentication-exemption-list-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-authentication-request-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-authentication-request-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-inbound-icmp-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-inbound-icmp-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-inbound-port-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-inbound-port-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-inbound-program-or-service-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-inbound-program-or-service-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-outbound-port-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-outbound-port-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-an-outbound-program-or-service-rule.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-an-outbound-program-or-service-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-inbound-rules-to-support-rpc.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-inbound-rules-to-support-rpc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/create-wmi-filters-for-the-gpo.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/create-wmi-filters-for-the-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/determining-the-trusted-state-of-your-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/documenting-the-zones.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/documenting-the-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/domain-isolation-policy-design-example.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/domain-isolation-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/domain-isolation-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/domain-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/enable-predefined-inbound-rules.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/enable-predefined-inbound-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/enable-predefined-outbound-rules.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/enable-predefined-outbound-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/encryption-zone-gpos.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/encryption-zone-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/encryption-zone.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/encryption-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/exempt-icmp-from-authentication.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/exempt-icmp-from-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/exemption-list.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/exemption-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/firewall-gpos.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/firewall-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/firewall-policy-design-example.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/firewall-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-information-about-your-active-directory-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gathering-information-about-your-devices.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-information-about-your-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gathering-other-relevant-information.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-other-relevant-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gathering-the-information-you-need.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gathering-the-information-you-need",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-boundary.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-boundary",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-encryption.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-firewall.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-isolateddomain-clients",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/gpo-domiso-isolateddomain-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/isolated-domain-gpos.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/isolated-domain-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/isolated-domain.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/isolated-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/isolating-apps-on-your-network.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/isolating-apps-on-your-network",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/link-the-gpo-to-the-domain.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/link-the-gpo-to-the-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/open-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/open-windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-certificate-based-authentication.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-certificate-based-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-domain-isolation-zones.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-domain-isolation-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-gpo-deployment.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-gpo-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-isolation-groups-for-the-zones.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-isolation-groups-for-the-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-network-access-groups.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-network-access-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-server-isolation-zones.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-server-isolation-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-the-gpos.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-the-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/procedures-used-in-this-guide.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/procedures-used-in-this-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/protect-devices-from-unwanted-network-traffic",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/restrict-access-to-only-trusted-devices.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/restrict-access-to-only-trusted-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/server-isolation-gpos.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/server-isolation-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/server-isolation-policy-design-example.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/server-isolation-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/server-isolation-policy-design.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/server-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/verify-that-network-traffic-is-authenticated",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/windows-firewall/windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-authentication.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-auto-trigger-profile.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-auto-trigger-profile",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-conditional-access.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-conditional-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-connection-type.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-connection-type",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-guide.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-name-resolution.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-name-resolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-profile-options.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-profile-options",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-routing.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-routing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/vpn/vpn-security-features.md",
-      "redirect_url": "/windows/security/identity-protection/vpn/vpn-security-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-get-started.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-overview.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md",
-      "redirect_url": "/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/user-account-control/how-user-account-control-works.md",
-      "redirect_url": "/windows/security/identity-protection/user-account-control/how-user-account-control-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md",
-      "redirect_url": "/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/user-account-control/user-account-control-overview.md",
-      "redirect_url": "/windows/security/identity-protection/user-account-control/user-account-control-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/user-account-control/user-account-control-security-policy-settings.md",
-      "redirect_url": "/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-debugging-information.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-debugging-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-events.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-events",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-group-policy-and-registry-settings.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-removal-policy-service.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-smart-cards-for-windows-service.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-tools-and-settings.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-and-remote-desktop-services.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-architecture.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-architecture",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/smart-cards/smart-card-certificate-propagation-service.md",
-      "redirect_url": "/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-and-password-changes.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-and-password-changes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-biometrics-in-enterprise.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-adfs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-deploy-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-policy-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-cert-trust-validate-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-deployment-cert-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-deployment-guide.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-deployment-key-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-errors-during-pin-creation.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-event-300.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-event-300",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-features.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-how-it-works.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-new-install.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-new-install.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust-devreg.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-identity-verification.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-identity-verification",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-adfs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-deploy-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-policy-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-key-trust-validate-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-manage-in-organization.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-manage-in-organization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-overview.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-planning-guide.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-planning-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-prepare-people-to-use.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/additional-mitigations.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/additional-mitigations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-considerations.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-considerations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-how-it-works.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-known-issues.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-manage.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-manage",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-not-protected-scenarios.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-protection-limits.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-requirements.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/credential-guard/credential-guard-scripts.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-scripts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/access-control.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/access-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/active-directory-accounts.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/active-directory-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/active-directory-security-groups.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/active-directory-security-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/dynamic-access-control.md",
-      "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/local-accounts.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/local-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/microsoft-accounts.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/microsoft-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/security-identifiers.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/security-identifiers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/security-principals.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/security-principals",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/service-accounts.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/service-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/access-protection/access-control/special-identities.md",
-      "redirect_url": "/windows/security/identity-protection/access-control/special-identities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-code-integrity-policies-steps.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-code-integrity-policies.md",
-      "redirect_url": "/windows/device-security/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md",
-      "redirect_url": "/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-code-integrity-policies-policy-rules-and-file-rules.md",
-      "redirect_url": "/windows/device-security/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-device-guard-deploy-code-integrity-policies.md",
-      "redirect_url": "/windows/device-security/device-guard/deploy-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/device-guard/deploy-catalog-files-to-support-code-integrity-policies.md",
-      "redirect_url": "/windows/device-security/device-guard/deploy-catalog-files-to-support-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md",
-      "redirect_url": "/windows/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface/surface-device-compatibility-with-windows-10-ltsb.md",
-      "redirect_url": "/surface/surface-device-compatibility-with-windows-10-ltsc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/windows-diagnostic-data-1709.md",
-      "redirect_url": "/windows/configuration/windows-diagnostic-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/EventName.md",
-      "redirect_url": "/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/windows-10-pro-to-pro-edu-upgrade.md",
-      "redirect_url": "/education/windows/change-to-pro-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/switch-to-pro-education.md",
-      "redirect_url": "/education/windows/change-to-pro-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/swithc-to-pro-de.md",
-      "redirect_url": "/education/windows/switch-to-pro-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/administrative-tools-in-windows-10.md",
-      "redirect_url": "/windows/client-management/client-tools/administrative-tools-in-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/change-default-removal-policy-external-storage-media.md",
-      "redirect_url": "/windows/client-management/client-tools/change-default-removal-policy-external-storage-media",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/connect-to-remote-aadj-pc.md",
-      "redirect_url": "/windows/client-management/client-tools/connect-to-remote-aadj-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/group-policies-for-enterprise-and-education-editions.md",
-      "redirect_url": "https://www.microsoft.com/en-us/search/explore?q=Group+Policy+Settings+Reference+Spreadsheet",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/manage-device-installation-with-group-policy.md",
-      "redirect_url": "/windows/client-management/client-tools/manage-device-installation-with-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/manage-settings-app-with-group-policy.md",
-      "redirect_url": "/windows/client-management/client-tools/manage-settings-app-with-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mandatory-user-profile.md",
-      "redirect_url": "/windows/client-management/client-tools/mandatory-user-profile",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/new-policies-for-windows-10.md",
-      "redirect_url": "https://www.microsoft.com/en-us/search/explore?q=Group+Policy+Settings+Reference+Spreadsheet",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/quick-assist.md",
-      "redirect_url": "/windows/client-management/client-tools/quick-assist",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/windows-libraries.md",
-      "redirect_url": "/windows/client-management/client-tools/windows-libraries",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/windows-version-search.md",
-      "redirect_url": "/windows/client-management/client-tools/windows-version-search",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/manage-corporate-devices.md",
-      "redirect_url": "/windows/client-management/manage-windows-10-in-your-organization-modern-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md",
-      "redirect_url": "/azure/active-directory/fundamentals/active-directory-access-create-new-tenant",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/register-your-free-azure-active-directory-subscription.md",
-      "redirect_url": "/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/appv-deploy-and-config.md",
-      "redirect_url": "/windows/application-management/app-v/appv-for-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/diagnose-mdm-failures-in-windows-10.md",
-      "redirect_url": "/windows/client-management/mdm-collect-logs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-admx-backed.md",
-      "redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csp-location.md",
-      "redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/enable-pua-windows-defender-for-windows-10.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/get-started-with-windows-defender-for-windows-10.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/windows-defender-block-at-first-sight.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/windows-defender-in-windows-10.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/windows-defender-enhanced-notifications.md",
-      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-7.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-7",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface/surface-diagnostic-toolkit.md",
-      "redirect_url": "/surface/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface/manage-surface-dock-firmware-updates.md",
-      "redirect_url": "/surface/indexdevices/surface/update",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md",
-      "redirect_url": "/surface-hub/finishing-your-surface-hub-meeting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-microsoft-layout-app.md",
-      "redirect_url": "/hololens/hololens-microsoft-dynamics-365-layout-app",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-microsoft-dynamics-365-layout-app.md",
-      "redirect_url": "/dynamics365/mixed-reality/layout/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-microsoft-remote-assist-app.md",
-      "redirect_url": "/dynamics365/mixed-reality/remote-assist/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-public-preview-apps.md",
-      "redirect_url": "/dynamics365/#pivot=mixed-reality-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/hololens-restart-recover.md",
-      "redirect_url": "/hololens/hololens-recovery",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/hololens/holographic-photos-and-video.md",
-      "redirect_url": "/hololens/holographic-photos-and-videos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md",
-      "redirect_url": "/surface-hub/provisioning-packages-for-surface-hub",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md",
-      "redirect_url": "/surface-hub/admin-group-management-for-surface-hub",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface-hub/surface-hub-administrators-guide.md",
-      "redirect_url": "/surface-hub/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface-hub/intro-to-surface-hub.md",
-      "redirect_url": "/surface-hub/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-quick-start.md",
-      "redirect_url": "/windows/deployment/update/waas-quick-start",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-overview.md",
-      "redirect_url": "/windows/deployment/update/waas-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-servicing-strategy-windows-10-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-deployment-rings-windows-10-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-deployment-rings-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-servicing-branches-windows-10-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-servicing-branches-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/update-compliance-monitor.md",
-      "redirect_url": "/windows/deployment/update/update-compliance-monitor",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/update-compliance-get-started.md",
-      "redirect_url": "/windows/deployment/update/update-compliance-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-wdav-status.md",
-      "redirect_url": "/windows/deployment/update/update-compliance-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/update-compliance-using.md",
-      "redirect_url": "/windows/deployment/update/update-compliance-using",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-optimize-windows-10-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-optimize-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-delivery-optimization.md",
-      "redirect_url": "/windows/deployment/update/waas-delivery-optimization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-branchcache.md",
-      "redirect_url": "/windows/deployment/update/waas-branchcache",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-mobile-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-mobile-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-manage-updates-wufb.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-configure-wufb.md",
-      "redirect_url": "/windows/deployment/update/waas-configure-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-integrate-wufb.md",
-      "redirect_url": "/windows/deployment/update/waas-integrate-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-wufb-group-policy.md",
-      "redirect_url": "/windows/deployment/update/waas-wufb-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-wufb-intune.md",
-      "redirect_url": "/windows/deployment/update/waas-wufb-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-manage-updates-wsus.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wsus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-manage-updates-configuration-manager.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-restart.md",
-      "redirect_url": "/windows/deployment/update/waas-restart",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/waas-update-windows-10.md",
-      "redirect_url": "/windows/deployment/update/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/lockdown-features-windows-10.md",
-      "redirect_url": "/windows/configuration/lockdown-features-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/set-up-shared-or-guest-pc.md",
-      "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md",
-      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
-      "redirect_url": "/windows/configuration/kiosk-shared-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/set-up-a-device-for-anyone-to-use.md",
-      "redirect_url": "/windows/configuration/kiosk-shared-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
-      "redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/guidelines-for-assigned-access-app.md",
-      "redirect_url": "/windows/configuration/guidelines-for-assigned-access-app",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/lock-down-windows-10-to-specific-apps.md",
-      "redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/lockdown-xml.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/settings-that-can-be-locked-down.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/product-ids-in-windows-10-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/manage-tips-and-suggestions.md",
-      "redirect_url": "/windows/configuration/manage-tips-and-suggestions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/windows-10-start-layout-options-and-policies.md",
-      "redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/configure-windows-10-taskbar.md",
-      "redirect_url": "/windows/configuration//configure-windows-10-taskbar",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/customize-and-export-start-layout.md",
-      "redirect_url": "/windows/configuration//customize-and-export-start-layout",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/start-layout-xml-desktop.md",
-      "redirect_url": "/windows/configuration/start-layout-xml-desktop",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/start-layout-xml-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/customize-windows-10-start-screens-by-using-group-policy.md",
-      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
-      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md",
-      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-testing-scenarios.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-1.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-1",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-2.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-2",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-3.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-3",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-4.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-4",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-5.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-scenario-6.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-6",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-o365.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-o365",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-crm.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-crm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-powerbi.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-powerbi",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-voice-commands.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-voice-commands",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-policy-settings.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-feedback.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-feedback",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/stop-employees-from-using-the-windows-store.md",
-      "redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/stop-employees-from-using-the-windows-store.md",
-      "redirect_url": "/windows/configuration/stop-employees-from-using-microsoft-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/configure-devices-without-mdm.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/changes-to-start-policies-in-windows-10.md",
-      "redirect_url": "/windows/configuration/changes-to-start-policies-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/how-it-pros-can-use-configuration-service-providers.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/lock-down-windows-10.md",
-      "redirect_url": "/windows/configuration/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/manage-wifi-sense-in-enterprise.md",
-      "redirect_url": "/windows/configuration/manage-wifi-sense-in-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-packages.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-how-it-works.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-install-icd.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-install-icd",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-create-package.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-create-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-apply-package.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-apply-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-uninstall-package.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provision-pcs-for-initial-deployment.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provision-pcs-with-apps-and-certificates.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-script-to-install-app.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-script-to-install-app",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-nfc.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-command-line.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-command-line",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/provisioning-multivariant.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-multivariant",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/create-edp-policy-using-intune.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/create-edp-policy-using-sccm.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/create-vpn-and-edp-policy-using-intune.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/hello-enable-phone-signin.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/deploy-edp-policy-using-intune.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/guidance-and-best-practices-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/overview-create-edp-policy.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/overview-create-wip-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/protect-enterprise-data-using-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/testing-scenarios-for-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/wip-enterprise-overview.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/enlightened-microsoft-apps-and-edp.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/update-windows-10-images-with-provisioning-packages.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-prepare-your-environment.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-identify-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-release-notes.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-review-site-discovery.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-additional-insights",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md",
-      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj635854(v=ws.11)",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md",
-      "redirect_url": "/windows/device-security/device-guard/device-guard-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/device-guard-certification-and-compliance.md",
-      "redirect_url": "/windows/device-security/device-guard/device-guard-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-enable-phone-signin",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md",
-      "redirect_url": "/windows/device-security/device-guard/device-guard-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/implement-microsoft-passport-in-your-organization.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-manage-in-organization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/manage-identity-verification-using-microsoft-passport.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/microsoft-passport-and-password-changes.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-and-password-changes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/microsoft-passport-errors-during-pin-creation.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-errors-during-pin-creation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/microsoft-passport-guide.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/passport-event-300.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-event-300",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/prepare-people-to-use-microsoft-passport.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-prepare-people-to-use",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/why-a-pin-is-better-than-a-password.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/windows-hello-in-enterprise.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/app-inventory-managemement-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/app-inventory-management-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/application-development-for-windows-as-a-service.md",
-      "redirect_url": "windows/uwp/updates-and-versions/application-development-for-windows-as-a-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/appv-accessibility.md",
-      "redirect_url": "/windows/application-management/app-v/appv-getting-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/appv-accessing-the-client-management-console.md",
-      "redirect_url": "/windows/application-management/app-v/appv-using-the-client-management-console",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md",
-      "redirect_url": "/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md",
-      "redirect_url": "/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md",
-      "redirect_url": "/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md",
-      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/disconnect-your-organization-from-microsoft.md",
-      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/introduction-to-windows-10-servicing.md",
-      "redirect_url": "/windows/deployment/update/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/manage-cortana-in-enterprise.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/cortana-at-work-overview.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/manage-inventory-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/app-inventory-managemement-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/uev-accessibility.md",
-      "redirect_url": "/windows/configuration/ue-v/uev-for-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/uev-privacy-statement.md",
-      "redirect_url": "/windows/configuration/ue-v/uev-security-considerations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-community-ratings-and-process.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-database-configuration.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-database-migration.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-deployment-options.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-glossary.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/activating-and-closing-windows-in-acm.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-lps-share-permissions.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-operatingsystem-application-report.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-operatingsystem-computer-report.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-operatingsystem-device-report.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-product-and-documentation-resources.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-settings-dialog-box-preferences-tab.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-settings-dialog-box-settings-tab.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-toolbar-icons-in-acm.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-tools-packages-and-services.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/act-user-interface-reference.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/adding-or-editing-an-issue.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/adding-or-editing-a-solution.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/analyzing-your-compatibility-data.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/application-dialog-box.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/categorizing-your-compatibility-data.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/chromebook-migration-guide.md",
-      "redirect_url": "education/windows/chromebook-migration-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/common-compatibility-issues.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/compatibility-monitor-users-guide.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/computer-dialog-box.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/configuring-act.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/creating-and-editing-issues-and-solutions.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/creating-an-enterprise-environment-for-compatibility-testing.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/creating-an-inventory-collector-package.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/creating-a-runtime-analysis-package.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/customizing-your-report-views.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/data-sent-through-the-microsoft-compatibility-exchange.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/deciding-whether-to-fix-an-application-or-deploy-a-workaround.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/deciding-which-applications-to-test.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/deleting-a-data-collection-package.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/deploying-an-inventory-collector-package.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/deploying-a-runtime-analysis-package.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/deploy-windows-10-in-a-school.md",
-      "redirect_url": "/edu/windows/deploy-windows-10-in-a-school",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/example-filter-queries.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/exporting-a-data-collection-package.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/filtering-your-compatibility-data.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/fixing-compatibility-issues.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/identifying-computers-for-inventory-collection.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/integration-with-management-solutions-.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/internet-explorer-web-site-report.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/labeling-data-in-acm.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/log-file-locations-for-data-collection-packages.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/managing-your-data-collection-packages.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/organizational-tasks-for-each-report-type.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/organizing-your-compatibility-data.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/prioritizing-your-compatibility-data.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/ratings-icons-in-acm.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/resolving-an-issue.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/saving-opening-and-exporting-reports.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/selecting-the-send-and-receive-status-for-an-application.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/selecting-your-compatibility-rating.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/selecting-your-deployment-status.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/sending-and-receiving-compatibility-data.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/settings-for-acm.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/setup-and-deployment.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/software-requirements-for-act.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/software-requirements-for-rap.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/taking-inventory-of-your-organization.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/testing-compatibility-on-the-target-platform.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/troubleshooting-act.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/troubleshooting-act-database-issues.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/troubleshooting-the-act-configuration-wizard.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/troubleshooting-the-act-log-processing-service.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/using-act.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/using-compatibility-monitor-to-send-feedback.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/viewing-your-compatibility-reports.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/websiteurl-dialog-box.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/welcome-to-act.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/whats-new-in-act-60.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/windows-10-guidance-for-education-environments.md",
-      "redirect_url": "/education/windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/windows-10-servicing-options.md",
-      "redirect_url": "/windows/deployment/update/waas-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/windows-update-for-business.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/applocker.md",
-      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/bitlocker.md",
-      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/change-history-for-what-s-new-in-windows-10.md",
-      "redirect_url": "/windows/whats-new/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/credential-guard.md",
-      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/device-guard-overview.md",
-      "redirect_url": "/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/device-management.md",
-      "redirect_url": "/windows/client-management/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/edge-ie11-whats-new-overview.md",
-      "redirect_url": "/microsoft-edge/deploy/emie-to-improve-compatibility",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/edp-whats-new-overview.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/lockdown-features-windows-10.md",
-      "redirect_url": "/windows/configuration/lockdown-features-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/microsoft-passport.md",
-      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/new-provisioning-packages.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/security-auditing.md",
-      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/trusted-platform-module.md",
-      "redirect_url": "/windows/device-security/tpm/trusted-platform-module-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/user-account-control.md",
-      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/windows-spotlight.md",
-      "redirect_url": "/windows/configuration/windows-spotlight",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/windows-store-for-business-overview.md",
-      "redirect_url": "/microsoft-store/windows-store-for-business-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/windows-store-for-business-overview.md",
-      "redirect_url": "/microsoft-store/microsoft-store-for-business-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/windows-update-for-business.md",
-      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/windows-10-security-guide.md",
-      "redirect_url": "/windows/threat-protection/overview-of-threat-mitigations-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/security.md",
-      "redirect_url": "/windows/threat-protection/overview-of-threat-mitigations-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/basic-level-windows-diagnostic-events-and-fields-1703.md",
-      "redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/change-history-for-configure-windows-10.md",
-      "redirect_url": "/windows/configuration/change-history-for-configure-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/changes-to-start-policies-in-windows-10.md",
-      "redirect_url": "/windows/configuration/changes-to-start-policies-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/configure-devices-without-mdm.md",
-      "redirect_url": "/windows/configuration/configure-devices-without-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/configure-devices-without-mdm.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/configure-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/configure-windows-10-taskbar.md",
-      "redirect_url": "/windows/configuration/configure-windows-10-taskbar",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/configure-windows-telemetry-in-your-organization.md",
-      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-crm.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-crm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-feedback.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-feedback",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-o365.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-o365",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-overview.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-policy-settings.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-policy-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-powerbi.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-powerbi",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-1.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-1",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-2.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-2",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-3.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-3",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-4.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-4",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-5.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-6.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-6",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-scenario-7.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-7",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-testing-scenarios.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/cortana-at-work-voice-commands.md",
-      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-voice-commands",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/customize-and-export-start-layout.md",
-      "redirect_url": "/windows/configuration/customize-and-export-start-layout",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/customize-windows-10-start-screens-by-using-group-policy.md",
-      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/customize-windows-10-start-screens-by-using-mobile-device-management.md",
-      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
-      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/guidelines-for-assigned-access-app.md",
-      "redirect_url": "/windows/configuration/guidelines-for-assigned-access-app",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/how-it-pros-can-use-configuration-service-providers.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/kiosk-shared-pc.md",
-      "redirect_url": "/windows/configuration/kiosk-shared-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/kiosk-shared-pc.md",
-      "redirect_url": "/windows/configuration/kiosk-methods",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/setup-kiosk-digital-signage.md",
-      "redirect_url": "/windows/configuration/kiosk-single-app",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/multi-app-kiosk-xml.md",
-      "redirect_url": "/windows/configuration/kiosk-xml",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/multi-app-kiosk-troubleshoot.md",
-      "redirect_url": "/windows/configuration/kiosk-troubleshoot",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/lock-down-windows-10-to-specific-apps.md",
-      "redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/lock-down-windows-10.md",
-      "redirect_url": "/windows/configuration/lock-down-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/lockdown-features-windows-10.md",
-      "redirect_url": "/windows/configuration/lockdown-features-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/lockdown-xml.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/manage-connections-from-windows-operating-system-components-to-microsoft-services.md",
-      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/manage-tips-and-suggestions.md",
-      "redirect_url": "/windows/configuration/manage-tips-and-suggestions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/manage-wifi-sense-in-enterprise.md",
-      "redirect_url": "/windows/configuration/manage-wifi-sense-in-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/mobile-lockdown-designer.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/product-ids-in-windows-10-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provision-pcs-for-initial-deployment.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provision-pcs-with-apps-and-certificates.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provision-pcs-with-apps.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-apply-package.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-apply-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-command-line.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-command-line",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-configure-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-create-package.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-create-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-how-it-works.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-install-icd.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-install-icd",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-multivariant.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-multivariant",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-nfc.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-package-splitter.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-packages.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-powershell.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-script-to-install-app.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-script-to-install-app",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/provisioning-uninstall-package.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-uninstall-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/set-up-a-device-for-anyone-to-use.md",
-      "redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
-      "redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
-      "redirect_url": "/windows/configuration/setup-kiosk-digital-signage",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/set-up-shared-or-guest-pc.md",
-      "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/settings-that-can-be-locked-down.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/start-layout-xml-desktop.md",
-      "redirect_url": "/windows/configuration/start-layout-xml-desktop",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/start-layout-xml-mobile.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/start-secondary-tiles.md",
-      "redirect_url": "/windows/configuration/start-secondary-tiles",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/start-taskbar-lockscreen.md",
-      "redirect_url": "/windows/configuration/start-taskbar-lockscreen",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/start-taskbar-lockscreen.md",
-      "redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/stop-employees-from-using-the-windows-store.md",
-      "redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/windows-10-start-layout-options-and-policies.md",
-      "redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/windows-diagnostic-data-1703.md",
-      "redirect_url": "/windows/configuration/windows-diagnostic-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/windows-spotlight.md",
-      "redirect_url": "/windows/configuration/windows-spotlight",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/windows-spotlight.md",
-      "redirect_url": "/windows/configuration/windows-spotlight",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/activate-forest-by-proxy-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/activate-forest-by-proxy-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/activate-forest-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/activate-forest-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/activate-using-active-directory-based-activation-client.md",
-      "redirect_url": "/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/activate-using-key-management-service-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/activate-using-key-management-service-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/activate-windows-10-clients-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/activate-windows-10-clients-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/active-directory-based-activation-overview.md",
-      "redirect_url": "/windows/deployment/volume-activation/active-directory-based-activation-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/add-manage-products-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/add-manage-products-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/add-remove-computers-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/add-remove-computers-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/add-remove-product-key-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/add-remove-product-key-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md",
-      "redirect_url": "/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/assign-applications-using-roles-in-mdt-2013.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt-2013",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/assign-applications-using-roles-in-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/change-history-for-deploy-windows-10.md",
-      "redirect_url": "/windows/deployment/change-history-for-deploy-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-a-pxe-server-to-load-windows-pe.md",
-      "redirect_url": "/windows/deployment/configure-a-pxe-server-to-load-windows-pe",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-client-computers-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/configure-client-computers-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-mdt-2013-for-userexit-scripts.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-2013-for-userexit-scripts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-mdt-2013-settings.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-2013-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-mdt-deployment-share-rules.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-mdt-for-userexit-scripts.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/configure-mdt-settings.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/configure-mdt-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/create-a-windows-10-reference-image.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/deploy-a-windows-10-image-using-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/deploy-whats-new.md",
-      "redirect_url": "/windows/deployment/deploy-whats-new",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/deploy-windows-to-go.md",
-      "redirect_url": "/windows/deployment/deploy-windows-to-go",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/getting-started-with-the-user-state-migration-tool.md",
-      "redirect_url": "/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/import-export-vamt-data.md",
-      "redirect_url": "/windows/deployment/volume-activation/import-export-vamt-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/install-configure-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/install-configure-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/install-kms-client-key-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/install-kms-client-key-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/install-product-key-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/install-product-key-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/install-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/install-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/introduction-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/introduction-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/key-features-in-mdt-2013.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/key-features-in-mdt-2013",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/key-features-in-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/key-features-in-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/kms-activation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/kms-activation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/local-reactivation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/local-reactivation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/manage-activations-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/manage-activations-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/manage-product-keys-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/manage-product-keys-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/manage-vamt-data.md",
-      "redirect_url": "/windows/deployment/volume-activation/manage-vamt-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/manage-windows-upgrades-with-upgrade-readiness.md",
-      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/mbr-to-gpt.md",
-      "redirect_url": "/windows/deployment/mbr-to-gpt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/mdt-2013-lite-touch-components.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/mdt-2013-lite-touch-components",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/mdt-lite-touch-components.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/mdt-lite-touch-components",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/migrate-application-settings.md",
-      "redirect_url": "/windows/deployment/usmt/migrate-application-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/migration-store-types-overview.md",
-      "redirect_url": "/windows/deployment/usmt/migration-store-types-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/monitor-activation-client.md",
-      "redirect_url": "/windows/deployment/volume-activation/monitor-activation-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/offline-migration-reference.md",
-      "redirect_url": "/windows/deployment/usmt/offline-migration-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/online-activation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/online-activation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/plan-for-volume-activation-client.md",
-      "redirect_url": "/windows/deployment/volume-activation/plan-for-volume-activation-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt-2013",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/prepare-for-windows-deployment-with-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/proxy-activation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/proxy-activation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/refresh-a-windows-7-computer-with-windows-10.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/remove-products-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/remove-products-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/resolve-windows-10-upgrade-errors.md",
-      "redirect_url": "/windows/deployment/upgrade/resolve-windows-10-upgrade-errors",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/scenario-kms-activation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/scenario-kms-activation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/scenario-online-activation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/scenario-online-activation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/scenario-proxy-activation-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/scenario-proxy-activation-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/set-up-mdt-2013-for-bitlocker.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/set-up-mdt-2013-for-bitlocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/set-up-mdt-for-bitlocker.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/sideload-apps-in-windows-10.md",
-      "redirect_url": "/windows/application-management/sideload-apps-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/troubleshoot-upgrade-analytics.md",
-      "redirect_url": "/windows/deployment/upgrade/troubleshoot-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/troubleshoot-upgrade-readiness.md",
-      "redirect_url": "/windows/deployment/upgrade/troubleshoot-upgrade-readiness",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/understanding-migration-xml-files.md",
-      "redirect_url": "/windows/deployment/usmt/understanding-migration-xml-files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/update-product-status-vamt.md",
-      "redirect_url": "/windows/deployment/volume-activation/update-product-status-vamt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-additional-insights.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-additional-insights",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-architecture.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-architecture",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-deploy-windows.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deploy-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-deployment-script.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deployment-script",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-get-started.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-identify-apps.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-identify-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-requirements.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-resolve-issues.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-resolve-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-analytics-upgrade-overview.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-upgrade-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-additional-insights.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-additional-insights",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-architecture.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-architecture",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-deploy-windows.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deploy-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-deployment-script.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-deployment-script",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-get-started.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-identify-apps.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-identify-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-release-notes.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-release-notes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-requirements.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-resolve-issues.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-resolve-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-upgrade-overview.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-upgrade-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md",
-      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt-2013",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-orchestrator-runbooks-with-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-the-volume-activation-management-tool-client.md",
-      "redirect_url": "/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md",
-      "redirect_url": "/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md",
-      "redirect_url": "/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-vamt-in-windows-powershell.md",
-      "redirect_url": "/windows/deployment/volume-activation/use-vamt-in-windows-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-web-services-in-mdt-2013.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt-2013",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/use-web-services-in-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-best-practices.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-best-practices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-choose-migration-store-type.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-choose-migration-store-type",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-command-line-syntax.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-command-line-syntax",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-common-issues.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-common-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-common-migration-scenarios.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-common-migration-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-configxml-file.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-configxml-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-conflicts-and-precedence.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-conflicts-and-precedence",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-custom-xml-examples.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-custom-xml-examples",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-customize-xml-files.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-customize-xml-files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-determine-what-to-migrate.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-determine-what-to-migrate",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-estimate-migration-store-size.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-estimate-migration-store-size",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-exclude-files-and-settings.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-exclude-files-and-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-faq.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-general-conventions.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-general-conventions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-hard-link-migration-store.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-hard-link-migration-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-how-it-works.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-how-it-works",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-how-to.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-how-to",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-identify-application-settings.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-identify-application-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-identify-file-types-files-and-folders.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-identify-file-types-files-and-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-identify-operating-system-settings.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-identify-operating-system-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-identify-users.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-identify-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-include-files-and-settings.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-include-files-and-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-loadstate-syntax.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-loadstate-syntax",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-log-files.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-log-files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-migrate-efs-files-and-certificates.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-migrate-user-accounts.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-migrate-user-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-migration-store-encryption.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-migration-store-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-overview.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-plan-your-migration.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-plan-your-migration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-recognized-environment-variables.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-recognized-environment-variables",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-reference.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-requirements.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-reroute-files-and-settings.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-reroute-files-and-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-resources.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-return-codes.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-return-codes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-scanstate-syntax.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-scanstate-syntax",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-technical-reference.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-technical-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-test-your-migration.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-test-your-migration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-topics.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-topics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-troubleshooting.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-utilities.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-utilities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-what-does-usmt-migrate.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-what-does-usmt-migrate",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-xml-elements-library.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-xml-elements-library",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/usmt-xml-reference.md",
-      "redirect_url": "/windows/deployment/usmt/usmt-xml-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/vamt-known-issues.md",
-      "redirect_url": "/windows/deployment/volume-activation/vamt-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/vamt-requirements.md",
-      "redirect_url": "/windows/deployment/volume-activation/vamt-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/vamt-step-by-step.md",
-      "redirect_url": "/windows/deployment/volume-activation/vamt-step-by-step",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/verify-the-condition-of-a-compressed-migration-store.md",
-      "redirect_url": "/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/volume-activation-management-tool.md",
-      "redirect_url": "/windows/deployment/volume-activation/volume-activation-management-tool",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/volume-activation-windows-10.md",
-      "redirect_url": "/windows/deployment/volume-activation/volume-activation-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-deployment-scenarios.md",
-      "redirect_url": "/windows/deployment/windows-10-deployment-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-deployment-tools-reference.md",
-      "redirect_url": "/windows/deployment/windows-10-deployment-tools-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-edition-upgrades.md",
-      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-enterprise-e3-overview.md",
-      "redirect_url": "/windows/deployment/windows-10-enterprise-e3-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-poc-mdt.md",
-      "redirect_url": "/windows/deployment/windows-10-poc-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-poc-sc-config-mgr.md",
-      "redirect_url": "/windows/deployment/windows-10-poc-sc-config-mgr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-poc.md",
-      "redirect_url": "/windows/deployment/windows-10-poc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-10-upgrade-paths.md",
-      "redirect_url": "/windows/deployment/upgrade/windows-10-upgrade-paths",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-adk-scenarios-for-it-pros.md",
-      "redirect_url": "/windows/deployment/windows-adk-scenarios-for-it-pros",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-deployment-scenarios-and-tools.md",
-      "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/windows-upgrade-and-migration-considerations.md",
-      "redirect_url": "/windows/deployment/upgrade/windows-upgrade-and-migration-considerations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/xml-file-requirements.md",
-      "redirect_url": "/windows/deployment/usmt/xml-file-requirements",
+      "source_path": "windows/index.md",
+      "redirect_url": "/windows/windows-10/index",
       "redirect_document_id": false
     },
     {
@@ -9265,6 +5050,16 @@
       "redirect_url": "/windows/access-protection/access-control/active-directory-security-groups",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md",
+      "redirect_url": "/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj635854(v=ws.11)",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md",
       "redirect_url": "/windows/access-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
@@ -9285,6 +5080,11 @@
       "redirect_url": "/windows/device-security/security-policy-settings/add-workstations-to-domain",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/additional-mitigations.md",
       "redirect_url": "/windows/access-protection/credential-guard/additional-mitigations",
@@ -9305,6 +5105,11 @@
       "redirect_url": "/windows/device-security/security-policy-settings/administer-security-policy-settings",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/advanced-security-audit-policy-settings.md",
       "redirect_url": "/windows/device-security/auditing/advanced-security-audit-policy-settings",
@@ -9405,6 +5210,11 @@
       "redirect_url": "/windows/device-security/auditing/apply-a-basic-audit-policy-on-a-file-or-folder",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/assign-security-group-filters-to-the-gpo.md",
       "redirect_url": "/windows/access-protection/windows-firewall/assign-security-group-filters-to-the-gpo",
@@ -9835,11 +5645,6 @@
       "redirect_url": "/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/keep-secure/bitlocker-overview.md",
-      "redirect_url": "/windows/device-security/bitlocker/bitlocker-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/keep-secure/bitlocker-recovery-guide-plan.md",
       "redirect_url": "/windows/device-security/bitlocker/bitlocker-recovery-guide-plan",
@@ -9885,6 +5690,11 @@
       "redirect_url": "/windows/access-protection/windows-firewall/certificate-based-isolation-policy-design",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/change-history-for-keep-windows-10-secure.md",
+      "redirect_url": "/windows/windows-10/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/change-rules-from-request-to-require-mode.md",
       "redirect_url": "/windows/access-protection/windows-firewall/change-rules-from-request-to-require-mode",
@@ -9985,6 +5795,11 @@
       "redirect_url": "/windows/device-security/bitlocker/choose-the-right-bitlocker-countermeasure",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/command-line-arguments-windows-defender-antivirus.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
@@ -9995,6 +5810,11 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/configure-advanced-scan-types-windows-defender-antivirus.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus",
@@ -10010,6 +5830,11 @@
       "redirect_url": "/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/configure-authentication-methods.md",
       "redirect_url": "/windows/access-protection/windows-firewall/configure-authentication-methods",
@@ -10060,6 +5885,11 @@
       "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/configure-exceptions-for-an-applocker-rule.md",
       "redirect_url": "/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule",
@@ -10175,6 +6005,11 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
       "redirect_url": "/windows/access-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
@@ -10280,6 +6115,16 @@
       "redirect_url": "/windows/device-security/applocker/create-applocker-default-rules",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/create-edp-policy-using-intune.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/create-edp-policy-using-sccm.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/create-global-objects.md",
       "redirect_url": "/windows/device-security/security-policy-settings/create-global-objects",
@@ -10305,6 +6150,11 @@
       "redirect_url": "/windows/device-security/security-policy-settings/create-symbolic-links",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/create-vpn-and-edp-policy-using-intune.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/create-vpn-and-wip-policy-using-intune.md",
       "redirect_url": "/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune",
@@ -10340,6 +6190,11 @@
       "redirect_url": "/windows/device-security/applocker/create-your-applocker-rules",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md",
+      "redirect_url": "/windows/device-security/device-guard/device-guard-deployment-guide",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/credential-guard-considerations.md",
       "redirect_url": "/windows/access-protection/credential-guard/credential-guard-considerations",
@@ -10480,11 +6335,21 @@
       "redirect_url": "/windows/device-security/device-guard/deploy-device-guard-enable-virtualization-based-security",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/deploy-edp-policy-using-intune.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/deploy-manage-report-windows-defender-antivirus.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/deploy-managed-installer-for-device-guard.md",
+      "redirect_url": "/windows/device-security/device-guard/deploy-managed-installer-for-device-guard",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/deploy-the-applocker-policy-into-production.md",
       "redirect_url": "/windows/device-security/applocker/deploy-the-applocker-policy-into-production",
@@ -10535,6 +6400,11 @@
       "redirect_url": "/windows/access-protection/windows-firewall/determining-the-trusted-state-of-your-devices",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/device-guard-certification-and-compliance.md",
+      "redirect_url": "/windows/device-security/device-guard/device-guard-deployment-guide",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/device-guard-deployment-guide.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
@@ -10685,6 +6555,11 @@
       "redirect_url": "/windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-enable-phone-signin",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/enable-predefined-inbound-rules.md",
       "redirect_url": "/windows/access-protection/windows-firewall/enable-predefined-inbound-rules",
@@ -10695,6 +6570,16 @@
       "redirect_url": "/windows/access-protection/windows-firewall/enable-predefined-outbound-rules",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/enable-pua-windows-defender-for-windows-10.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/enable-the-dll-rule-collection.md",
       "redirect_url": "/windows/device-security/applocker/enable-the-dll-rule-collection",
@@ -10730,6 +6615,11 @@
       "redirect_url": "/windows/device-security/security-policy-settings/enforce-user-logon-restrictions",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/enlightened-microsoft-apps-and-edp.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/enlightened-microsoft-apps-and-wip.md",
       "redirect_url": "/windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
@@ -12060,6 +7950,16 @@
       "redirect_url": "/windows/device-security/security-policy-settings/generate-security-audits",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/get-started-with-windows-defender-for-windows-10.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md",
+      "redirect_url": "/windows/device-security/device-guard/device-guard-deployment-guide",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/gpo-domiso-boundary.md",
       "redirect_url": "/windows/access-protection/windows-firewall/gpo-domiso-boundary",
@@ -12085,6 +7985,11 @@
       "redirect_url": "/windows/access-protection/windows-firewall/gpo-domiso-isolateddomain-servers",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/guidance-and-best-practices-edp.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/guidance-and-best-practices-wip.md",
       "redirect_url": "/windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip",
@@ -12100,6 +8005,11 @@
       "redirect_url": "/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/hello-enable-phone-signin.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/hello-errors-during-pin-creation.md",
       "redirect_url": "/windows/access-protection/hello-for-business/hello-errors-during-pin-creation",
@@ -12165,6 +8075,11 @@
       "redirect_url": "/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/implement-microsoft-passport-in-your-organization.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-manage-in-organization",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
       "redirect_url": "/windows/access-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
@@ -12190,6 +8105,16 @@
       "redirect_url": "/windows/device-security/security-policy-settings/increase-scheduling-priority",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/index.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/index.md",
+      "redirect_url": "/windows/windows-10/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md",
       "redirect_url": "/windows/device-security/tpm/initialize-and-configure-ownership-of-the-tpm",
@@ -12380,6 +8305,11 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/manage-identity-verification-using-microsoft-passport.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/manage-outdated-endpoints-windows-defender-antivirus.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
@@ -12515,6 +8445,21 @@
       "redirect_url": "/windows/device-security/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/microsoft-passport-and-password-changes.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-and-password-changes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/microsoft-passport-errors-during-pin-creation.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-errors-during-pin-creation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/microsoft-passport-guide.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/minimum-password-age.md",
       "redirect_url": "/windows/device-security/security-policy-settings/minimum-password-age",
@@ -12560,6 +8505,11 @@
       "redirect_url": "/windows/device-security/auditing/monitor-claim-types",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/monitor-resource-attribute-definitions.md",
       "redirect_url": "/windows/device-security/auditing/monitor-resource-attribute-definitions",
@@ -12735,6 +8685,11 @@
       "redirect_url": "/windows/device-security/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md",
       "redirect_url": "/windows/access-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
@@ -12775,6 +8730,11 @@
       "redirect_url": "/windows/threat-protection/override-mitigation-options-for-app-related-security-policies",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/overview-create-edp-policy.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/overview-create-wip-policy.md",
       "redirect_url": "/windows/threat-protection/windows-information-protection/overview-create-wip-policy",
@@ -12790,6 +8750,11 @@
       "redirect_url": "/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/passport-event-300.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-event-300",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/password-must-meet-complexity-requirements.md",
       "redirect_url": "/windows/device-security/security-policy-settings/password-must-meet-complexity-requirements",
@@ -12885,6 +8850,16 @@
       "redirect_url": "/windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/prepare-people-to-use-microsoft-passport.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-prepare-people-to-use",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md",
       "redirect_url": "/windows/device-security/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies",
@@ -12930,6 +8905,11 @@
       "redirect_url": "/windows/access-protection/windows-firewall/protect-devices-from-unwanted-network-traffic",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/protect-enterprise-data-using-edp.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/protect-enterprise-data-using-wip.md",
       "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
@@ -13035,6 +9015,11 @@
       "redirect_url": "/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/restore-files-and-directories.md",
       "redirect_url": "/windows/device-security/security-policy-settings/restore-files-and-directories",
@@ -13060,6 +9045,11 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/run-scan-windows-defender-antivirus.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
@@ -13125,6 +9115,11 @@
       "redirect_url": "/windows/access-protection/access-control/security-principals",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/security-technologies.md",
+      "redirect_url": "/windows/windows-10/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/select-types-of-rules-to-create.md",
       "redirect_url": "/windows/device-security/applocker/select-types-of-rules-to-create",
@@ -13305,6 +9300,11 @@
       "redirect_url": "/windows/device-security/applocker/test-and-update-an-applocker-policy",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/testing-scenarios-for-edp.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/testing-scenarios-for-wip.md",
       "redirect_url": "/windows/threat-protection/windows-information-protection/testing-scenarios-for-wip",
@@ -13345,6 +9345,21 @@
       "redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/troubleshoot-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/trusted-platform-module-overview.md",
       "redirect_url": "/windows/device-security/tpm/trusted-platform-module-overview",
@@ -13470,6 +9485,11 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md",
       "redirect_url": "/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets",
@@ -13685,11 +9705,26 @@
       "redirect_url": "/windows/device-security/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/why-a-pin-is-better-than-a-password.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/windows-10-enterprise-security-guides.md",
+      "redirect_url": "/windows/windows-10/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/windows-10-mobile-security-guide.md",
       "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/windows-10-security-guide.md",
+      "redirect_url": "/windows/threat-protection/overview-of-threat-mitigations-in-windows-10",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/windows-credential-theft-mitigation-guide-abstract.md",
       "redirect_url": "/windows/access-protection/windows-credential-theft-mitigation-guide-abstract",
@@ -13715,6 +9750,21 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/windows-defender-block-at-first-sight.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/windows-defender-enhanced-notifications.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/keep-secure/windows-defender-in-windows-10.md",
+      "redirect_url": "/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/windows-defender-offline.md",
       "redirect_url": "/microsoft-365/security/defender-endpoint/windows-defender-offline",
@@ -13760,6 +9810,11 @@
       "redirect_url": "/windows/access-protection/windows-firewall/windows-firewall-with-advanced-security",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/windows-hello-in-enterprise.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-biometrics-in-enterprise",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/windows-installer-rules-in-applocker.md",
       "redirect_url": "/windows/device-security/applocker/windows-installer-rules-in-applocker",
@@ -13775,6 +9830,11 @@
       "redirect_url": "/windows/threat-protection/windows-information-protection/wip-app-enterprise-context",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/keep-secure/wip-enterprise-overview.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/working-with-applocker-policies.md",
       "redirect_url": "/windows/device-security/applocker/working-with-applocker-policies",
@@ -13790,11 +9850,6 @@
       "redirect_url": "/microsoft-store/acquire-apps-windows-store-for-business",
       "redirect_document_id": false
     },
-    {
-      "source_path": "store-for-business/acquire-apps-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/acquire-apps-microsoft-store-for-business",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/manage/add-unsigned-app-to-code-integrity-policy.md",
       "redirect_url": "/microsoft-store/add-unsigned-app-to-code-integrity-policy",
@@ -13805,24 +9860,39 @@
       "redirect_url": "/windows/client-management/administrative-tools-in-windows-10",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/app-inventory-managemement-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/app-inventory-management-windows-store-for-business.md",
       "redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/application-development-for-windows-as-a-service.md",
+      "redirect_url": "windows/uwp/updates-and-versions/application-development-for-windows-as-a-service",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/apps-in-windows-store-for-business.md",
       "redirect_url": "/microsoft-store/apps-in-windows-store-for-business",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/apps-in-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/apps-in-microsoft-store-for-business",
+      "source_path": "windows/manage/appv-about-appv.md",
+      "redirect_url": "/windows/application-management/app-v/appv-about-appv",
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/manage/appv-about-appv.md",
-      "redirect_url": "/windows/application-management/app-v/appv-about-appv",
+      "source_path": "windows/manage/appv-accessibility.md",
+      "redirect_url": "/windows/application-management/app-v/appv-getting-started",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/appv-accessing-the-client-management-console.md",
+      "redirect_url": "/windows/application-management/app-v/appv-using-the-client-management-console",
       "redirect_document_id": false
     },
     {
@@ -14090,6 +10160,11 @@
       "redirect_url": "/windows/application-management/app-v/appv-high-level-architecture",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md",
+      "redirect_url": "/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md",
       "redirect_url": "/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell",
@@ -14160,6 +10235,11 @@
       "redirect_url": "/windows/application-management/app-v/appv-modify-client-configuration-with-powershell",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md",
+      "redirect_url": "/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/appv-move-the-appv-server-to-another-computer.md",
       "redirect_url": "/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer",
@@ -14200,6 +10280,11 @@
       "redirect_url": "/windows/application-management/app-v/appv-planning-for-high-availability-with-appv",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md",
+      "redirect_url": "/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/appv-planning-for-sequencer-and-client-deployment.md",
       "redirect_url": "/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment",
@@ -14325,14 +10410,39 @@
       "redirect_url": "/microsoft-store/assign-apps-to-employees",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/change-history-for-manage-and-update-windows-10.md",
+      "redirect_url": "/windows/windows-10/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/changes-to-start-policies-in-windows-10.md",
+      "redirect_url": "/windows/configuration/changes-to-start-policies-in-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/configure-devices-without-mdm.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/configure-mdm-provider-windows-store-for-business.md",
       "redirect_url": "/microsoft-store/configure-mdm-provider-windows-store-for-business",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/configure-mdm-provider-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/configure-mdm-provider-microsoft-store-for-business",
+      "source_path": "windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md",
+      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/configure-windows-10-taskbar.md",
+      "redirect_url": "/windows/configuration//configure-windows-10-taskbar",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/configure-windows-telemetry-in-your-organization.md",
+      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
       "redirect_document_id": false
     },
     {
@@ -14340,11 +10450,111 @@
       "redirect_url": "/windows/client-management/connect-to-remote-aadj-pc",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/cortana-at-work-crm.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-crm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-feedback.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-feedback",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-o365.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-o365",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-overview.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-policy-settings.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-powerbi.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-powerbi",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-1.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-1",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-2.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-2",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-3.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-3",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-4.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-4",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-5.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-6.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-6",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-scenario-7.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-scenario-7",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-testing-scenarios.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/cortana-at-work-voice-commands.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-voice-commands",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/customize-and-export-start-layout.md",
+      "redirect_url": "/windows/configuration//customize-and-export-start-layout",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/customize-windows-10-start-screens-by-using-group-policy.md",
+      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md",
+      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
+      "redirect_url": "/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/device-guard-signing-portal.md",
       "redirect_url": "/microsoft-store/device-guard-signing-portal",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/disconnect-your-organization-from-microsoft.md",
+      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/distribute-apps-from-your-private-store.md",
       "redirect_url": "/microsoft-store/distribute-apps-from-your-private-store",
@@ -14355,11 +10565,6 @@
       "redirect_url": "/microsoft-store/distribute-apps-to-your-employees-windows-store-for-business",
       "redirect_document_id": false
     },
-    {
-      "source_path": "store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/manage/distribute-apps-with-management-tool.md",
       "redirect_url": "/microsoft-store/distribute-apps-with-management-tool",
@@ -14380,11 +10585,51 @@
       "redirect_url": "/windows/client-management/group-policies-for-enterprise-and-education-editions",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/guidelines-for-assigned-access-app.md",
+      "redirect_url": "/windows/configuration/guidelines-for-assigned-access-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/how-it-pros-can-use-configuration-service-providers.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/index.md",
+      "redirect_url": "/windows/windows-10/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/introduction-to-windows-10-servicing.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/join-windows-10-mobile-to-azure-active-directory.md",
       "redirect_url": "/windows/client-management/join-windows-10-mobile-to-azure-active-directory",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/lock-down-windows-10-to-specific-apps.md",
+      "redirect_url": "/windows/configuration/lock-down-windows-10-to-specific-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/lock-down-windows-10.md",
+      "redirect_url": "/windows/configuration/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/lockdown-features-windows-10.md",
+      "redirect_url": "/windows/configuration/lockdown-features-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/lockdown-xml.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/manage-access-to-private-store.md",
       "redirect_url": "/microsoft-store/manage-access-to-private-store",
@@ -14396,8 +10641,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/manage-apps-windows-store-for-business-overview.md",
-      "redirect_url": "/microsoft-store/manage-apps-microsoft-store-for-business-overview",
+      "source_path": "windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md",
+      "redirect_url": "/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services",
       "redirect_document_id": false
     },
     {
@@ -14406,13 +10651,18 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "windows/manage/manage-orders-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/manage-orders-windows-store-for-business",
+      "source_path": "windows/manage/manage-cortana-in-enterprise.md",
+      "redirect_url": "/windows/configuration/cortana-at-work/cortana-at-work-overview",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/manage-orders-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/manage-orders-microsoft-store-for-business",
+      "source_path": "windows/manage/manage-inventory-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/app-inventory-management-windows-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/manage-orders-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/manage-orders-windows-store-for-business",
       "redirect_document_id": false
     },
     {
@@ -14420,14 +10670,19 @@
       "redirect_url": "/microsoft-store/manage-private-store-settings",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/manage-settings-app-with-group-policy.md",
+      "redirect_url": "/windows/client-management/manage-settings-app-with-group-policy",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/manage-settings-windows-store-for-business.md",
       "redirect_url": "/microsoft-store/manage-settings-windows-store-for-business",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/manage-settings-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/manage-settings-microsoft-store-for-business",
+      "source_path": "windows/manage/manage-tips-and-suggestions.md",
+      "redirect_url": "/windows/configuration/manage-tips-and-suggestions",
       "redirect_document_id": false
     },
     {
@@ -14436,8 +10691,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/manage-users-and-groups-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/manage-users-and-groups-microsoft-store-for-business",
+      "source_path": "windows/manage/manage-wifi-sense-in-enterprise.md",
+      "redirect_url": "/windows/configuration/manage-wifi-sense-in-enterprise",
       "redirect_document_id": false
     },
     {
@@ -14461,13 +10716,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/prerequisites-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/prerequisites-microsoft-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md",
-      "redirect_url": "/microsoft-store/index",
+      "source_path": "windows/manage/product-ids-in-windows-10-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
@@ -14481,8 +10731,23 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/roles-and-permissions-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/roles-and-permissions-microsoft-store-for-business",
+      "source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
+      "redirect_url": "/windows/configuration/kiosk-shared-pc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
+      "redirect_url": "/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/set-up-shared-or-guest-pc.md",
+      "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
       "redirect_document_id": false
     },
     {
@@ -14491,8 +10756,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/settings-reference-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/settings-reference-microsoft-store-for-business",
+      "source_path": "windows/manage/settings-that-can-be-locked-down.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
       "redirect_document_id": false
     },
     {
@@ -14505,19 +10770,24 @@
       "redirect_url": "/microsoft-store/sign-up-windows-store-for-business-overview",
       "redirect_document_id": false
     },
-    {
-      "source_path": "store-for-business/sign-up-windows-store-for-business-overview.md",
-      "redirect_url": "/microsoft-store/sign-up-microsoft-store-for-business-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/manage/sign-up-windows-store-for-business.md",
       "redirect_url": "/microsoft-store/index",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/sign-up-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/index",
+      "source_path": "windows/manage/start-layout-xml-desktop.md",
+      "redirect_url": "/windows/configuration/start-layout-xml-desktop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/start-layout-xml-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/stop-employees-from-using-the-windows-store.md",
+      "redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store",
       "redirect_document_id": false
     },
     {
@@ -14526,8 +10796,8 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/troubleshoot-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/troubleshoot-microsoft-store-for-business",
+      "source_path": "windows/manage/uev-accessibility.md",
+      "redirect_url": "/windows/configuration/ue-v/uev-for-windows",
       "redirect_document_id": false
     },
     {
@@ -14610,6 +10880,11 @@
       "redirect_url": "/windows/configuration/ue-v/uev-prepare-for-deployment",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/uev-privacy-statement.md",
+      "redirect_url": "/windows/configuration/ue-v/uev-security-considerations",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/uev-release-notes-1607.md",
       "redirect_url": "/windows/configuration/ue-v/uev-release-notes-1607",
@@ -14665,19 +10940,114 @@
       "redirect_url": "/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/update-compliance-get-started.md",
+      "redirect_url": "/windows/deployment/update/update-compliance-get-started",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/update-compliance-monitor.md",
+      "redirect_url": "/windows/deployment/update/update-compliance-monitor",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/update-compliance-using.md",
+      "redirect_url": "/windows/deployment/update/update-compliance-using",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/update-windows-store-for-business-account-settings.md",
       "redirect_url": "/microsoft-store/update-windows-store-for-business-account-settings",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/update-windows-store-for-business-account-settings.md",
-      "redirect_url": "/microsoft-store/update-microsoft-store-for-business-account-settings",
+      "source_path": "windows/manage/waas-branchcache.md",
+      "redirect_url": "/windows/deployment/update/waas-branchcache",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/work-with-partner-microsoft-store-business.md",
-      "redirect_url": "/microsoft-365/commerce/manage-partners",
+      "source_path": "windows/manage/waas-configure-wufb.md",
+      "redirect_url": "/windows/deployment/update/waas-configure-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-delivery-optimization.md",
+      "redirect_url": "/windows/deployment/update/waas-delivery-optimization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-deployment-rings-windows-10-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-deployment-rings-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-integrate-wufb.md",
+      "redirect_url": "/windows/deployment/update/waas-integrate-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-manage-updates-configuration-manager.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-manage-updates-wsus.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wsus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-manage-updates-wufb.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-mobile-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-mobile-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-optimize-windows-10-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-optimize-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-overview.md",
+      "redirect_url": "/windows/deployment/update/waas-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-quick-start.md",
+      "redirect_url": "/windows/deployment/update/waas-quick-start",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-restart.md",
+      "redirect_url": "/windows/deployment/update/waas-restart",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-servicing-branches-windows-10-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-servicing-branches-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-servicing-strategy-windows-10-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-update-windows-10.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-wufb-group-policy.md",
+      "redirect_url": "/windows/deployment/update/waas-wufb-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/manage/waas-wufb-intune.md",
+      "redirect_url": "/windows/deployment/update/waas-wufb-intune",
       "redirect_document_id": false
     },
     {
@@ -14685,24 +11055,139 @@
       "redirect_url": "/windows/client-management/windows-10-mobile-and-mdm",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/windows-10-start-layout-options-and-policies.md",
+      "redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/windows-libraries.md",
       "redirect_url": "/windows/client-management/windows-libraries",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/windows-spotlight.md",
+      "redirect_url": "/windows/configuration/windows-spotlight",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/windows-store-for-business-overview.md",
       "redirect_url": "/microsoft-store/windows-store-for-business-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/manage/windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/index",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/manage/working-with-line-of-business-apps.md",
       "redirect_url": "/microsoft-store/working-with-line-of-business-apps",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/act-community-ratings-and-process.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-database-configuration.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-database-migration.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-deployment-options.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-glossary.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-lps-share-permissions.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-operatingsystem-application-report.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-operatingsystem-computer-report.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-operatingsystem-device-report.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-product-and-documentation-resources.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-settings-dialog-box-preferences-tab.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-settings-dialog-box-settings-tab.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/act-technical-reference.md",
-      "redirect_url": "/windows/deployment/planning/act-technical-reference",
+      "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-toolbar-icons-in-acm.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-tools-packages-and-services.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/act-user-interface-reference.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/activating-and-closing-windows-in-acm.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/adding-or-editing-a-solution.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/adding-or-editing-an-issue.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/analyzing-your-compatibility-data.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/application-dialog-box.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
       "redirect_document_id": false
     },
     {
@@ -14720,11 +11205,26 @@
       "redirect_url": "/windows/deployment/planning/best-practice-recommendations-for-windows-to-go",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/categorizing-your-compatibility-data.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/change-history-for-plan-for-windows-10-deployment.md",
       "redirect_url": "/windows/deployment/planning/change-history-for-plan-for-windows-10-deployment",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/chromebook-migration-guide.md",
+      "redirect_url": "education/windows/chromebook-migration-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/common-compatibility-issues.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/compatibility-administrator-users-guide.md",
       "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide",
@@ -14740,6 +11240,21 @@
       "redirect_url": "/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/compatibility-monitor-users-guide.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/computer-dialog-box.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/configuring-act.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/creating-a-custom-compatibility-fix-in-compatibility-administrator.md",
       "redirect_url": "/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator",
@@ -14750,11 +11265,71 @@
       "redirect_url": "/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/creating-a-runtime-analysis-package.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/creating-an-apphelp-message-in-compatibility-administrator.md",
       "redirect_url": "/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/creating-an-enterprise-environment-for-compatibility-testing.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/creating-an-inventory-collector-package.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/creating-and-editing-issues-and-solutions.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/customizing-your-report-views.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/data-sent-through-the-microsoft-compatibility-exchange.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/deciding-whether-to-fix-an-application-or-deploy-a-workaround.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/deciding-which-applications-to-test.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/deleting-a-data-collection-package.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/deploy-windows-10-in-a-school.md",
+      "redirect_url": "/edu/windows/deploy-windows-10-in-a-school",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/deploying-a-runtime-analysis-package.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/deploying-an-inventory-collector-package.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/deployment-considerations-for-windows-to-go.md",
       "redirect_url": "/windows/deployment/planning/deployment-considerations-for-windows-to-go",
@@ -14770,26 +11345,111 @@
       "redirect_url": "/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/example-filter-queries.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/exporting-a-data-collection-package.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/filtering-your-compatibility-data.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/fixing-applications-by-using-the-sua-tool.md",
       "redirect_url": "/windows/deployment/planning/fixing-applications-by-using-the-sua-tool",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/fixing-compatibility-issues.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/identifying-computers-for-inventory-collection.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/index.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md",
       "redirect_url": "/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/integration-with-management-solutions-.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/internet-explorer-web-site-report.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/labeling-data-in-acm.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/log-file-locations-for-data-collection-packages.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/managing-application-compatibility-fixes-and-custom-fix-databases.md",
       "redirect_url": "/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/managing-your-data-collection-packages.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/organizational-tasks-for-each-report-type.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/organizing-your-compatibility-data.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/prepare-your-organization-for-windows-to-go.md",
       "redirect_url": "/windows/deployment/planning/prepare-your-organization-for-windows-to-go",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/prioritizing-your-compatibility-data.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/ratings-icons-in-acm.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/resolving-an-issue.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/saving-opening-and-exporting-reports.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/searching-for-fixed-applications-in-compatibility-administrator.md",
       "redirect_url": "/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator",
@@ -14805,11 +11465,51 @@
       "redirect_url": "/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/selecting-the-send-and-receive-status-for-an-application.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/selecting-your-compatibility-rating.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/selecting-your-deployment-status.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/sending-and-receiving-compatibility-data.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/settings-for-acm.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/setup-and-deployment.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/showing-messages-generated-by-the-sua-tool.md",
       "redirect_url": "/windows/deployment/planning/showing-messages-generated-by-the-sua-tool",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/software-requirements-for-act.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/software-requirements-for-rap.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/sua-users-guide.md",
       "redirect_url": "/windows/deployment/planning/sua-users-guide",
@@ -14820,16 +11520,56 @@
       "redirect_url": "/windows/deployment/planning/tabs-on-the-sua-tool-interface",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/taking-inventory-of-your-organization.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/testing-compatibility-on-the-target-platform.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/testing-your-application-mitigation-packages.md",
       "redirect_url": "/windows/deployment/planning/testing-your-application-mitigation-packages",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/troubleshooting-act-database-issues.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/troubleshooting-act.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/troubleshooting-the-act-configuration-wizard.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/troubleshooting-the-act-log-processing-service.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/understanding-and-using-compatibility-fixes.md",
       "redirect_url": "/windows/deployment/planning/understanding-and-using-compatibility-fixes",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/using-act.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/using-compatibility-monitor-to-send-feedback.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/using-the-compatibility-administrator-tool.md",
       "redirect_url": "/windows/deployment/planning/using-the-compatibility-administrator-tool",
@@ -14855,6 +11595,26 @@
       "redirect_url": "/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/viewing-your-compatibility-reports.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/websiteurl-dialog-box.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/welcome-to-act.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/plan/whats-new-in-act-60.md",
+      "redirect_url": "/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/windows-10-compatibility.md",
       "redirect_url": "/windows/deployment/planning/windows-10-compatibility",
@@ -14870,11 +11630,21 @@
       "redirect_url": "/windows/deployment/planning/windows-10-enterprise-faq-itpro",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/windows-10-guidance-for-education-environments.md",
+      "redirect_url": "/education/windows",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/windows-10-infrastructure-requirements.md",
       "redirect_url": "/windows/deployment/planning/windows-10-infrastructure-requirements",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/windows-10-servicing-options.md",
+      "redirect_url": "/windows/deployment/update/waas-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/plan/windows-to-go-frequently-asked-questions.md",
       "redirect_url": "/windows/deployment/planning/windows-to-go-frequently-asked-questions",
@@ -14885,11 +11655,971 @@
       "redirect_url": "/windows/deployment/planning/windows-to-go-overview",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/plan/windows-update-for-business.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/release-information/resolved-issues-windows-10-1703.yml",
+      "redirect_url": "/windows/release-health/windows-message-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/release-information/status-windows-10-1703.yml",
+      "redirect_url": "/windows/release-health/windows-message-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/block-untrusted-fonts-in-enterprise.md",
+      "redirect_url": "/windows/security/threat-protection/block-untrusted-fonts-in-enterprise",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/change-history-for-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/change-history-for-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/how-hardware-based-containers-help-protect-windows.md",
+      "redirect_url": "/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/override-mitigation-options-for-app-related-security-policies.md",
+      "redirect_url": "/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/overview-of-threat-mitigations-in-windows-10.md",
+      "redirect_url": "/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/secure-the-windows-10-boot-process.md",
+      "redirect_url": "/windows/security/hardware-protection/secure-the-windows-10-boot-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md",
+      "redirect_url": "/windows/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md",
+      "redirect_url": "/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-diagnostic-data-update-compliance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-reporting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-offline.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-offline",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-guard/install-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-proxy-internet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/data-storage-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/event-error-codes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/production-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/whats-new-in-microsoft-defender-atp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md",
+      "redirect_url": "/windows/security/microsoft-defender-atp/customize-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/event-views",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/graphics.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/import-export-exploit-protection-emet-xml",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/prerelease.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prerelease",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-asr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-np",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-family-options.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/app-behavior-with-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/app-behavior-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-intune-azure.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/create-wip-policy-using-sccm.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/guidance-and-best-practices-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/limitations-with-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/limitations-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/mandatory-settings-for-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/overview-create-wip-policy-sccm.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/overview-create-wip-policy.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/overview-create-wip-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/recommended-network-definitions-for-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/testing-scenarios-for-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/using-owa-with-wip.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/using-owa-with-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/threat-protection/windows-information-protection/wip-app-enterprise-context.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/update/change-history-for-update-windows-10.md",
       "redirect_url": "/windows/deployment/update/change-history-for-update-windows-10",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/update/index.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/update/update-compliance-get-started.md",
       "redirect_url": "/windows/deployment/update/update-compliance-get-started",
@@ -14994,6466 +12724,6 @@
       "source_path": "windows/update/waas-wufb-group-policy.md",
       "redirect_url": "/windows/deployment/update/waas-wufb-group-policy",
       "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/manage-settings-app-with-group-policy.md",
-      "redirect_url": "/windows/client-management/manage-settings-app-with-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/create-a-custom-configuration-service-provider.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/design-a-custom-windows-csp.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/iconfigserviceprovider2.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/iconfigserviceprovider2getnode.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnode.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodeadd.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodeclear.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodecopy.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodedeletechild.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodedeleteproperty.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodeexecute.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodegetchildnodenames.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodegetproperty.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodegetpropertyidentifiers.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodegetvalue.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodemove.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodesetproperty.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodesetvalue.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspnodetransactioning.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/icspvalidate.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-surface-hub.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-iot-core",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-hololens2",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-admx-backed.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-admx-backed",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
-      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
-      "redirect_url": "/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/deploy-managed-installer-for-device-guard.md",
-      "redirect_url": "/windows/device-security/device-guard/deploy-managed-installer-for-device-guard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/upgrade-readiness-data-sharing.md",
-      "redirect_url": "/windows/deployment/upgrade/upgrade-readiness-data-sharing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/index.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/index.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy/index.md",
-      "redirect_url": "/windows/deployment/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/plan/index.md",
-      "redirect_url": "/windows/deployment/planning/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/index.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/update/index.md",
-      "redirect_url": "/windows/deployment/update/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configure/index.md",
-      "redirect_url": "/windows/configuration/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md",
-      "redirect_url": "/internet-explorer/kb-support/ie-edge-faqs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/security-technologies.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/index.md",
-      "redirect_url": "/education/get-started/get-started-with-microsoft-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/windows-10-enterprise-security-guides.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/keep-secure/change-history-for-keep-windows-10-secure.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/manage/change-history-for-manage-and-update-windows-10.md",
-      "redirect_url": "/windows/windows-10/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-servicing-branches-windows-10-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-servicing-channels-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-10-enterprise-activation-subscription.md",
-      "redirect_url": "/windows/deployment/windows-10-enterprise-subscription-activation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-10-auto-pilot.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-10-autopilot",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md",
-      "redirect_url": "/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1709.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields.md",
-      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/configure-windows-diagnostic-data-in-your-organization.md",
-      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/diagnostic-data-viewer-overview.md",
-      "redirect_url": "/windows/privacy/diagnostic-data-viewer-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md",
-      "redirect_url": "/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/gdpr-win10-whitepaper.md",
-      "redirect_url": "/windows/privacy/gdpr-win10-whitepaper",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md",
-      "redirect_url": "/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/manage-windows-endpoints-version-1709.md",
-      "redirect_url": "/windows/privacy/manage-windows-endpoints",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/windows-diagnostic-data-1703.md",
-      "redirect_url": "/windows/privacy/windows-diagnostic-data-1703",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/windows-diagnostic-data.md",
-      "redirect_url": "/windows/privacy/windows-diagnostic-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/windows-10-edition-downgrades.md",
-      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/windows-automatic-redeployment.md",
-      "redirect_url": "/education/windows/autopilot-reset",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-10-autopilot.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/manage-windows-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-2004-endpoints",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-full-sample-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-info-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-domain-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-files-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-ip-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-machine-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-statistics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/is-domain-seen-in-org",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-statistics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-statistics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/is-ip-seen-org",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machine-info-by-ip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineaction-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineactions-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-log-on-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineaction-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineactions-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-started.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-started",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started.md",
-      "redirect_url": "/windows/security/threat-protection/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-package-sas-uri",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/isolate-machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/unisolate-machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/unrestrict-code-execution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/restrict-code-execution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-api",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-ms-flow",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-power-bi-app-token",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-power-bi-user-token",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-python",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-av-scan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/stop-and-quarantine-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-user-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ti-indicators-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/initiate-autoir-investigation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-analytics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/create-alert-by-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/delete-ti-indicator-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machines-by-ip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machineaction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/machineactionsnote.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machineactionsnote",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machine-api",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/post-ti-indicator",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ti-indicator",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/update-alert",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/incidents-queue",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/view-incidents-queue",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-mdatp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-mdatp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/use-apis.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/user",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-1709-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-creators-update-deprecation.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-1703-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md",
-      "redirect_url": "/windows/deployment/windows-10-subscription-activation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/hub/windows-10-landing.yml",
-      "redirect_url": "/windows/windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/improve-request-performance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/user-driven-aad.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/user-driven",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/user-driven-hybrid.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/user-driven",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/intune-connector.md",
-      "redirect_url": "/intune/windows-autopilot-hybrid",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-reset",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-local.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/windows-autopilot-reset",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/configure-autopilot.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/add-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/administer.md",
-      "redirect_url": "/windows/deployment/windows-autopilot/add-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/hub/release-information.md",
-      "redirect_url": "/windows/release-health/release-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-10-architecture-posters.md",
-      "redirect_url": "/windows/deployment/windows-10-deployment-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/device-security/index.md",
-      "redirect_url": "/windows/security/threat-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md",
-      "redirect_url": "/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/change-history-ms-edu-get-started.md",
-      "redirect_url": "/microsoft-365/education/deploy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/get-started-with-microsoft-education.md",
-      "redirect_url": "/microsoft-365/education/deploy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/configure-microsoft-store-for-education.md",
-      "redirect_url": "/microsoft-365/education/deploy/microsoft-store-for-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/enable-microsoft-teams.md",
-      "redirect_url": "/microsoft-365/education/deploy/set-up-teams-for-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/finish-setup-and-other-tasks.md",
-      "redirect_url": "/microsoft-365/education/deploy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/inclusive-classroom-it-admin.md",
-      "redirect_url": "/microsoft-365/education/deploy/inclusive-classroom-it-admin",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/set-up-office365-edu-tenant.md",
-      "redirect_url": "/microsoft-365/education/deploy/create-your-office-365-tenant",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/set-up-windows-10-education-devices.md",
-      "redirect_url": "/microsoft-365/education/deploy/set-up-windows-10-education-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/set-up-windows-education-devices.md",
-      "redirect_url": "/microsoft-365/education/deploy/set-up-windows-10-education-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/use-intune-for-education.md",
-      "redirect_url": "/microsoft-365/education/deploy/use-intune-for-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface/surface-dock-updater.md",
-      "redirect_url": "/surface/surface-dock-firmware-update",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/get-started/use-school-data-sync.md",
-      "redirect_url": "/microsoft-365/education/deploy/school-data-sync",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-whatsnew",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-jamf",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-manually",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-exclusions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-preferences",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-pua",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-perf",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-kext",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md",
-      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md",
-      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/product-brief.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/licensing.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/production-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/release-information/status-windows-10-1703.yml",
-      "redirect_url": "/windows/release-health/windows-message-center",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/release-information/resolved-issues-windows-10-1703.yml",
-      "redirect_url": "/windows/release-health/windows-message-center",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-1703-removed-features.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-1709-removed-features.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-1803-removed-features.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md",
-      "redirect_url": "/surface/manage-surface-driver-and-firmware-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-1809-removed-features.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-1903-removed-features.md",
-      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-analytics-azure-portal.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-analytics-FAQ-troubleshooting.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-analytics-get-started.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-analytics-overview.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-analytics-privacy.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/device-health-get-started.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/device-health-monitor.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/device-health-using.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-additional-insights.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-architecture.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-data-sharing.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-deployment-script.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-deploy-windows.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-get-started.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-identify-apps.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-requirements.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-resolve-issues.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-target-new-OS.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md",
-      "redirect_url": "/configmgr/desktop-analytics/overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-manage-updates-configuration-manager.md",
-      "redirect_url": "/configmgr/osd/deploy-use/manage-windows-as-a-service",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#mdt-lite-touch-components",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-mdt/key-features-in-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#key-features-in-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/upgrade-to-windows-10-with-configuraton-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-a-task-sequence-with-configuration-manager-and-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/create-a-task-sequence-with-configuration-manager-and-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager#procedures",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/upgrade-to-windows-10-with-configuraton-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/get-started-with-configuraton-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
-      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "surface/step-by-step-surface-deployment-accelerator.md",
-      "redirect_url": "/surface/microsoft-surface-deployment-accelerator",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/edr-in-block-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "devices/surface/using-the-sda-deployment-share.md",
-      "redirect_url": "/surface/microsoft-surface-deployment-accelerator",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/gov",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/why-use-microsoft-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-diagnostic-data-update-compliance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-reporting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/windows-defender-offline",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-diagnostic-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/gdpr-win10-whitepaper.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/gdpr-it-guidance.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/windows-personal-data-services-configuration.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/add-devices.md",
-      "redirect_url": "/mem/autopilot/add-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/autopilot-device-guidelines.md",
-      "redirect_url": "/mem/autopilot/autopilot-device-guidelines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/autopilot-faq.md",
-      "redirect_url": "/mem/autopilot/autopilot-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/autopilot-mbr.md",
-      "redirect_url": "/mem/autopilot/autopilot-mbr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/autopilot-support.md",
-      "redirect_url": "/mem/autopilot/autopilot-support",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/autopilot-update.md",
-      "redirect_url": "/mem/autopilot/autopilot-update",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/bitlocker.md",
-      "redirect_url": "/mem/autopilot/bitlocker",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/deployment-process.md",
-      "redirect_url": "/mem/autopilot/deployment-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/dfci-management.md",
-      "redirect_url": "/mem/autopilot/dfci-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/enrollment-status.md",
-      "redirect_url": "/mem/autopilot/enrollment-status",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/existing-devices.md",
-      "redirect_url": "/mem/autopilot/existing-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/known-issues.md",
-      "redirect_url": "/mem/autopilot/known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/policy-conflicts.md",
-      "redirect_url": "/mem/autopilot/policy-conflicts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/profiles.md",
-      "redirect_url": "/mem/autopilot/profiles",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/registration-auth.md",
-      "redirect_url": "/mem/autopilot/registration-auth",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/self-deploying.md",
-      "redirect_url": "/mem/autopilot/self-deploying",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/troubleshooting.md",
-      "redirect_url": "/mem/autopilot/troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/user-driven.md",
-      "redirect_url": "/mem/autopilot/user-driven",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/white-glove.md",
-      "redirect_url": "/mem/autopilot/white-glove",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements.md",
-      "redirect_url": "/mem/autopilot/windows-autopilot-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset.md",
-      "redirect_url": "/mem/autopilot/windows-autopilot-reset",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-scenarios.md",
-      "redirect_url": "/mem/autopilot/windows-autopilot-scenarios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-whats-new.md",
-      "redirect_url": "/mem/autopilot/windows-autopilot-whats-new",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopilot/windows-autopilot.md",
-      "redirect_url": "/mem/autopilot/windows-autopilot",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/hub/windows-10.yml",
-      "redirect_url": "/windows/windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-mobile-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-configure-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/device-guard/memory-integrity.md",
-      "redirect_url": "https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/access-mssp-portal",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-features.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-assignedipaddress-function",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-best-practices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefilecertificateinfo-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefileevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceimageloadevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceinfo-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicelogonevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkinfo-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceprocessevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceregistryevents-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessment-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-errors",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-extend-data",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-fileprofile-function",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-go-hunt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-limits",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-language",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-results",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-shared-queries",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-take-action",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue-endpoint-detection-response",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-configure.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/android-configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-intune.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/android-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-privacy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/android-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/android-support-signin",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-terms.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/android-terms",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-explorer.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-explorer",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-hello-world",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-microsoft-flow",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-portal-mapping",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-power-bi",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/apis-intro.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/apis-intro",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/api-terms-of-use",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/assign-portal-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-simulations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/audit-windows-defender",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/auto-investigation-action-center",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/automated-investigations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/automation-levels.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/automation-levels",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/basic-permissions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/behavioral-blocking-containment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/check-sensor-status",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/client-behavioral-blocking",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/common-errors.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/common-errors",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/community.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/community",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/conditional-access.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/conditional-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-arcsight",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-conditional-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-email-notifications",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-gp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-sccm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-script",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-vdi",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines-asr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines-onboarding",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines-security-baseline",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-mssp-notifications",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-mssp-support",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-proxy-internet",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-endpoints",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-siem.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/connected-applications.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/connected-applications",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/contact-support.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/contact-support",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/controlled-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/create-alert-by-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-detection-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-detections-manage",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-controlled-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-exploit-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/data-storage-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-compatibility",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/delete-ti-indicator-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-phases",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-rings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-strategy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/device-timeline-event-flag",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/edr-in-block-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-controlled-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-exploit-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-network-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-mde",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-network-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluation-lab",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/event-error-codes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/event-views.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/event-views",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-full-sample-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/feedback-loop-blocking",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/fetch-alerts-mssp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/files.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machine-info-by-ip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machines-by-ip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-info-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-domain-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-files-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-ip-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-machine-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-user-info",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-all-recommendations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-all-vulnerabilities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-all-vulnerabilities-by-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-device-secure-score",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-statistics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-exposure-score",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-information.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-statistics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-installed-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-investigation-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-investigation-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-statistics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineaction-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineactions-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-group-exposure-score",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-log-on-users",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines-by-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines-by-vulnerability",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-missing-kbs-machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-missing-kbs-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-package-sas-uri",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-vulnerabilities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-security-recommendations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-software-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-software-ver-distribution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-started-partner-integration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ti-indicators-collection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-user-information.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-vuln-by-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/get-vulnerability-by-id",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/gov.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/gov",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/grant-mssp-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/helpful-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/import-export-exploit-protection-emet-xml",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-certificates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-file.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-ip-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-manage",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-investigation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-in-windows-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/initiate-autoir-investigation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-behind-proxy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-files.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-incidents",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-ip",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-user.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-user",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/investigation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-configure-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-install.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-install",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-terms.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-terms",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/isolate-machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-exclusions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-install-manually",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-install-with-ansible",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-install-with-puppet",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-preferences",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-pua.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-pua",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-resources.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-support-connectivity",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-support-install",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-support-perf",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-updates.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-whatsnew",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/live-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/live-response",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/live-response-command-examples",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-exclusions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machineaction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machineaction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine-groups.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine-reports.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-reports",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machines-view-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine-tags.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-tags",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-jamfpro-login",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-manually",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-jamf",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-jamfpro-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-preferences",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-pua.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-pua",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-resources.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-schedule-scan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-install",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-kext",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-license",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-perf",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-sysext-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-sysext-preview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-updates.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-whatsnew",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-group-policy-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-other-tools",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-auto-investigation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-file-uploads",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-folder-exclusions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-edr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-edr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-incidents",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/management-apis.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/management-apis",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-suppression-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-config",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-threat-experts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/migration-guides.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/migration-guides",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/minimum-requirements",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mssp-list.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mssp-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mssp-support.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mssp-support",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/network-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/network-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/non-windows.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/non-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machine-api",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-configure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-downlevel",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding-notification",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-offline-machines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/Onboard-Windows-10-multi-session-device",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-custom-detections",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/partner-applications.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/partner-applications",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/partner-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/partner-integration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/portal-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/portal-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/post-ti-indicator",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/preferences-setup",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prepare-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/preview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/preview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/preview-settings.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/preview-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/production-deployment.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/production-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/raw-data-export",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/raw-data-export-event-hub",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/raw-data-export-storage",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/rbac.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/rbac",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/recommendation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/recommendation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-file-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-machine-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/restrict-code-execution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/review-alerts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/review-alerts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-api",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-python",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-av-scan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-detection-test",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/score",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/security-operations-dashboard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/service-status.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/service-status",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/set-device-value.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/set-device-value",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/stop-and-quarantine-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-analytics",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-event-timeline",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-indicator-concepts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-integration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-reports",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/ti-indicator",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/time-settings.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/time-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-asr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-asr",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-live-response",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-mde",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-np",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding-error-messages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-siem",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-assign-device-value",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-dashboard-insights",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-end-of-support-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-exception",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-exposure-score",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-hunt-exposed-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-prerequisites",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-remediation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-security-recommendation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-software-inventory",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-supported-os",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-vulnerable-devices-report",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-weaknesses",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-zero-day-vulnerabilities",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/unisolate-machine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/unrestrict-code-execution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/update-alert.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/update-alert",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/use.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/user.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/user",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/user-roles.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/user-roles",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/view-incidents-queue",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/vulnerability.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/vulnerability",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/web-content-filtering",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/web-protection-monitoring",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/web-protection-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/web-protection-response",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/web-threat-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/change-history-for-threat-protection.md",
-      "redirect_url": "/windows/security/threat-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-device-control-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/controlled-folders",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-windows-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-offline",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-reporting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/device-control/control-usb-devices-using-intune.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/device-control/device-control-report.md",
-      "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
-      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md",
-      "redirect_url": "/security/compass/human-operated-ransomware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
-      "redirect_url": "/windows/security/",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deploy-windows-cm/upgrade-to-windows-with-configuraton-manager.md",
-      "redirect_url": "/windows/deploy-windows-cm/upgrade-to-windows-with-configuration-manager",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
-      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-servicing-differences.md",
-      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/wufb-autoupdate.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/wufb-basics.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/wufb-managedrivers.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/wufb-manageupdate.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/wwufb-onboard.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/feature-update-conclusion.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-wufb-intune.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/feature-update-maintenance-window.md",
-      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/feature-update-mission-critical.md",
-      "redirect_url": "/windows/deployment/waas-manage-updates-wufb",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-security-baselines.md",
-      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
-      "redirect_url": "/windows/deployment/deploy-whats-new",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
-      "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
-      "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md",
-      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/windows-endpoints-1803-non-enterprise-editions.md",
-      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/manage-windows-1709-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/privacy/manage-windows-1803-endpoints.md",
-      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/windows-11-whats-new.md",
-      "redirect_url": "/windows/whats-new/windows-11-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-delivery-optimization.md",
-      "redirect_url": "/windows/deployment/do/waas-delivery-optimization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/delivery-optimization-proxy.md",
-      "redirect_url": "/windows/deployment/do/delivery-optimization-proxy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/delivery-optimization-workflow.md",
-      "redirect_url": "/windows/deployment/do/delivery-optimization-workflow",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md",
-      "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md",
-      "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-optimize-windows-10.md",
-      "redirect_url": "/windows/deployment/do/waas-optimize-windows-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/coinminer-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/coinminer-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/coordinated-malware-eradication.md",
-      "redirect_url": "/microsoft-365/security/intelligence/coordinated-malware-eradication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/criteria.md",
-      "redirect_url": "/microsoft-365/security/intelligence/criteria",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md",
-      "redirect_url": "/microsoft-365/security/intelligence/cybersecurity-industry-partners",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/developer-faq.yml",
-      "redirect_url": "/microsoft-365/security/intelligence/developer-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/developer-resources.md",
-      "redirect_url": "/microsoft-365/security/intelligence/developer-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/exploits-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/exploits-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/fileless-threats.md",
-      "redirect_url": "/microsoft-365/security/intelligence/fileless-threats",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/macro-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/macro-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/malware-naming.md",
-      "redirect_url": "/microsoft-365/security/intelligence/malware-naming",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/phishing-trends.md",
-      "redirect_url": "/microsoft-365/security/intelligence/phishing-trends",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/phishing.md",
-      "redirect_url": "/microsoft-365/security/intelligence/phishing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md",
-      "redirect_url": "/microsoft-365/security/intelligence/portal-submission-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/prevent-malware-infection.md",
-      "redirect_url": "/microsoft-365/security/intelligence/prevent-malware-infection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md",
-      "redirect_url": "/microsoft-365/security/intelligence/safety-scanner-download",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/submission-guide.md",
-      "redirect_url": "/microsoft-365/security/intelligence/submission-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/support-scams.md",
-      "redirect_url": "/microsoft-365/security/intelligence/support-scams",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/trojans-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/trojans-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/understanding-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/understanding-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/unwanted-software.md",
-      "redirect_url": "/microsoft-365/security/intelligence/unwanted-software",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md",
-      "redirect_url": "/microsoft-365/security/intelligence/virus-information-alliance-criteria",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/virus-initiative-criteria.md",
-      "redirect_url": "/microsoft-365/security/intelligence/virus-initiative-criteria",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/intelligence/worms-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/worms-malware",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-bug-bounty-program.md",
-      "redirect_url": "/microsoft-365/security/intelligence/microsoft-bug-bounty-program",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md",
-      "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/itadmins.yml",
-      "redirect_url": "/education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/partners.yml",
-      "redirect_url": "/education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md",
-      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows-docs-pr/windows/client-management/mdm/remotering-csp.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/remotering-ddf-file.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/developers.yml",
-      "redirect_url": "/education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/messaging-ddf.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/messaging-csp.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policymanager-csp.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/proxy-csp.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/img-boot-sequence.md",
-      "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md",
-      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/get-minecraft-device-promotion.md",
-      "redirect_url": "/education/windows/get-minecraft-for-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md",
-      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "smb/cloud-mode-business-setup.md",
-      "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "smb/index.md",
-      "redirect_url": "https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/bg-p/Microsoft365BusinessBlog",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/contribute-to-a-topic.md",
-      "redirect_url": "https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/CONTRIBUTING.md#editing-windows-it-professional-documentation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/waas-delivery-optimization-faq.md",
-      "redirect_url": "/windows/deployment/do/waas-delivery-optimization-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/security-identifiers.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-identifiers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/security-principals.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-principals",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/active-directory-accounts.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-default-user-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/microsoft-accounts.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-microsoft-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/service-accounts.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-service-accounts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/active-directory-security-groups.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/special-identities.md",
-      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-special-identities-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md",
-      "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/windows-10-accessibility-for-ITPros.md",
-      "redirect_url": "/windows/configuration/windows-accessibility-for-ITPros",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/take-a-test-multiple-pcs.md",
-      "redirect_url": "/education/windows/edu-take-a-test-kiosk-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/take-a-test-single-pc.md",
-      "redirect_url": "/education/windows/take-tests-in-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/take-tests-in-windows-10.md",
-      "redirect_url": "/education/windows/take-tests-in-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/change-history-edu.md",
-      "redirect_url": "/education/windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/change-history-for-mdm-documentation.md",
-      "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/change-history-for-mdm-documentation.md",
-      "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md",
-      "redirect_url": "/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/appv-deploy-and-config.md",
-      "redirect_url": "/windows/client-management/appv-deploy-and-config",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/configuration-service-provider-reference.md",
-      "redirect_url": "/windows/client-management/mdm/index",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/assign-seats.md",
-      "redirect_url": "/windows/client-management/assign-seats",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/azure-active-directory-integration-with-mdm.md",
-      "redirect_url": "/windows/client-management/azure-active-directory-integration-with-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md",
-      "redirect_url": "/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md",
-      "redirect_url": "/windows/client-management/bulk-assign-and-reclaim-seats-from-user",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md",
-      "redirect_url": "/windows/client-management/bulk-enrollment-using-windows-provisioning-tool",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/certificate-authentication-device-enrollment.md",
-      "redirect_url": "/windows/client-management/certificate-authentication-device-enrollment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/certificate-renewal-windows-mdm.md",
-      "redirect_url": "/windows/client-management/certificate-renewal-windows-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/config-lock.md",
-      "redirect_url": "/windows/client-management/config-lock",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/data-structures-windows-store-for-business.md",
-      "redirect_url": "/windows/client-management/data-structures-windows-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/device-update-management.md",
-      "redirect_url": "/windows/client-management/device-update-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md",
-      "redirect_url": "/windows/client-management/mdm-collect-logs",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md",
-      "redirect_url": "/windows/client-management/disconnecting-from-mdm-unenrollment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/dmprocessconfigxmlfiltered.md",
-      "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md",
-      "redirect_url": "/windows/client-management/enable-admx-backed-policies-in-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md",
-      "redirect_url": "/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterprise-app-management.md",
-      "redirect_url": "/windows/client-management/enterprise-app-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/esim-enterprise-management.md",
-      "redirect_url": "/windows/client-management/esim-enterprise-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/federated-authentication-device-enrollment.md",
-      "redirect_url": "/windows/client-management/federated-authentication-device-enrollment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-inventory.md",
-      "redirect_url": "/windows/client-management/get-inventory",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-localized-product-details.md",
-      "redirect_url": "/windows/client-management/get-localized-product-details",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-offline-license.md",
-      "redirect_url": "/windows/client-management/get-offline-license",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-product-details.md",
-      "redirect_url": "/windows/client-management/get-product-details",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-product-package.md",
-      "redirect_url": "/windows/client-management/get-product-package",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-product-packages.md",
-      "redirect_url": "/windows/client-management/get-product-packages",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-seat.md",
-      "redirect_url": "/windows/client-management/get-seat",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-seats-assigned-to-a-user.md",
-      "redirect_url": "/windows/client-management/get-seats-assigned-to-a-user",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/get-seats.md",
-      "redirect_url": "/windows/client-management/get-seats",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/implement-server-side-mobile-application-management.md",
-      "redirect_url": "/windows/client-management/implement-server-side-mobile-application-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/management-tool-for-windows-store-for-business.md",
-      "redirect_url": "/windows/client-management/management-tool-for-windows-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/mdm-enrollment-of-windows-devices.md",
-      "redirect_url": "/windows/client-management/mdm-enrollment-of-windows-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/mdm-overview.md",
-      "redirect_url": "/windows/client-management/mdm-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/mobile-device-enrollment.md",
-      "redirect_url": "/windows/client-management/mobile-device-enrollment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md",
-      "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/oma-dm-protocol-support.md",
-      "redirect_url": "/windows/client-management/oma-dm-protocol-support",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/on-premise-authentication-device-enrollment.md",
-      "redirect_url": "/windows/client-management/on-premise-authentication-device-enrollment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/push-notification-windows-mdm.md",
-      "redirect_url": "/windows/client-management/push-notification-windows-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/reclaim-seat-from-user.md",
-      "redirect_url": "/windows/client-management/reclaim-seat-from-user",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md",
-      "redirect_url": "/windows/client-management/register-your-free-azure-active-directory-subscription",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/rest-api-reference-windows-store-for-business.md",
-      "redirect_url": "/windows/client-management/rest-api-reference-windows-store-for-business",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/server-requirements-windows-mdm.md",
-      "redirect_url": "/windows/client-management/server-requirements-windows-mdm",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md",
-      "redirect_url": "/windows/client-management/structure-of-oma-dm-provisioning-files",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/understanding-admx-backed-policies.md",
-      "redirect_url": "/windows/client-management/understanding-admx-backed-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md",
-      "redirect_url": "/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md",
-      "redirect_url": "/windows/client-management/win32-and-centennial-app-policy-configuration",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/windows-mdm-enterprise-settings.md",
-      "redirect_url": "/windows/client-management/windows-mdm-enterprise-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/wmi-providers-supported-in-windows.md",
-      "redirect_url": "/windows/client-management/wmi-providers-supported-in-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/do/mcc-enterprise.md",
-      "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/advanced-troubleshooting-802-authentication.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/802-1x-authentication-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/advanced-troubleshooting-boot-problems.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/wireless-network-connectivity-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/data-collection-for-802-authentication.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/data-collection-for-troubleshooting-802-1x-authentication-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/determine-appropriate-page-file-size.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/generate-kernel-or-complete-crash-dump.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/generate-a-kernel-or-complete-crash-dump",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/introduction-page-file.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/introduction-to-the-page-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/system-failure-recovery-options.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/configure-system-failure-and-recovery-options",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-event-id-41-restart.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/event-id-41-restart",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-inaccessible-boot-device.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/stop-error-7b-or-inaccessible-boot-device-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-networking.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/networking-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/stop-error-broadcom-network-driver-update",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-stop-errors.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/stop-error-or-blue-screen-error-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-tcpip-connectivity.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/tcp-ip-connectivity-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-tcpip-netmon.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/collect-data-using-network-monitor",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-tcpip-port-exhaust.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/tcp-ip-port-exhaustion-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-tcpip-rpc-errors.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/rpc-errors-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-tcpip.md",
-      "redirect_url": "/troubleshoot/windows-client/networking/networking-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-windows-freeze.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/windows-based-computer-freeze-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/troubleshoot-windows-startup.md",
-      "redirect_url": "/troubleshoot/windows-client/performance/windows-startup-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/windows-10-support-solutions.md",
-      "redirect_url": "/troubleshoot/windows-client/welcome-windows-client",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/management-tool-for-windows-store-for-business.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/rest-api-reference-windows-store-for-business.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/data-structures-windows-store-for-business.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-inventory.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-product-details.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-localized-product-details.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-offline-license.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-product-packages.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-product-package.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-seats.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-seat.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/assign-seats.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/reclaim-seat-from-user.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/bulk-assign-and-reclaim-seats-from-user.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/get-seats-assigned-to-a-user.md",
-      "redirect_url": "https://aka.ms/windows/msfb_evolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md",
-      "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-update-errors.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-update-resources.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/additional-resources-for-windows-update",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/windows-update-troubleshooting.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/quick-fixes.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/resolution-procedures.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/troubleshoot-upgrade-errors.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/upgrade/upgrade-error-codes.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-configuration-manual.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-manual",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-configuration-mem.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-configuration-script.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-script",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-enable.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-enable",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-help.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-help",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-overview.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-prerequisites.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-prerequisites",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclient.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclient",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucdevicealert",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucupdatealert",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-schema.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-schema",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-use.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-use",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-status-admin-center.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-admin-center",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/update-compliance-v2-workbook.md",
-      "redirect_url": "/windows/deployment/update/wufb-reports-workbook",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/kiosk-troubleshoot.md",
-      "redirect_url": "/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/start-layout-troubleshoot.md",
-      "redirect_url": "/troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/features-lifecycle.md",
-      "redirect_url": "/windows/whats-new/feature-lifecycle",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-deprecated-features.md",
-      "redirect_url": "/windows/whats-new/deprecated-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/planning/windows-10-removed-features.md",
-      "redirect_url": "/windows/whats-new/removed-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/usmt/usmt-common-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/usmt-common-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/usmt/usmt-return-codes.md",
-      "redirect_url": "/troubleshoot/windows-client/deployment/usmt-return-codes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md",
-      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/prepare/index.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/deploy/index.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/index.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md",
-      "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md",
-      "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md",
-      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/cortana-at-work/cortana-at-work-crm.md",
-      "redirect_url": "/windows/resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/cortana-at-work/cortana-at-work-powerbi.md",
-      "redirect_url": "/windows/resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/configuration/manage-wifi-sense-in-enterprise.md",
-      "redirect_url": "/windows/resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md",
-      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/hello-for-business/hello-event-300.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/policy-ddf-file.md",
-      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/applocker-xsd.md",
-      "redirect_url": "/windows/client-management/mdm/applocker-csp#policy-xsd-schema",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/vpnv2-profile-xsd.md",
-      "redirect_url": "/windows/client-management/mdm/vpnv2-csp#profilexml-xsd-schema",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md",
-      "redirect_url": "/windows/client-management/mdm/enterprisedesktopappmanagement-csp#downloadinstall-xsd-schema",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/client-management/mdm/enterprisemodernappmanagement-xsd.md",
-      "redirect_url": "/windows/client-management/mdm/enterprisemodernappmanagement-csp#enterprisemodernappmanagement-xsd",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/education-scenarios-store-for-business.md",
-      "redirect_url": "/windows/resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/teacher-get-minecraft.md",
-      "redirect_url": "/education/windows/get-minecraft-for-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/school-get-minecraft.md",
-      "redirect_url": "/education/windows/get-minecraft-for-education",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
-      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/get-support-for-security-baselines.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-scripts.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/whats-new/windows-10-insider-preview.md",
-      "redirect_url": "/windows/whats-new",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/s-mode-switch-to-edu.md",
-      "redirect_url": "/education/windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/change-to-pro-education.md",
-      "redirect_url": "/education/windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/test-windows10s-for-edu.md",
-      "redirect_url": "/windows/deployment/s-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "education/windows/enable-s-mode-on-surface-go-devices.md",
-      "redirect_url": "/windows/deployment/s-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md",
-      "redirect_url": "https://aka.ms/AzureCodeSigning",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/update/quality-updates.md",
-      "redirect_url": "/windows/deployment/update/release-cycle",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md",
-      "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "store-for-business/sign-up-microsoft-store-for-business.md",
-      "redirect_url": "/microsoft-store",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md",
-      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md",
-      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md",
-      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/information-protection/index.md",
-      "redirect_url": "/windows/security/encryption-data-protection",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-authentication.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-conditional-access.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-connection-type.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-connection-type",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-guide.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-name-resolution.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-office-365-optimization.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-profile-options.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-profile-options",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-routing.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-routing",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/identity-protection/vpn/vpn-security-features.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-security-features",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/best-practices-configuring.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-authentication-methods.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/documenting-the-zones.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/exemption-list.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exemption-list",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/filter-origin-documentation.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/firewall-gpos.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-network-access-groups.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-the-gpos.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/quarantine.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/quarantine",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-gpos.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide",
-      "redirect_document_id": false
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md",
-      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security",
-      "redirect_document_id": false
     }
   ]
-}
\ No newline at end of file
+}
diff --git a/.openpublishing.redirection.store-for-business.json b/.openpublishing.redirection.store-for-business.json
new file mode 100644
index 0000000000..9d89cf78d7
--- /dev/null
+++ b/.openpublishing.redirection.store-for-business.json
@@ -0,0 +1,124 @@
+{
+  "redirections": [
+    {
+      "source_path": "store-for-business/acquire-apps-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/acquire-apps-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/app-inventory-managemement-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/app-inventory-management-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/app-inventory-management-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/apps-in-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/apps-in-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/configure-mdm-provider-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/configure-mdm-provider-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/device-guard-signing-portal.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-apps-windows-store-for-business-overview.md",
+      "redirect_url": "/microsoft-store/manage-apps-microsoft-store-for-business-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-mpsa-software-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-store/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-orders-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/manage-orders-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-settings-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/manage-settings-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/manage-users-and-groups-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/manage-users-and-groups-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/prerequisites-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/prerequisites-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/roles-and-permissions-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/roles-and-permissions-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/settings-reference-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/settings-reference-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sign-up-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-store",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sign-up-windows-store-for-business-overview.md",
+      "redirect_url": "/microsoft-store/sign-up-microsoft-store-for-business-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sign-up-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/troubleshoot-windows-store-for-business.md",
+      "redirect_url": "/microsoft-store/troubleshoot-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/update-windows-store-for-business-account-settings.md",
+      "redirect_url": "/microsoft-store/update-microsoft-store-for-business-account-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/windows-store-for-business-overview.md",
+      "redirect_url": "/microsoft-store/microsoft-store-for-business-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/work-with-partner-microsoft-store-business.md",
+      "redirect_url": "/microsoft-365/commerce/manage-partners",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-application-management.json b/.openpublishing.redirection.windows-application-management.json
new file mode 100644
index 0000000000..4b1866c772
--- /dev/null
+++ b/.openpublishing.redirection.windows-application-management.json
@@ -0,0 +1,29 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/application-management/manage-windows-mixed-reality.md",
+      "redirect_url": "/windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/application-management/msix-app-packaging-tool.md",
+      "redirect_url": "/windows/application-management/overview-windows-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/application-management/provisioned-apps-windows-client-os.md",
+      "redirect_url": "/windows/application-management/overview-windows-apps#windows-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/application-management/system-apps-windows-client-os.md",
+      "redirect_url": "/windows/application-management/overview-windows-apps#windows-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/application-management/apps-in-windows-10.md",
+      "redirect_url": "/windows/application-management/overview-windows-apps",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-client-management.json b/.openpublishing.redirection.windows-client-management.json
new file mode 100644
index 0000000000..0e8874f755
--- /dev/null
+++ b/.openpublishing.redirection.windows-client-management.json
@@ -0,0 +1,924 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription.md",
+      "redirect_url": "/azure/active-directory/fundamentals/active-directory-access-create-new-tenant",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/administrative-tools-in-windows-10.md",
+      "redirect_url": "/windows/client-management/client-tools/administrative-tools-in-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/advanced-troubleshooting-802-authentication.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/802-1x-authentication-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/advanced-troubleshooting-boot-problems.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/windows-boot-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/wireless-network-connectivity-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/appv-deploy-and-config.md",
+      "redirect_url": "/windows/application-management/app-v/appv-for-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/assign-seats.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/bulk-assign-and-reclaim-seats-from-user.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/change-default-removal-policy-external-storage-media.md",
+      "redirect_url": "/windows/client-management/client-tools/change-default-removal-policy-external-storage-media",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/change-history-for-mdm-documentation.md",
+      "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/connect-to-remote-aadj-pc.md",
+      "redirect_url": "/windows/client-management/client-tools/connect-to-remote-aadj-pc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/data-collection-for-802-authentication.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/data-collection-for-troubleshooting-802-1x-authentication-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/data-structures-windows-store-for-business.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/determine-appropriate-page-file-size.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/diagnose-mdm-failures-in-windows-10.md",
+      "redirect_url": "/windows/client-management/mdm-collect-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/generate-kernel-or-complete-crash-dump.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/generate-a-kernel-or-complete-crash-dump",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-inventory.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-localized-product-details.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-offline-license.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-product-details.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-product-package.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-product-packages.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-seat.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-seats-assigned-to-a-user.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/get-seats.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/group-policies-for-enterprise-and-education-editions.md",
+      "redirect_url": "https://www.microsoft.com/en-us/search/explore?q=Group+Policy+Settings+Reference+Spreadsheet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/img-boot-sequence.md",
+      "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/introduction-page-file.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/introduction-to-the-page-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/manage-corporate-devices.md",
+      "redirect_url": "/windows/client-management/manage-windows-10-in-your-organization-modern-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/manage-device-installation-with-group-policy.md",
+      "redirect_url": "/windows/client-management/client-tools/manage-device-installation-with-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/manage-settings-app-with-group-policy.md",
+      "redirect_url": "/windows/client-management/client-tools/manage-settings-app-with-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/management-tool-for-windows-store-for-business.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mandatory-user-profile.md",
+      "redirect_url": "/windows/client-management/client-tools/mandatory-user-profile",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md",
+      "redirect_url": "/windows/client-management/add-an-azure-ad-tenant-and-azure-ad-subscription",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/applocker-xsd.md",
+      "redirect_url": "/windows/client-management/mdm/applocker-csp#policy-xsd-schema",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/appv-deploy-and-config.md",
+      "redirect_url": "/windows/client-management/appv-deploy-and-config",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/assign-seats.md",
+      "redirect_url": "/windows/client-management/assign-seats",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/azure-active-directory-integration-with-mdm.md",
+      "redirect_url": "/windows/client-management/azure-active-directory-integration-with-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md",
+      "redirect_url": "/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/bootstrap-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/browserfavorite-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md",
+      "redirect_url": "/windows/client-management/bulk-assign-and-reclaim-seats-from-user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md",
+      "redirect_url": "/windows/client-management/bulk-enrollment-using-windows-provisioning-tool",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/certificate-authentication-device-enrollment.md",
+      "redirect_url": "/windows/client-management/certificate-authentication-device-enrollment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/certificate-renewal-windows-mdm.md",
+      "redirect_url": "/windows/client-management/certificate-renewal-windows-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/change-history-for-mdm-documentation.md",
+      "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/cm-proxyentries-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/config-lock.md",
+      "redirect_url": "/windows/client-management/config-lock",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/configuration-service-provider-reference.md",
+      "redirect_url": "/windows/client-management/mdm/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/create-a-custom-configuration-service-provider.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/data-structures-windows-store-for-business.md",
+      "redirect_url": "/windows/client-management/data-structures-windows-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/design-a-custom-windows-csp.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/device-update-management.md",
+      "redirect_url": "/windows/client-management/device-update-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/deviceinstanceservice-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md",
+      "redirect_url": "/windows/client-management/mdm-collect-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md",
+      "redirect_url": "/windows/client-management/disconnecting-from-mdm-unenrollment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/dmprocessconfigxmlfiltered.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md",
+      "redirect_url": "/windows/client-management/enable-admx-backed-policies-in-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md",
+      "redirect_url": "/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterprise-app-management.md",
+      "redirect_url": "/windows/client-management/enterprise-app-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterpriseappmanagement-csp.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md",
+      "redirect_url": "/windows/client-management/mdm/enterprisedesktopappmanagement-csp#downloadinstall-xsd-schema",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterpriseext-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterpriseext-ddf.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/enterprisemodernappmanagement-xsd.md",
+      "redirect_url": "/windows/client-management/mdm/enterprisemodernappmanagement-csp#enterprisemodernappmanagement-xsd",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/esim-enterprise-management.md",
+      "redirect_url": "/windows/client-management/esim-enterprise-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/federated-authentication-device-enrollment.md",
+      "redirect_url": "/windows/client-management/federated-authentication-device-enrollment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/filesystem-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-inventory.md",
+      "redirect_url": "/windows/client-management/get-inventory",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-localized-product-details.md",
+      "redirect_url": "/windows/client-management/get-localized-product-details",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-offline-license.md",
+      "redirect_url": "/windows/client-management/get-offline-license",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-product-details.md",
+      "redirect_url": "/windows/client-management/get-product-details",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-product-package.md",
+      "redirect_url": "/windows/client-management/get-product-package",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-product-packages.md",
+      "redirect_url": "/windows/client-management/get-product-packages",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-seat.md",
+      "redirect_url": "/windows/client-management/get-seat",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-seats-assigned-to-a-user.md",
+      "redirect_url": "/windows/client-management/get-seats-assigned-to-a-user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/get-seats.md",
+      "redirect_url": "/windows/client-management/get-seats",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/hotspot-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/iconfigserviceprovider2.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/iconfigserviceprovider2configmanagernotification.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/iconfigserviceprovider2getnode.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnode.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodeadd.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodeclear.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodecopy.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodedeletechild.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodedeleteproperty.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodeexecute.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodegetchildnodenames.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodegetproperty.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodegetpropertyidentifiers.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodegetvalue.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodemove.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodesetproperty.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodesetvalue.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspnodetransactioning.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/icspvalidate.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/implement-server-side-mobile-application-management.md",
+      "redirect_url": "/windows/client-management/implement-server-side-mobile-application-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/management-tool-for-windows-store-for-business.md",
+      "redirect_url": "/windows/client-management/management-tool-for-windows-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/maps-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/maps-ddf-file.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/mdm-enrollment-of-windows-devices.md",
+      "redirect_url": "/windows/client-management/mdm-enrollment-of-windows-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/mdm-overview.md",
+      "redirect_url": "/windows/client-management/mdm-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/messaging-csp.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/messaging-ddf.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/mobile-device-enrollment.md",
+      "redirect_url": "/windows/client-management/mobile-device-enrollment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md",
+      "redirect_url": "/windows/client-management/new-in-windows-mdm-enrollment-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/oma-dm-protocol-support.md",
+      "redirect_url": "/windows/client-management/oma-dm-protocol-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/on-premise-authentication-device-enrollment.md",
+      "redirect_url": "/windows/client-management/on-premise-authentication-device-enrollment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-admx-backed.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-admx-backed",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md",
+      "redirect_url": "/windows/iot-core/manage-your-device/csp-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-hololens2",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-iot-core",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policies-supported-by-surface-hub.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-admx-backed.md",
+      "redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csp-admx-wordwheel",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csp-admx-windowsfileprotection.md",
+      "redirect_url": "/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csp-cloudpc.md",
+      "redirect_url": "/windows/client-management/mdm/clouddesktop-csp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csp-location.md",
+      "redirect_url": "/windows/client-management/mdm/policy-configuration-service-provider",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
+      "redirect_url": "/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-ddf-file.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-ddf",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policymanager-csp.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/proxy-csp.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/push-notification-windows-mdm.md",
+      "redirect_url": "/windows/client-management/push-notification-windows-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/reclaim-seat-from-user.md",
+      "redirect_url": "/windows/client-management/reclaim-seat-from-user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md",
+      "redirect_url": "/windows/client-management/register-your-free-azure-active-directory-subscription",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/registry-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/registry-ddf-file.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/remotelock-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/remotelock-ddf-file.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/remotering-ddf-file.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/rest-api-reference-windows-store-for-business.md",
+      "redirect_url": "/windows/client-management/rest-api-reference-windows-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/samples-for-writing-a-custom-configuration-service-provider.md",
+      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/server-requirements-windows-mdm.md",
+      "redirect_url": "/windows/client-management/server-requirements-windows-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md",
+      "redirect_url": "/windows/client-management/structure-of-oma-dm-provisioning-files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/understanding-admx-backed-policies.md",
+      "redirect_url": "/windows/client-management/understanding-admx-backed-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md",
+      "redirect_url": "/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/vpnv2-profile-xsd.md",
+      "redirect_url": "/windows/client-management/mdm/vpnv2-csp#profilexml-xsd-schema",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md",
+      "redirect_url": "/windows/client-management/win32-and-centennial-app-policy-configuration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/windows-mdm-enterprise-settings.md",
+      "redirect_url": "/windows/client-management/windows-mdm-enterprise-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/wmi-providers-supported-in-windows.md",
+      "redirect_url": "/windows/client-management/wmi-providers-supported-in-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/new-policies-for-windows-10.md",
+      "redirect_url": "https://www.microsoft.com/en-us/search/explore?q=Group+Policy+Settings+Reference+Spreadsheet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/quick-assist.md",
+      "redirect_url": "/windows/client-management/client-tools/quick-assist",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/reclaim-seat-from-user.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/register-your-free-azure-active-directory-subscription.md",
+      "redirect_url": "/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/rest-api-reference-windows-store-for-business.md",
+      "redirect_url": "https://aka.ms/windows/msfb_evolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/system-failure-recovery-options.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/configure-system-failure-and-recovery-options",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-event-id-41-restart.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/event-id-41-restart",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-inaccessible-boot-device.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/stop-error-7b-or-inaccessible-boot-device-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-networking.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/networking-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-stop-error-on-broadcom-driver-update.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/stop-error-broadcom-network-driver-update",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-stop-errors.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/stop-error-or-blue-screen-error-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-tcpip-connectivity.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/tcp-ip-connectivity-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-tcpip-netmon.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/collect-data-using-network-monitor",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-tcpip-port-exhaust.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/tcp-ip-port-exhaustion-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-tcpip-rpc-errors.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/rpc-errors-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-tcpip.md",
+      "redirect_url": "/troubleshoot/windows-client/networking/networking-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-windows-freeze.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/windows-based-computer-freeze-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/troubleshoot-windows-startup.md",
+      "redirect_url": "/troubleshoot/windows-client/performance/windows-startup-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/windows-10-support-solutions.md",
+      "redirect_url": "/troubleshoot/windows-client/welcome-windows-client",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/windows-libraries.md",
+      "redirect_url": "/windows/client-management/client-tools/windows-libraries",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/windows-version-search.md",
+      "redirect_url": "/windows/client-management/client-tools/windows-version-search",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-configuration.json b/.openpublishing.redirection.windows-configuration.json
new file mode 100644
index 0000000000..a55f0f9966
--- /dev/null
+++ b/.openpublishing.redirection.windows-configuration.json
@@ -0,0 +1,289 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1703.md",
+      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1709.md",
+      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields.md",
+      "redirect_url": "/windows/privacy/basic-level-windows-diagnostic-events-and-fields",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/configure-devices-without-mdm.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/configure-windows-diagnostic-data-in-your-organization.md",
+      "redirect_url": "/windows/privacy/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/configure-windows-telemetry-in-your-organization.md",
+      "redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/cortana-at-work/cortana-at-work-crm.md",
+      "redirect_url": "/windows/resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/cortana-at-work/cortana-at-work-powerbi.md",
+      "redirect_url": "/windows/resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/diagnostic-data-viewer-overview.md",
+      "redirect_url": "/windows/privacy/diagnostic-data-viewer-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields.md",
+      "redirect_url": "/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/EventName.md",
+      "redirect_url": "/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/gdpr-win10-whitepaper.md",
+      "redirect_url": "/windows/privacy/gdpr-win10-whitepaper",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-shared-pc.md",
+      "redirect_url": "/windows/configuration/kiosk-methods",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-troubleshoot.md",
+      "redirect_url": "/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md",
+      "redirect_url": "/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/manage-wifi-sense-in-enterprise.md",
+      "redirect_url": "/windows/resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/manage-windows-endpoints-version-1709.md",
+      "redirect_url": "/windows/privacy/manage-windows-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/configure-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/lockdown-xml.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/mobile-lockdown-designer.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/product-ids-in-windows-10-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/provisioning-configure-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/provisioning-nfc.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/provisioning-package-splitter.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/settings-that-can-be-locked-down.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/mobile-devices/start-layout-xml-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/multi-app-kiosk-troubleshoot.md",
+      "redirect_url": "/windows/configuration/kiosk-troubleshoot",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/multi-app-kiosk-xml.md",
+      "redirect_url": "/windows/configuration/kiosk-xml",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provision-pcs-with-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/set-up-a-device-for-anyone-to-use.md",
+      "redirect_url": "/windows/configuration/kiosk-shared-pc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md",
+      "redirect_url": "/windows/configuration/setup-kiosk-digital-signage",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/setup-kiosk-digital-signage.md",
+      "redirect_url": "/windows/configuration/kiosk-single-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/start-layout-troubleshoot.md",
+      "redirect_url": "/troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/start-taskbar-lockscreen.md",
+      "redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/stop-employees-from-using-the-windows-store.md",
+      "redirect_url": "/windows/configuration/stop-employees-from-using-microsoft-store",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/use-json-customize-start-menu-windows.md",
+      "redirect_url": "/windows/configuration/customize-start-menu-layout-windows-11",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-automatictime.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-callandmessagingenhancement.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-calling.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-deviceinfo.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-embeddedlockdownprofiles.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-initialsetup.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-internetexplorer.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-messaging.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-modemconfigurations.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-multivariant.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-nfc.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-otherassets.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-rcspresence.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-shell.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-textinput.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/wcd/wcd-theme.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-10-accessibility-for-ITPros.md",
+      "redirect_url": "/windows/configuration/windows-accessibility-for-ITPros",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-diagnostic-data-1703.md",
+      "redirect_url": "/windows/privacy/windows-diagnostic-data-1703",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-diagnostic-data-1709.md",
+      "redirect_url": "/windows/configuration/windows-diagnostic-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-diagnostic-data.md",
+      "redirect_url": "/windows/privacy/windows-diagnostic-data",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json
new file mode 100644
index 0000000000..06fc754819
--- /dev/null
+++ b/.openpublishing.redirection.windows-deployment.json
@@ -0,0 +1,1119 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/deployment/add-store-apps-to-image.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/create-a-task-sequence-with-configuration-manager-and-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-mdt/deploy-a-windows-11-image-using-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-mdt/key-features-in-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#key-features-in-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-mdt/mdt-lite-touch-components.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit#mdt-lite-touch-components",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/create-a-task-sequence-with-configuration-manager-and-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/get-started-with-configuraton-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/integrate-configuration-manager-with-mdt.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager#integrate-configuration-manager-with-mdt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager#procedures",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy-windows-sccm/upgrade-to-windows-10-with-configuraton-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/deploy.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/do/mcc-enterprise.md",
+      "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/act-technical-reference.md",
+      "redirect_url": "/windows/deployment/planning/compatibility-administrator-users-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/features-lifecycle.md",
+      "redirect_url": "/windows/whats-new/feature-lifecycle",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/index.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-1703-removed-features.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-1709-removed-features.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-1803-removed-features.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-1809-removed-features.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-1903-removed-features.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-creators-update-deprecation.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-1703-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-deprecated-features.md",
+      "redirect_url": "/windows/whats-new/deprecated-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md",
+      "redirect_url": "/windows/deployment/planning/windows-10-1709-removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/planning/windows-10-removed-features.md",
+      "redirect_url": "/windows/whats-new/removed-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/change-history-for-update-windows-10.md",
+      "redirect_url": "/windows/deployment/deploy-whats-new",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/delivery-optimization-proxy.md",
+      "redirect_url": "/windows/deployment/do/delivery-optimization-proxy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/delivery-optimization-workflow.md",
+      "redirect_url": "/windows/deployment/do/delivery-optimization-workflow",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/deploy-updates-configmgr.md",
+      "redirect_url": "/mem/configmgr/osd/deploy-use/manage-windows-as-a-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/deploy-updates-intune.md",
+      "redirect_url": "/mem/intune/protect/windows-update-for-business-configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/device-health-get-started.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/device-health-monitor.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/device-health-using.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/feature-update-conclusion.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/feature-update-maintenance-window.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/feature-update-mission-critical.md",
+      "redirect_url": "/windows/deployment/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/index.md",
+      "redirect_url": "/windows/deployment/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/olympia/olympia-enrollment-guidelines.md",
+      "redirect_url": "/windows-insider/business/register",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/quality-updates.md",
+      "redirect_url": "/windows/deployment/update/release-cycle",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-configuration-manual.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-configuration-mem.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-configuration-script.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-delivery-optimization.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-feature-update-status.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-get-started.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-monitor.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-need-attention.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-perspectives.md",
+      "redirect_url": "/windows/deployment/update/update-compliance-using",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-privacy.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-safeguard-holds.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-schema-waasinsiderstatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-schema-waasupdatestatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-schema-wudostatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-schema.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-security-update-status.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-using.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-configuration-manual.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-manual",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-configuration-mem.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-configuration-script.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-script",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-enable.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-enable",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-help.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-help",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-overview.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-prerequisites.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-prerequisites",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclient.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclient",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucdevicealert",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucupdatealert",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-use.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-use",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-workbook.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-workbook",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-wdav-status.md",
+      "redirect_url": "/windows/deployment/update/update-compliance-get-started",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-status-admin-center.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-admin-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-delivery-optimization-faq.md",
+      "redirect_url": "/windows/deployment/do/waas-delivery-optimization-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-delivery-optimization-reference.md",
+      "redirect_url": "/windows/deployment/do/waas-delivery-optimization-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-delivery-optimization-setup.md",
+      "redirect_url": "/windows/deployment/do/waas-delivery-optimization-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-delivery-optimization.md",
+      "redirect_url": "/windows/deployment/do/waas-delivery-optimization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-deployment-rings-windows-10-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-manage-updates-configuration-manager.md",
+      "redirect_url": "/configmgr/osd/deploy-use/manage-windows-as-a-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-microsoft-connected-cache.md",
+      "redirect_url": "/windows/deployment/do/waas-microsoft-connected-cache",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-mobile-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-configure-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-morenews.md",
+      "redirect_url": "/windows/deployment/update/waas-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-optimize-windows-10.md",
+      "redirect_url": "/windows/deployment/do/waas-optimize-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-servicing-branches-windows-10-updates.md",
+      "redirect_url": "/windows/deployment/update/waas-servicing-channels-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-servicing-differences.md",
+      "redirect_url": "/windows/deployment/update/waas-servicing-strategy-windows-10-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-windows-insider-for-business-aad.md",
+      "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-add",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-windows-insider-for-business-faq.md",
+      "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-windows-insider-for-business.md",
+      "redirect_url": "/windows-insider/at-work-pro/wip-4-biz-get-started",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/waas-wufb-intune.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-analytics-azure-portal.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-analytics-FAQ-troubleshooting.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-analytics-get-started.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-analytics-overview.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-analytics-privacy.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-as-a-service.md",
+      "redirect_url": "/windows/deployment/update/waas-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-update-errors.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-update-resources.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/additional-resources-for-windows-update",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-update-sources.md",
+      "redirect_url": "/windows/deployment/update/how-windows-update-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/windows-update-troubleshooting.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/WIP4Biz-intro.md",
+      "redirect_url": "/windows-insider/business/register",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/wufb-autoupdate.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/wufb-basics.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/wufb-managedrivers.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/wufb-manageupdate.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/wwufb-onboard.md",
+      "redirect_url": "/windows/deployment/update/waas-manage-updates-wufb",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/quick-fixes.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/resolution-procedures.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/troubleshoot-upgrade-errors.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-error-codes.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-additional-insights.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-architecture.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-data-sharing.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-deploy-windows.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-deployment-script.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-get-started.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-identify-apps.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-monitor-deployment.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-requirements.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-resolve-issues.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-target-new-OS.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md",
+      "redirect_url": "/windows/deployment/deploy-windows-sccm/upgrade-to-windows-10-with-configuraton-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md",
+      "redirect_url": "/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md",
+      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md",
+      "redirect_url": "/configmgr/desktop-analytics/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/upgrade/windows-10-edition-downgrades.md",
+      "redirect_url": "/windows/deployment/upgrade/windows-10-edition-upgrades",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/usmt/usmt-common-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/usmt-common-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/usmt/usmt-return-codes.md",
+      "redirect_url": "/troubleshoot/windows-client/deployment/usmt-return-codes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-architecture-posters.md",
+      "redirect_url": "/windows/deployment/windows-10-deployment-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-auto-pilot.md",
+      "redirect_url": "/windows/deployment/windows-autopilot/windows-10-autopilot",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-deployment-tools-reference.md",
+      "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-deployment-tools.md",
+      "redirect_url": "/windows/deployment/windows-deployment-scenarios-and-tools",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-enterprise-activation-subscription.md",
+      "redirect_url": "/windows/deployment/windows-10-enterprise-subscription-activation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md",
+      "redirect_url": "/windows/deployment/windows-10-subscription-activation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/do/mcc-enterprise-portal-deploy.md",
+      "redirect_url": "/windows/deployment/do/mcc-enterprise-deploy",
+      "redirect_document_id": false
+    },    
+    {
+      "source_path": "windows/deployment/windows-autopatch/deploy/index.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/index.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/prepare/index.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-groups-public-preview-addendum.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-preview-addendum.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-wqu-unsupported-policies.md",
+      "redirect_url": "/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/add-devices.md",
+      "redirect_url": "/mem/autopilot/add-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/administer.md",
+      "redirect_url": "/windows/deployment/windows-autopilot/add-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/autopilot-device-guidelines.md",
+      "redirect_url": "/mem/autopilot/autopilot-device-guidelines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/autopilot-faq.md",
+      "redirect_url": "/mem/autopilot/autopilot-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/autopilot-mbr.md",
+      "redirect_url": "/mem/autopilot/autopilot-mbr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/autopilot-support.md",
+      "redirect_url": "/mem/autopilot/autopilot-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/autopilot-update.md",
+      "redirect_url": "/mem/autopilot/autopilot-update",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/bitlocker.md",
+      "redirect_url": "/mem/autopilot/bitlocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/configure-autopilot.md",
+      "redirect_url": "/windows/deployment/windows-autopilot/add-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md",
+      "redirect_url": "/mem/autopilot/tutorial/autopilot-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/deployment-process.md",
+      "redirect_url": "/mem/autopilot/deployment-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/dfci-management.md",
+      "redirect_url": "/mem/autopilot/dfci-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/enrollment-status.md",
+      "redirect_url": "/mem/autopilot/enrollment-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/existing-devices.md",
+      "redirect_url": "/mem/autopilot/existing-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/index.yml",
+      "redirect_url": "/mem/autopilot/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/intune-connector.md",
+      "redirect_url": "/intune/windows-autopilot-hybrid",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/known-issues.md",
+      "redirect_url": "/mem/autopilot/known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/policy-conflicts.md",
+      "redirect_url": "/mem/autopilot/policy-conflicts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/profiles.md",
+      "redirect_url": "/mem/autopilot/profiles",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/registration-auth.md",
+      "redirect_url": "/mem/autopilot/registration-auth",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/self-deploying.md",
+      "redirect_url": "/mem/autopilot/self-deploying",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/troubleshooting.md",
+      "redirect_url": "/mem/autopilot/troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/user-driven-aad.md",
+      "redirect_url": "/mem/autopilot/user-driven",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/user-driven-hybrid.md",
+      "redirect_url": "/mem/autopilot/user-driven",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/user-driven.md",
+      "redirect_url": "/mem/autopilot/user-driven",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/white-glove.md",
+      "redirect_url": "/mem/autopilot/white-glove",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-10-autopilot.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-requirements.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-local.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-reset",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-reset",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-reset.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-reset",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-scenarios.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot-whats-new.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot-whats-new",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/windows-autopilot/windows-autopilot.md",
+      "redirect_url": "/mem/autopilot/windows-autopilot",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-hub.json b/.openpublishing.redirection.windows-hub.json
new file mode 100644
index 0000000000..b82bf6e1a6
--- /dev/null
+++ b/.openpublishing.redirection.windows-hub.json
@@ -0,0 +1,19 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/hub/release-information.md",
+      "redirect_url": "/windows/release-health/release-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/hub/windows-10-landing.yml",
+      "redirect_url": "/windows/windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/hub/windows-10.yml",
+      "redirect_url": "/windows/windows-10",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-privacy.json b/.openpublishing.redirection.windows-privacy.json
new file mode 100644
index 0000000000..3bbff994f7
--- /dev/null
+++ b/.openpublishing.redirection.windows-privacy.json
@@ -0,0 +1,59 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/privacy/basic-level-windows-diagnostic-events-and-fields.md",
+      "redirect_url": "/windows/privacy/required-windows-diagnostic-data-events-and-fields-2004",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/deploy-data-processor-service-windows.md",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/gdpr-it-guidance.md",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/gdpr-win10-whitepaper.md",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
+      "redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-1709-endpoints.md",
+      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-1803-endpoints.md",
+      "redirect_url": "/windows/privacy/manage-windows-21h2-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/manage-windows-endpoints.md",
+      "redirect_url": "/windows/privacy/manage-windows-2004-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1709-non-enterprise-editions.md",
+      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-endpoints-1803-non-enterprise-editions.md",
+      "redirect_url": "/windows/privacy/windows-endpoints-21h1-non-enterprise-editions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/privacy/windows-personal-data-services-configuration.md",
+      "redirect_url": "/windows/privacy/windows-10-and-privacy-compliance",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
new file mode 100644
index 0000000000..8cbc4ef4cd
--- /dev/null
+++ b/.openpublishing.redirection.windows-security.json
@@ -0,0 +1,7419 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/security//information-protection/kernel-dma-protection-for-thunderbolt.md",
+      "redirect_url": "/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md",
+      "redirect_url": "/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/mbsa-removal-and-guidance.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/install-md-app-guard.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md",
+      "redirect_url": "/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md",
+      "redirect_url": "/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security//threat-protection/windows-security-configuration-framework/windows-security-baselines.md",
+      "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/apps.md",
+      "redirect_url": "/windows/security/application-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/cloud.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/cryptography-certificate-mgmt.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/encryption-data-protection.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/encrypted-hard-drive.md",
+      "redirect_url": "/windows/security/information-protection/encrypted-hard-drive",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows.md",
+      "redirect_url": "/windows/security/identity-protection/how-hardware-based-containers-help-protect-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/secure-the-windows-10-boot-process.md",
+      "redirect_url": "/windows/security/information-protection/secure-the-windows-10-boot-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md",
+      "redirect_url": "/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md",
+      "redirect_url": "/windows/security/information-protection/tpm/change-the-tpm-owner-password",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/how-windows-uses-the-tpm.md",
+      "redirect_url": "/windows/security/information-protection/tpm/how-windows-uses-the-tpm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md",
+      "redirect_url": "/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/manage-tpm-commands.md",
+      "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-commands",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/manage-tpm-lockout.md",
+      "redirect_url": "/windows/security/information-protection/tpm/manage-tpm-lockout",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md",
+      "redirect_url": "/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/tpm-fundamentals.md",
+      "redirect_url": "/windows/security/information-protection/tpm/tpm-fundamentals",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/tpm-recommendations.md",
+      "redirect_url": "/windows/security/information-protection/tpm/tpm-recommendations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-overview.md",
+      "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md",
+      "redirect_url": "/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware-protection/tpm/trusted-platform-module-top-node.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/hardware.md",
+      "redirect_url": "/windows/security/hardware-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/active-directory-accounts.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-default-user-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/active-directory-security-groups.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-groups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/dynamic-access-control.md",
+      "redirect_url": "/windows-server/identity/solution-guides/dynamic-access-control-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/microsoft-accounts.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-microsoft-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/security-identifiers.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-identifiers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/security-principals.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-security-principals",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/service-accounts.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-service-accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/access-control/special-identities.md",
+      "redirect_url": "/windows-server/identity/ad-ds/manage/understand-special-identities-groups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/change-history-for-access-protection.md",
+      "redirect_url": "/windows/security/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/configure-s-mime.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/configure-s-mime",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard-protection-limits",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-scripts.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/dg-readiness-tool.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/credential-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-event-300.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md",
+      "redirect_url": "/azure/active-directory/devices/device-registration-how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/hello-overview.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md",
+      "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/reset-security-key.md",
+      "redirect_url": "/azure/active-directory/authentication/howto-authentication-passwordless-security-key",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/hello-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/test.md",
+      "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md",
+      "redirect_url": "/windows/security/windows/security/identity-protection/hello-for-business/webauthn-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/how-hardware-based-containers-help-protect-windows.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/password-support-policy.md",
+      "redirect_url": "https://support.microsoft.com/help/4490115",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/user-account-control/how-user-account-control-works.md",
+      "redirect_url": "/windows/security/application-security/application-control/user-account-control/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/user-account-control/settings-and-configuration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/user-account-control/user-account-control-overview.md",
+      "redirect_url": "/windows/security/application-security/application-control/user-account-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/user-account-control/settings-and-configuration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-authentication.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-conditional-access.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-connection-type.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-connection-type",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-guide.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-name-resolution.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-office-365-optimization.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-profile-options.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-profile-options",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-routing.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-routing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/vpn/vpn-security-features.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/vpn/vpn-security-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md",
+      "redirect_url": "/windows/security/identity-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity.md",
+      "redirect_url": "/windows/security/identity-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-and-adds-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-countermeasures.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-and-administration-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-frequently-asked-question.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-question",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-questions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-network-unlock-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview-and-requirements-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-overview.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-security-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-security-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-to-go-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-upgrading-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-using-with-other-programs-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/choose-the-right-bitlocker-countermeasure.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/protect-bitlocker-from-pre-boot-attacks.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-config-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-network-unlock-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-recovery-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/ts-bitlocker-tpm-issues.md",
+      "redirect_url": "/troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/bitlocker/types-of-attacks-for-volume-encryption-keys.md",
+      "redirect_url": "/windows/security/information-protection/bitlocker/bitlocker-countermeasures",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/encrypted-hard-drive.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/encrypted-hard-drive",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/index.md",
+      "redirect_url": "/windows/security/encryption-data-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/faq-pde.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/overview-pde.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/pluton/microsoft-pluton-security-processor.md",
+      "redirect_url": "/windows/security/hardware-security/pluton/microsoft-pluton-security-processor",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/pluton/pluton-as-tpm.md",
+      "redirect_url": "/windows/security/hardware-security/pluton/pluton-as-tpm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/secure-the-windows-10-boot-process.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/change-the-tpm-owner-password.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/change-the-tpm-owner-password",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/how-windows-uses-the-tpm.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/how-windows-uses-the-tpm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/manage-tpm-commands.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/manage-tpm-commands",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/manage-tpm-lockout.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/manage-tpm-lockout",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/tpm-fundamentals.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/tpm-fundamentals",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/tpm-recommendations.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/tpm-recommendations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/trusted-platform-module-overview.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/tpm/trusted-platform-module-top-node.md",
+      "redirect_url": "/windows/security/hardware-security/tpm/trusted-platform-module-top-node",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md",
+      "redirect_url": "/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/introduction/index.md",
+      "redirect_url": "/windows/security/introduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/introduction/security-features-edition-requirements.md",
+      "redirect_url": "/windows/security/licensing-and-edition-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/introduction/security-features-licensing-requirements.md",
+      "redirect_url": "/windows/security/licensing-and-edition-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-and-adds-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-frequently-asked-questions.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-key-management-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-network-unlock-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-security-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-to-go-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-upgrading-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/index.md",
+      "redirect_url": "/windows/security/operating-system-security/#data-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system.md",
+      "redirect_url": "/windows/security/operating-system-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/security-foundations.md",
+      "redirect_url": "/windows/security/security-foundations/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/administer-applocker-using-mdm.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/administer-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-architecture-and-components.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-functions.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-overview.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-policies-deployment-guide.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-policies-design-guide.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-policy-use-scenarios.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-processes-and-interactions.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-settings.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/applocker-technical-reference.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/configure-the-application-identity-service.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/configure-the-appLocker-reference-device.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-applocker-default-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-your-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/create-your-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/delete-an-applocker-rule.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/determine-your-application-control-objectives.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/dll-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/document-your-application-list.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/document-your-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/edit-an-applocker-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/edit-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/enable-the-dll-rule-collection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/enforce-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/executable-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/how-applocker-works-techref.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-manually.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/monitor-application-usage-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/optimize-applocker-performance.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/plan-for-applocker-policy-management.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/refresh-an-applocker-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/requirements-to-use-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/script-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/security-considerations-for-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/select-types-of-rules-to-create.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/test-and-update-an-applocker-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/tools-to-use-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understand-applocker-enforcement-settings.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-default-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-behavior.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-collections.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/using-event-viewer-with-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/what-is-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/windows-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/working-with-applocker-policies.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/applocker/working-with-applocker-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/change-history-for-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-control/control-usb-devices-using-intune.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-control/device-control-report.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/device-control-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/deploy-managed-installer-for-device-guard.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-enable-virtualization-based-security.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/enable-virtualization-based-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/memory-integrity.md",
+      "redirect_url": "https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/fips-140-validation.md",
+      "redirect_url": "/windows/security/security-foundations/certification/fips-140-validation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/get-support-for-security-baselines.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/av-tests.md",
+      "redirect_url": "/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/coinminer-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/coinminer-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/coordinated-malware-eradication.md",
+      "redirect_url": "/microsoft-365/security/intelligence/coordinated-malware-eradication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/criteria.md",
+      "redirect_url": "/microsoft-365/security/intelligence/criteria",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md",
+      "redirect_url": "/microsoft-365/security/intelligence/cybersecurity-industry-partners",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/developer-faq.yml",
+      "redirect_url": "/microsoft-365/security/intelligence/developer-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/developer-resources.md",
+      "redirect_url": "/microsoft-365/security/intelligence/developer-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/exploits-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/exploits-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/fileless-threats.md",
+      "redirect_url": "/microsoft-365/security/intelligence/fileless-threats",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/macro-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/macro-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/malware-naming.md",
+      "redirect_url": "/microsoft-365/security/intelligence/malware-naming",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/phishing-trends.md",
+      "redirect_url": "/microsoft-365/security/intelligence/phishing-trends",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/phishing.md",
+      "redirect_url": "/microsoft-365/security/intelligence/phishing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/portal-submission-troubleshooting.md",
+      "redirect_url": "/microsoft-365/security/intelligence/portal-submission-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/prevent-malware-infection.md",
+      "redirect_url": "/microsoft-365/security/intelligence/prevent-malware-infection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/ransomware-malware.md",
+      "redirect_url": "/security/compass/human-operated-ransomware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md",
+      "redirect_url": "/microsoft-365/security/intelligence/safety-scanner-download",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/submission-guide.md",
+      "redirect_url": "/microsoft-365/security/intelligence/submission-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/support-scams.md",
+      "redirect_url": "/microsoft-365/security/intelligence/support-scams",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md",
+      "redirect_url": "/microsoft-365/security/mtp/top-scoring-industry-tests",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/transparency-report.md",
+      "redirect_url": "/windows/security/threat-protection/intelligence/av-tests",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/trojans-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/trojans-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/understanding-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/understanding-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/unwanted-software.md",
+      "redirect_url": "/microsoft-365/security/intelligence/unwanted-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md",
+      "redirect_url": "/microsoft-365/security/intelligence/virus-information-alliance-criteria",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/virus-initiative-criteria.md",
+      "redirect_url": "/microsoft-365/security/intelligence/virus-initiative-criteria",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/intelligence/worms-malware.md",
+      "redirect_url": "/microsoft-365/security/intelligence/worms-malware",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-bug-bounty-program.md",
+      "redirect_url": "/microsoft-365/security/intelligence/microsoft-bug-bounty-program",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configuration-management-reference-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-end-user-interaction-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-microsoft-defender-antivirus-features.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-protection-features-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-windows-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/deploy-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/deployment-vdi-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/evaluate-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-update-schedule-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-offline.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-offline",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-security-center-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/office-365-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/prevent-end-user-interaction-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/report-monitor-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/restore-quarantined-files-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/review-scan-results-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/run-scan-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/specify-cloud-protection-level-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus-when-migrating.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/troubleshoot-reporting.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-reporting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-intune-config-manager-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-powershell-cmdlets-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/access-mssp-portal",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-features.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-assignedipaddress-function",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-best-practices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicealertevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefilecertificateinfo-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefilecertificateinfo-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefileevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceimageloadevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceinfo-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicelogonevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkinfo-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceprocessevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceregistryevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessment-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-errors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-extend-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicefileevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-fileprofile-function",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-go-hunt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-imageloadevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceimageloadevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-limits",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-logonevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicelogonevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machineinfo-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceinfo-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkinfo-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-miscevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicenetworkevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-processcreationevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceprocessevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-language",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-results",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-registryevents-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-deviceregistryevents-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-shared-queries",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-take-action",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessment-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-language",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/alerts-queue-endpoint-detection-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue-endpoint-detection-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-configure.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/android-configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-intune.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/android-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-privacy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/android-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/android-support-signin",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/android-terms.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/android-terms",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-explorer.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-explorer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-hello-world",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-microsoft-flow",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-portal-mapping",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-power-bi",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-terms-of-use",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/apis-intro.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/apis-intro",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/assign-portal-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-simulations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-faq",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/audit-windows-defender",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/auto-investigation-action-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/automated-investigations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/automation-levels.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/automation-levels",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/basic-permissions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/behavioral-blocking-containment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/check-sensor-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/client-behavioral-blocking",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/gov",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/common-errors.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/common-errors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/community.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/community",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/conditional-access.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/conditional-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configuration-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-supported-os",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-arcsight",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-conditional-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-email-notifications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-sccm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-script",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-vdi",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines-asr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines-onboarding",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines-security-baseline",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-mssp-notifications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-mssp-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-proxy-internet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-siem.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configure-splunk.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/connected-applications.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/connected-applications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/contact-support.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/contact-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/create-alert-by-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-detection-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-detections-manage",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/custom-ti-api.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/data-storage-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/delete-ti-indicator-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-phases",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-rings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-strategy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/device-timeline-event-flag",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/edr-in-block-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-mde",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/evaluation-lab.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluation-lab",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/event-error-codes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/event-views.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/event-views",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/experiment-custom-ti.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exploit-protection-reference.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-partners.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-full-sample-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/exposed-apis-odata-samples.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/feedback-loop-blocking.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/feedback-loop-blocking",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/fetch-alerts-mssp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/fetch-alerts-mssp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/files.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machine-info-by-ip.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machine-info-by-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machines-by-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/fix-unhealthy-sensors.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-info-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-domain-info.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-domain-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-files-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-ip-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-machine-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-user-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-all-recommendations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-all-vulnerabilities-by-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-all-vulnerabilities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-device-secure-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-statistics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-exposure-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-information.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-statistics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-installed-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-investigation-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-investigation-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-statistics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-group-exposure-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-log-on-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineaction-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineactions-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines-by-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines-by-vulnerability",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-missing-kbs-machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-missing-kbs-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-package-sas-uri.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-package-sas-uri",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-recommendation-vulnerabilities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-security-recommendations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-software-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-software-ver-distribution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-started-partner-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started.md",
+      "redirect_url": "/windows/security/threat-protection/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ti-indicators-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-user-information.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-vuln-by-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-vulnerability-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/gov.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/gov",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/grant-mssp-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/helpful-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/import-export-exploit-protection-emet-xml",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/view-incidents-queue",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-file.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-ip-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/indicator-manage",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-config.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-in-windows-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/initiate-autoir-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-behind-proxy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-files.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-incidents",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigate-user.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/investigation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-configure-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-install.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-install",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-terms.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-terms",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/isolate-machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/licensing.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/production-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-exclusions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-install-manually",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-install-with-ansible",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-install-with-puppet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-preferences",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-pua.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-pua",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-resources.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-support-connectivity",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-support-install",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-support-perf",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-updates.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/linux-whatsnew",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/live-response-command-examples",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/live-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/live-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-device-control-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-device-control-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-exclusions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-jamfpro-login",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-manually",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-jamf",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-jamfpro-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-preferences",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-pua.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-pua",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-resources.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-schedule-scan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-install",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-kext",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-license",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-perf",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-sysext-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-sysext-preview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-updates.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-whatsnew",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine-groups.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-groups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine-reports.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-reports",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine-tags.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-tags",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machine.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machineaction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machineaction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/machines-view-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machines-view-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-group-policy-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration-other-tools",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-atp-post-migration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-auto-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-automation-file-uploads.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-file-uploads",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-automation-folder-exclusions.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-folder-exclusions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-edr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-edr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-edrmanage-edr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-incidents",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-suppression-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/management-apis.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/management-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-config",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ios-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-threat-experts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/migration-guides.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/migration-guides",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/minimum-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mssp-list.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mssp-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/mssp-support.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mssp-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/network-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/non-windows.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/non-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machine-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-downlevel",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-offline-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/Onboard-Windows-10-multi-session-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding-notification",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/onboarding.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboarding",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-custom-detections",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-hunting.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview-secure-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/partner-applications.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/partner-applications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/partner-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/partner-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/portal-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/portal-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/post-ti-indicator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/powershell-example-code.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/preferences-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prepare-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/preview-settings.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/preview-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/preview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/preview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/product-brief.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/production-deployment.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/production-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/python-example-code.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/raw-data-export-event-hub",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/raw-data-export-storage.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/raw-data-export-storage",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/raw-data-export",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/rbac.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/rbac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/recommendation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/recommendation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-file-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-machine-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/response-actions.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-machine-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/restrict-code-execution.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/restrict-code-execution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/review-alerts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/review-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-python",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-av-scan.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-av-scan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-detection-test",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/security-operations-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/service-status.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/service-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/set-device-value.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/set-device-value",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/stop-and-quarantine-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-migration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-onboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-prepare.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/switch-to-microsoft-defender-setup.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-migration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-analytics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-event-timeline",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-indicator-concepts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-indicator-concepts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/threat-protection-reports.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-reports",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ti-indicator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/time-settings.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/time-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-asr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-custom-ti.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-live-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-mde",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-np",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding-error-messages",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-mdatp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-siem.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-assign-device-value.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-assign-device-value",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-dashboard-insights",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-end-of-support-software.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-end-of-support-software",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-exception",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-exposure-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-hunt-exposed-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-microsoft-secure-score-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-prerequisites",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-remediation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-security-recommendation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-software-inventory",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-supported-os",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-vulnerable-devices-report",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-weaknesses",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-zero-day-vulnerabilities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/unisolate-machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/unrestrict-code-execution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/update-alert.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/update-alert",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/preferences-setup",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/use-custom-ti.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/use.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/user-roles.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/user-roles",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/user.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/view-incidents-queue",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/vulnerability.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/vulnerability",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/web-content-filtering",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/web-protection-monitoring",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/web-protection-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/web-protection-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/web-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md",
+      "redirect_url": "/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md",
+      "redirect_url": "/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md",
+      "redirect_url": "/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/msft-security-dev-lifecycle.md",
+      "redirect_url": "/windows/security/security-foundations/msft-security-dev-lifecycle",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-compliance-toolkit-10.md",
+      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agress.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md",
+      "redirect_url": "/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md",
+      "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-10-mobile-security-guide.md",
+      "redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/antivirus-false-positives-negatives.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-diagnostic-data-update-compliance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-diagnostic-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-exclusions.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-exclusions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-manually",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-jamf",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-preferences",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-pua.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-pua",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-kext.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-kext",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-support-perf.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-support-perf",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-updates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mac-whatsnew",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/shadow-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/edr-in-block-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-reporting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/why-use-microsoft-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/windows-defender-offline",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/citool-commands.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-group-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/feature-availability.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/feature-availability",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/index.yml",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/types-of-devices.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md",
+      "redirect_url": "https://aka.ms/AzureCodeSigning",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md",
+      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/windows-defender-device-guard-and-applocker.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-features",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-best-practices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-query-language",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-endpoint-detection-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue-endpoint-detection-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts-queue",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/api-hello-world.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-hello-world",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-portal-mapping",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/apis-intro.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/apis-intro",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/assign-portal-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-simulations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/automated-investigations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/basic-permissions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/check-sensor-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/collect-investigation-package",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/community",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/conditional-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configuration-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-and-manage-tvm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-arcsight",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-conditional-access",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-email-notifications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-gp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-mdm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-sccm",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-script",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints-vdi",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-mssp-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-proxy-internet",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-server-endpoints",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/configure-splunk",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/create-alert-by-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-detection-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/custom-ti-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/data-storage-privacy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/defender-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/delete-ti-indicator-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/deprecate.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/deprecate",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-custom-ti",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/enable-siem-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/evaluate-atp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/evaluate-atp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/event-error-codes",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/experiment-custom-ti",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-full-sample-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machine-info-by-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/find-machines-by-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/fix-unhealthy-sensors.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/data-retention-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-info-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-domain-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-files-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-ip-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-machine-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alert-related-user-info",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-cvekbmap-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-cvekbmap-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-domain-statistics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-file-statistics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineaction-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-filemachineactions-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ip-statistics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-kbinfo-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-kbinfo-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-by-id",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-log-on-users",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machine-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineaction-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machineactions-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinegroups-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinegroups-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-machinesecuritystates-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-package-sas-uri",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-started.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-started",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-ti-indicators-collection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/get-user-related-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/how-hardware-based-containers-help-protect-windows.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-containers-help-protect-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/improve-request-performance",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/incidents-queue",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-in-windows-config",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/information-protection-in-windows-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/initiate-autoir-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-files",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-incidents-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-incidents",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-ip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/investigate-user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/is-domain-seen-in-org",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/is-ip-seen-org",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/isolate-machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/licensing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-groups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-reports",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine-tags",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machineaction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machineactionsnote.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machineactionsnote",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/machines-view-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-auto-investigation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-allowed-blocked-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-file-uploads",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-automation-folder-exclusions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-edr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-edr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-incidents-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-incidents",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-allowed-blocked-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-suppression-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/management-apis.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/management-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-config",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-cloud-app-security-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-threat-experts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/minimum-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/mssp-support",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machine-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/offboard-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-downlevel",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard-offline-machines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/onboard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/onboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/advanced-hunting-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview-secure-score",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/partner-applications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/portal-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/post-ti-indicator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/powerbi-reports",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/api-power-bi",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/powershell-example-code",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/prerelease.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/prerelease",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/preview-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/preview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/pull-alerts-using-rest-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/python-example-code",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/rbac",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-file-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/respond-machine-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/response-actions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/restrict-code-execution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-api",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-ms-flow.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-ms-flow",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-power-bi-app-token",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-power-bi-user-token",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-advanced-query-sample-python",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-av-scan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/run-detection-test",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/secure-score-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/security-operations-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/service-status",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/stop-and-quarantine-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/supported-response-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-analytics.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-analytics",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-scenarios",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-indicator-concepts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-integration",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/threat-protection-reports",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/ti-indicator",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/time-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-custom-ti",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding-error-messages",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-onboarding",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-overview.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-siem",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-mdatp",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/tvm-dashboard-insights.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/tvm-dashboard-insights",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/unisolate-machine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/unrestrict-code-execution",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/update-alert-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/update-alert",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/use-apis.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use-apis",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/manage-indicators",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/use",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/user",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/user-roles",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-atp.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/microsoft-defender-security-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-exploit-protection-mitigations",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/controlled-folders",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/exploit-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/troubleshoot-asr",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/best-practices-configuring.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/boundary-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-authentication-methods.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/documenting-the-zones.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/encryption-zone.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/exemption-list.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/exemption-list",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/filter-origin-documentation.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/firewall-gpos.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/isolated-domain.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-network-access-groups.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-the-gpos.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md",
+      "redirect_url": "/windows/security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/quarantine.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/quarantine",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-gpos.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md",
+      "redirect_url": "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-platform-common-criteria.md",
+      "redirect_url": "/windows/security/security-foundations/certification/windows-platform-common-criteria",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-architecture",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md",
+      "redirect_url": "/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-baselines.md",
+      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md",
+      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-1-enterprise-basic-security.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-2-enterprise-enhanced-security.md",
+      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-2-enterprise-enhanced-security.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-3-enterprise-high-security.md",
+      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-3-enterprise-high-security.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-4-enterprise-devops-security.md",
+      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-4-enterprise-devops-security.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/level-5-enterprise-administrator-security.md",
+      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/level-5-enterprise-administrator-security.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-compliance.md",
+      "redirect_url": "/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework.md",
+      "redirect_url": "https://github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/trusted-boot.md",
+      "redirect_url": "/windows/security/operating-system-security/system-security/trusted-boot",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/zero-trust-windows-device-health.md",
+      "redirect_url": "/windows/security/security-foundations/zero-trust-windows-device-health",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-considerations.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-known-issues.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/considerations-known-issues",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-manage.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/how-it-works",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/identity-protection/credential-guard/credential-guard-requirements.md",
+      "redirect_url": "/windows/security/identity-protection/credential-guard/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/configure-pde-in-intune.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-arso.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-memory-dumps.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-password-connected-standby.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-wer.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/intune-enable-pde.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/configure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/includes/pde-description.md",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/operating-system-security/data-protection/personal-data-encryption/faq-pde.yml",
+      "redirect_url": "/windows/security/operating-system-security/data-protection/personal-data-encryption/faq",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/.openpublishing.redirection.windows-whats-new.json b/.openpublishing.redirection.windows-whats-new.json
new file mode 100644
index 0000000000..6a9debfcc4
--- /dev/null
+++ b/.openpublishing.redirection.windows-whats-new.json
@@ -0,0 +1,114 @@
+{
+  "redirections": [
+    {
+      "source_path": "windows/whats-new/applocker.md",
+      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/bitlocker.md",
+      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/change-history-for-what-s-new-in-windows-10.md",
+      "redirect_url": "/windows/whats-new/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/contribute-to-a-topic.md",
+      "redirect_url": "https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/CONTRIBUTING.md#editing-windows-it-professional-documentation",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/credential-guard.md",
+      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/device-guard-overview.md",
+      "redirect_url": "/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/device-management.md",
+      "redirect_url": "/windows/client-management/index",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/edge-ie11-whats-new-overview.md",
+      "redirect_url": "/microsoft-edge/deploy/emie-to-improve-compatibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/edp-whats-new-overview.md",
+      "redirect_url": "/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/lockdown-features-windows-10.md",
+      "redirect_url": "/windows/configuration/lockdown-features-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/microsoft-passport.md",
+      "redirect_url": "/windows/access-protection/hello-for-business/hello-identity-verification",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/new-provisioning-packages.md",
+      "redirect_url": "/windows/configuration/provisioning-packages/provisioning-packages",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/security-auditing.md",
+      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/security.md",
+      "redirect_url": "/windows/threat-protection/overview-of-threat-mitigations-in-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/trusted-platform-module.md",
+      "redirect_url": "/windows/device-security/tpm/trusted-platform-module-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/user-account-control.md",
+      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/windows-10-insider-preview.md",
+      "redirect_url": "/windows/whats-new",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/windows-11-whats-new.md",
+      "redirect_url": "/windows/whats-new/windows-11-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/windows-11.md",
+      "redirect_url": "/windows/whats-new/windows-11-whats-new",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/windows-spotlight.md",
+      "redirect_url": "/windows/configuration/windows-spotlight",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/windows-store-for-business-overview.md",
+      "redirect_url": "/microsoft-store/windows-store-for-business-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/whats-new/windows-update-for-business.md",
+      "redirect_url": "/windows/whats-new/whats-new-windows-10-version-1507-and-1511",
+      "redirect_document_id": false
+    }
+  ]
+}
diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json
index a11a957513..14093198a2 100644
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@@ -35,11 +35,10 @@
       ],
       "breadcrumb_path": "/microsoft-edge/breadcrumbs/toc.json",
       "ROBOTS": "INDEX, FOLLOW",
-      "ms.technology": "microsoft-edge",
       "audience": "ITPro",
       "ms.topic": "article",
       "manager": "dansimp",
-      "ms.prod": "edge",
+      "ms.prod": "microsoft-edge",
       "feedback_system": "None",
       "hideEdit": true,
       "_op_documentIdPathDepotMapping": {
diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml
index 0f970282ed..0934f61897 100644
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@@ -8,7 +8,7 @@ metadata:
   description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars.
   keywords: Microsoft Edge Legacy, Windows 10
   ms.localizationpriority: medium
-  ms.prod: edge
+  ms.prod: microsoft-edge
   author: dougeby
   ms.author: pashort
   ms.topic: landing-page
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index accbb0e679..200205ac8f 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -10,7 +10,6 @@ metadata:
   keywords: Microsoft Edge Legacy, Windows 10
   ms.localizationpriority: medium
   ms.topic: landing-page # Required
-  ms.collection: collection # Optional; Remove if no collection is used.
   author: dougeby #Required; your GitHub user alias, with correct capitalization.
   ms.author: pashort #Required; microsoft alias of author; optional team alias.
   ms.date: 07/07/2020 #Required; mm/dd/yyyy format.
diff --git a/browsers/edge/microsoft-edge-faq.yml b/browsers/edge/microsoft-edge-faq.yml
index 25f20730ab..2c434c71f4 100644
--- a/browsers/edge/microsoft-edge-faq.yml
+++ b/browsers/edge/microsoft-edge-faq.yml
@@ -8,7 +8,7 @@ metadata:
   description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
   author: dansimp
   ms.author: dansimp
-  ms.prod: edge
+  ms.prod: microsoft-edge
   ms.topic: faq
   ms.mktglfcycl: general
   ms.sitesec: library
diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml
index f8aa58428c..e95c203c60 100644
--- a/browsers/edge/microsoft-edge.yml
+++ b/browsers/edge/microsoft-edge.yml
@@ -7,7 +7,7 @@ metadata:
   title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars.
   keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories
-  ms.prod: edge
+  ms.prod: microsoft-edge
   ms.localizationpriority: medium
   author: aczechowski
   ms.author: aaroncz
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
index 0e1a848592..996e07597a 100644
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
@@ -2,7 +2,6 @@
 metadata:
   title: IE and Microsoft Edge FAQ for IT Pros
   description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals. 
-  audience: ITPro
   manager: msmets
   author: ramakoni1
   ms.author: ramakoni
@@ -10,7 +9,6 @@ metadata:
   ms.prod: internet-explorer
   ms.technology:
   ms.topic: faq
-  ms.custom: CI=111020
   ms.localizationpriority: medium
   ms.date: 01/23/2020
 title: Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
diff --git a/education/docfx.json b/education/docfx.json
index e799728331..a9579639a6 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -41,7 +41,7 @@
       "manager": "aaroncz",
       "ms.localizationpriority": "medium",
       "breadcrumb_path": "/education/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
       "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
@@ -65,7 +65,8 @@
         "v-dihans",
         "garycentric",
         "v-stsavell",
-        "beccarobins"
+        "beccarobins",
+        "v-stchambers"
       ]
     },
     "fileMetadata": {
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 665fb1ee2c..bae8eba426 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,24 +2,20 @@
 

 
 
-## Week of April 10, 2023
+## Week of September 11, 2023
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 4/11/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
+| 9/11/2023 | [Configure education themes for Windows 11](/education/windows/edu-themes) | modified |
+| 9/11/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
 
 
-## Week of March 20, 2023
+## Week of September 04, 2023
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 3/21/2023 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
-| 3/22/2023 | [Configure Stickers for Windows 11 SE](/education/windows/edu-stickers) | modified |
-| 3/22/2023 | [Configure Take a Test in kiosk mode](/education/windows/edu-take-a-test-kiosk-mode) | modified |
-| 3/22/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
-| 3/22/2023 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
-| 3/22/2023 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 3/22/2023 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
-| 3/22/2023 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
+| 9/5/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
+| 9/5/2023 | [Windows for Education documentation](/education/windows/index) | modified |
+| 9/5/2023 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md
index df5e41eb07..12bc0daf1b 100644
--- a/education/windows/change-home-to-edu.md
+++ b/education/windows/change-home-to-edu.md
@@ -1,12 +1,12 @@
 ---
 title: Upgrade Windows Home to Windows Education on student-owned devices
 description: Learn how IT Pros can upgrade student-owned devices from Windows Home to Windows Education using Mobile Device Management or Kivuto OnTheHub with qualifying subscriptions.
-ms.date: 08/10/2022
+ms.date: 08/07/2023
 ms.topic: how-to
 author: scottbreenmsft
 ms.author: scbree
 ms.reviewer: paoloma
-manager: jeffbu
+manager: aaroncz
 ms.collection:
   - tier3
   - education
diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md
index 087db4abca..1e8066b140 100644
--- a/education/windows/configure-aad-google-trust.md
+++ b/education/windows/configure-aad-google-trust.md
@@ -1,7 +1,7 @@
 ---
 title: Configure federation between Google Workspace and Azure AD
 description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
-ms.date: 04/04/2023
+ms.date: 09/11/2023
 ms.topic: how-to
 appliesto:
 ---
@@ -41,7 +41,7 @@ To test federation, the following prerequisites must be met:
 1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**
    :::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app.":::
 1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it will be used to setup Azure AD later
-1. On the **Service provider detail*s** page
+1. On the **Service provider detail's** page
       - Select the option **Signed response**
       - Verify that the Name ID format is set to **PERSISTENT**
       - Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping.\
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index f736b5adc6..e7c2c92cd2 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -139,7 +139,7 @@ Provide an ad-free experience that is a safer, more private search option for K
 #### Azure AD and Office 365 Education tenant
 To suppress ads when searching with Bing on Microsoft Edge on any network, follow these steps:
 
-1. Ensure your Office 365 tenant is registered as an education tenant. For more information, see [Verify your Office 365 domain to prove education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590).
+1. Ensure your Office 365 tenant is registered as an education tenant. For more information, see [Verify your Office 365 domain to prove education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-viva-engage-87d1844e-aa47-4dc0-a61b-1b773fd4e590).
 2. Domain join the Windows 10 PCs to your Azure AD tenant (this tenant is the same as your Office 365 tenant).
 3. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
 4. Have students sign in with their Azure AD identity, which is the same as your Office 365 identity, to use the PC.
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index 03cc1f372b..f7ec888e80 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -113,7 +113,7 @@ Office 365 Education allows:
 
 * Students and faculty to use Office 365 Video to manage videos.
 
-* Students and faculty to use Yammer to collaborate through private social networking.
+* Students and faculty to use Viva Engage to collaborate through private social networking.
 
 * Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
 
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 7ca8806b4b..cdae48880d 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -68,7 +68,7 @@ Office 365 Education allows:
 - Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
 - Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.
 - Students and faculty to use Office 365 Video to manage videos.
-- Students and faculty to use Yammer to collaborate through private social networking.
+- Students and faculty to use Viva Engage to collaborate through private social networking.
 - Students and faculty to access classroom resources from anywhere on any device (including iOS and Android devices).
 
 For more information about Office 365 Education features and a FAQ, go to [Office 365 Education](https://www.microsoft.com/microsoft-365/academic/compare-office-365-education-plans).
@@ -236,7 +236,7 @@ Now that you've created your new Office 365 Education subscription, add the doma
 To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
 
 > [!NOTE]
-> By default, automatic tenant join is enabled in Office 365 Education, except for certain areas in Europe, the Middle East, and Africa. These countries require opt-in steps to add new users to existing Office 365 tenants. Check your country requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled.
+> By default, automatic tenant join is enabled in Office 365 Education, except for certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled.
 
 Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
 
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index fc74fcd614..d343391f22 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -1,7 +1,7 @@
 ---
 title: Deployment recommendations for school IT administrators
 description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
-ms.topic: conceptual
+ms.topic: best-practice
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md
index 56094c8023..d3a6d97411 100644
--- a/education/windows/edu-stickers.md
+++ b/education/windows/edu-stickers.md
@@ -33,14 +33,14 @@ Stickers aren't enabled by default. Follow the instructions below to configure y
 
 #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 
-[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
+[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
 
 | Setting |
 |--------|
 | <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Stickers/EnableStickers`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
 
-[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
-[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
+[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
+[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
 
 > [!TIP]
 > Use the following Graph call to automatically create the custom policy in your tenant without assignments nor scope tags. <sup>[1](#footnote1)</sup>
diff --git a/education/windows/edu-take-a-test-kiosk-mode.md b/education/windows/edu-take-a-test-kiosk-mode.md
index 10c843fc0b..408976797e 100644
--- a/education/windows/edu-take-a-test-kiosk-mode.md
+++ b/education/windows/edu-take-a-test-kiosk-mode.md
@@ -53,7 +53,7 @@ To configure devices using Intune for Education, follow these steps:
 
 ### Configure Take a Test with a custom policy
 
-[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
+[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
 
 | Setting |
 |--------|
@@ -67,8 +67,8 @@ To configure devices using Intune for Education, follow these steps:
 
 :::image type="content" source="./images/takeatest/intune-take-a-test-custom-profile.png" alt-text="Intune portal - creation of a custom policy to configure Take a Test." lightbox="./images/takeatest/intune-take-a-test-custom-profile.png" border="true":::
 
-[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
-[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
+[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
+[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
 
 #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
 
diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md
index bd941025f7..c30c7fd79a 100644
--- a/education/windows/edu-themes.md
+++ b/education/windows/edu-themes.md
@@ -1,7 +1,7 @@
 ---
 title: Configure education themes for Windows 11
 description: Learn about education themes for Windows 11 and how to configure them via Intune and provisioning package.
-ms.date: 09/15/2022
+ms.date: 09/11/2023
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -12,25 +12,30 @@ appliesto:
 
 Starting in **Windows 11, version 22H2**, you can deploy education themes to your devices. The education themes are designed for students using devices in a school.
 
-:::image type="content" source="./images/win-11-se-themes-1.png" alt-text="Windows 11 desktop with 3 stickers" border="true":::
+:::image type="content" source="./images/win-11-se-themes-1.png" alt-text="Screenshot of Windows 11 desktop with 3 stickers" border="true":::
 
 Themes allow the end user to quickly configure the look and feel of the device, with preset wallpaper, accent color, and other settings.
-Students can choose their own themes, making it feel the device is their own. When students feel more ownership over their device, they tend to take better care of it. This is great news for schools looking to give that same device to a new student the next year.
+Students can choose their own themes, making it feel the device is their own. When students feel more ownership over their device, they tend to take better care of it.
 
 ## Enable education themes
 
-Education themes aren't enabled by default. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
+Education themes aren't enabled by default. The following instructions describe how to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
 
 #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 
-[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
+[!INCLUDE [intune-settings-catalog-1](../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| Education | Enable Edu Themes | Enabled |
+
+[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the following settings:
 
 | Setting |
 |--------|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/EnableEduThemes`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
-
-[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
-[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Education/EnableEduThemes`<br>**Data type**: int<br>**Value**: `1`|
 
 #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
 
@@ -46,15 +51,15 @@ Follow the steps in [Apply a provisioning package][WIN-2] to apply the package t
 
 ## How to use the education themes
 
-Once the education themes are enabled, the device will download them as soon as a user signs in to the device.
+Once the education themes are enabled, the device downloads them as soon as a user signs in to the device.
 
 To change the theme, select **Settings** > **Personalization** > **Themes** > **Select a theme**
 
-:::image type="content" source="./images/win-11-se-themes.png" alt-text="Windows 11 education themes selection" border="true":::
+:::image type="content" source="./images/win-11-se-themes.png" alt-text="Screenshot of Windows 11 education themes selection" border="true":::
 
 -----------
 
-[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+[INT-1]: /mem/intune/configuration/custom-settings-windows-10
 
 [WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
-[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
\ No newline at end of file
+[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index 0d98af99f7..35200347df 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -1,13 +1,12 @@
 ---
 title: Configure federated sign-in for Windows devices
-description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages.
-ms.date: 05/01/2023
+description: Learn about federated sign-in in Windows how to configure it.
+ms.date: 09/11/2023
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
-  - highpri
   - tier1
   - education
 ---
@@ -77,21 +76,25 @@ To use web sign-in with a federated identity provider, your devices must be conf
 
 #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 
-To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
+[!INCLUDE [intune-settings-catalog-1](../../includes/configure/intune-settings-catalog-1.md)]
 
-[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
+| Category | Setting name | Value |
+|--|--|--|
+| Education | Is Education Environment | Enabled |
+| Federated Authentication | Enable Web Sign In For Primary User | Enabled |
+| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
+| Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
+
+[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the following settings:
 
 | Setting |
 |--------|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Data type: **String** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Data type: **String** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
-
-:::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true":::
-
-[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
-[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`<br>**Data type**: int<br>**Value**: `1`|
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser`<br>**Data type**: int<br>**Value**: `1`|
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`<br>**Data type**: String <br>**Value**: Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com`|
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** <br>**Data type**: String <br>**Value**: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com`|
 
 #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
 
@@ -99,12 +102,12 @@ To configure federated sign-in using a provisioning package, use the following s
 
 | Setting |
 |--------|
-| <li> Path: **`Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
-| <li> Path: **`FederatedAuthentication/EnableWebSignInForPrimaryUser`** </li><li>Value: **Enabled**</li>|
-| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
-| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
+| **Path**: `Education/IsEducationEnvironment` <br>**Value**: Enabled|
+| **Path**: `FederatedAuthentication/EnableWebSignInForPrimaryUser` <br>**Value**: Enabled|
+| **Path**: `Policies/Authentication/ConfigureWebSignInAllowedUrls` <br>**Value**: Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com`|
+| **Path**: `Policies/Authentication/ConfigureWebCamAccessDomainNames` <br>**Value**: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com`|
 
-:::image type="content" source="images/federated-sign-in-settings-ppkg.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-ppkg.png" border="true":::
+:::image type="content" source="images/federated-sign-in-settings-ppkg.png" alt-text="Screenshot of Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-ppkg.png" border="true":::
 
 Apply the provisioning package to the single-user devices that require federated sign-in.
 
@@ -119,20 +122,27 @@ To use web sign-in with a federated identity provider, your devices must be conf
 
 #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 
-To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
+[!INCLUDE [intune-settings-catalog-1](../../includes/configure/intune-settings-catalog-1.md)]
 
-[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
+| Category | Setting name | Value |
+|--|--|--|
+| Education | Is Education Environment | Enabled |
+| SharedPC | Enable Shared PC Mode With OneDrive Sync | True |
+| Authentication | Enable Web Sign In | Enabled |
+| Authentication | Configure Web Sign In Allowed Urls | Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com` |
+| Authentication | Configure Webcam Access Domain Names | This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com` |
+
+[!INCLUDE [intune-settings-catalog-2](../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the following settings:
 
 | Setting |
 |--------|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/EnableSharedPCModeWithOneDriveSync`** </li><li>Data type: **Boolean** </li><li>Value: **True**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/EnableWebSignIn`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Data type: **String** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Data type: **String** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
-
-[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
-[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`<br>**Data type**: int<br>**Value**: `1`|
+| **OMA-URI**: `./Vendor/MSFT/SharedPC/EnableSharedPCModeWithOneDriveSync`<br>**Data type**: Boolean<br>**Value**: True|
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/EnableWebSignIn`<br>**Data type**: Integer<br>**Value**: `1`|
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`<br>**Data type**: String <br>**Value**: Semicolon separated list of domains, for example: `samlidp.clever.com;clever.com;mobile-redirector.clever.com`|
+| **OMA-URI**: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`<br>**Data type**: String <br>**Value**: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: `clever.com`|
 
 #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
 
@@ -140,11 +150,11 @@ To configure federated sign-in using a provisioning package, use the following s
 
 | Setting |
 |--------|
-| <li> Path: **`Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
-| <li> Path: **`SharedPC/EnableSharedPCModeWithOneDriveSync`** </li><li>Value: **True**</li>|
-| <li> Path: **`Policies/Authentication/EnableWebSignIn`** </li><li>Value: **Enabled**</li>|
-| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
-| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
+| <li> Path: **`Education/IsEducationEnvironment`**<br>Value: **Enabled**|
+| <li> Path: **`SharedPC/EnableSharedPCModeWithOneDriveSync`**<br>Value: **True**|
+| <li> Path: **`Policies/Authentication/EnableWebSignIn`**<br>Value: **Enabled**|
+| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`**<br>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**|
+| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`**<br>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**|
 
 Apply the provisioning package to the shared devices that require federated sign-in.
 
@@ -159,7 +169,7 @@ Once the devices are configured, a new sign-in experience becomes available.
 
 As users enter their username, they're redirected to the identity provider sign-in page. Once the Idp authenticates the users, they're signed-in. In the following animation, you can observe how the first sign-in process works for a student assigned (1:1) device:
 
-:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Windows 11 SE sign-in using federated sign-in through Clever and QR code badge, in a student assigned (1:1) device." border="false":::
+:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Screenshot of Windows 11 SE sign-in using federated sign-in through Clever and QR code badge, in a student assigned (1:1) device." border="false":::
 
 > [!IMPORTANT]
 > For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the standard Windows sign-in screen.
@@ -203,7 +213,7 @@ After the token sent by the IdP is validated, Azure AD searches for a matching u
 
 If the matching object is found, the user is signed-in. Otherwise, the user is presented with an error message. The following picture shows that a user with the ImmutableId *260051* can't be found:
 
-:::image type="content" source="images/federation/user-match-lookup-failure.png" alt-text="Azure AD sign-in error: a user with a matching ImmutableId can't be found in the tenant." lightbox="images/federation/user-match-lookup-failure.png":::
+:::image type="content" source="images/federation/user-match-lookup-failure.png" alt-text="Screenshot of Azure AD sign-in error: a user with a matching ImmutableId can't be found in the tenant." lightbox="images/federation/user-match-lookup-failure.png":::
 
 > [!IMPORTANT]
 > The ImmutableId matching is case-sensitive.
@@ -245,7 +255,7 @@ Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@exa
 [GRAPH-1]: /graph/api/user-post-users?tabs=powershell
 
 [EXT-1]: https://support.clever.com/hc/s/articles/000001546
-[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+[INT-1]: /mem/intune/configuration/custom-settings-windows-10
 
 [MSFT-1]: https://www.microsoft.com/download/details.aspx?id=56843
 
@@ -257,4 +267,4 @@ Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@exa
 [WIN-1]: /windows/client-management/mdm/sharedpc-csp
 [WIN-2]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin
 [WIN-3]: /windows/configuration/set-up-shared-or-guest-pc
-[WIN-4]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname
\ No newline at end of file
+[WIN-4]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 3fb0972c89..14121791b1 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -2,9 +2,8 @@
 title: Get and deploy Minecraft Education
 description: Learn how to obtain and distribute Minecraft Education to Windows devices.
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 09/11/2023
 ms.collection:
-  - highpri
   - education
   - tier2
 ---
diff --git a/education/windows/images/federated-sign-in-settings-intune.png b/education/windows/images/federated-sign-in-settings-intune.png
deleted file mode 100644
index bdde7cf85a..0000000000
Binary files a/education/windows/images/federated-sign-in-settings-intune.png and /dev/null differ
diff --git a/education/windows/includes/intune-custom-settings-1.md b/education/windows/includes/intune-custom-settings-1.md
deleted file mode 100644
index d911751e75..0000000000
--- a/education/windows/includes/intune-custom-settings-1.md
+++ /dev/null
@@ -1,13 +0,0 @@
----
-ms.date: 02/22/2022
-ms.topic: include
----
-
-To configure devices with Microsoft Intune, use a custom policy:
-
-1. Go to the <a href="https://intune.microsoft.com" target="_blank"><b>Microsoft Intune admin center</b></a>
-2. Select **Devices > Configuration profiles > Create profile**
-3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
-4. Select **Create**
-5. Specify a **Name** and, optionally, a **Description > Next**
-6. Add the following settings:
\ No newline at end of file
diff --git a/education/windows/includes/intune-custom-settings-2.md b/education/windows/includes/intune-custom-settings-2.md
deleted file mode 100644
index 1a601acaa7..0000000000
--- a/education/windows/includes/intune-custom-settings-2.md
+++ /dev/null
@@ -1,9 +0,0 @@
----
-ms.date: 11/08/2022
-ms.topic: include
----
-
-7. Select **Next**
-8. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
-9. Under **Applicability Rules**, select **Next**
-10. Review the policy configuration and select **Create**
\ No newline at end of file
diff --git a/education/windows/index.yml b/education/windows/index.yml
index 691901dcf2..8d3a93691a 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -1,95 +1,181 @@
-### YamlMime:Landing
+### YamlMime:Hub
 
 title: Windows for Education documentation
-summary: Evaluate, plan, deploy, and manage Windows devices in an education environment
+summary: Learn how to deploy, secure, and manage Windows clients in an education environment.
+brand: windows
 
 metadata:
-  title: Windows for Education documentation
-  description: Learn about how to plan, deploy and manage Windows devices in an education environment with Microsoft Intune
-  ms.topic: landing-page
+  ms.topic: hub-page
   ms.prod: windows-client
   ms.technology: itpro-edu
   ms.collection:
-  - education
-  - highpri
-  - tier1
+    - education
+    - highpri
+    - tier1
   author: paolomatarazzo
   ms.author: paoloma
-  ms.date: 03/09/2023
   manager: aaroncz
+  ms.date: 07/28/2023
 
-landingContent: 
+highlightedContent:
+  items:
+  - title: Get started with Windows 11
+    itemType: get-started
+    url: /windows/whats-new/windows-11-overview
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Windows 11, version 22H2 group policy settings reference 
+    itemType: download
+    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+  - title: Windows release health
+    itemType: whats-new
+    url: /windows/release-health
+  - title: Windows commercial licensing
+    itemType: overview
+    url: /windows/whats-new/windows-licensing
+  - title: Windows 365 documentation
+    itemType: overview
+    url: /windows-365
+  - title: Explore all Windows trainings and learning paths for IT pros
+    itemType: learn
+    url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
+  - title: Enroll Windows client devices in Microsoft Intune
+    itemType: how-to-guide
+    url: /mem/intune/fundamentals/deployment-guide-enrollment-windows
 
-  - title: Get started
-    linkLists:
-      - linkListType: tutorial
-        links:
-        - text: Deploy and manage Windows devices in a school
-          url: tutorial-school-deployment/index.md
-        - text: Prepare your tenant
-          url: tutorial-school-deployment/set-up-azure-ad.md
-        - text: Configure settings and applications with Microsoft Intune
-          url: tutorial-school-deployment/configure-devices-overview.md
-        - text: Manage devices with Microsoft Intune
-          url: tutorial-school-deployment/manage-overview.md
-        - text: Management functionalities for Surface devices
-          url: tutorial-school-deployment/manage-surface-devices.md     
+productDirectory:
+  title: Get started
+  items:
 
-  - title: Learn about Windows 11 SE
-    linkLists:
-      - linkListType: concept
-        links:
-        - text: What is Windows 11 SE?
-          url: windows-11-se-overview.md
-        - text: Windows 11 SE settings
-          url: windows-11-se-settings-list.md
-      - linkListType: whats-new
-        links:
-        - text: Configure federated sign-in
-          url: federated-sign-in.md
-        - text: Configure education themes
-          url: edu-themes.md
-        - text: Configure Stickers
-          url: edu-stickers.md
-      - linkListType: video
-        links:
-        - text: Deploy Windows 11 SE using Set up School PCs
-          url: https://www.youtube.com/watch?v=Ql2fbiOop7c
+    - title: Hardware security
+      imageSrc: /media/common/i_usb.svg
+      links:
+        - url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
+          text: Trusted Platform Module
+        - url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
+          text: Microsoft Pluton
+        - url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
+          text: Windows Defender System Guard
+        - url: /windows-hardware/design/device-experiences/oem-vbs
+          text: Virtualization-based security (VBS)
+        - url: /windows-hardware/design/device-experiences/oem-highly-secure-11
+          text: Secured-core PC
+        - url: /windows/security/hardware-security
+          text: Learn more about hardware security >
 
-  - title: Deploy devices with Set up School PCs
-    linkLists:
-      - linkListType: concept
-        links:
-        - text: What is Set up School PCs?
-          url: set-up-school-pcs-technical.md
-      - linkListType: how-to-guide
-        links:
-        - text: Use the Set up School PCs app
-          url: use-set-up-school-pcs-app.md
-      - linkListType: reference
-        links:
-        - text: Provisioning package settings
-          url: set-up-school-pcs-provisioning-package.md
-      - linkListType: video
-        links:
-        - text: Use the Set up School PCs App
-          url: https://www.youtube.com/watch?v=2ZLup_-PhkA
+    - title: OS security
+      imageSrc: /media/common/i_threat-protection.svg
+      links:
+        - url: /windows/security/operating-system-security
+          text: Trusted boot
+        - url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
+          text: Windows security settings
+        - url: 	/windows/security/operating-system-security/data-protection/bitlocker/
+          text: BitLocker
+        - url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
+          text: Windows security baselines
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
+          text: MMicrosoft Defender SmartScreen
+        - url: /windows/security/operating-system-security
+          text: Learn more about OS security >
 
-  - title: Configure devices
-    linkLists:
-      - linkListType: concept
-        links:
-        - text: Take tests and assessments in Windows
-          url: take-tests-in-windows.md
-        - text: Considerations for shared and guest devices
-          url: /windows/configuration/shared-devices-concepts?context=/education/context/context
-        - text: Change Windows editions
-          url: change-home-to-edu.md
-      - linkListType: how-to-guide
-        links:
-        - text: Configure Take a Test in kiosk mode
-          url: edu-take-a-test-kiosk-mode.md
-        - text: Configure Shared PC
-          url: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
-        - text: Get and deploy Minecraft Education
-          url: get-minecraft-for-education.md
\ No newline at end of file
+    - title: Identity protection
+      imageSrc: /media/common/i_identity-protection.svg
+      links:
+        - url: /windows/security/identity-protection/hello-for-business
+          text: Windows Hello for Business
+        - url: /windows/security/identity-protection/credential-guard
+          text: Credential Guard
+        - url: /windows-server/identity/laps/laps-overview
+          text: Windows LAPS (Local Administrator Password Solution)
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
+          text: Enhanced phishing protection with SmartScreen
+        - url: /education/windows/federated-sign-in
+          text: Federated sign-in (EDU)
+        - url: /windows/security/identity-protection
+          text: Learn more about identity protection >
+
+    - title: Application security
+      imageSrc: /media/common/i_queries.svg
+      links:
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/
+          text: Windows Defender Application Control (WDAC)
+        - url: /windows/security/application-security/application-control/user-account-control
+          text: User Account Control (UAC)
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
+          text: Microsoft vulnerable driver blocklist
+        - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
+          text: Microsoft Defender Application Guard (MDAG)
+        - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
+          text: Windows Sandbox
+        - url: /windows/security/application-security
+          text: Learn more about application security >
+
+    - title: Security foundations
+      imageSrc: /media/common/i_build.svg
+      links:
+        - url: /windows/security/security-foundations/certification/fips-140-validation
+          text: FIPS 140-2 validation
+        - url: /windows/security/security-foundations/certification/windows-platform-common-criteria
+          text: Common Criteria Certifications
+        - url: /windows/security/security-foundations/msft-security-dev-lifecycle
+          text: Microsoft Security Development Lifecycle (SDL)
+        - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
+          text: Microsoft Windows Insider Preview bounty program
+        - url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
+          text: OneFuzz service
+        - url: /windows/security/security-foundations
+          text: Learn more about security foundations >
+
+    - title: Cloud security
+      imageSrc: /media/common/i_cloud-security.svg
+      links:
+        - url: /mem/intune/protect/security-baselines
+          text: Security baselines with Intune
+        - url: /windows/deployment/windows-autopatch
+          text: Windows Autopatch
+        - url: /windows/deployment/windows-autopilot
+          text: Windows Autopilot
+        - url: /universal-print
+          text: Universal Print
+        - url: /windows/client-management/mdm/remotewipe-csp
+          text: Remote wipe
+        - url: /windows/security/cloud-security
+          text: Learn more about cloud security >
+
+additionalContent:
+  sections:
+    - title: More Windows resources
+      items:
+
+        - title: Windows Server
+          links:
+            - text: Windows Server documentation
+              url: /windows-server
+            - text: What's new in Windows Server 2022?
+              url: /windows-server/get-started/whats-new-in-windows-server-2022
+            - text: Windows Server blog
+              url: https://cloudblogs.microsoft.com/windowsserver/
+
+        - title: Windows product site and blogs
+          links:
+            - text: Find out how Windows enables your business to do more
+              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows blogs
+              url: https://blogs.windows.com/
+            - text: Windows IT Pro blog
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+            - text: Microsoft Intune blog
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
+            - text: "Windows help & learning: end-user documentation"
+              url: https://support.microsoft.com/windows
+
+        - title: Participate in the community
+          links:
+            - text: Windows community
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+            - text: Microsoft Intune community
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+            - text: Microsoft Support community
+              url: https://answers.microsoft.com/windows/forum
\ No newline at end of file
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index 8ba0185e3d..98999d7cc0 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -1,7 +1,7 @@
 ---
 title: Azure AD Join with Set up School PCs app
 description: Learn how Azure AD Join is configured in the Set up School PCs app.
-ms.topic: article
+ms.topic: reference
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 58b9ae8063..12ea6880b4 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -1,7 +1,7 @@
 ---
 title: What's in Set up School PCs provisioning package
-description: List of the provisioning package settings that are configured in the Set up School PCs app.
-ms.date: 08/10/2022
+description: Learn about the settings that are configured in the provisioning package created with the Set up School PCs app.
+ms.date: 06/02/2023
 ms.topic: reference
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -11,115 +11,122 @@ appliesto:
 
 The Set up School PCs app builds a specialized provisioning package with school-optimized settings.
 
-A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [Manage multi-user and guest Windows devices with Shared PC](/windows/configuration/shared-pc-technical) article.
+A key feature of the provisioning package is SharedPC mode. To learn about the technical framework of SharedPC mode, including the description of each setting, see the [Manage multi-user and guest Windows devices with Shared PC](/windows/configuration/shared-pc-technical) article.
 
 ## Shared PC Mode policies
-This table outlines the policies applied to devices in shared PC mode. If you select to optimize a device for use by a single student, you'll see differences in the following policies:
-* Disk level deletion
-* Inactive threshold
-* Restrict local storage
+
+The following table outlines the policies applied to devices in SharedPC mode. If you select to optimize a device for use by a single student, you find differences in the policies applied:
+
+- Disk level deletion
+- Inactive threshold
+- Restrict local storage
 
 In the table, *True* means that the setting is enabled, allowed, or applied. Use the **Description** column to help you understand the context for each setting.
 
 For a more detailed look at the policies, see the Windows article [Set up shared or guest PC](/windows/configuration/set-up-shared-or-guest-pc#policies-set-by-shared-pc-mode).
 
-|Policy name|Default value|Description|  
-|---------|---------|---------|  
-|Enable Shared PC mode|True| Configures the PCs so they're in shared PC mode.|  
-|Set education policies    | True      | School-optimized settings are applied to the PCs so that they're appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](./configure-windows-for-education.md).       |  
-|Account Model| Only guest, Domain-joined only, or Domain-joined and guest  |Controls how users can sign in on the PC. Configurable from the Set up School PCs app. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign-in screen and enable anonymous guest access to the PC. |  
-|Deletion policy  |   Delete at disk space threshold and inactive threshold     | Delete at disk space threshold will start deleting accounts when available disk space falls below the threshold you set for disk level deletion. It will stop deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they haven't signed in within the number of days specified by inactive threshold policy.        |  
-|Disk level caching  |   50%     | Sets 50% of total disk space to be used as the disk space threshold for account caching.       |  
-|Disk level deletion    |   For shared device setup, 25%; for single device-student setup, 0%.   |  When your devices are optimized for shared use across multiple PCs, this policy sets 25% of total disk space to be used as the disk space threshold for account caching. When your devices are optimized for use by a single student, this policy sets the value to 0% and doesn't delete accounts.   |  
-|Enable account manager    |  True      |  Enables automatic account management.       |  
-|Inactive threshold| For shared device setup, 30 days; for single device-student setup, 180 days.| After 30 or 180 days, respectively, if an account hasn't signed in, it will be deleted.
-|Kiosk Mode AMUID   | Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App  | Configures the kiosk account on student devices to only run the Take a Test secure assessment browser.    |  
-|Kiosk Mode User Tile Display Text | Take a Test | Displays "Take a Test" as the name of the kiosk account on student devices.     |  
-|Restrict local storage    |   For shared device setup, True; for single device-student setup, False.     |   When devices are optimized for shared use across multiple PCs, this policy forces students to save to the cloud to prevent data loss. When your devices are optimized for use by a single student, this policy doesn't prevent students from saving on the PCs local hard drive.  |  
-|Maintenance start time     | 0 - midnight       | The maintenance start time when automatic maintenance tasks, such as Windows Update, run on student devices.  |  
-|Max page file size in MB| 1024| Sets the maximum size of the paging file to 1024 MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM.|  
-|Set power policies     |  True      |  Prevents users from changing power settings and turns off hibernate. Also overrides all power state transitions to sleep, such as lid close.       |  
-|Sign in on resume   |  True     | Requires the device user to sign in with a password when the PC wakes from sleep.        |  
-|Sleep timeout    |  3600 seconds      | Specifies the maximum idle time before the PC should sleep. If you don't set sleep timeout, the default time, 3600 seconds (1 hour), is applied.    |  
+| Policy name | Default value | Description |
+|--|--|--|
+| Enable Shared PC mode | True | Configures the PCs so they're in shared PC mode. |
+| Set education policies | True | School-optimized settings are applied to the PCs so that they're appropriate for an educational environment. To see all recommended and enabled policies, see [Windows 10 configuration recommendation for education customers](./configure-windows-for-education.md). |
+| Account Model | Only guest, Domain-joined only, or Domain-joined and guest | Controls how users can sign in on the PC. Configurable from the Set up School PCs app. Choosing domain-joined enables any user in the domain to sign in. Specifying the guest option adds the Guest option to the sign-in screen and enable anonymous guest access to the PC. |
+| Deletion policy | Delete at disk space threshold and inactive threshold | Delete at disk space threshold starts deleting accounts when available disk space falls below the threshold you set for disk level deletion. It stops deleting accounts when the available disk space reaches the threshold you set for disk level caching. Accounts are deleted in order of oldest accessed to most recently accessed. Also deletes accounts if they haven't signed in within the number of days specified by inactive threshold policy. |
+| Disk level caching | 50% | Sets 50% of total disk space to be used as the disk space threshold for account caching. |
+| Disk level deletion | For shared device setup, 25%; for single device-student setup, 0%. | When devices are optimized for shared use, the policy sets 25% of total disk space as the disk space threshold for account caching. When devices are optimized for use by a single student, the policy sets the value to 0% and doesn't delete accounts. |
+| Enable account manager | True | Enables automatic account management. |
+| Inactive threshold | For shared device setup, 30 days; for single device-student setup, 180 days. | After 30 or 180 days, respectively, if an account hasn't signed in, it will be deleted. |
+| Kiosk Mode AMUID | `Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App` | Configures the kiosk account on student devices to only run the Take a Test secure assessment browser. |
+| Kiosk Mode User Tile Display Text | Take a Test | Displays "Take a Test" as the name of the kiosk account on student devices. |
+| Restrict local storage | For shared device setup, True; for single device-student setup, False. | When devices are optimized for shared use across multiple PCs, this policy forces students to save to the cloud to prevent data loss. When your devices are optimized for use by a single student, this policy doesn't prevent students from saving on the PCs local hard drive. |
+| Maintenance start time | 0 - midnight | The maintenance start time when automatic maintenance tasks, such as Windows Update, run on student devices. |
+| Max page file size in MB | 1024 | Sets the maximum size of the paging file to 1024 MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. |
+| Set power policies | True | Prevents users from changing power settings and turns off hibernate. Also overrides all power state transitions to sleep, such as lid close. |
+| Sign in on resume | True | Requires the device user to sign in with a password when the PC wakes from sleep. |
+| Sleep timeout | 3600 seconds | Specifies the maximum idle time before the PC should sleep. If you don't set sleep timeout, the default time, 3600 seconds (1 hour), is applied. |
 
-## MDM and local group policies 
-This section lists only the MDM and local group policies that are configured uniquely for the Set up School PCs app.     
+## MDM and local group policies
+
+This section lists only the MDM and local group policies that are configured uniquely for the Set up School PCs app.
 
 For a more detailed look of each policy listed, see [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.  
 
+| Policy name | Default value | Description |
+|--|--|--|
+| Authority | User-defined | Authenticates the admin user. Value is set automatically when signed in to Azure AD. |
+| BPRT | User-defined | Value is set automatically when signed in to Azure AD. Allows you to create the provisioning package. |
+| WLAN Setting | XML is generated from the Wi-Fi profile in the Set up School PCs app. | Configures settings for wireless connectivity. |
+| Hide OOBE for desktop | True | Hides the interactive OOBE flow for Windows 10. |
+| Download Mode | 1 - HTTP blended with peering behind the same NAT | Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates |
+| Select when Preview Builds and Feature Updates are received | 32 - Semi-annual Channel. Device gets feature updates from Semi-annual Channel | Specifies how frequently devices receive preview builds and feature updates. |
+| Allow auto update | 4 - Auto-installs and restarts without device-user control | When an auto update is available, it auto-installs and restarts the device without any input or action from the device user. |
+| Configure automatic updates | 3 - Set to install at 3am | Scheduled time to install updates. |
+| Update power policy for cart restarts | 1 - Configured | Skips all restart checks to ensure that the reboot will happen at the scheduled install time. |
+| Select when Preview Builds and Feature Updates are received | 365 days | Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days. |
+| Allow all trusted apps | Disabled | Prevents untrusted apps from being installed to device |
+| Allow developer unlock | Disabled | Students can't unlock the PC and use it in developer mode |
+| Allow Cortana | Disabled | Cortana isn't allowed on the device. |
+| Allow manual MDM unenrollment | Disabled | Students can't remove the mobile device manager from their device. |
+| Settings page visibility | Enabled | Specific pages in the System Settings app aren't visible or accessible to students. |
+| Allow add provisioning package | Disabled | Students can't add and upload new provisioning packages to their device. |
+| Allow remove provisioning package | Disabled | Students can't remove packages that you've uploaded to their device, including the Set up School PCs app |
+| Start Layout | Enabled | Lets you specify the Start layout for users and prevents them from changing the configuration. |
+| Import Edge Assets | Enabled | Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files. |
+| Allow pinned folder downloads | 1 - The shortcut is visible and disables the setting in the Settings app | Makes the Downloads shortcut on the Start menu visible to students. |
+| Allow pinned folder File Explorer | 1 - The shortcut is visible and disables the setting in the Settings app | Makes the File Explorer shortcut on the Start menu visible to students. |
+| Personalization | Deploy lock screen image | Set to the image you picked when you customized the lock screen during device setup. If you didn't customize the image, the computer will show the default. |
+| Personalization | Lock screen image URL | Image filename |
+| Update | Active hours end | 5 PM |
+| Update | Active hours start | 7 AM |
+| Updates Windows | Nightly | Sets Windows to update on a nightly basis. |
 
-|                         Policy name                         |                                 Default value                                  |                                                                                     Description                                                                                     |
-|-------------------------------------------------------------|--------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                          Authority                          |                                  User-defined                                  |                                                Authenticates the admin user. Value is set automatically when signed in to Azure AD.                                                 |
-|                            BPRT                             |                                  User-defined                                  |                                        Value is set automatically when signed in to Azure AD. Allows you to create the provisioning package.                                        |
-|                        WLAN Setting                         |     XML is generated from the Wi-Fi profile in the Set up School PCs app.      |                                                                   Configures settings for wireless connectivity.                                                                    |
-|                    Hide OOBE for desktop                    |                                      True                                      |                                                                   Hides the interactive OOBE flow for Windows 10.                                                                   |
-|                        Download Mode                        |               1 - HTTP blended with peering behind the same NAT                |                               Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates                               |
-| Select when Preview Builds and Feature Updates are received | 32 - Semi-annual Channel. Device gets feature updates from Semi-annual Channel |                                                    Specifies how frequently devices receive preview builds and feature updates.                                                     |
-|                      Allow auto update                      |           4 - Auto-installs and restarts without device-user control           |                            When an auto update is available, it auto-installs and restarts the device without any input or action from the device user.                             |
-|                 Configure automatic updates                 |                           3 - Set to install at 3am                            |                                                                         Scheduled time to install updates.                                                                          |
-|            Update power policy for cart restarts            |                                 1 - Configured                                 |                                            Skips all restart checks to ensure that the reboot will happen at the scheduled install time.                                            |
-| Select when Preview Builds and Feature Updates are received |                                    365 days                                    |                                         Defers Feature Updates for the specified number of days. When not specified, defaults to 365 days.                                          |
-|                   Allow all trusted apps                    |                                    Disabled                                    |                                                               Prevents untrusted apps from being installed to device                                                                |
-|                   Allow developer unlock                    |                                    Disabled                                    |                                                             Students can't unlock the PC and use it in developer mode                                                              |
-|                        Allow Cortana                        |                                    Disabled                                    |                                                                        Cortana isn't allowed on the device.                                                                        |
-|                Allow manual MDM unenrollment                |                                    Disabled                                    |                                                         Students can't remove the mobile device manager from their device.                                                         |
-|                  Settings page visibility                   |                                    Enabled                                     |                                                Specific pages in the System Settings app aren't visible or accessible to students.                                                 |
-|               Allow add provisioning package                |                                    Disabled                                    |                                                      Students can't add and upload new provisioning packages to their device.                                                      |
-|              Allow remove provisioning package              |                                    Disabled                                    |                                      Students can't remove packages that you've uploaded to their device, including the Set up School PCs app                                      |
-|                        Start Layout                         |                                    Enabled                                     |                                           Lets you specify the Start layout for users and prevents them from changing the configuration.                                            |
-|                     Import Edge Assets                      |                                    Enabled                                     | Import Microsoft Edge assets, such as PNG and JPG files, for secondary tiles on the Start layout. Tiles will appear as weblinks and will be tied to the relevant image asset files. |
-|                Allow pinned folder downloads                |    1 - The shortcut is visible and disables the setting in the Settings app    |                                                         Makes the Downloads shortcut on the Start menu visible to students.                                                         |
-|              Allow pinned folder File Explorer              |    1 - The shortcut is visible and disables the setting in the Settings app    |                                                       Makes the File Explorer shortcut on the Start menu visible to students.                                                       |
-|                       Personalization                       |                            Deploy lock screen image                            |             Set to the image you picked when you customized the lock screen during device setup. If you didn't customize the image, the computer will show the default.             |
-|                       Personalization                       |                             Lock screen image URL                              |                                                                                   Image filename                                                                                    |
-|                           Update                            |                                Active hours end                                |                                                                                        5 PM                                                                                         |
-|                           Update                            |                               Active hours start                               |                                                                                        7 AM                                                                                         |
-|                       Updates Windows                       |                                    Nightly                                     |                                                                     Sets Windows to update on a nightly basis.                                                                      |
+## Apps uninstalled from Windows devices
 
-## Apps uninstalled from Windows 10 devices
-Set up School PCs app uses the Universal app uninstall policy. This policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device.  ALl apps uninstalled from Windows 10 devices include:  
+Set up School PCs app uses the Universal app uninstall policy. The policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device. The apps uninstalled from Windows devices are:  
 
+- Mixed Reality Viewer
+- Weather  
+- Desktop App Installer
+- Tips
+- Messaging
+- My Office
+- Microsoft Solitaire Collection
+- Mobile Plans
+- Feedback Hub
+- Xbox
+- Mail/Calendar
+- Skype
 
-* Mixed Reality Viewer 
-* Weather  
-* Desktop App Installer
-* Tips 
-* Messaging
-* My Office
-* Microsoft Solitaire Collection   
-* Mobile Plans
-* Feedback Hub     
-* Xbox 
-* Mail/Calendar 
-* Skype 
+## Apps installed on Windows devices
 
-## Apps installed on Windows 10 devices  
-Set up School PCs uses the Universal app install policy to install school-relevant apps on  all Windows 10 devices. Apps that are installed include:
-* OneDrive
-* OneNote
-* Sway   
+Set up School PCs uses the Universal app install policy to install school-relevant apps on  all Windows 10 devices. The following apps are installed:
+
+- OneDrive
+- OneNote
+- Sway
 
 ## Provisioning time estimates
+
 The time it takes to install a package on a device depends on the:  
 
-* Strength of network connection 
-* Number of policies and apps within the package
-* Other configurations made to the device  
+- Strength of network connection
+- Number of policies and apps within the package
+- Other configurations made to the device  
 
-Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes pre-installed apps, through CleanPC, will take much longer to provision.
+Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes preinstalled apps, through CleanPC, will take much longer to provision.
 
-|Configurations |Connection type |Estimated provisioning time |
-|---------|---------|---------|
-|Default settings only    |  Wi-Fi      |  3 to 5 minutes      |
-|Default settings + apps    |   Wi-Fi       | 10 to 15 minutes        |
-|Default settings + remove pre-installed apps (CleanPC)    |  Wi-Fi        |  60 minutes     |
-|Default settings + other settings (Not CleanPC)    |  Wi-Fi        |  5 minutes       |  
+| Configurations | Connection type | Estimated provisioning time |
+|--|--|--|
+| Default settings only | Wi-Fi | 3 to 5 minutes |
+| Default settings + apps | Wi-Fi | 10 to 15 minutes |
+| Default settings + remove preinstalled apps (CleanPC) | Wi-Fi | 60 minutes |
+| Default settings + other settings (Not CleanPC) | Wi-Fi | 5 minutes |
 
-## Next steps  
-Learn more about setting up devices with the Set up School PCs app.  
-* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
-* [Set up School PCs technical reference](set-up-school-pcs-technical.md)
-* [Set up Windows 10 devices for education](set-up-windows-10.md) 
+## Next steps
 
-When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
\ No newline at end of file
+Learn more about setting up devices with the Set up School PCs app.
+
+- [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
+- [Set up School PCs technical reference](set-up-school-pcs-technical.md)
+- [Set up Windows 10 devices for education](set-up-windows-10.md)
+
+When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 28907160cb..f888895674 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -1,7 +1,7 @@
 ---
 title: Set up School PCs app technical reference overview
 description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index 61f6b28d77..1193a202d9 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -1,7 +1,7 @@
 ---
 title: Set up Windows devices for education
 description: Decide which option for setting up Windows 10 is right for you.
-ms.topic: article
+ms.topic: overview
 ms.date: 08/10/2022
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -9,11 +9,12 @@ appliesto:
 
 # Set up Windows devices for education
 
-You have two tools to choose from to set up PCs for your classroom: 
-* Set up School PCs 
-* Windows Configuration Designer
+You have two tools to choose from to set up PCs for your classroom:
 
-Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account). 
+- Set up School PCs 
+- Windows Configuration Designer
+
+Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account).
 
 You can use the following diagram to compare the tools.
 
@@ -29,4 +30,4 @@ You can use the following diagram to compare the tools.
 ## Related topics
 
 [Take tests in Windows](take-tests-in-windows.md)
-[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
\ No newline at end of file
+[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)S
\ No newline at end of file
diff --git a/education/windows/take-tests-in-windows.md b/education/windows/take-tests-in-windows.md
index 2533467fca..d9663d6d32 100644
--- a/education/windows/take-tests-in-windows.md
+++ b/education/windows/take-tests-in-windows.md
@@ -2,7 +2,7 @@
 title: Take tests and assessments in Windows
 description: Learn about the built-in Take a Test app for Windows and how to use it.
 ms.date: 03/31/2023
-ms.topic: conceptual
+ms.topic: how-to
 ---
 
 # Take tests and assessments in Windows
diff --git a/education/windows/TOC.yml b/education/windows/toc.yml
similarity index 97%
rename from education/windows/TOC.yml
rename to education/windows/toc.yml
index 69693b6fdf..d12a3eb854 100644
--- a/education/windows/TOC.yml
+++ b/education/windows/toc.yml
@@ -6,6 +6,8 @@ items:
   items:
   - name: Deploy and manage Windows devices in a school
     href: tutorial-school-deployment/toc.yml
+  - name: Deploy applications to Windows 11 SE
+    href: tutorial-deploy-apps-winse/toc.yml
 - name: Concepts
   items: 
     - name: Windows 11 SE
diff --git a/education/windows/tutorial-deploy-apps-winse/considerations.md b/education/windows/tutorial-deploy-apps-winse/considerations.md
new file mode 100644
index 0000000000..73d202a202
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/considerations.md
@@ -0,0 +1,53 @@
+---
+title: Important considerations before deploying apps with managed installer
+description: Learn about important aspects to consider before deploying apps with managed installer.
+ms.date: 06/19/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+# Important considerations before deploying apps with Managed Installer
+
+This article describes important aspects to consider before deploying apps with managed installer.
+
+## Existing apps deployed in Intune
+
+If you have Windows 11 SE devices that already have apps deployed through Intune, the apps won't get retroactively tagged with the *managed installer* mark. You may need to redeploy the apps through Intune to get them properly tagged with managed installer and allowed to run.
+
+## Enrollment Status Page
+
+The Enrollment Status Page (ESP) is compatible with Windows 11 SE. However, due to the Windows 11 SE base policy, devices can be blocked from completing enrollment if:
+
+1. You have the ESP configured to block device use until required apps are installed, and
+2. You deploy an app that is blocked by the Windows 11 SE base policy, not installable via a managed installer (without more policies), and not allowed by any supplemental policies or AppLocker policies
+<!--
+For example, if you deploy a UWP LOB app but haven't deployed a supplemental policy to allow the app, ESP will fail.-->
+
+If you choose to block device use on the installation of apps, you must ensure that apps are also not blocked from installation.
+
+:::image type="content" source="./images/esp-error.png" alt-text="Screenshot of the Enrollment Status Page showing an error in OOBE on Windows 11 SE." border="false":::
+
+### ESP errors mitigation
+
+To ensure that you don't run into installation or enrollment blocks, you can pick one of the following options, in accordance with your internal policies:
+
+1. Ensure that all apps are unblocked from installation. Apps must be compatible with the Windows 11 SE managed installer flow, and if they aren't compatible out-of-box, have the corresponding supplemental policy to allow them
+2. Don't deploy apps that you haven't validated
+3. Set your Enrollment Status Page configuration to not block device use based on required apps
+
+To learn more about the ESP, see [Set up the Enrollment Status Page][MEM-1].
+
+## Potential impact to events collected by Log Analytics integrations
+
+Log Analytics is a cloud service that can be used to collect data from AppLocker policy events. Windows 11 SE devices enrolled in an Intune Education tenant will automatically receive an AppLocker policy. The result is an increase in events generated by the AppLocker policy.
+
+If your organization is using Log Analytics, it's recommended to review your Log Analytics setup to:
+
+- Ensure there's an appropriate data collection cap in place to avoid unexpected billing costs
+- Turn off the collection of non-error AppLocker events in Log Analytics, except for MSI and Script logs
+
+For more information, see [Use Event Viewer with AppLocker][WIN-1]
+
+[MEM-1]: /mem/intune/enrollment/windows-enrollment-status
+[WIN-1]: /windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/create-policies.md b/education/windows/tutorial-deploy-apps-winse/create-policies.md
new file mode 100644
index 0000000000..8841f736bd
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/create-policies.md
@@ -0,0 +1,210 @@
+---
+title: Create policies to enable applications
+description: Learn how to create policies to enable the installation and execution of apps on Windows SE.
+ms.date: 06/19/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+# Create policies to enable applications
+
+:::row:::
+   :::column span="":::
+    <a href="deploy-apps.md"><img src="images/phase-1-off.svg" alt="Icon representing the first phase."/></a><br>
+    [**Deploy an application via Microsoft Intune**](deploy-apps.md)
+   :::column-end:::
+   :::column span="":::
+    <a href="validate-apps.md"><img src="images/phase-2-off.svg" alt="Icon representing the second phase."/></a><br>
+    [**Validate the application**](validate-apps.md)
+   :::column-end:::
+   :::column span="":::
+    <a href="create-policies.md"><img src="images/phase-3-on.svg" alt="Icon representing the third phase."/></a><br>
+    [**Create additional policies (optional)**](create-policies.md)
+   :::column-end:::
+:::row-end:::
+
+
+You can create AppLocker policies to allow apps that are [semi-compatible](./validate-apps.md#semi-compatible-apps) or [incompatible](./validate-apps.md#incompatible-apps) with the managed installer to run.
+
+<!--
+You can create policies to allow applications that are [semi-compatible](./validate-apps.md#semi-compatible-apps) or [incompatible](./validate-apps.md#incompatible-apps) with the managed installer.
+
+The following table details the two policy types to allow apps to run:
+
+| **Policy type** | **How it works** | **When should I use this policy?** | **Security risk** |
+|---|---|---|---|
+| WDAC supplemental policy | Allows apps meeting the rule criteria to run | For executables that the Windows 11 SE base policy blocks. The blocked executables are visible from the Event Viewer in the [CodeIntegrity events](./troubleshoot.md). | Low |
+| AppLocker policy | Sets an app to be considered as a managed installer | Only for executables that do installations or updates, that the Windows 11 SE base policy blocks. | High |
+
+> [!NOTE]
+> The specifics of the policy you will need to create vary from app to app. Public documentation can help you determine which rules would be useful for your app.
+
+
+## WDAC supplemental policies
+
+A *supplemental policy* can expand only one base policy, but multiple supplemental policies can expand the same base policy. When you use supplemental policies, the apps allowed by the base or its supplemental policies will be allowed to execute.\
+The base policy that you must target for Windows SE devices has a PolicyID of **{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}**.
+
+> [!WARNING]
+> The maximum number of active policies is 32, which includes the Windows 11 SE base policy, the Microsoft vulnerable driver block list, and potentially other inbox policies. When planning your supplemental policy strategy, avoid adding too many. For example, avoid creating a supplemental policy per app, which can add up very quickly.
+
+After you create WDAC supplemental policies, you must sign them and deploy them through Intune.\
+To create supplemental policies, download and install the [WDAC Policy Wizard][EXT-1] from a **non-Windows SE device**.
+
+The following video provides an overview and explains how to create supplemental policies for apps blocked by the Windows 11 SE base policy.
+
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWWReO]
+
+### Create a supplemental policy for Win32 apps
+
+There are different ways to write a supplemental policy. The suggested method is to use [audit events][WIN-3], as they list the actions that Windows 11 SE would block. From the audit events, you can create a policy to allow those actions.\
+From a non-Windows SE device with the WDAC Policy Wizard installed, follow these steps:
+
+1. Apply an audit mode WDAC Base policy. The WDAC Wizard includes a template policy called *WinSEPolicy.xml*, which is based on the Windows 11 SE base policy:
+    - Open the **WDAC Wizard** and select **Policy Editor**
+    - In the Policy Path to Edit field, browse for *%ProgramFiles%\WindowsApps\Microsoft.WDAC\** and select the file called *WinSEPolicy.xml*. Select **Next**
+      :::image type="content" source="images/wdac-winsepolicy.png" alt-text="Screenshot of the WDAC wizard - creation of a policy targeting the base WinSEPolicy.xml policy.":::
+    - Toggle the option for **Audit Mode** and complete the wizard. Note the location of the *.cip* and *.xml* files shown on the final page of the wizard
+    - From an elevated PowerShell session, run the following command to activate the policy:
+
+     ```cmd
+     citool.exe -up <"Path to the .cip file">
+     ```
+
+1. With the *Base audit mode policy* for Windows 11 SE in place:
+    - Download and run the app install for your app
+    - Launch the app and exercise the app's capabilities
+    - Uninstall the app
+1. Use the WDAC Wizard to create a policy from audit events:
+   - Open the **WDAC Wizard** and select **Policy Editor**
+   - Select **Convert Event Log to a WDAC Policy** then select **Parse Event Log** to parse from the system Event Viewer. Select **Next**
+   - Review each row in the table and choose the type of rule to create. You may want to sort the table by FileName to group duplicate rows together. You need to create a single rule if the values are duplicates
+   - Complete the wizard to generate the policy. The policy will be a *Base* policy. Note the location of the *.xml* shown, as you'll use it in the next step.
+   - Check the event log **AppLocker** > **MSI and Script** for any events
+       - If any events are shown, you can use the **WDAC Wizard** to edit the policy and add more rules
+       - Alternatively, you can save all events to *.evtx* file and create a policy from audit events, but browse for the saved *.evtx* file rather than parsing events from the system Event Viewer
+1. Convert the policy created in the previous step to a supplemental policy, specifying the Base audit policy you created in the first step as its base
+
+   ```PowerShell
+   Set-CiPolicyIdInfo -FilePath "<Path to.xml file from step #4>" -BasePolicyToSupplementPath "<Path to the WDAC Base policy .xml created from step #2>"
+   ```
+
+1. From an elevated PowerShell session, run the following command to activate the policy:
+
+   ```cmd
+   citool.exe -up '<Path to the .cip file>'
+   ```
+
+1. Clear the two event logs:
+    - **CodeIntegrity** > **Operational**
+    - **AppLocker** > **MSI and Script**
+1. Repeat the app testing from step 3. Repeat these steps as needed until no further events are generated.
+1. Once you have a policy that works for your app, reset the supplemental policy's Base policy to the official Windows 11 SE BasePolicyId. From an elevated PowerShell session, run the following command:
+
+    ```PowerShell
+    Set-CiPolicyIdInfo -FilePath "<Path to .xml from step #4>" -SupplementsBasePolicyId "{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}"
+    ```
+
+    > [!NOTE]
+    > If you have created multiple supplemental policies for different apps, it's recommended to merge all supplemental policies together before deploying. You can merge policies using the WDAC Wizard.
+1. The creation of the supplemental policy is complete. You must sign and deploy the policy to your devices to take effect.
+
+### Create a supplemental policy for UWP LOB apps
+
+UWP apps don't work out-of-box due to the Windows 11 SE Windows 11 SE base policy.\
+From a non-Windows SE device with the WDAC Policy Wizard installed, you can create and deploy a supplemental policy using these steps:
+
+1. Open the **WDAC Wizard** and select **Policy Creator > Supplemental policy**
+    - Choose a **Policy Name** and **Policy File Location**
+    - In the **Base Policy** path to, browse for *%ProgramFiles%\WindowsApps\Microsoft.WDAC\** and select the     file called *WinSEPolicy.xml*. Select **Next**
+    - In **Policy Rules**, select **Next**
+    - In **Signing Rules**, select **Add Custom Rule** and choose:
+      - **Rule scope**: **Usermode Rule**
+      - **Rule action**: **Allow**
+      - **Rule type**: **Packaged App**
+      - **Package Name**: specify the package name of app. If the app is installed, you can search by name. If the app isn't installed, check the **Use Custom Package Family** box and specify the package family name of the app
+        :::image type="content" source="images/wdac-uwp-policy.png" alt-text="Screenshot of the WDAC wizard - selection of an installed UWP app package.":::
+    - Select the app name
+    - Select **Create Rule**
+    - Select **Next**
+1. The policy should be created and output an *.xml* and *.cip* files to the policy file location specified earlier
+1. The policy isn't yet targeting the right base policy. Run the following PowerShell command to set the base policy to the Windows 11 SE Windows 11 SE base policy:
+
+    ```PowerShell
+    Set-CiPolicyIdInfo -FilePath "<Path to.xml file from previous step>" -SupplementsBasePolicyId "{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}"
+    ```
+
+1. The creation of the supplemental policy is complete. You must sign and deploy the policy to your devices to take effect.
+
+### Guidelines for authoring WDAC supplemental policy rules
+
+Here are some general guidelines to follow when writing WDAC supplemental policies:
+
+- For packaged apps (*.appx* or *.msix*), choose **PackagedApp** and allow the file by its **PackageFamilyName**
+- For other apps, try to create **Publisher** rules wherever possible, combining the **Publisher** with other properties like **Product**, **Filename**, and **Version**
+
+> [!NOTE]
+  > The WDAC Wizard defaults to use all of the properties, if present. In some cases, you may want to combine a subset of the properties to allow multiple files. For example: Publisher + ProductName + Version.
+
+- When a **Publisher** rule isn't an option (for example, when the file is unsigned), use *Hash* as the most restrictive option
+- You might have to opt for a **FileAttribute** rule, but it can be easily spoofed
+
+For additional information:
+
+- [WDAC Policy Wizard][EXT-1]
+- [Policy creation for common WDAC usage scenarios][WIN-1]
+- [Create a new supplemental policy with the wizard][WIN-2]
+
+## AppLocker policies
+
+> [!WARNING]
+> It's recommended to use AppLocker policies for processes that perform **updates** or **install as managed installers** only. The preferred method to allow incompatible applications or other executables to run, is to write **WDAC supplemental policies** instead of modifying AppLocker policies.
+
+Additional AppLocker policies work by configuring other apps to be *managed installers*. However, since anything downloaded or installed by a managed installer is trusted to run, it creates a significant security risk. For example, if the executable for a third-party browser is set as a managed installer, anything downloaded from that browser will be allowed to run.\
+Using a WDAC supplemental policy instead, allows you to have more control over what is allowed to run without the risk of those permissions propagating unintentionally.
+
+To allow apps to run by setting their installers as managed installers, follow the guidance here:
+-->
+
+## AppLocker policies
+
+Additional AppLocker policies work by configuring other apps to be *managed installers*. However, since anything downloaded or installed by a managed installer is trusted to run, it creates a significant security risk. For example, if the executable for a third-party browser is set as a managed installer, anything downloaded from that browser will be allowed to run.
+
+To allow apps to run by setting their installers as managed installers, follow the guidance here:
+
+- [Edit an AppLocker policy][WIN-5]
+- [Allow apps deployed with a WDAC managed installer][WIN-6]
+
+## Next steps
+
+<!--
+Before moving on to the next section, ensure that you've completed the following tasks.
+
+For a WDAC supplemental policy:
+
+> [!div class="checklist"]
+>
+> - Create a policy, targeting  the base policy: **82443e1e-8a39-4b4a-96a8-f40ddc00b9f3**
+
+For an AppLocker policy:
+
+> [!div class="checklist"]
+>
+> - Only applied to an updater or installer
+> - Created the policy with the **Merge** option
+
+Advance to the next article to learn how to deploy the WDAC supplemental policies or AppLocker policies to Windows 11 SE devices.
+-->
+
+Advance to the next article to learn how to deploy the AppLocker policies to Windows 11 SE devices.
+
+> [!div class="nextstepaction"]
+> [Next: deploy policies >](deploy-policies.md)
+
+[EXT-1]: https://webapp-wdac-wizard.azurewebsites.net/
+[WIN-1]: /windows/security/threat-protection/windows-defender-application-control/types-of-devices
+[WIN-2]: /windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy
+[WIN-3]: /windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies
+[WIN-5]: /windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy
+[WIN-6]: /windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer
diff --git a/education/windows/tutorial-deploy-apps-winse/deploy-apps.md b/education/windows/tutorial-deploy-apps-winse/deploy-apps.md
new file mode 100644
index 0000000000..bc3bd28004
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/deploy-apps.md
@@ -0,0 +1,109 @@
+---
+title: Applications deployment considerations
+description: Learn how to deploy different types of applications to Windows 11 SE and some considerations before deploying them.
+ms.date: 05/23/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+# Applications deployment considerations
+
+:::row:::
+   :::column span="":::
+    <a href="deploy-apps.md"><img src="images/phase-1-on.svg" alt="Icon representing the first phase."/></a><br>
+    [**Deploy an application via Microsoft Intune**](deploy-apps.md)
+   :::column-end:::
+   :::column span="":::
+    <a href="validate-apps.md"><img src="images/phase-2-off.svg" alt="Icon representing the second phase."/></a><br>
+    [**Validate the application**](validate-apps.md)
+   :::column-end:::
+   :::column span="":::
+    <a href="create-policies.md"><img src="images/phase-3-off.svg" alt="Icon representing the third phase."/></a><br>
+    [**Create additional policies (optional)**](create-policies.md)
+   :::column-end:::
+:::row-end:::
+
+The process to deploy applications to Windows SE devices via Microsoft Intune is the same used for non-SE devices. Applications must be defined in Intune, and then assigned to the correct groups.\
+However, on Windows SE devices, apps may successfully install, but they need validation to be certain that they're functional.
+
+The following table provides an overview of the applications types that can be deployed to Windows devices via Intune, and considerations about the installation on Windows SE:
+
+|**Installer/App type**|**Installer extensions**|**Available installation methods via Intune**|**Considerations for Windows 11 SE**|
+|-|-|-|-|
+|[Win32][WIN-1]|`.exe`<br>`.msi`|- Intune Management Extension (IME)<br> - Microsoft Store integration|⚠️ There are known limitations that might prevent an app to install or run.|
+|[Universal Windows Platform (UWP)][WIN-2]|`.appx`<br>`.appxbundle`<br>`.msix`<br>|- For public apps: Microsoft Store integration<br>- For private apps: line-of-business (LOB) apps|⛔ UWP apps are currently unsupported.<!--⚠️ LOB apps require a supplemental policy.-->|
+|[Progressive Web Apps (PWAs)][EDGE-2] |`.msix`|- Settings catalog policies<br>- Microsoft Store integration|✅ PWAs are supported.|
+|Web links| n/a |- Windows web links|✅ Web links are supported.|
+
+<!--after Intune 2307 update the table above with ✅ UWP public apps are supported.<br><br>⛔ UWP private apps are currently unsupported.-->
+
+> [!IMPORTANT]
+> Store apps must be installed in device context. Deploying apps in user context fails with error code `0x800711C7`.
+
+> [!IMPORTANT]
+> Although you'll be able to install apps on Windows 11 SE devices via Intune, some apps may not perform well on these devices due those apps' minimum spec requirements.
+> Before deploying apps, first check which apps will be targeting your Windows 11 SE devices, and ensure that they meet the requirements.
+
+## Win32 apps
+
+The addition of Win32 applications to Intune consists of repackaging the apps and defining the commands to silently install them. The process is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
+
+> [!IMPORTANT]
+> If you have Windows 11 SE devices that already have apps deployed through Intune, the apps will not get retroactively tagged with the *managed installer* mark. The reason is to avoid making any security assumptions for these apps. You may need to redeploy the apps through Intune to get them properly tagged with managed installer and allowed to run.
+
+There are known limitations that might prevent applications to install or execute. For more information, see the next section [validate applications](validate-apps.md).
+
+## UWP apps
+
+UWP apps are currently unsupported for Windows 11 SE.
+
+<!-- 2307
+### Microsoft Store apps
+
+Public UWP apps available in the Microsoft Store are supported for Windows 11 SE.
+
+### Line of business apps
+
+Private UWP apps are currently unsupported for Windows 11 SE.
+
+<!--### Line of business apps
+
+For private, line-of-business (LOB) UWP apps, [deploy as line-of-business apps][MEM-2]
+
+> [!IMPORTANT]
+> UWP apps require the creation and deployment of supplemental policies. For more information, see the next section [validate applications](validate-apps.md).
+
+-->
+## PWA apps
+
+PWAs can be deployed using the [Force-installed web Apps][EDGE-1] option via [settings catalog policies][MEM-3], or using the Microsoft Store integration with Intune.
+
+## Web links
+
+Web link can be deployed via Intune using [Windows web links][MEM-4], and will be available in the Start menu of the targeted devices.
+
+## Section review
+
+Before moving on to the next section, ensure that you've completed the following tasks:
+
+> [!div class="checklist"]
+> - `.intunewin` package created (for Win32 apps)
+> - App uploaded via Intune (for Win32 and UWP LOB apps)
+> - App assigned to the correct groups
+
+## Next steps
+
+Advance to the next article to learn how to validate the applications deployed to Windows 11 SE devices.
+
+> [!div class="nextstepaction"]
+> [Next: validate apps >](validate-apps.md)
+
+[EDGE-1]: /deployedge/microsoft-edge-policies#configure-list-of-force-installed-web-apps
+[EDGE-2]: /microsoft-edge/progressive-web-apps-chromium
+[MEM-1]: /mem/intune/apps/apps-win32-add
+[MEM-2]: /mem/intune/apps/lob-apps-windows
+[MEM-3]: /mem/intune/configuration/settings-catalog
+[MEM-4]: /mem/intune/apps/web-app
+[WIN-1]: /windows/win32
+[WIN-2]: /windows/uwp/get-started/universal-application-platform-guide
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/deploy-policies.md b/education/windows/tutorial-deploy-apps-winse/deploy-policies.md
new file mode 100644
index 0000000000..330d85b61e
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/deploy-policies.md
@@ -0,0 +1,96 @@
+---
+title: Deploy policies to enable applications
+description: Learn how to deploy AppLocker policies to enable apps execution on Windows SE devices.
+ms.date: 05/23/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+<!--description: Learn how to sign WDAC policies and how to deploy WDAC and AppLocker policies to enable apps execution on Windows SE devices.-->
+
+# Deploy policies to enable applications
+
+Once the policies are created, you must deploy them to the Windows SE devices.\
+AppLocker policies can be deployed via Intune. This article describes how to deploy AppLocker policies to enable apps execution on Windows SE devices.
+
+<!--
+WDAC and AppLocker policies can be deployed via Intune, but WDAC policies must be signed before they can be deployed.
+
+This article describes how to sign WDAC policies and how to deploy WDAC and AppLocker policies to enable apps execution on Windows SE devices.
+
+## Sign WDAC supplemental policies
+
+> [!IMPORTANT]
+> *This section will be updated when the process using Azure CodeSigning for CI policy is released in April.*
+
+## Deploy WDAC supplemental policies
+
+Policies can be deployed via Intune using a custom OMA-URI.
+
+> [!TIP]
+> To prevent these policies from being applied to non-Windows SE devices, you can create and target a group with only Windows 11 SE devices in it, or use assignment filters.
+
+[Deploy WDAC policies using Mobile Device Management][WIN-4]
+
+### Troubleshoot WDAC policies
+
+For information how to validate and troubleshoot WDAC supplemental policies, see [WDAC supplemental policy validation](./troubleshoot.md#wdac-supplemental-policy-validation)
+
+-->
+
+## Deploy AppLocker policies
+
+Intune doesn't currently offer the option to modify AppLocker policies. The deployment of AppLocker policies can be done using PowerShell scripts deployed via Intune.
+
+You can create a PowerShell script that stores the contents of the policy in a variable, then use the `Set-AppLockerPolicy` PowerShell command to merge it. Here's a sample function for the task:
+
+```PowerShell
+function MergeAppLockerPolicy([string]$policyXml)
+{
+  $policyFile = '.\AppLockerPolicy.xml'
+  $policyXml | Out-File $policyFile
+  Write-Host "Merging and setting AppLocker policy"
+  Set-AppLockerPolicy -XmlPolicy $policyFile -Merge -ErrorAction SilentlyContinue
+  Remove-Item $policyFile
+}
+```
+
+> [!WARNING]
+> Intune deploys a script with the AppLocker policy to set **Intune Management Extension as a managed installer** on all Windows 11 SE devices enrolled into an Intune EDU tenant. If you want to deploy your own AppLocker policy to set another Managed Installer (in addition to Intune), be sure to use the `-Merge` parameter with `Set-AppLockerPolicy`. The `-Merge` parameter ensures that your policy plays well with Intune's AppLocker policy. Without using the `-Merge` parameter, it will result in issues with apps not getting tagged properly and their ability to run on impacted devices. To learn more about AppLocker Merge policy, see [Merge AppLocker policies][WIN-7].
+
+Once finished, you can deploy the script via Intune. For more information, see [Add PowerShell scripts to Windows devices in Microsoft Intune][MEM-1].
+
+### Troubleshoot AppLocker policies
+
+For information how to validate and troubleshoot AppLocker policies, see [AppLocker policy validation](./troubleshoot.md#applocker-policy-validation)
+
+## Next steps
+
+<!--
+Before moving on to the next section, ensure that you've completed the following tasks.
+
+For a WDAC supplemental policy:
+
+> [!div class="checklist"]
+>
+> - Signed .cip .p7b file with Device Guard
+> - Policy created in Intune and assigned to the correct groups
+> - Policy applied in Event Viewer
+
+For an AppLocker policy:
+
+> [!div class="checklist"]
+>
+> - Policy created in Intune and assigned to the correct groups
+-->
+
+Advance to the next article to learn about important considerations when deploying apps and policies to Windows SE devices.
+
+> [!div class="nextstepaction"]
+>
+> [Next: important deployment considerations >](considerations.md)
+
+[MEM-1]: /mem/intune/apps/intune-management-extension
+[WIN-4]: /windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune
+[WIN-7]: /windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy
diff --git a/education/windows/tutorial-deploy-apps-winse/images/applocker-export-policy.png b/education/windows/tutorial-deploy-apps-winse/images/applocker-export-policy.png
new file mode 100644
index 0000000000..593b5fe843
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/applocker-export-policy.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/applocker-policy-validation.png b/education/windows/tutorial-deploy-apps-winse/images/applocker-policy-validation.png
new file mode 100644
index 0000000000..79c0de6d18
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/applocker-policy-validation.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/esp-error.png b/education/windows/tutorial-deploy-apps-winse/images/esp-error.png
new file mode 100644
index 0000000000..84d7475234
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/esp-error.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/intune-app-install-overview.png b/education/windows/tutorial-deploy-apps-winse/images/intune-app-install-overview.png
new file mode 100644
index 0000000000..28423c67cc
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/intune-app-install-overview.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/intune-app-install-status.png b/education/windows/tutorial-deploy-apps-winse/images/intune-app-install-status.png
new file mode 100644
index 0000000000..df76fdd426
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/intune-app-install-status.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/phase-1-off.svg b/education/windows/tutorial-deploy-apps-winse/images/phase-1-off.svg
new file mode 100644
index 0000000000..0f7589f26c
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/images/phase-1-off.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="272px" height="112px" viewBox="-0.5 -0.5 272 112"><defs/><g><rect x="21" y="1" width="250" height="110" rx="4.4" ry="4.4" fill-opacity="0.9" fill="#e6e6e6" stroke="#666666" stroke-opacity="0.9" stroke-width="2" pointer-events="all"/><image x="113" y="18" width="75" height="75" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCAyNCAyNCIgaGVpZ2h0PSIyNCIgd2lkdGg9IjI0Ij4mI3hhOyAgPHBhdGggZmlsbD0iIzIxMjEyMSIgZD0iTTE3LjUgMTJDMjAuNTM3NiAxMiAyMyAxNC40NjI0IDIzIDE3LjVDMjMgMjAuNTM3NiAyMC41Mzc2IDIzIDE3LjUgMjNDMTQuNDYyNCAyMyAxMiAyMC41Mzc2IDEyIDE3LjVDMTIgMTQuNDYyNCAxNC40NjI0IDEyIDE3LjUgMTJaTTE3LjUxMTIgMTQuMDAwMUwxNy40MjcgMTQuMDA1TDE3LjM3MTkgMTQuMDE2NkwxNy4yODg2IDE0LjA0NjdMMTcuMjE1MyAxNC4wODg4TDE3LjE1ODkgMTQuMTM0NEwxNC42NDY0IDE2LjY0NjRMMTQuNTg4NiAxNi43MTU3QzE0LjQ3MDUgMTYuODg2MiAxNC40NzA1IDE3LjExMzggMTQuNTg4NiAxNy4yODQzTDE0LjY0NjQgMTcuMzUzNkwxNC43MTU3IDE3LjQxMTRDMTQuODg2MiAxNy41Mjk1IDE1LjExMzggMTcuNTI5NSAxNS4yODQzIDE3LjQxMTRMMTUuMzUzNiAxNy4zNTM2TDE2Ljk5OSAxNS43MDhMMTcgMjFMMTcuMDA4MSAyMS4wODk5QzE3LjA0NTEgMjEuMjk0IDE3LjIwNiAyMS40NTQ5IDE3LjQxMDEgMjEuNDkxOUwxNy41IDIxLjVMMTcuNTg5OSAyMS40OTE5QzE3Ljc5NCAyMS40NTQ5IDE3Ljk1NDkgMjEuMjk0IDE3Ljk5MTkgMjEuMDg5OUwxOCAyMUwxNy45OTkgMTUuNzA2TDE5LjY0NjQgMTcuMzUzNkwxOS43MTU3IDE3LjQxMTRDMTkuOTEwNiAxNy41NDY0IDIwLjE4IDE3LjUyNzEgMjAuMzUzNiAxNy4zNTM2QzIwLjUyNzEgMTcuMTggMjAuNTQ2NCAxNi45MTA2IDIwLjQxMTQgMTYuNzE1N0wyMC4zNTM2IDE2LjY0NjRMMTcuODA2IDE0LjEwNEwxNy43NTg1IDE0LjA3MTlMMTcuNjkxIDE0LjAzNzhMMTcuNjI4MSAxNC4wMTY2TDE3LjU3MzkgMTQuMDA1NUMxNy41NTI5IDE0LjAwMjMgMTcuNTMxNyAxNC4wMDA2IDE3LjUxMTIgMTQuMDAwMVpNNi4yNSAzSDE3Ljc1QzE5LjQ4MyAzIDIwLjg5OTIgNC4zNTY0NSAyMC45OTQ5IDYuMDY1NThMMjEgNi4yNUwyMS4wMDEyIDEyLjAyMjZDMjAuNTM3OCAxMS43MjU4IDIwLjAzNDIgMTEuNDg2MSAxOS41MDA0IDExLjMxMzZMMTkuNSA4SDQuNVYxNy43NUM0LjUgMTguNjY4MiA1LjIwNzExIDE5LjQyMTIgNi4xMDY0NyAxOS40OTQyTDYuMjUgMTkuNUwxMS4zMTM2IDE5LjUwMDRDMTEuNDg2MSAyMC4wMzQyIDExLjcyNTggMjAuNTM3OCAxMi4wMjI2IDIxLjAwMTJMNi4yNSAyMUM0LjUxNjk3IDIxIDMuMTAwNzUgMTkuNjQzNSAzLjAwNTE0IDE3LjkzNDRMMyAxNy43NVY2LjI1QzMgNC41MTY5NyA0LjM1NjQ1IDMuMTAwNzUgNi4wNjU1OCAzLjAwNTE0TDYuMjUgM1oiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none" opacity="0.5"/><ellipse cx="21" cy="31" rx="20" ry="20" fill="#e6e6e6" stroke="#666666" stroke-width="2" pointer-events="all"/><g transform="translate(-0.5 -0.5)" opacity="0.5"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 31px; margin-left: 2px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;">1</div></div></div></foreignObject><text x="21" y="36" fill="rgb(0, 0, 0)" font-family="Segoe UI semibold" font-size="18px" text-anchor="middle" font-weight="bold">1</text></switch></g></g></svg>
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/images/phase-1-on.svg b/education/windows/tutorial-deploy-apps-winse/images/phase-1-on.svg
new file mode 100644
index 0000000000..809883ba90
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/images/phase-1-on.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="272px" height="112px" viewBox="-0.5 -0.5 272 112"><defs/><g><rect x="21" y="1" width="250" height="110" rx="4.4" ry="4.4" fill-opacity="0.95" fill="rgb(255, 255, 255)" stroke="#0078d4" stroke-opacity="0.95" stroke-width="2" pointer-events="all"/><image x="113" y="18" width="75" height="75" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCAyNCAyNCIgaGVpZ2h0PSIyNCIgd2lkdGg9IjI0Ij4mI3hhOyAgPHBhdGggZmlsbD0iIzIxMjEyMSIgZD0iTTE3LjUgMTJDMjAuNTM3NiAxMiAyMyAxNC40NjI0IDIzIDE3LjVDMjMgMjAuNTM3NiAyMC41Mzc2IDIzIDE3LjUgMjNDMTQuNDYyNCAyMyAxMiAyMC41Mzc2IDEyIDE3LjVDMTIgMTQuNDYyNCAxNC40NjI0IDEyIDE3LjUgMTJaTTE3LjUxMTIgMTQuMDAwMUwxNy40MjcgMTQuMDA1TDE3LjM3MTkgMTQuMDE2NkwxNy4yODg2IDE0LjA0NjdMMTcuMjE1MyAxNC4wODg4TDE3LjE1ODkgMTQuMTM0NEwxNC42NDY0IDE2LjY0NjRMMTQuNTg4NiAxNi43MTU3QzE0LjQ3MDUgMTYuODg2MiAxNC40NzA1IDE3LjExMzggMTQuNTg4NiAxNy4yODQzTDE0LjY0NjQgMTcuMzUzNkwxNC43MTU3IDE3LjQxMTRDMTQuODg2MiAxNy41Mjk1IDE1LjExMzggMTcuNTI5NSAxNS4yODQzIDE3LjQxMTRMMTUuMzUzNiAxNy4zNTM2TDE2Ljk5OSAxNS43MDhMMTcgMjFMMTcuMDA4MSAyMS4wODk5QzE3LjA0NTEgMjEuMjk0IDE3LjIwNiAyMS40NTQ5IDE3LjQxMDEgMjEuNDkxOUwxNy41IDIxLjVMMTcuNTg5OSAyMS40OTE5QzE3Ljc5NCAyMS40NTQ5IDE3Ljk1NDkgMjEuMjk0IDE3Ljk5MTkgMjEuMDg5OUwxOCAyMUwxNy45OTkgMTUuNzA2TDE5LjY0NjQgMTcuMzUzNkwxOS43MTU3IDE3LjQxMTRDMTkuOTEwNiAxNy41NDY0IDIwLjE4IDE3LjUyNzEgMjAuMzUzNiAxNy4zNTM2QzIwLjUyNzEgMTcuMTggMjAuNTQ2NCAxNi45MTA2IDIwLjQxMTQgMTYuNzE1N0wyMC4zNTM2IDE2LjY0NjRMMTcuODA2IDE0LjEwNEwxNy43NTg1IDE0LjA3MTlMMTcuNjkxIDE0LjAzNzhMMTcuNjI4MSAxNC4wMTY2TDE3LjU3MzkgMTQuMDA1NUMxNy41NTI5IDE0LjAwMjMgMTcuNTMxNyAxNC4wMDA2IDE3LjUxMTIgMTQuMDAwMVpNNi4yNSAzSDE3Ljc1QzE5LjQ4MyAzIDIwLjg5OTIgNC4zNTY0NSAyMC45OTQ5IDYuMDY1NThMMjEgNi4yNUwyMS4wMDEyIDEyLjAyMjZDMjAuNTM3OCAxMS43MjU4IDIwLjAzNDIgMTEuNDg2MSAxOS41MDA0IDExLjMxMzZMMTkuNSA4SDQuNVYxNy43NUM0LjUgMTguNjY4MiA1LjIwNzExIDE5LjQyMTIgNi4xMDY0NyAxOS40OTQyTDYuMjUgMTkuNUwxMS4zMTM2IDE5LjUwMDRDMTEuNDg2MSAyMC4wMzQyIDExLjcyNTggMjAuNTM3OCAxMi4wMjI2IDIxLjAwMTJMNi4yNSAyMUM0LjUxNjk3IDIxIDMuMTAwNzUgMTkuNjQzNSAzLjAwNTE0IDE3LjkzNDRMMyAxNy43NVY2LjI1QzMgNC41MTY5NyA0LjM1NjQ1IDMuMTAwNzUgNi4wNjU1OCAzLjAwNTE0TDYuMjUgM1oiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><ellipse cx="21" cy="31" rx="20" ry="20" fill="#0078d4" stroke="#ffffff" stroke-width="2" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 31px; margin-left: 2px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;">1</div></div></div></foreignObject><text x="21" y="36" fill="#ffffff" font-family="Segoe UI semibold" font-size="18px" text-anchor="middle" font-weight="bold">1</text></switch></g></g></svg>
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/images/phase-2-off.svg b/education/windows/tutorial-deploy-apps-winse/images/phase-2-off.svg
new file mode 100644
index 0000000000..287693b1c3
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/images/phase-2-off.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="272px" height="112px" viewBox="-0.5 -0.5 272 112"><defs/><g><rect x="21" y="1" width="250" height="110" rx="4.4" ry="4.4" fill-opacity="0.9" fill="#e6e6e6" stroke="#666666" stroke-opacity="0.9" stroke-width="2" pointer-events="all"/><image x="105.5" y="15.5" width="80" height="80" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCAyNCAyNCIgaGVpZ2h0PSIyNCIgd2lkdGg9IjI0Ij4mI3hhOyAgPHBhdGggZmlsbD0iIzIxMjEyMSIgZD0iTTYuMjUgM0M0LjQ1NTA3IDMgMyA0LjQ1NTA3IDMgNi4yNVYxNy43NUMzIDE5LjU0NDkgNC40NTUwNyAyMSA2LjI1IDIxSDE3Ljc1QzE5LjU0NDkgMjEgMjEgMTkuNTQ0OSAyMSAxNy43NVY2LjI1QzIxIDQuNDU1MDcgMTkuNTQ0OSAzIDE3Ljc1IDNINi4yNVpNNC41IDhIMTkuNVYxNy43NUMxOS41IDE4LjcxNjUgMTguNzE2NSAxOS41IDE3Ljc1IDE5LjVINi4yNUM1LjI4MzUgMTkuNSA0LjUgMTguNzE2NSA0LjUgMTcuNzVWOFpNNiAxMC4zNUM2IDkuODgwNTYgNi4zODA1NiA5LjUgNi44NSA5LjVIMTAuMTVDMTAuNjE5NCA5LjUgMTEgOS44ODA1NiAxMSAxMC4zNVYxNy4xNUMxMSAxNy42MTk0IDEwLjYxOTQgMTggMTAuMTUgMThINi44NUM2LjM4MDU2IDE4IDYgMTcuNjE5NCA2IDE3LjE1VjEwLjM1Wk03LjUgMTFWMTYuNUg5LjVWMTFINy41Wk0xMi43NSA5LjVIMTcuMjVDMTcuNjY0MiA5LjUgMTggOS44MzU3OSAxOCAxMC4yNUMxOCAxMC42NjQyIDE3LjY2NDIgMTEgMTcuMjUgMTFIMTIuNzVDMTIuMzM1OCAxMSAxMiAxMC42NjQyIDEyIDEwLjI1QzEyIDkuODM1NzkgMTIuMzM1OCA5LjUgMTIuNzUgOS41Wk0xMiAxMy4yNUMxMiAxMi44MzU4IDEyLjMzNTggMTIuNSAxMi43NSAxMi41SDE2LjI1QzE2LjY2NDIgMTIuNSAxNyAxMi44MzU4IDE3IDEzLjI1QzE3IDEzLjY2NDIgMTYuNjY0MiAxNCAxNi4yNSAxNEgxMi43NUMxMi4zMzU4IDE0IDEyIDEzLjY2NDIgMTIgMTMuMjVaIi8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none" opacity="0.5"/><ellipse cx="21" cy="31" rx="20" ry="20" fill="#e6e6e6" stroke="#666666" stroke-width="2" pointer-events="all"/><g transform="translate(-0.5 -0.5)" opacity="0.5"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 31px; margin-left: 2px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;">2</div></div></div></foreignObject><text x="21" y="36" fill="rgb(0, 0, 0)" font-family="Segoe UI semibold" font-size="18px" text-anchor="middle" font-weight="bold">2</text></switch></g></g></svg>
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/images/phase-2-on.svg b/education/windows/tutorial-deploy-apps-winse/images/phase-2-on.svg
new file mode 100644
index 0000000000..15ee719743
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/images/phase-2-on.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="272px" height="112px" viewBox="-0.5 -0.5 272 112"><defs/><g><rect x="21" y="1" width="250" height="110" rx="4.4" ry="4.4" fill-opacity="0.95" fill="rgb(255, 255, 255)" stroke="#0078d4" stroke-opacity="0.95" stroke-width="2" pointer-events="all"/><image x="105.5" y="15.5" width="80" height="80" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCAyNCAyNCIgaGVpZ2h0PSIyNCIgd2lkdGg9IjI0Ij4mI3hhOyAgPHBhdGggZmlsbD0iIzIxMjEyMSIgZD0iTTYuMjUgM0M0LjQ1NTA3IDMgMyA0LjQ1NTA3IDMgNi4yNVYxNy43NUMzIDE5LjU0NDkgNC40NTUwNyAyMSA2LjI1IDIxSDE3Ljc1QzE5LjU0NDkgMjEgMjEgMTkuNTQ0OSAyMSAxNy43NVY2LjI1QzIxIDQuNDU1MDcgMTkuNTQ0OSAzIDE3Ljc1IDNINi4yNVpNNC41IDhIMTkuNVYxNy43NUMxOS41IDE4LjcxNjUgMTguNzE2NSAxOS41IDE3Ljc1IDE5LjVINi4yNUM1LjI4MzUgMTkuNSA0LjUgMTguNzE2NSA0LjUgMTcuNzVWOFpNNiAxMC4zNUM2IDkuODgwNTYgNi4zODA1NiA5LjUgNi44NSA5LjVIMTAuMTVDMTAuNjE5NCA5LjUgMTEgOS44ODA1NiAxMSAxMC4zNVYxNy4xNUMxMSAxNy42MTk0IDEwLjYxOTQgMTggMTAuMTUgMThINi44NUM2LjM4MDU2IDE4IDYgMTcuNjE5NCA2IDE3LjE1VjEwLjM1Wk03LjUgMTFWMTYuNUg5LjVWMTFINy41Wk0xMi43NSA5LjVIMTcuMjVDMTcuNjY0MiA5LjUgMTggOS44MzU3OSAxOCAxMC4yNUMxOCAxMC42NjQyIDE3LjY2NDIgMTEgMTcuMjUgMTFIMTIuNzVDMTIuMzM1OCAxMSAxMiAxMC42NjQyIDEyIDEwLjI1QzEyIDkuODM1NzkgMTIuMzM1OCA5LjUgMTIuNzUgOS41Wk0xMiAxMy4yNUMxMiAxMi44MzU4IDEyLjMzNTggMTIuNSAxMi43NSAxMi41SDE2LjI1QzE2LjY2NDIgMTIuNSAxNyAxMi44MzU4IDE3IDEzLjI1QzE3IDEzLjY2NDIgMTYuNjY0MiAxNCAxNi4yNSAxNEgxMi43NUMxMi4zMzU4IDE0IDEyIDEzLjY2NDIgMTIgMTMuMjVaIi8+JiN4YTs8L3N2Zz4=" preserveAspectRatio="none"/><ellipse cx="21" cy="31" rx="20" ry="20" fill="#0078d4" stroke="#ffffff" stroke-width="2" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 31px; margin-left: 2px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;">2</div></div></div></foreignObject><text x="21" y="36" fill="#ffffff" font-family="Segoe UI semibold" font-size="18px" text-anchor="middle" font-weight="bold">2</text></switch></g></g></svg>
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/images/phase-3-off.svg b/education/windows/tutorial-deploy-apps-winse/images/phase-3-off.svg
new file mode 100644
index 0000000000..4bbf64a04f
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/images/phase-3-off.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="272px" height="112px" viewBox="-0.5 -0.5 272 112"><defs/><g><rect x="21" y="1" width="250" height="110" rx="4.4" ry="4.4" fill-opacity="0.9" fill="#e6e6e6" stroke="#666666" stroke-opacity="0.9" stroke-width="2" pointer-events="all"/><image x="105.5" y="15.5" width="80" height="80" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCAyNCAyNCIgaGVpZ2h0PSIyNCIgd2lkdGg9IjI0Ij4mI3hhOyAgPHBhdGggZmlsbD0iIzIxMjEyMSIgZD0iTTE3Ljc0OSAzTDE3LjkzMzQgMy4wMDUxNEMxOS41ODI3IDMuMDk3MzQgMjAuOTAyOSA0LjQxNzUgMjAuOTk1MSA2LjA2NTU4TDIxLjAwMDIgNi4yNVYxMi42MTA4QzIwLjMxMzMgMTIuNDc5MyAxOS42NTU0IDEyLjEwODggMTkuMDA1NCAxMS40MzA1TDE4Ljk5OTQgMTEuNDI0M0wxOC45OTkgOEg1LjAwMDIyTDQuOTk5MDIgMTcuNzVDNC45OTkwMiAxOC4zOTcyIDUuNDkwODkgMTguOTI5NSA2LjEyMTIxIDE4Ljk5MzVMNi4yNDkwMiAxOUgxMy4zNzUzQzEzLjU3ODggMTkuNTk1MyAxMy44NjY5IDIwLjE0NjIgMTQuMjQzOSAyMC42NDU3QzE0LjMzNjEgMjAuNzY3OCAxNC40MzI4IDIwLjg4NTkgMTQuNTM0IDIxSDYuMjQ5MDJDNC41MTU5OSAyMSAzLjA5OTc3IDE5LjY0MzUgMy4wMDQxNiAxNy45MzQ0TDIuOTk5MDIgMTcuNzVWNi4yNUMyLjk5OTAyIDQuNTE2OTcgNC4zNTU0NyAzLjEwMDc1IDYuMDY0NiAzLjAwNTE0TDYuMjQ5MDIgM0gxNy43NDlaTTE4Ljk5OTYgMTIuNzY0NEMxOS42MjUxIDEzLjIzNzUgMjAuMjkwNiAxMy41MjMgMjEuMDAwMiAxMy42MjQ1QzIxLjE5NjYgMTMuNjUyNyAyMS4zOTY0IDEzLjY2NjcgMjEuNTk5NiAxMy42NjY3QzIxLjc5MjkgMTMuNjY2NyAyMS45NTQyIDEzLjgwOTUgMjEuOTkxNSAxMy45OTk0TDIxLjk5OTYgMTQuMDgzM1YxNi41ODQ0QzIxLjk5OTYgMTkuMjY2MyAyMC42ODY2IDIxLjA4OTYgMTguMTI2MSAyMS45Nzg2QzE4LjA0NCAyMi4wMDcxIDE3Ljk1NTIgMjIuMDA3MSAxNy44NzMxIDIxLjk3ODZDMTcuMTQ3OSAyMS43MjY4IDE2LjUyMjcgMjEuNCAxNS45OTkxIDIxQzE1LjI5NyAyMC40NjM2IDE0Ljc3NzYgMTkuNzk1NiAxNC40NDQzIDE5QzE0LjE3NzkgMTguMzY0IDE0LjAzMDYgMTcuNjQ2NiAxNC4wMDQgMTYuODQ5N0wxMy45OTk2IDE2LjU4NDRWMTQuMDgzM0MxMy45OTk2IDEzLjg1MzIgMTQuMTc4NyAxMy42NjY3IDE0LjM5OTYgMTMuNjY2N0MxNS42MjMgMTMuNjY2NyAxNi43MjMgMTMuMTU3NSAxNy43MTc1IDEyLjEyMkMxNy44NzM4IDExLjk1OTIgMTguMTI3MiAxMS45NTk0IDE4LjI4MzMgMTIuMTIyM0MxOC41MTYxIDEyLjM2NTIgMTguNzU0OCAxMi41NzkyIDE4Ljk5OTYgMTIuNzY0NFoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none" opacity="0.5"/><ellipse cx="21" cy="31" rx="20" ry="20" fill="#e6e6e6" stroke="#666666" stroke-width="2" pointer-events="all"/><g transform="translate(-0.5 -0.5)" opacity="0.5"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 31px; margin-left: 2px;"><div data-drawio-colors="color: rgb(0, 0, 0); " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;">3</div></div></div></foreignObject><text x="21" y="36" fill="rgb(0, 0, 0)" font-family="Segoe UI semibold" font-size="18px" text-anchor="middle" font-weight="bold">3</text></switch></g></g></svg>
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/images/phase-3-on.svg b/education/windows/tutorial-deploy-apps-winse/images/phase-3-on.svg
new file mode 100644
index 0000000000..eda21828f7
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/images/phase-3-on.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="272px" height="112px" viewBox="-0.5 -0.5 272 112"><defs/><g><rect x="21" y="1" width="250" height="110" rx="4.4" ry="4.4" fill-opacity="0.95" fill="rgb(255, 255, 255)" stroke="#0078d4" stroke-opacity="0.95" stroke-width="2" pointer-events="all"/><image x="105.5" y="15.5" width="80" height="80" xlink:href="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCAyNCAyNCIgaGVpZ2h0PSIyNCIgd2lkdGg9IjI0Ij4mI3hhOyAgPHBhdGggZmlsbD0iIzIxMjEyMSIgZD0iTTE3Ljc0OSAzTDE3LjkzMzQgMy4wMDUxNEMxOS41ODI3IDMuMDk3MzQgMjAuOTAyOSA0LjQxNzUgMjAuOTk1MSA2LjA2NTU4TDIxLjAwMDIgNi4yNVYxMi42MTA4QzIwLjMxMzMgMTIuNDc5MyAxOS42NTU0IDEyLjEwODggMTkuMDA1NCAxMS40MzA1TDE4Ljk5OTQgMTEuNDI0M0wxOC45OTkgOEg1LjAwMDIyTDQuOTk5MDIgMTcuNzVDNC45OTkwMiAxOC4zOTcyIDUuNDkwODkgMTguOTI5NSA2LjEyMTIxIDE4Ljk5MzVMNi4yNDkwMiAxOUgxMy4zNzUzQzEzLjU3ODggMTkuNTk1MyAxMy44NjY5IDIwLjE0NjIgMTQuMjQzOSAyMC42NDU3QzE0LjMzNjEgMjAuNzY3OCAxNC40MzI4IDIwLjg4NTkgMTQuNTM0IDIxSDYuMjQ5MDJDNC41MTU5OSAyMSAzLjA5OTc3IDE5LjY0MzUgMy4wMDQxNiAxNy45MzQ0TDIuOTk5MDIgMTcuNzVWNi4yNUMyLjk5OTAyIDQuNTE2OTcgNC4zNTU0NyAzLjEwMDc1IDYuMDY0NiAzLjAwNTE0TDYuMjQ5MDIgM0gxNy43NDlaTTE4Ljk5OTYgMTIuNzY0NEMxOS42MjUxIDEzLjIzNzUgMjAuMjkwNiAxMy41MjMgMjEuMDAwMiAxMy42MjQ1QzIxLjE5NjYgMTMuNjUyNyAyMS4zOTY0IDEzLjY2NjcgMjEuNTk5NiAxMy42NjY3QzIxLjc5MjkgMTMuNjY2NyAyMS45NTQyIDEzLjgwOTUgMjEuOTkxNSAxMy45OTk0TDIxLjk5OTYgMTQuMDgzM1YxNi41ODQ0QzIxLjk5OTYgMTkuMjY2MyAyMC42ODY2IDIxLjA4OTYgMTguMTI2MSAyMS45Nzg2QzE4LjA0NCAyMi4wMDcxIDE3Ljk1NTIgMjIuMDA3MSAxNy44NzMxIDIxLjk3ODZDMTcuMTQ3OSAyMS43MjY4IDE2LjUyMjcgMjEuNCAxNS45OTkxIDIxQzE1LjI5NyAyMC40NjM2IDE0Ljc3NzYgMTkuNzk1NiAxNC40NDQzIDE5QzE0LjE3NzkgMTguMzY0IDE0LjAzMDYgMTcuNjQ2NiAxNC4wMDQgMTYuODQ5N0wxMy45OTk2IDE2LjU4NDRWMTQuMDgzM0MxMy45OTk2IDEzLjg1MzIgMTQuMTc4NyAxMy42NjY3IDE0LjM5OTYgMTMuNjY2N0MxNS42MjMgMTMuNjY2NyAxNi43MjMgMTMuMTU3NSAxNy43MTc1IDEyLjEyMkMxNy44NzM4IDExLjk1OTIgMTguMTI3MiAxMS45NTk0IDE4LjI4MzMgMTIuMTIyM0MxOC41MTYxIDEyLjM2NTIgMTguNzU0OCAxMi41NzkyIDE4Ljk5OTYgMTIuNzY0NFoiLz4mI3hhOzwvc3ZnPg==" preserveAspectRatio="none"/><ellipse cx="21" cy="31" rx="20" ry="20" fill="#0078d4" stroke="#ffffff" stroke-width="2" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" style="overflow: visible; text-align: left;"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 38px; height: 1px; padding-top: 31px; margin-left: 2px;"><div data-drawio-colors="color: #ffffff; " style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 18px; font-family: &quot;Segoe UI semibold&quot;; color: rgb(255, 255, 255); line-height: 1.2; pointer-events: all; font-weight: bold; white-space: normal; overflow-wrap: normal;">3</div></div></div></foreignObject><text x="21" y="36" fill="#ffffff" font-family="Segoe UI semibold" font-size="18px" text-anchor="middle" font-weight="bold">3</text></switch></g></g></svg>
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-citool.png b/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-citool.png
new file mode 100644
index 0000000000..ad1e808762
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-citool.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-codeintegrity-log.png b/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-codeintegrity-log.png
new file mode 100644
index 0000000000..f4417060ee
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-codeintegrity-log.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-managed-installer-policy.png b/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-managed-installer-policy.png
new file mode 100644
index 0000000000..64f8c88057
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/troubleshoot-managed-installer-policy.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/wdac-uwp-policy.png b/education/windows/tutorial-deploy-apps-winse/images/wdac-uwp-policy.png
new file mode 100644
index 0000000000..d98bd04870
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/wdac-uwp-policy.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/wdac-winsepolicy.png b/education/windows/tutorial-deploy-apps-winse/images/wdac-winsepolicy.png
new file mode 100644
index 0000000000..0b59e2c5bb
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/wdac-winsepolicy.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/images/winse-app-block.png b/education/windows/tutorial-deploy-apps-winse/images/winse-app-block.png
new file mode 100644
index 0000000000..6360567245
Binary files /dev/null and b/education/windows/tutorial-deploy-apps-winse/images/winse-app-block.png differ
diff --git a/education/windows/tutorial-deploy-apps-winse/index.md b/education/windows/tutorial-deploy-apps-winse/index.md
new file mode 100644
index 0000000000..ff7cce6a5f
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/index.md
@@ -0,0 +1,85 @@
+---
+title: Deploy applications to Windows 11 SE with Intune
+description: Learn how to deploy applications to Windows 11 SE with Intune and how to validate the apps.
+ms.date: 06/07/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+# Tutorial: deploy applications to Windows 11 SE with Intune
+
+This guide describes how to deploy applications to Windows 11 SE devices that are managed by Microsoft Intune in an education environment. The guide also describes how to validate the apps and how to create policies to allow apps that aren't installable or don't behave as intended.
+
+## Windows 11 SE and application deployment
+
+Windows 11 SE is designed to provide a simplified and secure experience for students. Windows 11 SE prevents the installation and execution of third party applications with a technology called *Windows Defender Application Control (WDAC)*.
+
+WDAC applies an *allowlist* policy called *Windows 11 SE base policy*, which ensures that unwanted apps don't run or get installed. However, it also prevents IT admins from deploying apps to Windows 11 SE devices, unless they're included in the Windows 11 SE base policy.
+
+With the use of WDAC *supplemental policies*, Intune allows specific third party applications to be installed and executed. The [allowlist process][EDU-1] is done on an app-by-app basis, and the time to request an application to be allowed and have the supplemental policy deployed can be lengthy.
+
+Starting with Windows 11 SE, version 22H2, IT admins have more flexibility to deploy applications to Windows 11 SE devices. When a Windows 11 SE device is enrolled in an Intune education tenant, it will automatically receive an AppLocker policy that sets the *Intune Management Extension (IME)* as a *managed installer*.
+
+As a managed installer, applications deployed through the IME will be automatically allowed on Windows 11 SE, removing the allowlist process requirement. For more information about managed installer, see [How does a managed installer work?][WIN-2]
+
+> [!NOTE]
+> End-users of Windows 11 SE devices still cannot install and use arbitrary applications without being blocked. Only IT admins can control what apps are allowed.
+
+## Tutorial objectives
+
+Even when using managed installer, some applications may not execute due to their type or complexity. In these scenarios, the IT admin must create their own policies that allow the apps execution.\
+The policies can then be deployed to the Windows SE devices via Intune.
+
+In this tutorial you'll learn:
+
+- Which types of apps can be deployed via Intune to Windows 11 SE devices
+- How to verify that the apps are installed correctly
+- How to mitigate app installation issues
+- Special considerations when deploying apps to Windows 11 SE
+
+## Installation process
+
+There are three main steps to install an application on Windows 11 SE using the managed installer. Each step will be covered in detail in the next sections of this tutorial:
+
+:::row:::
+   :::column span="":::
+    <a href="deploy-apps.md"><img src="images/phase-1-on.svg" alt="Icon representing the first phase."/></a><br>
+    [**Deploy an application via Microsoft Intune**](deploy-apps.md)<br>
+      Applications are deployed via Microsoft Intune. There are some restrictions on the types of apps that are compatible with managed installers, but the process is the same used for non-Windows 11 SE devices
+   :::column-end:::
+   :::column span="":::
+    <a href="validate-apps.md"><img src="images/phase-2-on.svg" alt="Icon representing the second phase."/></a><br>
+    [**Validate the application**](validate-apps.md)<br>
+      Applications are validated to ensure that they're installed and execute successfully. The process is the same for non-Windows 11 SE devices. Some applications may be incompatible due to how they're installed, how they execute, or how they update. You'll learn about known limitations in a later section of the tutorial
+   :::column-end:::
+   :::column span="":::
+    <a href="create-policies.md"><img src="images/phase-3-on.svg" alt="Icon representing the third phase."/></a><br>
+    [**Create additional policies (optional)**](create-policies.md)<br>
+      To allow apps that aren't installable or don't behave as intended, more policies can be created and deployed so that the apps can be used
+   :::column-end:::
+:::row-end:::
+
+All the steps are done by the IT administrator. Once the steps are complete, users of Windows 11 SE devices should be able to run the applications deployed via Intune.
+
+## Prerequisites
+
+To receive policies on your Windows 11 SE devices, allowing app installation from Intune, you must have:
+
+- Windows 11 SE, version 22H2 with [KB5019980][KB-1] and later
+- Intune for Education licenses. The license requirement is for the managed installer to deploy apps and supplemental policies via Intune
+
+If you don't have an Intune for Education license for your devices yet, refer to [Microsoft Intune for Education][EXT-1] for access to a free trial version.
+
+## Next steps
+
+Advance to the next article to learn which applications can be deployed to Windows 11 SE devices, and how to deploy them via Intune.
+
+> [!div class="nextstepaction"]
+> [Next: deploy apps >](deploy-apps.md)
+
+[KB-1]: https://support.microsoft.com/kb/5019980
+[EDU-1]: /education/windows/windows-11-se-overview#add-your-own-applications
+[EXT-1]: https://www.microsoft.com/en-us/education/intune
+[WIN-1]: /windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
+[WIN-2]: /windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#how-does-a-managed-installer-work
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/toc.yml b/education/windows/tutorial-deploy-apps-winse/toc.yml
new file mode 100644
index 0000000000..62d09273a0
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/toc.yml
@@ -0,0 +1,17 @@
+items: 
+  - name: Introduction
+    href: index.md
+  - name: 1. Deploy apps
+    href: deploy-apps.md
+  - name: 2. Validate apps
+    href: validate-apps.md
+  - name: 3. Create and deploy policies to allow apps
+    items: 
+      - name: Create policies
+        href: create-policies.md
+      - name: Deploy policies
+        href: deploy-policies.md
+  - name: Important app deployment considerations
+    href: considerations.md
+  - name: Troubleshoot common issues
+    href: troubleshoot.md
\ No newline at end of file
diff --git a/education/windows/tutorial-deploy-apps-winse/troubleshoot.md b/education/windows/tutorial-deploy-apps-winse/troubleshoot.md
new file mode 100644
index 0000000000..631b12b06e
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/troubleshoot.md
@@ -0,0 +1,109 @@
+---
+title: Troubleshoot app deployment issues in Windows SE
+description: Troubleshoot common issues when deploying apps to Windows SE devices.
+ms.date: 06/19/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+# Troubleshoot app deployment issues in Windows SE
+
+The following table lists common app deployment issues on Windows 11 SE, and options to resolve them:
+
+| **Problem** | **Potential solution** |
+|---|---|
+| **App hasn't installed** | <li>Check the type of app:<ul><li>Win32 apps should be able to install with no problem</li><li>UWP LOB apps apps aren't supported</li></ul></li><li>It's possible the app is trying to execute a blocked binary. Check the AppLocker and CodeIntegrity logs in the Event Viewer and verify if any executables related to the app are blocked. If so, you'll need to write a supplemental policy to support the app</li><li> Check the Intune Management Extension logs to see if there was an attempt to install your app</li>|
+| **App has problems when running** | It's possible the app is trying to execute a blocked binary<br> Check the **AppLocker** and **CodeIntegrity** logs in Event Viewer to see if any executables related to the app are being blocked. If so, you'll need to write a supplemental policy to support the app. |
+| **My supplemental policy hasn't deployed** |<li>Your XML policy is malformed. Double-check to see if all markup is tagged correctly</li><li>Check that your policy is correctly applied|
+
+<!--
+The following table lists common app deployment issues on Windows 11 SE, and options to resolve them:
+
+| **Problem** | **Potential solution** |
+|---|---|
+| **App hasn't installed** | <li>Check the type of app:<ul><li>Win32 apps should be able to install with no problem</li><li>UWP LOB apps require writing an additional supplemental policy</li><li>Microsoft Sore apps aren't supported</li></ul></li><li>Check that the managed installer policies are deployed correctly</li><li>It's possible the app is trying to execute a blocked binary. Check the AppLocker and CodeIntegrity logs in the Event Viewer and verify if any executables related to the app are blocked. If so, you'll need to write a supplemental policy to support the app</li><li> Check the Intune Management Extension logs to see if there was an attempt to install your app</li>|
+| **App has problems when running** | It's possible the app is trying to execute a blocked binary<br> Check the **AppLocker** and **CodeIntegrity** logs in Event Viewer to see if any executables related to the app are being blocked. If so, you'll need to write a supplemental policy to support the app. |
+| **My supplemental policy hasn't deployed** |<li>Your XML policy is malformed. Double-check to see if all markup is tagged correctly</li><li>Check that your policy is correctly applied|
+
+
+## WDAC Supplemental policy validation
+
+Use the Event Viewer to see if a supplemental policy is deployed correctly. These rules apply to both the policy that allows managed installers and any supplemental policies that you deploy.
+
+1. Open the **Event viewer** on a target device
+1. Expand **Applications and Services > Microsoft > Windows > CodeIntegrity > Operational**
+1. Check for **event ID 3099**: *the policy was Refreshed and activated*
+    - For example: `Refreshed and activated Code Integrity policy {GUID} . id . Status 0x0`
+    - The policy that allows managed installers is **`C0DB889B-59C5-453C-B297-399C851934E4`**. Checking that this policy is applied correctly, indicates that a device is setup to allow managed installers (and therefore, can allow installation of Win32 apps via the Intune Management Extension).\
+    You can check that the **Managed Installer policy** rule was set in the policy, by checking the **Options** field in the **details** pane. For more information, see: [Understanding Application Control event IDs][WIN-1]
+
+    :::image type="content" source="images/troubleshoot-managed-installer-policy.png" alt-text="Screenshot of the CodeIntegrity operational log." lightbox="images/troubleshoot-managed-installer-policy.png":::
+
+    You can also verify that the policy has been activated by running the following from the <kbd>Win</kbd> + <kbd>R</kbd> *Run dialog* on a target device as an Administrator (hold <kbd>CTRL</kbd> + <kbd>Shift</kbd> when pressing Enter to run the command):
+
+    ```
+    citool.exe -lp
+    ```
+    
+    - For the policy that allows managed installers to run, a policyID `C0DB889B-59C5-453C-B297-399C851934E4` and Friendly Name *[Win-EDU] Microsoft Apps Supplemental Policy - Prod* should be present, and have **Is Currently Enforced** showing as **true**
+    - For any additional policies that you deploy, check that a policy with a matching ID and Friendly Name is shown in the list and the **Is Currently Enforced** and **Is Authorized** properties are both showing as **true**
+    
+    :::image type="content" source="images/troubleshoot-citool.png" alt-text="Screenshot of the output of citool.exe with the Win-EDU supplemental policy.":::
+
+1. Check for **error events** with code **3077**: and reference [Understanding Application Control event IDs][WIN-1]
+
+    :::image type="content" source="images/troubleshoot-codeintegrity-log.png" alt-text="Screenshot of the error in the CodeIntegrity operational log showing that PowerShell execution is prevented by policy." lightbox="images/troubleshoot-codeintegrity-log.png":::
+
+    When checking an error event, you can observe that the information in the *General* tab may show something like the following:
+
+    ```
+    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load **\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe** that did not meet the Enterprise signing level requirements or violated code integrity policy (Policy ID:**{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}**).
+    ```
+
+    The important things to parse are:
+
+    - **Failing application**: the path and executable here inform you which application failed. It's important to check that this executable is expected for the application you're validating. (for example. You would expect zoom.exe to fail for Zoom as opposed to cmd.exe.)
+    - **Error reason**: indicates why the application was unable to run. `...did not meet the Enterprise signing level requirements or violated code integrity policy` is what should be seen
+    - **Policy ID**: is the policy that is being violated, meaning that a rule in the policy is preventing the application from running
+
+    > [!NOTE]
+    > **{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}** is the base policy, which is what restricts most third-party apps from running. If you see another policy ID, it's worth taking note of that.
+
+    Alternatively you can use `cidiag.exe /stop`, which copies all potentially relevant logs and policy files to a folder. The command also parses the critical events from the **CodeIntegrity** and **AppLocker** logs to a text file.
+
+-->
+
+## AppLocker policy validation
+
+To query AppLocker policies and validate that they're configured correctly, follow these steps:
+
+1. Open the **Local Security Policy** mmc console (`secpol.msc`)
+1. Select **Security Settings > Application Control Policies**
+1. Right-click **AppLocker** and select **Export Policy…**
+  :::image type="content" source="images/applocker-export-policy.png" alt-text="Screenshot of the export of the AppLocker policies from the Local Security Policy mmc console." lightbox="images/applocker-export-policy.png" border="false":::
+1. For the policy that sets the Intune Management Extension as a Managed installer, *MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE* should be nested under a RuleCollection section of Type *ManagedInstaller*
+  :::image type="content" source="images/applocker-policy-validation.png" alt-text="Screenshot of the xml file generated by the get-applockerpolicy PowerShell cmdlet." lightbox="images/applocker-policy-validation.png":::
+1. For any policies you added to set other executables you want to be managed installers, look for the rules you defined nested under a RuleCollection section of Type *ManagedInstaller*
+
+### AppLocker service
+
+To verify that the AppLocker service is running, follow these steps:
+
+1. Open the **Services** mmc console (`services.msc`)
+1. Verify that the service **Application Identity** has a status of **Running**
+
+### AppLocker event log validation
+
+1. Open the **Event Viewer** on a target device
+1. Expand **Applications and Services > Microsoft > Windows > AppLocker > MSI and Script**
+1. Check for **error events** with code **8040**, and reference [Understanding Application Control event IDs][WIN-2]
+
+## Intune Management Extension
+
+- [Collect diagnostics from a Windows device][MEM-1]
+- Logs can be collected from `%programdata%\Microsoft\IntuneManagementExtension\Logs`
+
+[MEM-1]: /mem/intune/remote-actions/collect-diagnostics
+[WIN-1]: /windows/security/threat-protection/windows-defender-application-control/event-tag-explanations#policy-activation-event-options
+[WIN-2]: /windows/security/threat-protection/windows-defender-application-control/event-id-explanations
diff --git a/education/windows/tutorial-deploy-apps-winse/validate-apps.md b/education/windows/tutorial-deploy-apps-winse/validate-apps.md
new file mode 100644
index 0000000000..a3e128a92e
--- /dev/null
+++ b/education/windows/tutorial-deploy-apps-winse/validate-apps.md
@@ -0,0 +1,172 @@
+---
+title: Validate the applications deployed to Windows SE devices
+description: Learn how to validate the applications deployed to Windows SE devices via Intune.
+ms.date: 06/19/2023
+ms.topic: tutorial
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
+---
+
+# Validate the applications deployed to Windows SE devices
+
+:::row:::
+   :::column span="":::
+    <a href="deploy-apps.md"><img src="images/phase-1-off.svg" alt="Icon representing the first phase."/></a><br>
+    [**Deploy an application via Microsoft Intune**](deploy-apps.md)
+   :::column-end:::
+   :::column span="":::
+    <a href="validate-apps.md"><img src="images/phase-2-on.svg" alt="Icon representing the second phase."/></a><br>
+    [**Validate the application**](validate-apps.md)
+   :::column-end:::
+   :::column span="":::
+    <a href="create-policies.md"><img src="images/phase-3-off.svg" alt="Icon representing the third phase."/></a><br>
+    [**Create additional policies (optional)**](create-policies.md)
+   :::column-end:::
+:::row-end:::
+
+A fundamental step in deploying apps to Windows 11 SE devices is to validate that the apps work as expected.
+
+Application validation consists of the following steps:
+
+1. Wait for the application to install
+1. Verify that the app installed successfully
+1. Open the app and exercise all user workflows
+1. Inspect the app and take note of any potential problems
+
+> [!NOTE]
+> Apps must be validated on a case-by-case basis. A successful installation doesn't mean that the app will run properly. A successful execution of the app, doesn't mean it will *always* run properly.
+
+## Wait for the application to install
+
+Application installation depends on two factors:
+
+- When the managed installer policies are applied to the device. These policies are automatically applied to Windows SE devices when they are enrolled in Intune
+- When the apps are deployed to a device
+
+> [!IMPORTANT]
+> The Intune management extension agent checks every hour (or on service or device restart) for any new Win32 app assignments.
+
+If the Windows 11 SE base policy doesn't block the application that you're trying to deploy, the process to deploy the app to Windows SE devices should be consistent with non-SE devices.
+
+## Check for installation
+
+There are two ways to verify that an app installed successfully:
+
+- Intune portal
+- On the device
+
+Both options are worth checking. Installation in Intune can be used to check the installation status remotely and to ensure that the installation detection rules are configured correctly. Checking on the device can indicate if the app  installed and if it runs properly.
+
+### Check for installation from Intune
+
+To check the installation status of an app from the Intune portal:
+
+1. Sign in to the <a href="https://intune.microsoft.com/" target="_blank"><b>Microsoft Intune admin center</b></a>
+1. Select **App > All apps**
+1. Select the application you want to check
+1. From the **Overview** page, you can verify the overall installation status
+    
+    :::image type="content" source="./images/intune-app-install-overview.png" alt-text="Screenshot of the Microsoft Intune admin center - App installation details." lightbox="./images/intune-app-install-overview.png":::
+
+1. From the **Device install status** page, you can verify the installation status for each device, and the status code that indicates the cause of the failure
+    
+    :::image type="content" source="./images/intune-app-install-status.png" alt-text="Screenshot of the Microsoft Intune admin center - App installation status for each device." lightbox="./images/intune-app-install-status.png":::
+
+> [!NOTE]
+> A Win32 application may install correctly, but report to Intune as failed.\
+> A Win32 app may also fail to install, but report as installed to Intune.
+>
+> In both cases, the issue may be in the detection rules defined in Intune, which must be configured correctly to detect the installation of the app.
+
+### Check for installation on the device
+
+On a Windows SE device, open the **Settings** app and select **Apps** > **Installed apps**. You can see the list of installed apps and validate that your targeted app is listed.
+
+Another way to validate that the app has installed is to check its installation directory. The path is usually `C:\Program Files` or `C:\Program Files (x86)`, but can vary from app to app.
+
+Lastly, launch the app to ensure that it has installed correctly.
+
+## Check for compatibility
+
+Checking for compatibility often means to execute the app and verify its functionalities. Here are some things to try while testing the behavior of your app:
+
+- Open the app
+- Test the core functionality and common user scenarios. Exercise a common workflow that a user would do with the app
+- Force an update of the app
+
+Here are things to pay attention to:
+
+- Know how the apps you deploy are updated, and if they offer controls for automatic updates
+- Dialogs may pop up during the app use, indicating that something is blocked
+- Multiple apps are installed, especially if one app appears to be a launcher/updater. For example, Adobe Photoshop includes the Adobe Creative Cloud launcher, which updates Photoshop and other apps
+- Any messages indicating that the app is doing pre-installation work or downloading more content
+- Logs in the Event Viewer
+
+### Compatible apps
+
+If an app appears to be functioning correctly without being blocked, it's likely compatible with managed installer installation.
+However, just because an app works initially doesn't mean it will *always* work. Self-updates or separate launchers/clients may update the apps.
+
+### Semi-compatible apps
+
+Semi-compatible apps may run without problems initially, but in the future they can be restricted to run after it self-updates or another installer/updater app installs over it.
+
+### Incompatible apps
+
+Incompatible apps may launch initially, but immediately begin to download more resources.\
+These apps are eventually blocked before any of their functionalities can be accessed. Or, these apps may not launch due to a dependent file blocked by the Windows 11 SE base policy.
+
+### Visual error notifications
+
+You may see a dialog indicating **This app won't run on your PC**. Check the indicated executable and verify that it matches the executable of the installed application.
+
+:::image type="content" source="images/winse-app-block.png" alt-text="Screenshot of Windows SE - error window while opening an app.":::
+
+### Event Viewer
+
+More detail can be obtained when looking for events indicating blocked executables in the Event Viewer.\
+The event logs are:
+
+- **CodeIntegrity > Operational**
+- **AppLocker > MSI and Script**
+
+For more information, see the [Troubleshoot](troubleshoot.md) section.
+
+## Known limitations
+
+Not all apps are compatible with managed installers, even after installation.
+
+To learn about known limitations with apps deployed via a managed installer, see [Known limitations with managed installer][WIN-1].
+
+<!--
+> [!NOTE]
+> UWP LOB apps aren't installed using the Intune Management Extension and thus aren't tracked by the managed installer heuristic. LOB apps must be authorized separately in your WDAC policy.
+-->
+
+## Section review
+
+Before moving on to the next section, ensure that you've completed the following tasks:
+
+> [!div class="checklist"]
+> - Verified any installation errors from Intune
+> - Verified the app installation on the device
+> - Checked for any errors when opening the app from the device
+> - Checked for any errors in the Event Viewer
+
+## Next steps
+
+Select one of the following options to learn the next steps:
+
+<!--- If the apps don't work as expected, you must create and deploy WDAC or AppLocker policies to allow the apps to run-->
+- If the apps don't work as expected, you must create and deploy AppLocker policies to allow the apps to run
+  > [!div class="nextstepaction"]
+  > [Next: Create policies>](create-policies.md)
+- If the applications you are deploying don't have any issues, you can skip to important considerations when deploying apps and policies
+  > [!div class="nextstepaction"]
+  > [Next: Important deployment considerations>](considerations.md)
+
+[M365-1]: /microsoft-365/education/deploy/microsoft-store-for-education
+
+[WIN-1]: /windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer#known-limitations-with-managed-installer
+[WIN-2]: /windows/msix/
+[WIN-3]: /windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/configure-device-apps.md b/education/windows/tutorial-school-deployment/configure-device-apps.md
index 9b34e2d7cf..ef1e695396 100644
--- a/education/windows/tutorial-school-deployment/configure-device-apps.md
+++ b/education/windows/tutorial-school-deployment/configure-device-apps.md
@@ -1,7 +1,7 @@
 ---
 title: Configure applications with Microsoft Intune
 description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
-ms.date: 08/31/2022
+ms.date: 03/08/2023
 ms.topic: tutorial
 ---
 
@@ -54,21 +54,10 @@ To assign applications to a group of users or devices:
 
 ## Considerations for Windows 11 SE
 
-Windows 11 SE supports all web applications and a *curated list* of desktop applications.
-You can prepare and add a desktop app to Microsoft Intune as a Win32 app from the [approved app list][EDU-1].
+Windows 11 SE prevents the installation and execution of third party applications with a technology called **Windows Defender Application Control** (WDAC).
+WDAC applies an *allowlist* policy, which ensures that unwanted apps don't run or get installed. However, it also prevents IT admins from deploying apps to Windows 11 SE devices, unless they're included in the E Mode policy.
 
-The process to add Win32 applications to Intune is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
-
-> [!NOTE]
-> If the applications you need aren't included in the list, anyone in your school district can submit an application request at <a href="https://edusupport.microsoft.com/support?product_id=win11se" target="_blank"><u>Microsoft Education Support</u></a>.
-
-> [!CAUTION]
-> If you assign an app to a device running **Windows 11 SE** and receive the **0x87D300D9** error code with a **Failed** state:
-> - Be sure the app is on the [<u>approved app list</u>][EDU-1]
-> - If you submitted a request to add your own app and it was approved, check that the app meets package requirements
-> - If the app is not approved, it will not run on Windows 11 SE. In this case, you will have to verify if the app can run in a web browser, such as a web app or PWA
-
-________________________________________________________
+To learn more about which apps are supported in Windows 11 SE, and how to deploy them, see the tutorial [Deploy applications to Windows 11 SE with Intune][EDU-1].
 
 ## Next steps
 
@@ -79,7 +68,7 @@ With the applications configured, you can now deploy students' and teachers' dev
 
 <!-- Reference links in article -->
 
-[EDU-1]: /education/windows/windows-11-se-overview
+[EDU-1]: ../tutorial-deploy-apps-winse/index.md
 
 [MEM-1]: /mem/intune/apps/apps-win32-add
 
diff --git a/education/windows/tutorial-school-deployment/enroll-autopilot.md b/education/windows/tutorial-school-deployment/enroll-autopilot.md
index 88cec25ed6..e8070b995b 100644
--- a/education/windows/tutorial-school-deployment/enroll-autopilot.md
+++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md
@@ -1,7 +1,7 @@
 ---
 title: Enrollment in Intune with Windows Autopilot
 description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot.
-ms.date: 08/31/2022
+ms.date: 03/08/2023
 ms.topic: tutorial
 ---
 
@@ -97,7 +97,7 @@ To deploy the ESP to devices, you need to create an ESP profile in Microsoft Int
 For more information, see [Set up the Enrollment Status Page][MEM-3].
 
 > [!CAUTION]
-> When targeting an ESP to **Windows 11 SE** devices, only applications included in the [<u>approved app list</u>][EDU-1] should part of the ESP configuration.
+> The Enrollment Status Page (ESP) is compatible with Windows 11 SE. However, due to the E Mode policy, devices may not complete the enrollment. For more information, see [Enrollment Status Page][EDU-3].
 
 ### Autopilot end-user experience
 
@@ -144,5 +144,6 @@ With the devices joined to Azure AD tenant and managed by Intune, you can use In
 
 [EDU-1]: /education/windows/windows-11-se-overview
 [EDU-2]: /intune-education/windows-11-se-overview#windows-autopilot
+[EDU-3]: ../tutorial-deploy-apps-winse/considerations.md#enrollment-status-page
 
 [SURF-1]: /surface/surface-autopilot-registration-support
\ No newline at end of file
diff --git a/education/windows/tutorial-school-deployment/index.md b/education/windows/tutorial-school-deployment/index.md
index b91d83d780..89577e6e9f 100644
--- a/education/windows/tutorial-school-deployment/index.md
+++ b/education/windows/tutorial-school-deployment/index.md
@@ -2,7 +2,7 @@
 title: Introduction to the tutorial deploy and manage Windows devices in a school
 description: Introduction to deployment and management of Windows devices in education environments.
 ms.date: 08/31/2022
-ms.topic: conceptual
+ms.topic: tutorial
 ---
 
 # Tutorial: deploy and manage Windows devices in a school
diff --git a/education/windows/windows-11-se-faq.yml b/education/windows/windows-11-se-faq.yml
index d03213a9d3..52fa4c5d69 100644
--- a/education/windows/windows-11-se-faq.yml
+++ b/education/windows/windows-11-se-faq.yml
@@ -33,6 +33,9 @@ sections:
       - question: Can I load Windows 11 SE on any hardware? 
         answer: |
           Windows 11 SE is only available on devices that are built for education. To learn more, see [Windows 11 SE Overview](/education/windows/windows-11-se-overview).
+      - question: Can I PXE boot a Windows SE device?
+        answer: |
+          No, Secure Boot prevents Windows SE devices from booting via PXE. As a workaround, you can use a UEFI bootable USB device to boot the device.
   - name: Applications and settings
     questions:
       - question: How can I install applications on Windows 11 SE?
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 44eea6b076..e484296ed5 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -1,8 +1,8 @@
 ---
 title: Windows 11 SE Overview
 description: Learn about Windows 11 SE, and the apps that are included with the operating system.
-ms.topic: article
-ms.date: 03/09/2023
+ms.topic: overview
+ms.date: 08/03/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
@@ -35,11 +35,11 @@ The following table lists the different application types available in Windows o
 | --- | --- | :---: | ---|
 |Progressive Web Apps (PWAs) | PWAs are web-based applications that can run in a browser and that can be installed as standalone apps. |✅|PWAs are enabled by default in Windows 11 SE.|
 | Web apps | Web apps are web-based applications that run in a browser. | ✅ | Web apps are enabled by default in Windows 11 SE. |
-|Win32| Win32 applications are Windows classic applications that may require installation |⛔| If users try to install or execute Win32 applications that haven't been allowed to run, they'll fail.|
-|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they'll fail.|
+|`Win32`| `Win32` applications are Windows classic applications that may require installation |⛔| If users try to install or execute `Win32` applications that haven't been allowed to run, they fail.|
+|Universal Windows Platform (UWP)/Store apps |UWP apps are commonly obtained from the Microsoft Store and may require installation |⛔|If users try to install or execute UWP applications that haven't been allowed to run, they fail.|
 
 > [!IMPORTANT]
-> If there are specific Win32 or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications).
+> If there are specific `Win32` or UWP applications that you want to allow, work with Microsoft to get them enabled. For more information, see [Add your own applications](#add-your-own-applications).
 
 ## Applications included in Windows 11 SE
 
@@ -50,10 +50,10 @@ The following table lists all the applications included in Windows 11 SE and the
 | Alarm & Clock                | UWP      |                  |                    |
 | Calculator                   | UWP      | ✅              |                    |
 | Camera                       | UWP      | ✅              |                    |
-| Microsoft Edge               | Win32    | ✅              | ✅                 |
-| Excel                        | Win32    | ✅              |                    |
+| Microsoft Edge               | `Win32`    | ✅              | ✅                 |
+| Excel                        | `Win32`    | ✅              |                    |
 | Feedback Hub                 | UWP      |                  |                    |
-| File Explorer                | Win32    |                  | ✅                |
+| File Explorer                | `Win32`    |                  | ✅                |
 | FlipGrid                     | PWA      |                  |                    |
 | Get Help                     | UWP      |                  |                    |
 | Media Player                 | UWP      | ✅              |                    |
@@ -61,108 +61,120 @@ The following table lists all the applications included in Windows 11 SE and the
 | Minecraft: Education Edition | UWP      |                  |                    |
 | Movies & TV                  | UWP      |                  |                    |
 | News                         | UWP      |                  |                    |
-| Notepad                      | Win32    |                  |                    |
-| OneDrive                     | Win32    |                  |                    |
-| OneNote                      | Win32    | ✅              |                    |
+| Notepad                      | `Win32`    |                  |                    |
+| OneDrive                     | `Win32`    |                  |                    |
+| OneNote                      | `Win32`    | ✅              |                    |
 | Outlook                      | PWA      | ✅              |                    |
-| Paint                        | Win32    | ✅              |                    |
+| Paint                        | `Win32`    | ✅              |                    |
 | Photos                       | UWP      |                  |                    |
-| PowerPoint                   | Win32    | ✅              |                    |
+| PowerPoint                   | `Win32`    | ✅              |                    |
 | Settings                     | UWP      | ✅              |                    |
 | Snip & Sketch                | UWP      |                  |                    |
 | Sticky Notes                 | UWP      |                  |                    |
-| Teams                        | Win32    | ✅              |                    |
+| Teams                        | `Win32`    | ✅              |                    |
 | To Do                        | UWP      |                  |                    |
 | Whiteboard                   | UWP      | ✅              |                    |
-| Word                         | Win32    | ✅              |                    |
+| Word                         | `Win32`    | ✅              |                    |
 
 ## Available applications
 
-The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1]
+The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1].
 
 | Application                               | Supported version | App Type | Vendor                                    |
 |-------------------------------------------|-------------------|----------|-------------------------------------------|
-| `3d builder`                              | 18.0.1931.0       | Win32    | `Microsoft`                               |
-| `Absolute Software Endpoint Agent`        | 7.20.0.1          | Win32    | `Absolute Software Corporation`           |
-| `AirSecure`                               | 8.0.0             | Win32    | `AIR`                                     |
-| `Alertus Desktop`                         | 5.4.48.0          | Win32    | `Alertus technologies`                    |
-| `Brave Browser`                           | 106.0.5249.119    | Win32    | `Brave`                                   |
+| `3d builder`                              | 18.0.1931.0       | `Win32`    | `Microsoft`                               |
+| `Absolute Software Endpoint Agent`        | 7.20.0.1          | `Win32`    | `Absolute Software Corporation`           |
+| `AirSecure`                               | 8.0.0             | `Win32`    | `AIR`                                     |
+| `Alertus Desktop`                         | 5.4.48.0          | `Win32`    | `Alertus technologies`                    |
+| `Brave Browser`                           | 106.0.5249.119    | `Win32`    | `Brave`                                   |
 | `Bulb Digital Portfolio`                  | 0.0.7.0           | `Store`  | `Bulb`                                    |
-| `CA Secure Browser`                       | 14.0.0            | Win32    | `Cambium Development`                     |
-| `Cisco Umbrella`                          | 3.0.110.0         | Win32    | `Cisco`                                   |
-| `CKAuthenticator`                         | 3.6+              | Win32    | `ContentKeeper`                           |
-| `Class Policy`                            | 116.0.0           | Win32    | `Class Policy`                            |
-| `Classroom.cloud`                         | 1.40.0004         | Win32    | `NetSupport`                              |
-| `CoGat Secure Browser`                    | 11.0.0.19         | Win32    | `Riverside Insights`                      |
-| `ColorVeil`                               | 4.0.0.175         | Win32    | `East-Tec`                                | 
-| `ContentKeeper Cloud`                     | 9.01.45           | Win32    | `ContentKeeper Technologies`              |
-| `DigiExam`                                | 14.0.6            | Win32    | `Digiexam`                                |
-| `Dragon Professional Individual`          | 15.00.100         | Win32    | `Nuance Communications`                   |
+| `CA Secure Browser`                       | 14.0.0            | `Win32`    | `Cambium Development`                     |
+| `Cisco Umbrella`                          | 3.0.343.0         | `Win32`    | `Cisco`                                   |
+| `CKAuthenticator`                         | 3.6+              | `Win32`    | `ContentKeeper`                           |
+| `Class Policy`                            | 116.0.0           | `Win32`    | `Class Policy`                            |
+| `Classroom.cloud`                         | 1.40.0004         | `Win32`    | `NetSupport`                              |
+| `Clipchamp`                               | 2.5.2.            | `Store`  | `Microsoft`                               | 
+| `CoGat Secure Browser`                    | 11.0.0.19         | `Win32`    | `Riverside Insights`                      |
+| `ColorVeil`                               | 4.0.0.175         | `Win32`    | `East-Tec`                                | 
+| `ContentKeeper Cloud`                     | 9.01.45           | `Win32`    | `ContentKeeper Technologies`              |
+| `DigiExam`                                | 14.0.6            | `Win32`    | `Digiexam`                                |
+| `Dragon Professional Individual`          | 15.00.100         | `Win32`    | `Nuance Communications`                   |
 | `DRC INSIGHT Online Assessments`          | 13.0.0.0          | `Store`  | `Data recognition Corporation`            |
-| `Duo from Cisco`                          | 3.0.0             | Win32    | `Cisco`                                   |
-| `e-Speaking Voice and Speech recognition` | 4.4.0.8           | Win32    | `e-speaking`                              |
-| `EasyReader`                              | 10.0.3.481        | Win32    | `Dolphin Computer Access`                 |
-| `Epson iProjection`                       | 3.31              | Win32    | `Epson`                                   |
-| `eTests`                                  | 4.0.25            | Win32    | `CASAS`                                   |
-| `Exam Writepad`                           | 22.10.14.1834     | Win32    | `Sheldnet`                                |
-| `FirstVoices Keyboard`                    | 15.0.270          | Win32    | `SIL International`                       |
-| `FortiClient`                             | 7.2.0.4034+       | Win32    | `Fortinet`                                |
-| `Free NaturalReader`                      | 16.1.2            | Win32    | `Natural Soft`                            |
-| `Ghotit Real Writer & Reader`             | 10.14.2.3         | Win32    | `Ghotit Ltd`                              |
-| `GoGuardian`                              | 1.4.4             | Win32    | `GoGuardian`                              |
-| `Google Chrome`                           | 110.0.5481.178    | Win32    | `Google`                                  |
-| `GuideConnect`                            | 1.23              | Win32    | `Dolphin Computer Access`                 |
-| `Illuminate Lockdown Browser`             | 2.0.5             | Win32    | `Illuminate Education`                    |
-| `Immunet`                                 | 7.5.8.21178       | Win32    | `Immunet`                                 |
-| `Impero Backdrop Client`                  | 4.4.86            | Win32    | `Impero Software`                         |
-| `IMT Lazarus`                             | 2.86.0            | Win32    | `IMTLazarus`                              |
-| `Inspiration 10`                          | 10.11             | Win32    | `TechEdology Ltd`                         |
-| `JAWS for Windows`                        | 2022.2112.24      | Win32    | `Freedom Scientific`                      |
-| `Kite Student Portal`                     | 9.0.0.0           | Win32    | `Dynamic Learning Maps`                   |
-| `Keyman`                                  | 16.0.138          | Win32    | `SIL International`
+| `Duo from Cisco`                          | 3.0.0             | `Win32`    | `Cisco`                                   |
+| `Dyknow`                                  | 7.9.13.7          | `Win32`    | `Dyknow`                                  |
+| `e-Speaking Voice and Speech recognition` | 4.4.0.11          | `Win32`    | `e-speaking`                              |
+| `EasyReader`                              | 10.0.4.498        | `Win32`    | `Dolphin Computer Access`                 |
+| `Easysense 2`                             | 1.32.0001         | `Win32`    | `Data Harvest`                            |
+| `Epson iProjection`                       | 3.31              | `Win32`    | `Epson`                                   |
+| `eTests`                                  | 4.0.25            | `Win32`    | `CASAS`                                   |
+| `Exam Writepad`                           | 23.2.4.2338       | `Win32`    | `Sheldnet`                                |
+| `FirstVoices Keyboard`                    | 15.0.270          | `Win32`    | `SIL International`                       |
+| `FortiClient`                             | 7.2.0.4034+       | `Win32`    | `Fortinet`                                |
+| `Free NaturalReader`                      | 16.1.2            | `Win32`    | `Natural Soft`                            |
+| `Ghotit Real Writer & Reader`             | 10.14.2.3         | `Win32`    | `Ghotit Ltd`                              |
+| `GoGuardian`                              | 1.4.4             | `Win32`    | `GoGuardian`                              |
+| `Google Chrome`                           | 110.0.5481.178    | `Win32`    | `Google`                                  |
+| `GuideConnect`                            | 1.24              | `Win32`    | `Dolphin Computer Access`                 |
+| `Illuminate Lockdown Browser`             | 2.0.5             | `Win32`    | `Illuminate Education`                    |
+| `Immunet`                                 | 7.5.8.21178       | `Win32`    | `Immunet`                                 |
+| `Impero Backdrop Client`                  | 5.0.87            | `Win32`    | `Impero Software`                         |
+| `IMT Lazarus`                             | 2.86.0            | `Win32`    | `IMTLazarus`                              |
+| `Inspiration 10`                          | 10.11             | `Win32`    | `TechEdology Ltd`                         |
+| `JAWS for Windows`                        | 2022.2112.24      | `Win32`    | `Freedom Scientific`                      |
+| `Kite Student Portal`                     | 9.0.0.0           | `Win32`    | `Dynamic Learning Maps`                   |
+| `Keyman`                                  | 16.0.138          | `Win32`    | `SIL International`                       |
 | `Kortext`                                 | 2.3.433.0         | `Store`  | `Kortext`                                 |
-| `Kurzweil 3000 Assistive Learning`        | 20.13.0000        | Win32    | `Kurzweil Educational Systems`            |
-| `LanSchool Classic`                       | 9.1.0.46          | Win32    | `Stoneware, Inc.`                         |
-| `LanSchool Air`                           | 2.0.13312         | Win32    | `Stoneware, Inc.`                         |
-| `Lightspeed Smart Agent`                  | 1.9.1             | Win32    | `Lightspeed Systems`                      |
+| `Kurzweil 3000 Assistive Learning`        | 20.13.0000        | `Win32`    | `Kurzweil Educational Systems`            |
+| `LanSchool Classic`                       | 9.1.0.46          | `Win32`    | `Stoneware, Inc.`                         |
+| `LanSchool Air`                           | 2.0.13312         | `Win32`    | `Stoneware, Inc.`                         |
+| `Lightspeed Smart Agent`                  | 1.9.1             | `Win32`    | `Lightspeed Systems`                      |
+| `Lightspeed Filter Agent`                 | 2.3.4             | `Win32`    | `Lightspeed Systems`                      |
 | `MetaMoJi ClassRoom`                      | 3.12.4.0          | `Store`  | `MetaMoJi Corporation`                    |
 | `Microsoft Connect`                       | 10.0.22000.1      | `Store`  | `Microsoft`                               |
-| `Mozilla Firefox`                         | 105.0.0           | Win32    | `Mozilla`                                 |
-| `NAPLAN`                                  | 5.2.2             | Win32    | `NAP`                                     |
-| `Netref Student`                          | 23.1.0            | Win32    | `NetRef`                                  |
-| `NetSupport Manager`                      | 12.01.0014        | Win32    | `NetSupport`                              |
-| `NetSupport Notify`                       | 5.10.1.215        | Win32    | `NetSupport`                              |
-| `NetSupport School`                       | 14.00.0012        | Win32    | `NetSupport`                              |
-| `NextUp Talker`                           | 1.0.49            | Win32    | `NextUp Technologies`                     |
-| `NonVisual Desktop Access`                | 2021.3.1          | Win32    | `NV Access`                               |
-| `NWEA Secure Testing Browser`             | 5.4.356.0         | Win32    | `NWEA`                                    |
-| `PaperCut`                                | 22.0.6            | Win32    | `PaperCut Software International Pty Ltd` |
-| `Pearson TestNav`                         | 1.10.2.0          | `Store`  | `Pearson`                                 |
-| `Questar Secure Browser`                  | 5.0.1.456         | Win32    | `Questar, Inc`                            |
-| `ReadAndWriteForWindows`                  | 12.0.74           | Win32    | `Texthelp Ltd.`                           |
-| `Remote Desktop client (MSRDC)`           | 1.2.3213.0        | Win32    | `Microsoft`                               |
-| `Remote Help`                             | 4.0.1.13          | Win32    | `Microsoft`                               |
-| `Respondus Lockdown Browser`              | 2.0.9.03          | Win32    | `Respondus`                               |
-| `Safe Exam Browser`                       | 3.4.1.505         | Win32    | `Safe Exam Browser`                       |
-| `Senso.Cloud`                             | 2021.11.15.0      | Win32    | `Senso.Cloud`                             |
-| `Smoothwall Monitor`                      | 2.9.2             | Win32    | `Smoothwall Ltd`                          |
-| `SuperNova Magnifier & Screen Reader`     | 21.02             | Win32    | `Dolphin Computer Access`                 |
-| `SuperNova Magnifier & Speech`            | 21.03             | Win32    | `Dolphin Computer Access`                 |
-|`TX Secure Browser`                        | 15.0.0            | Win32    | `Cambium Development`                     |
-| `VitalSourceBookShelf`                    | 10.2.26.0         | Win32    | `VitalSource Technologies Inc`            |
-| `Winbird`                                 | 19                | Win32    | `Winbird Co., Ltd.`                       |
-| `WordQ`                                   | 5.4.29            | Win32    | `WordQ`                                   |
-| `Zoom`                                    | 5.12.8 (10232)    | Win32    | `Zoom`                                    |
-| `ZoomText Fusion`                         | 2022.2109.10      | Win32    | `Freedom Scientific`                      |
-| `ZoomText Magnifier/Reader`               | 2022.2109.25      | Win32    | `Freedom Scientific`                      |
+| `Mozilla Firefox`                         | 105.0.0           | `Win32`    | `Mozilla`                                 |
+| `Mobile Plans`                            | 5.1911.3171.0     | `Store`  | `Microsoft Corporation`                   |
+| `NAPLAN`                                  | 5.2.2             | `Win32`    | `NAP`                                     |
+| `Netref Student`                          | 23.1.0            | `Win32`    | `NetRef`                                  |
+| `NetSupport DNA`                          | 4.80.0000         | `Win32`    | `NetSupport`                              |
+| `NetSupport Manager`                      | 14.00.0012        | `Win32`    | `NetSupport`                              |
+| `NetSupport Notify`                       | 5.10.1.223        | `Win32`    | `NetSupport`                              |
+| `NetSupport School`                       | 14.00.0012        | `Win32`    | `NetSupport`                              |
+| `NextUp Talker`                           | 1.0.49            | `Win32`    | `NextUp Technologies`                     |
+| `NonVisual Desktop Access`                | 2021.3.1          | `Win32`    | `NV Access`                               |
+| `NWEA Secure Testing Browser`             | 5.4.387.0         | `Win32`    | `NWEA`                                    |
+| `PC Talker Neo`                           | 2209              | `Win32`    | `Kochi System Development`                |
+| `PC Talker Neo Plus`                      | 2209              | `Win32`    | `Kochi System Development`                |
+| `PaperCut`                                | 22.0.6            | `Win32`    | `PaperCut Software International Pty Ltd` |
+| `Pearson TestNav`                         | 1.11.3            | `Store`  | `Pearson`                                 |
+| `Project Monarch Outlook`                 | 1.2022.2250001    | `Store`  | `Microsoft`                               |
+| `Questar Secure Browser`                  | 5.0.1.456         | `Win32`    | `Questar, Inc`                            |
+| `ReadAndWriteForWindows`                  | 12.0.74           | `Win32`    | `Texthelp Ltd.`                           |
+| `Remote Desktop client (MSRDC)`           | 1.2.4240.0        | `Win32`    | `Microsoft`                               |
+| `Remote Help`                             | 4.0.1.13          | `Win32`    | `Microsoft`                               |
+| `Respondus Lockdown Browser`              | 2.0.9.03          | `Win32`    | `Respondus`                               |
+| `Safe Exam Browser`                       | 3.5.0.544         | `Win32`    | `Safe Exam Browser`                       |
+|`SchoolYear`                               | 3.4.21             | `Win32`    |`SchoolYear`                              |
+|`School Manager`                           | 3.6.8.1109        | `Win32`    |`School Manager`                           |
+| `Senso.Cloud`                             | 2021.11.15.0      | `Win32`    | `Senso.Cloud`                             |
+| `Skoolnext`                               | 2.19              | `Win32`    | `Skool.net`                               |
+| `Smoothwall Monitor`                      | 2.9.2             | `Win32`    | `Smoothwall Ltd`                          |
+| `SuperNova Magnifier & Screen Reader`     | 22.02             | `Win32`    | `Dolphin Computer Access`                 |
+| `SuperNova Magnifier & Speech`            | 21.03             | `Win32`    | `Dolphin Computer Access`                 |
+|`TX Secure Browser`                        | 15.0.0            | `Win32`    | `Cambium Development`                     |
+| `VitalSourceBookShelf`                    | 10.2.26.0         | `Win32`    | `VitalSource Technologies Inc`            |
+| `Winbird`                                 | 19                | `Win32`    | `Winbird Co., Ltd.`                       |
+| `WordQ`                                   | 5.4.29            | `Win32`    | `WordQ`                                   |
+| `Zoom`                                    | 5.12.8 (10232)    | `Win32`    | `Zoom`                                    |
+| `ZoomText Fusion`                         | 2023.2303.77.400  | `Win32`    | `Freedom Scientific`                      |
+| `ZoomText Magnifier/Reader`               | 2023.2303.33.400  | `Win32`    | `Freedom Scientific`                      |
 
 ## Add your own applications
 
-If the applications you need aren't in the [available applications list](#available-applications), then you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
+If the applications you need aren't in the [available applications list](#available-applications), you can submit an application request at [aka.ms/eduapprequest](https://aka.ms/eduapprequest). Anyone from a school district can submit the request. In the form, sign in with your school account, such as `user@contoso.edu`. We'll update you using this email account.
 
 Microsoft reviews every app request to make sure each app meets the following requirements:
 
-- Apps can be any native Windows app type, such as a Microsoft Store app, Win32 app, `.MSIX`, `.APPX`, and more
+- Apps can be any native Windows app type, such as a Microsoft Store app, `Win32` app, `.MSIX`, `.APPX`, and more
 - Apps must be in one of the following app categories:
   - Content Filtering apps
   - Test Taking solutions
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
index 633ac67aa7..6536c45279 100644
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@@ -1,8 +1,8 @@
 ---
 title: Windows 11 SE settings list
 description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
-ms.topic: article
-ms.date: 03/09/2023
+ms.topic: reference
+ms.date: 08/18/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index f933dc3465..7c6ecca23b 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -1,30 +1,21 @@
 ---
 title: Windows 10 editions for education customers
 description: Learn about the two Windows 10 editions that are designed for the needs of education institutions.
-ms.topic: article
-ms.date: 08/10/2022
+ms.topic: overview
+ms.date: 07/25/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Windows 10 editions for education customers
 
-Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
+Windows 10 offers various new features and functionalities, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
 
-Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
-
-Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
+Windows 10 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
 
 ## Windows 10 Pro Education
 
-Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
-
-For Cortana<sup>[1](#footnote1)</sup>:
-- If you're using version 1607, Cortana is removed.
-- If you're using new devices with version 1703 or later, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
-
-You can use the **AllowCortana** policy to turn off Cortana. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
+Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
 
 Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 or newer versions that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
 
@@ -38,13 +29,6 @@ Customers who deploy Windows 10 Pro are able to configure the product to have si
 
 Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
 
-For Cortana<sup>1</sup>:
-- If you're using version 1607, Cortana<sup>1</sup> is removed.
-- If you're using new devices with version 1703 or later, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
-
-You can use the **AllowCortana** policy to turn off Cortana. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
-
 Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you don't have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
 
 Customers who deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
@@ -52,14 +36,11 @@ Customers who deploy Windows 10 Enterprise are able to configure the product to
 For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
 
 ## Related topics
+
 - [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
 - [Windows deployment for education](./index.yml)
 - [Windows 10 upgrade paths](/windows/deployment/upgrade/windows-10-upgrade-paths)
 - [Volume Activation for Windows 10](/windows/deployment/volume-activation/volume-activation-windows-10)
 - [Plan for volume activation](/windows/deployment/volume-activation/plan-for-volume-activation-client)
 - [Windows 10 subscription activation](/windows/deployment/windows-10-subscription-activation)
-
-
-
-
-<a name="footnote1"></a><sup>1</sup> <small>Cortana available in select markets; experience may vary by region and device.</small>
\ No newline at end of file
+- 
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg b/images/group-policy.svg
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
rename to images/group-policy.svg
diff --git a/images/information.svg b/images/information.svg
new file mode 100644
index 0000000000..bc692eabb9
--- /dev/null
+++ b/images/information.svg
@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M8 7C8.27614 7 8.5 7.22386 8.5 7.5V10.5C8.5 10.7761 8.27614 11 8 11C7.72386 11 7.5 10.7761 7.5 10.5V7.5C7.5 7.22386 7.72386 7 8 7ZM8.00001 6.24907C8.41369 6.24907 8.74905 5.91371 8.74905 5.50003C8.74905 5.08635 8.41369 4.751 8.00001 4.751C7.58633 4.751 7.25098 5.08635 7.25098 5.50003C7.25098 5.91371 7.58633 6.24907 8.00001 6.24907ZM2 8C2 4.68629 4.68629 2 8 2C11.3137 2 14 4.68629 14 8C14 11.3137 11.3137 14 8 14C4.68629 14 2 11.3137 2 8ZM8 3C5.23858 3 3 5.23858 3 8C3 10.7614 5.23858 13 8 13C10.7614 13 13 10.7614 13 8C13 5.23858 10.7614 3 8 3Z" fill="#0078D4" />
+</svg>
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg b/images/intune.svg
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
rename to images/intune.svg
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg b/images/windows-os.svg
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
rename to images/windows-os.svg
diff --git a/includes/configure/gpo-settings-1.md b/includes/configure/gpo-settings-1.md
new file mode 100644
index 0000000000..d30e2cc685
--- /dev/null
+++ b/includes/configure/gpo-settings-1.md
@@ -0,0 +1,9 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
+ms.topic: include
+ms.prod: windows-client
+---
+
+To configure devices using group policy, [create a group policy object (GPO)](/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object) and use the following settings:
\ No newline at end of file
diff --git a/includes/configure/gpo-settings-2.md b/includes/configure/gpo-settings-2.md
new file mode 100644
index 0000000000..bf8ee52309
--- /dev/null
+++ b/includes/configure/gpo-settings-2.md
@@ -0,0 +1,9 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
+ms.topic: include
+ms.prod: windows-client
+---
+
+The policy settings can be configured locally by using the Local Group Policy Editor (`gpedit.msc`), linked to the domain or organizational units, and filtered to security groups.
\ No newline at end of file
diff --git a/includes/intune/intune-custom-settings-1.md b/includes/configure/intune-custom-settings-1.md
similarity index 79%
rename from includes/intune/intune-custom-settings-1.md
rename to includes/configure/intune-custom-settings-1.md
index d911751e75..60125a46d1 100644
--- a/includes/intune/intune-custom-settings-1.md
+++ b/includes/configure/intune-custom-settings-1.md
@@ -1,6 +1,9 @@
 ---
-ms.date: 02/22/2022
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
 ms.topic: include
+ms.prod: windows-client
 ---
 
 To configure devices with Microsoft Intune, use a custom policy:
diff --git a/includes/intune/intune-custom-settings-2.md b/includes/configure/intune-custom-settings-2.md
similarity index 60%
rename from includes/intune/intune-custom-settings-2.md
rename to includes/configure/intune-custom-settings-2.md
index 1a601acaa7..03977b7a0d 100644
--- a/includes/intune/intune-custom-settings-2.md
+++ b/includes/configure/intune-custom-settings-2.md
@@ -1,6 +1,9 @@
 ---
-ms.date: 11/08/2022
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
 ms.topic: include
+ms.prod: windows-client
 ---
 
 7. Select **Next**
diff --git a/education/windows/includes/intune-custom-settings-info.md b/includes/configure/intune-custom-settings-info.md
similarity index 52%
rename from education/windows/includes/intune-custom-settings-info.md
rename to includes/configure/intune-custom-settings-info.md
index 8ff9da4294..8f406cf058 100644
--- a/education/windows/includes/intune-custom-settings-info.md
+++ b/includes/configure/intune-custom-settings-info.md
@@ -1,6 +1,9 @@
 ---
-ms.date: 11/08/2022
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
 ms.topic: include
+ms.prod: windows-client
 ---
 
 For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).
\ No newline at end of file
diff --git a/includes/configure/intune-settings-catalog-1.md b/includes/configure/intune-settings-catalog-1.md
new file mode 100644
index 0000000000..d0b87a5b78
--- /dev/null
+++ b/includes/configure/intune-settings-catalog-1.md
@@ -0,0 +1,9 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
+ms.topic: include
+ms.prod: windows-client
+---
+
+To configure devices using Microsoft Intune, [create a Settings catalog policy](/mem/intune/configuration/settings-catalog) and use the following settings:
\ No newline at end of file
diff --git a/includes/configure/intune-settings-catalog-2.md b/includes/configure/intune-settings-catalog-2.md
new file mode 100644
index 0000000000..287d5ebbf1
--- /dev/null
+++ b/includes/configure/intune-settings-catalog-2.md
@@ -0,0 +1,9 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
+ms.topic: include
+ms.prod: windows-client
+---
+
+Assign the policy to a group that contains as members the devices or users that you want to configure.
\ No newline at end of file
diff --git a/includes/configure/tab-intro.md b/includes/configure/tab-intro.md
new file mode 100644
index 0000000000..a818e4df8b
--- /dev/null
+++ b/includes/configure/tab-intro.md
@@ -0,0 +1,9 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/15/2023
+ms.topic: include
+ms.prod: windows-client
+---
+
+The following instructions provide details how to configure your devices. Select the option that best suits your needs.
\ No newline at end of file
diff --git a/includes/intune/intune-custom-settings-info.md b/includes/intune/intune-custom-settings-info.md
deleted file mode 100644
index 8ff9da4294..0000000000
--- a/includes/intune/intune-custom-settings-info.md
+++ /dev/null
@@ -1,6 +0,0 @@
----
-ms.date: 11/08/2022
-ms.topic: include
----
-
-For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).
\ No newline at end of file
diff --git a/includes/licensing/_edition-requirements.md b/includes/licensing/_edition-requirements.md
index 0135cef94b..d64cd242d4 100644
--- a/includes/licensing/_edition-requirements.md
+++ b/includes/licensing/_edition-requirements.md
@@ -1,23 +1,27 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/09/2023
 ms.topic: include
 ---
 
 | Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
 |:---|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
+|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
 |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
+|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
+|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|
 |**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
 |**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes|
 |**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
 |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
+|**[Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
@@ -28,10 +32,9 @@ ms.topic: include
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
-|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
@@ -41,40 +44,44 @@ ms.topic: include
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|
+|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|
+|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|
+|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
+|**[Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
 |**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
 |**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
 |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
+|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
 |**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
 |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
+|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|
+|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
 |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
+|**[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)**|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
-|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
 |**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
+|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/_licensing-requirements.md b/includes/licensing/_licensing-requirements.md
index 575aef4b30..d9d793ad2b 100644
--- a/includes/licensing/_licensing-requirements.md
+++ b/includes/licensing/_licensing-requirements.md
@@ -1,23 +1,27 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/09/2023
 ms.topic: include
 ---
 
 |Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---|:---:|:---:|:---:|:---:|:---:|
-|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
 |**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
+|**[App containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
+|**[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)**|❌|Yes|Yes|Yes|Yes|
 |**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
 |**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
 |**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
+|**[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes|
 |**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
 |**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
 |**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
+|**[Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
 |**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
 |**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
 |**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
@@ -28,10 +32,9 @@ ms.topic: include
 |**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
 |**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
 |**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
-|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
 |**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
-|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
-|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
@@ -41,40 +44,44 @@ ms.topic: include
 |**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
 |**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
 |**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
-|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Modern device management through (MDM)](/windows/client-management/mdm-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)**|Yes|Yes|Yes|Yes|Yes|
 |**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
 |**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
 |**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
 |**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
+|**[Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
 |**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
 |**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
-|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
 |**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
 |**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
 |**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
+|**Software Bill of Materials (SBOM)**|Yes|Yes|Yes|Yes|Yes|
 |**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
 |**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
-|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
 |**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
 |**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
 |**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
-|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
 |**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
-|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|
diff --git a/includes/licensing/access-control-aclsacl.md b/includes/licensing/access-control-aclsacl.md
new file mode 100644
index 0000000000..8adad0309e
--- /dev/null
+++ b/includes/licensing/access-control-aclsacl.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Access Control (ACL/SACL):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Access Control (ACL/SACL) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/access-control-aclsscals.md b/includes/licensing/access-control-aclsscals.md
index 74b2f49090..9d8830c6cd 100644
--- a/includes/licensing/access-control-aclsscals.md
+++ b/includes/licensing/access-control-aclsscals.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/account-lockout-policy.md b/includes/licensing/account-lockout-policy.md
index f73aa4228c..1e7a0d8661 100644
--- a/includes/licensing/account-lockout-policy.md
+++ b/includes/licensing/account-lockout-policy.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/always-on-vpn-device-tunnel.md b/includes/licensing/always-on-vpn-device-tunnel.md
index 74b2333a3d..08d98ed800 100644
--- a/includes/licensing/always-on-vpn-device-tunnel.md
+++ b/includes/licensing/always-on-vpn-device-tunnel.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/app-containers.md b/includes/licensing/app-containers.md
new file mode 100644
index 0000000000..0d698a7bfb
--- /dev/null
+++ b/includes/licensing/app-containers.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support App containers:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+App containers license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/applocker.md b/includes/licensing/applocker.md
new file mode 100644
index 0000000000..54cc165d41
--- /dev/null
+++ b/includes/licensing/applocker.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support AppLocker:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+AppLocker license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/assigned-access-kiosk-mode.md b/includes/licensing/assigned-access-kiosk-mode.md
index a2f4b745bb..066c7badc4 100644
--- a/includes/licensing/assigned-access-kiosk-mode.md
+++ b/includes/licensing/assigned-access-kiosk-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/attack-surface-reduction-asr.md b/includes/licensing/attack-surface-reduction-asr.md
index 666af08c54..7d481ce4bf 100644
--- a/includes/licensing/attack-surface-reduction-asr.md
+++ b/includes/licensing/attack-surface-reduction-asr.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
index b093cd8faa..5ae19412dd 100644
--- a/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
+++ b/includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-containers.md b/includes/licensing/azure-code-signing.md
similarity index 76%
rename from includes/licensing/windows-containers.md
rename to includes/licensing/azure-code-signing.md
index f3f9962827..dc29a35e27 100644
--- a/includes/licensing/windows-containers.md
+++ b/includes/licensing/azure-code-signing.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows containers:
+The following table lists the Windows editions that support Azure Code Signing:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Windows containers license entitlements are granted by the following licenses:
+Azure Code Signing license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/bitlocker-enablement.md b/includes/licensing/bitlocker-enablement.md
index 4f0645fe52..56f85845aa 100644
--- a/includes/licensing/bitlocker-enablement.md
+++ b/includes/licensing/bitlocker-enablement.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bitlocker-management.md b/includes/licensing/bitlocker-management.md
index af3034bd8b..a0c68f72ee 100644
--- a/includes/licensing/bitlocker-management.md
+++ b/includes/licensing/bitlocker-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/bluetooth-pairing-and-connection-protection.md b/includes/licensing/bluetooth-pairing-and-connection-protection.md
index 494fee6609..171fe3f9b2 100644
--- a/includes/licensing/bluetooth-pairing-and-connection-protection.md
+++ b/includes/licensing/bluetooth-pairing-and-connection-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/common-criteria-certifications.md b/includes/licensing/common-criteria-certifications.md
index dbb9d1669a..528a497f37 100644
--- a/includes/licensing/common-criteria-certifications.md
+++ b/includes/licensing/common-criteria-certifications.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/controlled-folder-access.md b/includes/licensing/controlled-folder-access.md
index 855d0cf28f..25d04b1c49 100644
--- a/includes/licensing/controlled-folder-access.md
+++ b/includes/licensing/controlled-folder-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-credential-guard.md b/includes/licensing/credential-guard.md
similarity index 71%
rename from includes/licensing/windows-defender-credential-guard.md
rename to includes/licensing/credential-guard.md
index c134726708..b5eea7128d 100644
--- a/includes/licensing/windows-defender-credential-guard.md
+++ b/includes/licensing/credential-guard.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows Defender Credential Guard:
+The following table lists the Windows editions that support Credential Guard:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |No|Yes|No|Yes|
 
-Windows Defender Credential Guard license entitlements are granted by the following licenses:
+Credential Guard license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/device-health-attestation-service.md b/includes/licensing/device-health-attestation-service.md
index f8fdb1e381..7ed2add45f 100644
--- a/includes/licensing/device-health-attestation-service.md
+++ b/includes/licensing/device-health-attestation-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/direct-access.md b/includes/licensing/direct-access.md
index f1b2da9ef5..057c5a2cea 100644
--- a/includes/licensing/direct-access.md
+++ b/includes/licensing/direct-access.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/email-encryption-smime.md b/includes/licensing/email-encryption-smime.md
index 07e14851b2..6895c5b618 100644
--- a/includes/licensing/email-encryption-smime.md
+++ b/includes/licensing/email-encryption-smime.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/encrypted-hard-drive.md b/includes/licensing/encrypted-hard-drive.md
index e365c0d71c..16225d6ee6 100644
--- a/includes/licensing/encrypted-hard-drive.md
+++ b/includes/licensing/encrypted-hard-drive.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
index 4f4c059f8b..ae4cd8568a 100644
--- a/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
+++ b/includes/licensing/enhanced-phishing-protection-with-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/exploit-protection.md b/includes/licensing/exploit-protection.md
index c774cb4f5e..7a46f2cc0a 100644
--- a/includes/licensing/exploit-protection.md
+++ b/includes/licensing/exploit-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/fast-identity-online-fido2-security-key.md b/includes/licensing/fast-identity-online-fido2-security-key.md
index b47385e2f5..9985309552 100644
--- a/includes/licensing/fast-identity-online-fido2-security-key.md
+++ b/includes/licensing/fast-identity-online-fido2-security-key.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federal-information-processing-standard-fips-140-validation.md b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
index ff0563a439..a06133b313 100644
--- a/includes/licensing/federal-information-processing-standard-fips-140-validation.md
+++ b/includes/licensing/federal-information-processing-standard-fips-140-validation.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/federated-sign-in.md b/includes/licensing/federated-sign-in.md
index 5a1a787e06..0d01c1968f 100644
--- a/includes/licensing/federated-sign-in.md
+++ b/includes/licensing/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hardware-enforced-stack-protection.md b/includes/licensing/hardware-enforced-stack-protection.md
index 50ae05045a..8a2fe75e78 100644
--- a/includes/licensing/hardware-enforced-stack-protection.md
+++ b/includes/licensing/hardware-enforced-stack-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/hypervisor-protected-code-integrity-hvci.md b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
index 8f6b16cf28..a6800d9403 100644
--- a/includes/licensing/hypervisor-protected-code-integrity-hvci.md
+++ b/includes/licensing/hypervisor-protected-code-integrity-hvci.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/kernel-direct-memory-access-dma-protection.md b/includes/licensing/kernel-direct-memory-access-dma-protection.md
index 7c805915cb..52b159827e 100644
--- a/includes/licensing/kernel-direct-memory-access-dma-protection.md
+++ b/includes/licensing/kernel-direct-memory-access-dma-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/local-security-authority-lsa-protection.md b/includes/licensing/local-security-authority-lsa-protection.md
index af4fb5b47f..fafa59de66 100644
--- a/includes/licensing/local-security-authority-lsa-protection.md
+++ b/includes/licensing/local-security-authority-lsa-protection.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md b/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
deleted file mode 100644
index 7330817deb..0000000000
--- a/includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 05/04/2023
-ms.topic: include
----
-
-## Windows edition and licensing requirements
-
-The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
-
-|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
-|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|
-
-Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
-
-|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
-|:---:|:---:|:---:|:---:|:---:|
-|Yes|Yes|Yes|Yes|Yes|
-
-For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/measured-boot.md b/includes/licensing/measured-boot.md
index 39c560d47f..407e64eefe 100644
--- a/includes/licensing/measured-boot.md
+++ b/includes/licensing/measured-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-antivirus.md b/includes/licensing/microsoft-defender-antivirus.md
index ba5bb932ea..357e6daa39 100644
--- a/includes/licensing/microsoft-defender-antivirus.md
+++ b/includes/licensing/microsoft-defender-antivirus.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
index 453b5db930..bd87e59e22 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
index 36c1c33234..8e546d7248 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
index 23bf14013f..5d3024ffc9 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
index 2ccf97f2da..6284c03484 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
index bf903c766f..de70847881 100644
--- a/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
+++ b/includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-for-endpoint.md b/includes/licensing/microsoft-defender-for-endpoint.md
index be03daf05e..56edc6e24e 100644
--- a/includes/licensing/microsoft-defender-for-endpoint.md
+++ b/includes/licensing/microsoft-defender-for-endpoint.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-defender-smartscreen.md b/includes/licensing/microsoft-defender-smartscreen.md
index a946b12155..d5b7aae9bd 100644
--- a/includes/licensing/microsoft-defender-smartscreen.md
+++ b/includes/licensing/microsoft-defender-smartscreen.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/microsoft-pluton-security-processor.md b/includes/licensing/microsoft-pluton.md
similarity index 79%
rename from includes/licensing/microsoft-pluton-security-processor.md
rename to includes/licensing/microsoft-pluton.md
index 2190c8a4ab..31058f139d 100644
--- a/includes/licensing/microsoft-pluton-security-processor.md
+++ b/includes/licensing/microsoft-pluton.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Microsoft Pluton security processor:
+The following table lists the Windows editions that support Microsoft Pluton:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Microsoft Pluton security processor license entitlements are granted by the following licenses:
+Microsoft Pluton license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/microsoft-security-development-lifecycle-sdl.md b/includes/licensing/microsoft-security-development-lifecycle-sdl.md
new file mode 100644
index 0000000000..7b9411b126
--- /dev/null
+++ b/includes/licensing/microsoft-security-development-lifecycle-sdl.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Security Development Lifecycle (SDL):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Security Development Lifecycle (SDL) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/microsoft-vulnerable-driver-blocklist.md b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
index 39e258739c..449ac22b52 100644
--- a/includes/licensing/microsoft-vulnerable-driver-blocklist.md
+++ b/includes/licensing/microsoft-vulnerable-driver-blocklist.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
+The following table lists the Windows editions that support Microsoft vulnerable driver blocklist:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
+Microsoft vulnerable driver blocklist license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/microsoft-windows-insider-preview-bounty-program.md b/includes/licensing/microsoft-windows-insider-preview-bounty-program.md
new file mode 100644
index 0000000000..c3cd9dbaf1
--- /dev/null
+++ b/includes/licensing/microsoft-windows-insider-preview-bounty-program.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Windows Insider Preview bounty program:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Windows Insider Preview bounty program license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/modern-device-management-through-mdm.md b/includes/licensing/modern-device-management-through-mdm.md
new file mode 100644
index 0000000000..f2a71b791d
--- /dev/null
+++ b/includes/licensing/modern-device-management-through-mdm.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Modern device management through (MDM):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Modern device management through (MDM) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/onefuzz-service.md b/includes/licensing/onefuzz-service.md
new file mode 100644
index 0000000000..25e6a5ef43
--- /dev/null
+++ b/includes/licensing/onefuzz-service.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support OneFuzz service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+OneFuzz service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/opportunistic-wireless-encryption-owe.md b/includes/licensing/opportunistic-wireless-encryption-owe.md
index e0203c3e4d..4629b28a5f 100644
--- a/includes/licensing/opportunistic-wireless-encryption-owe.md
+++ b/includes/licensing/opportunistic-wireless-encryption-owe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/personal-data-encryption-pde.md b/includes/licensing/personal-data-encryption-pde.md
index 3ca149f34f..ed0e014d0e 100644
--- a/includes/licensing/personal-data-encryption-pde.md
+++ b/includes/licensing/personal-data-encryption-pde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-resource-usage.md b/includes/licensing/privacy-resource-usage.md
index 054bf054cc..080229688a 100644
--- a/includes/licensing/privacy-resource-usage.md
+++ b/includes/licensing/privacy-resource-usage.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/privacy-transparency-and-controls.md b/includes/licensing/privacy-transparency-and-controls.md
index 711440f7a5..fd57043298 100644
--- a/includes/licensing/privacy-transparency-and-controls.md
+++ b/includes/licensing/privacy-transparency-and-controls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/remote-credential-guard.md b/includes/licensing/remote-credential-guard.md
new file mode 100644
index 0000000000..8e80d94a84
--- /dev/null
+++ b/includes/licensing/remote-credential-guard.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Remote Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Remote Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/remote-wipe.md b/includes/licensing/remote-wipe.md
index 5f5e79eeb6..6557c69147 100644
--- a/includes/licensing/remote-wipe.md
+++ b/includes/licensing/remote-wipe.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secure-boot-and-trusted-boot.md b/includes/licensing/secure-boot-and-trusted-boot.md
index 8c60a8b048..b29dea38c5 100644
--- a/includes/licensing/secure-boot-and-trusted-boot.md
+++ b/includes/licensing/secure-boot-and-trusted-boot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-configuration-lock.md b/includes/licensing/secured-core-configuration-lock.md
index 9a2f06088b..8acee3baef 100644
--- a/includes/licensing/secured-core-configuration-lock.md
+++ b/includes/licensing/secured-core-configuration-lock.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/secured-core-pc.md b/includes/licensing/secured-core-pc-firmware-protection.md
similarity index 79%
rename from includes/licensing/secured-core-pc.md
rename to includes/licensing/secured-core-pc-firmware-protection.md
index f22319bbdb..21a3a0651a 100644
--- a/includes/licensing/secured-core-pc.md
+++ b/includes/licensing/secured-core-pc-firmware-protection.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Secured-core PC:
+The following table lists the Windows editions that support Secured-core PC firmware protection:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Secured-core PC license entitlements are granted by the following licenses:
+Secured-core PC firmware protection license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/security-baselines.md b/includes/licensing/security-baselines.md
index a615d3af13..bda8037388 100644
--- a/includes/licensing/security-baselines.md
+++ b/includes/licensing/security-baselines.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-direct-smb-direct.md b/includes/licensing/server-message-block-direct-smb-direct.md
index ba99c98579..683fa8db2e 100644
--- a/includes/licensing/server-message-block-direct-smb-direct.md
+++ b/includes/licensing/server-message-block-direct-smb-direct.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/server-message-block-smb-file-service.md b/includes/licensing/server-message-block-smb-file-service.md
index a271907d88..cd9276809b 100644
--- a/includes/licensing/server-message-block-smb-file-service.md
+++ b/includes/licensing/server-message-block-smb-file-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-app-control.md b/includes/licensing/smart-app-control.md
index ff42750aab..fbc05610fb 100644
--- a/includes/licensing/smart-app-control.md
+++ b/includes/licensing/smart-app-control.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/smart-cards-for-windows-service.md b/includes/licensing/smart-cards-for-windows-service.md
index 98f271770f..eb5061e582 100644
--- a/includes/licensing/smart-cards-for-windows-service.md
+++ b/includes/licensing/smart-cards-for-windows-service.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/software-bill-of-materials-sbom.md b/includes/licensing/software-bill-of-materials-sbom.md
new file mode 100644
index 0000000000..4d6f832194
--- /dev/null
+++ b/includes/licensing/software-bill-of-materials-sbom.md
@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Software Bill of Materials (SBOM):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Software Bill of Materials (SBOM) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
diff --git a/includes/licensing/tamper-protection-settings-for-mde.md b/includes/licensing/tamper-protection-settings-for-mde.md
index 95a86ec97c..fe7d7c2314 100644
--- a/includes/licensing/tamper-protection-settings-for-mde.md
+++ b/includes/licensing/tamper-protection-settings-for-mde.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/transport-layer-security-tls.md b/includes/licensing/transport-layer-security-tls.md
index 9af6799b44..5642121480 100644
--- a/includes/licensing/transport-layer-security-tls.md
+++ b/includes/licensing/transport-layer-security-tls.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/trusted-platform-module-tpm-20.md b/includes/licensing/trusted-platform-module-tpm.md
similarity index 80%
rename from includes/licensing/trusted-platform-module-tpm-20.md
rename to includes/licensing/trusted-platform-module-tpm.md
index b2e593986b..6f757d623a 100644
--- a/includes/licensing/trusted-platform-module-tpm-20.md
+++ b/includes/licensing/trusted-platform-module-tpm.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
+The following table lists the Windows editions that support Trusted Platform Module (TPM):
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
+Trusted Platform Module (TPM) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/universal-print.md b/includes/licensing/universal-print.md
index 9c6572d61e..87828b2774 100644
--- a/includes/licensing/universal-print.md
+++ b/includes/licensing/universal-print.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/user-account-control-uac.md b/includes/licensing/user-account-control-uac.md
index 9da42619fe..c34f82f836 100644
--- a/includes/licensing/user-account-control-uac.md
+++ b/includes/licensing/user-account-control-uac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/virtual-private-network-vpn.md b/includes/licensing/virtual-private-network-vpn.md
index aa184cdbb6..eb309a2554 100644
--- a/includes/licensing/virtual-private-network-vpn.md
+++ b/includes/licensing/virtual-private-network-vpn.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Virtual Private Network (VPN):
+The following table lists the Windows editions that support Virtual private network (VPN):
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Virtual Private Network (VPN) license entitlements are granted by the following licenses:
+Virtual private network (VPN) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/virtualization-based-security-vbs.md b/includes/licensing/virtualization-based-security-vbs.md
index bab3110e7a..70827aebce 100644
--- a/includes/licensing/virtualization-based-security-vbs.md
+++ b/includes/licensing/virtualization-based-security-vbs.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/wifi-security.md b/includes/licensing/wifi-security.md
index edb7a92967..3d4a3e17c3 100644
--- a/includes/licensing/wifi-security.md
+++ b/includes/licensing/wifi-security.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-remote-credential-guard.md b/includes/licensing/windows-application-software-development-kit-sdk.md
similarity index 76%
rename from includes/licensing/windows-defender-remote-credential-guard.md
rename to includes/licensing/windows-application-software-development-kit-sdk.md
index b638a7c661..d97a10562a 100644
--- a/includes/licensing/windows-defender-remote-credential-guard.md
+++ b/includes/licensing/windows-application-software-development-kit-sdk.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows Defender Remote Credential Guard:
+The following table lists the Windows editions that support Windows application software development kit (SDK):
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Windows Defender Remote Credential Guard license entitlements are granted by the following licenses:
+Windows application software development kit (SDK) license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/includes/licensing/windows-autopatch.md b/includes/licensing/windows-autopatch.md
index 85f7df53dc..4c866c7106 100644
--- a/includes/licensing/windows-autopatch.md
+++ b/includes/licensing/windows-autopatch.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-autopilot.md b/includes/licensing/windows-autopilot.md
index e187e7a3fa..1eee13f367 100644
--- a/includes/licensing/windows-autopilot.md
+++ b/includes/licensing/windows-autopilot.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-application-control-wdac.md b/includes/licensing/windows-defender-application-control-wdac.md
index 66d6ac70dc..86ab8d5f14 100644
--- a/includes/licensing/windows-defender-application-control-wdac.md
+++ b/includes/licensing/windows-defender-application-control-wdac.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-defender-system-guard.md b/includes/licensing/windows-defender-system-guard.md
index 0c747b64c5..7e8c06b51d 100644
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-firewall.md b/includes/licensing/windows-firewall.md
index 2e0754b3ac..8e0bc9faf0 100644
--- a/includes/licensing/windows-firewall.md
+++ b/includes/licensing/windows-firewall.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
index 3d0c015bc5..56e03e6bd4 100644
--- a/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
+++ b/includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-hello-for-business.md b/includes/licensing/windows-hello-for-business.md
index f48b9316b7..95ffbf43a9 100644
--- a/includes/licensing/windows-hello-for-business.md
+++ b/includes/licensing/windows-hello-for-business.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-laps.md b/includes/licensing/windows-laps.md
index d462168228..eaddd61d61 100644
--- a/includes/licensing/windows-laps.md
+++ b/includes/licensing/windows-laps.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-presence-sensing.md b/includes/licensing/windows-presence-sensing.md
index c6cc796c33..977c729c0c 100644
--- a/includes/licensing/windows-presence-sensing.md
+++ b/includes/licensing/windows-presence-sensing.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-sandbox.md b/includes/licensing/windows-sandbox.md
index 7ed933449c..a486fd64de 100644
--- a/includes/licensing/windows-sandbox.md
+++ b/includes/licensing/windows-sandbox.md
@@ -1,7 +1,7 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
diff --git a/includes/licensing/windows-security-policy-settings-and-auditing.md b/includes/licensing/windows-security-policy-settings-and-auditing.md
index 270d3267ee..a1742270bf 100644
--- a/includes/licensing/windows-security-policy-settings-and-auditing.md
+++ b/includes/licensing/windows-security-policy-settings-and-auditing.md
@@ -1,19 +1,19 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
-ms.date: 05/04/2023
+ms.date: 08/02/2023
 ms.topic: include
 ---
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Windows Security policy settings and auditing:
+The following table lists the Windows editions that support Windows security policy settings and auditing:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Windows Security policy settings and auditing license entitlements are granted by the following licenses:
+Windows security policy settings and auditing license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index ec044296e5..7a196272c8 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -78,7 +78,7 @@ The **Billing Summary**  shows the charges against the billing profile since the
 | Credits |Credits you received from returns |
 | Azure credits applied |Your Azure credits that are automatically applied to Azure charges each billing period |
 | Subtotal |The pre-tax amount due |
-| Tax |The type and amount of tax that you pay, depending on the country of your billing profile. If you don't have to pay tax, then you won't see tax on your invoice. |
+| Tax |The type and amount of tax that you pay, depending on the country/region of your billing profile. If you don't have to pay tax, then you won't see tax on your invoice. |
 | Estimated total savings |The estimated total amount you saved from effective discounts. If applicable, effective discount rates are listed beneath the purchase line items in Details by Invoice Section. |
 
 ### Understand your charges
@@ -101,7 +101,7 @@ The total amount due for each service family is calculated by subtracting Azure
 | Qty | Quantity purchased or consumed during the billing period |
 | Charges/Credits | Net amount of charges after credits/refunds are applied |
 | Azure Credit | The amount of Azure credits applied to the Charges/Credits|
-| Tax rate | Tax rate(s) depending on country |
+| Tax rate | Tax rate(s) depending on country/region |
 | Tax amount | Amount of tax applied to purchase based on tax rate |
 | Total | The total amount due for the purchase |
 
diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json
index 30a7c3e475..f0006e84b3 100644
--- a/store-for-business/docfx.json
+++ b/store-for-business/docfx.json
@@ -37,6 +37,7 @@
         "tier2"
       ],
       "breadcrumb_path": "/microsoft-store/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.author": "trudyha",
       "audience": "ITPro",
       "ms.service": "store-for-business",
diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md
index 646daa195b..000c3669c0 100644
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@@ -2,33 +2,20 @@
 

 
 
-## Week of May 22, 2023
+## Week of July 10, 2023
 
 
 | Published On |Topic title | Change |
 |------|------------|--------|
-| 5/25/2023 | [Acquire apps in Microsoft Store for Business (Windows 10)](/microsoft-store/acquire-apps-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Manage Windows device deployment with Windows Autopilot Deployment](/microsoft-store/add-profile-to-devices) | modified |
-| 5/25/2023 | [App inventory management for Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/app-inventory-management-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Apps in Microsoft Store for Business and Education (Windows 10)](/microsoft-store/apps-in-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Assign apps to employees (Windows 10)](/microsoft-store/assign-apps-to-employees) | modified |
-| 5/25/2023 | [Configure an MDM provider (Windows 10)](/microsoft-store/configure-mdm-provider-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Distribute apps using your private store (Windows 10)](/microsoft-store/distribute-apps-from-your-private-store) | modified |
-| 5/25/2023 | [Distribute apps to your employees from the Microsoft Store for Business and Education (Windows 10)](/microsoft-store/distribute-apps-to-your-employees-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Distribute apps with a management tool (Windows 10)](/microsoft-store/distribute-apps-with-management-tool) | modified |
-| 5/25/2023 | [Distribute offline apps (Windows 10)](/microsoft-store/distribute-offline-apps) | modified |
-| 5/25/2023 | [Find and acquire apps (Windows 10)](/microsoft-store/find-and-acquire-apps-overview) | modified |
-| 5/25/2023 | [Microsoft Store for Business and Education (Windows 10)](/microsoft-store/index) | modified |
-| 5/25/2023 | [Manage access to private store (Windows 10)](/microsoft-store/manage-access-to-private-store) | modified |
-| 5/25/2023 | [Manage products and services in Microsoft Store for Business (Windows 10)](/microsoft-store/manage-apps-microsoft-store-for-business-overview) | modified |
-| 5/25/2023 | [Manage private store settings (Windows 10)](/microsoft-store/manage-private-store-settings) | modified |
-| 5/25/2023 | [Manage settings for Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/manage-settings-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/manage-users-and-groups-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Microsoft Store for Business and Education PowerShell module - preview](/microsoft-store/microsoft-store-for-business-education-powershell-module) | modified |
-| 5/25/2023 | [Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)](/microsoft-store/microsoft-store-for-business-overview) | modified |
-| 5/25/2023 | [Notifications in Microsoft Store for Business and Education (Windows 10)](/microsoft-store/notifications-microsoft-store-business) | modified |
-| 5/25/2023 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Roles and permissions in Microsoft Store for Business and Education (Windows 10)](/microsoft-store/roles-and-permissions-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Sign up and get started (Windows 10)](/microsoft-store/sign-up-microsoft-store-for-business-overview) | modified |
-| 5/25/2023 | [Troubleshoot Microsoft Store for Business (Windows 10)](/microsoft-store/troubleshoot-microsoft-store-for-business) | modified |
-| 5/25/2023 | [Update your Billing account settings](/microsoft-store/update-microsoft-store-for-business-account-settings) | modified |
+| 7/14/2023 | [Microsoft Store for Business and Education release history](/microsoft-store/release-history-microsoft-store-business-education) | modified |
+| 7/14/2023 | [Whats new in Microsoft Store for Business and Education](/microsoft-store/whats-new-microsoft-store-business-education) | modified |
+| 7/14/2023 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
+
+
+## Week of June 26, 2023
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 6/29/2023 | [Microsoft Store for Business and Education release history](/microsoft-store/release-history-microsoft-store-business-education) | modified |
+| 6/29/2023 | [Whats new in Microsoft Store for Business and Education](/microsoft-store/whats-new-microsoft-store-business-education) | modified |
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index 5c9f5e618a..af54ebd7c7 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -9,6 +9,7 @@ author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
+ms.custom: has-azure-ad-ps-ref
 ms.date: 05/24/2023
 ms.reviewer: 
 ---
diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md
index 876ab4f1df..0e5b708958 100644
--- a/store-for-business/payment-methods.md
+++ b/store-for-business/payment-methods.md
@@ -29,7 +29,7 @@ You can purchase products and services from Microsoft Store for Business using y
 - Japan Commercial Bureau (JCB)
 
 > [!NOTE]
-> Not all cards available in all countries. When you add a payment option, Microsoft Store for Business shows which cards are available in your region.
+> Not all cards available in all countries/regions. When you add a payment option, Microsoft Store for Business shows which cards are available in your region.
 
 ## Add a payment method
 
diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md
index a9f85a3d50..15adb1f6c8 100644
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@@ -8,7 +8,7 @@ ms.author: cmcatee
 author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
-ms.date: 05/24/2023
+ms.date: 06/29/2023
 ms.reviewer: 
 ---
 
@@ -17,11 +17,38 @@ ms.reviewer:
 > [!IMPORTANT]
 >
 > - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
 
-Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
+Because Microsoft Store for Business and Education will be retired, we no longer release new and improved features. Here's a summary of new or updated features in previous releases.
 
-Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
+Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
+
+## May 2023
+
+### Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs
+
+The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
+
+Users on Windows 10 PCs can no longer do the following tasks:
+
+- see Line of Business (LOB) products listed in the Microsoft Store for Business tab
+- acquire or install [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps)
+- assign licenses for existing [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) using the Store for Business portal or Store for Business app
+
+[Offline app](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) distribution and licensing scenarios aren't impacted by this change.
+
+We recommend that you add your apps through the new Microsoft Store app experience in Intune. If an app isn’t available in the Microsoft Store, you must retrieve an app package from the vendor and install it as an LOB app or Win32 app. For instructions, read the following articles:
+
+- [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
+- [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
+- [Add, assign, and monitor a Win32 app in Microsoft Intune](/mem/intune/apps/apps-win32-add)
+
+Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
+
+## April 2023
+- **Tab removed from Microsoft Store apps on Windows 11 PCs** – The Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. [Get more info](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed)
+
+## October 2018
+- **Use security groups with Private store apps** - On the details page for apps in your private store, you can set Private store availability. This allows you to choose which security groups can see an app in the private store. [Get more info](app-inventory-management-microsoft-store-for-business.md)
 
 ## September 2018
 - **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](/microsoft-store/manage-private-store-settings#private-store-performance)
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
index e07e032864..ea6dd9e359 100644
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ b/store-for-business/update-microsoft-store-for-business-account-settings.md
@@ -29,7 +29,7 @@ The **Billing account** page allows you to manage organization information, purc
 
 ## Organization information
 
-We need your business address, email contact, and tax-exemption certificates that apply to your country or locale.
+We need your business address, email contact, and tax-exemption certificates that apply to your country/region or locale.
 
 ### Business address and email contact
 
@@ -46,7 +46,7 @@ We need an email address in case we need to contact you about your Microsoft Sto
 4. Make your updates, and then select **Save**. 
 
 ### Organization tax information
-Taxes for Microsoft Store for Business purchases are determined by your business address. Businesses in these countries can provide their VAT number or local equivalent:
+Taxes for Microsoft Store for Business purchases are determined by your business address. Businesses in these countries/regions can provide their VAT number or local equivalent:
 - Austria
 - Belgium
 - Bulgaria
@@ -102,7 +102,7 @@ If you qualify for tax-exempt status in your market, start a service request to
 
 You'll need this documentation:
 
-|Country or locale | Documentation |
+|Country/Region or locale | Documentation |
 |------------------|----------------|
 | United States | Sales Tax Exemption Certificate |
 | Canada | Certificate of Exemption (or equivalent letter of authorization) |
diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md
index 3910147cc2..8ab993b759 100644
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@@ -1,6 +1,6 @@
 ---
 title: Whats new in Microsoft Store for Business and Education
-description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education.
+description: Learn about the newest features in Microsoft Store for Business and Microsoft Store for Education.
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
@@ -8,7 +8,7 @@ ms.author: cmcatee
 author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
-ms.date: 05/24/2023
+ms.date: 06/29/2023
 ms.reviewer: 
 ---
 
@@ -17,23 +17,30 @@ ms.reviewer:
 > [!IMPORTANT]
 >
 > - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-> - In April 2023 the Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 10 and Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. For more information see [Microsoft Store for Business tab removed](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed).
-
-Microsoft Store for Business and Education regularly releases new and improved features.  
 
 ## Latest updates for Store for Business and Education
 
-**October 2018**
+**May 2023**
 
-:::row:::
-   :::column span="1":::
-   ![Security groups.](images/security-groups-icon.png)
-   :::column-end:::
-   :::column span="1":::
-   **Use security groups with Private store apps**<br /><br /> On the details page for apps in your private store, you can set **Private store availability**. This allows you to choose which security groups can see an app in the private store. <br /><br />[Get more info](./app-inventory-management-microsoft-store-for-business.md#private-store-availability)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education
-   :::column-end:::
-:::row-end:::
+**Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs**
 
+The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
+
+Users on Windows 10 PCs can no longer do the following tasks:
+
+- see Line of Business (LOB) products listed in the Microsoft Store for Business tab
+- acquire or install [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps)
+- assign licenses for existing [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) using the Store for Business portal or Store for Business app
+
+[Offline app](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) distribution and licensing scenarios aren't impacted by this change.
+
+We recommend that you add your apps through the new Microsoft Store app experience in Intune. If an app isn’t available in the Microsoft Store, you must retrieve an app package from the vendor and install it as an LOB app or Win32 app. For instructions, read the following articles:
+
+- [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
+- [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
+- [Add, assign, and monitor a Win32 app in Microsoft Intune](/mem/intune/apps/apps-win32-add)
+
+Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
 
 <!---
 We've been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
@@ -47,6 +54,12 @@ We've been working on bug fixes and performance improvements to provide you a be
 
 ## Previous releases and updates
 
+[April 2023](release-history-microsoft-store-business-education.md#april-2023)
+- Tab removed from Microsoft Store apps on Windows 11 PCs.
+
+[October 2018](release-history-microsoft-store-business-education.md#october-2018)
+- Use security groups with Private store apps
+
 [September 2018](release-history-microsoft-store-business-education.md#september-2018)
 - Performance improvements
 
diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index 2ae9fdd4fd..db4571a9c6 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -1,74 +1,98 @@
 ---
-title: Add or hide optional apps and features on Windows devices | Microsoft Docs
-description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
-author: nicholasswhite
-ms.author: nwhite
+title: Add or hide Windows features
+description: Learn how to add Windows optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
-ms.date: 08/30/2021
-ms.topic: article
+ms.date: 08/18/2023
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Add or hide features on the Windows client OS
+# Add or hide Windows features
 
-**Applies to**:
+Windows includes optional features that aren't installed by default, but you can add later. These features are called [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities), and can be installed at any time. Some of these features are language resources like language packs or handwriting support. On organization-owned devices, you can control access to these other features. You can use group policy or mobile device management (MDM) policies to hide the UI from users, or use Windows PowerShell to enable or disable specific features.
 
-- Windows 10
-- Windows 11
+## Use the Windows Settings app to add or uninstall features
 
-The Windows client operating systems include more features that you and your users can install. These features are called [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (opens another Microsoft web site), and can be installed at any time. On your organization-owned devices, you may want to control access to these other features.
+### Windows 11
 
-This article:
+1. Open the Start menu and search for **Settings**.
 
-- Shows you how to add features using the user interface.
-- Lists the group policies and Mobile device management (MDM) policies to hide Windows Features.
-- Includes information on using Windows PowerShell to disable specific Windows Features.
+1. In the Settings app, search for "optional" and select **Optional features**.
 
-If you're working on your own device, use the **Settings** app to add features.
+   > [!TIP]
+   > You can also use the following shortcut to open it directly: [`ms-settings:optionalfeatures`](ms-settings:optionalfeatures).
 
-## Add or uninstall features
+1. To add a feature:
 
-1. In the Search bar, search for "apps", and select **Apps and features**.
-2. Select **Optional features** > **Add a feature**.
-3. Select the feature you want to add, like **XPS Viewer**, and then select **Install.**
+    1. Select **View features** next to "Add an optional feature."
+
+    1. Find the feature you want to add, like **XPS Viewer**. Select the box to add it. You can select multiple features.
+
+    1. Select **Next**. Review the list of features you selected, and then select **Install** to add the selected features.
+
+1. To uninstall a feature:
+
+    1. Search for it in the list of **Installed features**.
+
+    1. Expand the section, and select **Uninstall**.
+
+### Windows 10
+
+1. In the Search bar, search for "apps" and select **Apps and features**.
+
+1. Select **Optional features** > **Add a feature**.
+
+1. Select the feature you want to add, like **XPS Viewer**, and then select **Install.**
 
 When the installation completes, the feature is listed in **Apps & features**. In **Apps & features** > **Optional features** > **More Windows features**, there are more features that you and your users can install.
 
 To uninstall a feature, open the **Settings** app. Select the feature, and then select **Uninstall**.
 
-## Use Group Policy or MDM to hide Windows Features
+## Use group policy or MDM policies to hide Windows features
 
-By default, the OS might show Windows Features, and allow users to install and uninstall these optional apps and features.
+By default, the OS might show Windows features and allow users to install and uninstall these optional apps and features. To hide Windows features on your user devices, you can use group policy or an MDM provider like Microsoft Intune.
 
-To hide Windows Features on your user devices, you can use Group Policy (on-premises), or use an MDM provider, such as Microsoft Intune (cloud).
+### Group policy
 
-### Group Policy
+If you use group policy, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Windows Features"` policy. By default, this policy may be set to **Not configured**, which means users can add or remove features. When this setting is **Enabled**, the settings page to add optional features is hidden on the device.
 
-If you use Group Policy, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Windows Features"` policy. By default, this policy may be set to **Not configured**, which means users can add or remove features. When this setting is **Enabled**, the Windows Features is hidden on the device.
-
-You can't use Group Policy to disable specific Windows Features, such as XPS Viewer. If you want to disable specific features, use [Windows PowerShell](#use-windows-powershell-to-disable-specific-features) (in this article).
+You can't use group policy to disable specific Windows features, such as XPS Viewer. If you want to disable specific features, use [Windows PowerShell](#use-windows-powershell-to-disable-specific-features).
 
 If you want to hide the entire **Apps** feature in the Settings app, use the `User Configuration\Administrative Template\Control Panel\Programs\Hide "Programs and Features" page` policy.
 
 ### MDM
 
-Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to hide Windows Features.
+Using Microsoft Intune, you can use [administrative templates](/mem/intune/configuration/administrative-templates-windows) or the [settings catalog](/mem/intune/configuration/settings-catalog) to hide Windows features.
 
-If you want to hide the entire **Apps** feature in the Settings app, you can use a configuration policy on Intune enrolled devices. For more information on the Control Panel settings you can configure, see [Control Panel settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings).
+If you want to hide the entire **Apps** feature in the Settings app, you can use a configuration policy on Intune enrolled devices. For more information on the settings you can configure, see [Control Panel and Settings device restrictions in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings).
 
 ## Use Windows PowerShell to disable specific features
 
-To disable specific features, you can use the Windows PowerShell [Disable-WindowsOptionalFeature](/powershell/module/dism/disable-windowsoptionalfeature) command. There isn't a Group Policy that disables specific Windows Features.
+To disable specific features, use the Windows PowerShell [Disable-WindowsOptionalFeature](/powershell/module/dism/disable-windowsoptionalfeature) cmdlet.
 
-If you're looking to automate disabling specific features, you can create a scheduled task. Then, use the scheduled task to run your Windows PowerShell script. For more information about Task Scheduler, see [Task Scheduler for developers](/windows/win32/taskschd/task-scheduler-start-page).
+> [!NOTE]
+> There isn't a group policy that disables specific Windows features.
 
-Microsoft Intune can also execute Windows PowerShell scripts. For more information, see [Use PowerShell scripts on Windows client devices in Intune](/mem/intune/apps/intune-management-extension).
+To automate disabling specific features, create a scheduled task to run a PowerShell script. For more information about Windows task scheduler, see [Task Scheduler for developers](/windows/win32/taskschd/task-scheduler-start-page).
 
-## Restore Windows features
+Microsoft Intune can also run PowerShell scripts. For more information, see [Use PowerShell scripts on Windows client devices in Intune](/mem/intune/apps/intune-management-extension).
 
-- If you use Group Policy or MDM to hide Windows Features or the entire Apps feature, you can set the policy to **Not configured**. Then, deploy your policy. When the device receives the policy, the features are configurable.
-- Using Windows PowerShell, you can also enable specific features using the [Enable-WindowsOptionalFeature](/powershell/module/dism/enable-windowsoptionalfeature) command.
+To enable specific features, use the [Enable-WindowsOptionalFeature](/powershell/module/dism/enable-windowsoptionalfeature) cmdlet.
+
+Another useful PowerShell cmdlet is [Get-WindowsOptionalFeature](/powershell/module/dism/get-windowsoptionalfeature). Use this cmdlet to view information about optional features in the current OS or a mounted image. This cmdlet returns the current state of features, and whether a restart may be required when the state changes.
+
+## Related articles
+
+- [Features on Demand overview](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities)
+
+- [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod)
+
+- [Language and region Features on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-language-fod)
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index cc656aafd4..4fc8997a6e 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
index 58897cdf6e..040eda052e 100644
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
index fa08c35781..b11acc20a7 100644
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
index 03cecb9d0e..ec381c1293 100644
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
index e211ca7e51..cf6f1e8a76 100644
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
index 26f95c80b5..a02875375a 100644
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index 74ab14397b..025efdca77 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
index 567e7032c1..24903fe377 100644
--- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/15/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
index cdf4c28c91..9d78748d49 100644
--- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
+++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/15/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-auto-batch-sequencing.md b/windows/application-management/app-v/appv-auto-batch-sequencing.md
index 4939b6ebf8..c8a8e980b5 100644
--- a/windows/application-management/app-v/appv-auto-batch-sequencing.md
+++ b/windows/application-management/app-v/appv-auto-batch-sequencing.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md
index e7258a8130..42e883d6c6 100644
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
index 3355376c09..f73f89ee26 100644
--- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
+++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/15/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-auto-provision-a-vm.md b/windows/application-management/app-v/appv-auto-provision-a-vm.md
index 7ceed272a7..0f09ca265b 100644
--- a/windows/application-management/app-v/appv-auto-provision-a-vm.md
+++ b/windows/application-management/app-v/appv-auto-provision-a-vm.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md
index 771a738982..e869fd86fb 100644
--- a/windows/application-management/app-v/appv-available-mdm-settings.md
+++ b/windows/application-management/app-v/appv-available-mdm-settings.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/15/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-capacity-planning.md b/windows/application-management/app-v/appv-capacity-planning.md
index a6a532e8a3..2b7edc6c54 100644
--- a/windows/application-management/app-v/appv-capacity-planning.md
+++ b/windows/application-management/app-v/appv-capacity-planning.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 326585e719..d87457a13f 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
index 41d37e769a..ab350e2a83 100644
--- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
index 8a69ae36a5..9e7f90b5a1 100644
--- a/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
+++ b/windows/application-management/app-v/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
index 6c2f01bc3f..687c339a07 100644
--- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
+++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/25/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md
index 07b3d731e9..95ec5914c4 100644
--- a/windows/application-management/app-v/appv-connect-to-the-management-console.md
+++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/25/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md
index e39efd3b64..df85debbf2 100644
--- a/windows/application-management/app-v/appv-connection-group-file.md
+++ b/windows/application-management/app-v/appv-connection-group-file.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/25/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index f1f55c9cd9..26f5a073a8 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 06/25/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 860483ff03..3a2f20cbb5 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
index 96b3e97312..09a658895f 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-a-connection-group.md b/windows/application-management/app-v/appv-create-a-connection-group.md
index 497e3ea71b..18a61bee6e 100644
--- a/windows/application-management/app-v/appv-create-a-connection-group.md
+++ b/windows/application-management/app-v/appv-create-a-connection-group.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
index 4c8acf525d..0dd4402170 100644
--- a/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index ddd0de127f..30cddc907d 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator.md b/windows/application-management/app-v/appv-create-a-package-accelerator.md
index c753f09372..93333681f5 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
index 49e3724b94..162c56efbc 100644
--- a/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
+++ b/windows/application-management/app-v/appv-create-a-virtual-application-package-package-accelerator.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-create-and-use-a-project-template.md b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
index 70650f1456..9420f67b5f 100644
--- a/windows/application-management/app-v/appv-create-and-use-a-project-template.md
+++ b/windows/application-management/app-v/appv-create-and-use-a-project-template.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
index adb044d34a..4616ec336f 100644
--- a/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
+++ b/windows/application-management/app-v/appv-creating-and-managing-virtualized-applications.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
index 0326ed9cec..117cbd91bd 100644
--- a/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 07/10/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-delete-a-connection-group.md b/windows/application-management/app-v/appv-delete-a-connection-group.md
index 32cb6660b7..55dc6b0ec7 100644
--- a/windows/application-management/app-v/appv-delete-a-connection-group.md
+++ b/windows/application-management/app-v/appv-delete-a-connection-group.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
index 21b928cfbb..1917d768e9 100644
--- a/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
index 2f34d49a3a..3fac560518 100644
--- a/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
+++ b/windows/application-management/app-v/appv-deploy-appv-databases-with-sql-scripts.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
index 4005389caf..cbaf3e7123 100644
--- a/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
index f643e3540b..19e48512a0 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploy-the-appv-server.md b/windows/application-management/app-v/appv-deploy-the-appv-server.md
index 417e6a9dbd..4a9f49f03b 100644
--- a/windows/application-management/app-v/appv-deploy-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploy-the-appv-server.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-appv.md b/windows/application-management/app-v/appv-deploying-appv.md
index 9b93a5cd57..d1d23d6d74 100644
--- a/windows/application-management/app-v/appv-deploying-appv.md
+++ b/windows/application-management/app-v/appv-deploying-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index c1a212d4a9..02924fde4f 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 2361c92d00..0cb31fa36f 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index 871ad80c8d..ee4cbe5751 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
index 19ddffc329..20e131feb1 100644
--- a/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index 23364f226c..e2fd60d1e8 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-server.md b/windows/application-management/app-v/appv-deploying-the-appv-server.md
index a65e0f099d..2b08876aed 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-server.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-server.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-deployment-checklist.md b/windows/application-management/app-v/appv-deployment-checklist.md
index a7c3a33ae3..fd90b055be 100644
--- a/windows/application-management/app-v/appv-deployment-checklist.md
+++ b/windows/application-management/app-v/appv-deployment-checklist.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 2f5070263e..03ba41c6d2 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index c8554bb768..9c19cab0aa 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -6,8 +6,9 @@ ms.prod: windows-client
 ms.technology: itpro-apps
 ms.date: 05/02/2022
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: how-to
 ---
 
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 2b56810126..cc71b17cb7 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index c90e3f24f7..5b65a93ac1 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 5324043e75..6874ebc260 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index c0190e9ad0..ecb4183907 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 0ac943721e..f851ca2a85 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index d14f1d6594..437b20eeb1 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index ca6176f530..acc244a595 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index 262b132cdd..ae2e2b56c3 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index 1628f2e74c..5b258437f3 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 72db9c5275..7457b54f82 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index f76835b49c..f5335dd5f0 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index 7d6a6fafc5..2fdd2ec28d 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index cd63df0b5f..2170f1e25b 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index fc8dfc21e0..fb3a0ccc4e 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index 90dbde5bfe..e125255c83 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -8,8 +8,9 @@ ms.sitesec: library
 ms.prod: windows-client
 ms.date: 09/24/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index 9cc33e59c4..c870425b03 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 92205f0970..d65f100109 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index 4a56597185..b5ca6b5e48 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 5b3828c3ce..db81d9833c 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index 221a09536f..6e0950dbf8 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index 7a455cd752..4b844f29a5 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 224a4490ae..7b2ef74380 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 5675d15eff..cb7e615a02 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index 7616cad1e5..c391399dd5 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index de5a689d74..04e30a407c 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index 9279268e38..6d1dfd402c 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index f05793311f..e0bf768b4b 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index 90d0eb2de4..3f800f36de 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index c42918e88b..61f49df9b6 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index 451e113eaa..02914cd55b 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index ad7565277d..478b1f8523 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 9a682b9c47..5cfdf7b332 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index cf0f423e87..95fad14736 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -5,8 +5,9 @@ ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 author: aczechowski
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index d63f666cfa..9df6ba5e4c 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index 67936bfc06..2a86b56aff 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index 3401984dac..8d1b3b7041 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 0bd4777e42..2c82592252 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index 5bfd8497af..f2df77ee92 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index fa7f9d3364..00fd89be8c 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index 5464c1fdcc..0108207c9e 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index 49b68f3ed9..ce0c73c061 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 03/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index 23e9dce8a5..5c13af93a6 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 7e0b19b428..a19c89cc1c 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 65cccc4561..1b289057fe 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index e9168ea779..059ef24c65 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.topic: article
 ms.technology: itpro-apps
 ---
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index 80859782c4..5feee6e5a9 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index b0a1c0a587..6ad489e6d0 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index 9bba519134..8e916937ed 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index 192f9f4b66..d9769d9ac3 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index c327a058bb..3cdd99110d 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index 858f0dcbad..92b64eb2ec 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index f5fad71c85..ed8de7183d 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -5,8 +5,9 @@ author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
+ms.collection: must-keep
 ms.technology: itpro-apps
 ---
 
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
deleted file mode 100644
index e54211075c..0000000000
--- a/windows/application-management/apps-in-windows-10.md
+++ /dev/null
@@ -1,162 +0,0 @@
----
-title: Learn about the different app types in Windows 10/11 | Microsoft Docs
-description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
-author: nicholasswhite
-ms.author: nwhite
-manager: aaroncz
-ms.date: 02/09/2023
-ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-apps
-ms.localizationpriority: medium
-ms.collection: tier2
-ms.reviewer:
----
-
-# Overview of apps on Windows client devices
-
-**Applies to**:
-
-- Windows 10
-- Windows 11
-
-## Before you begin
-
-As organizations become more global, and to support employees working from anywhere, it's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use the Microsoft Intune family of products. This family includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
-
-In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
-
-- [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
-- [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
-- [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
-
-## App types
-
-There are different types of apps that can run on your Windows client devices. This section lists some of the common apps used on Windows devices.
-
-- **Microsoft 365 apps**: These apps are used for business and productivity, and include Outlook, Word, Teams, OneNote, and more. Depending on the licenses your organization has, you may already have these apps. When you use an MDM provider, these apps can also be deployed to mobile devices, including smartphones.
-
-  For more information on the Microsoft 365 license options, and what you get, see [Transform your enterprise with Microsoft 365](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).
-
-- **Power Apps**: These apps connect to business data available online and on-premises, and can run in a web browser, and on mobile devices. They can be created by business analysts and professional developers. For more information, see [What is Power Apps?](/powerapps/powerapps-overview).
-
-- **.NET apps**: These apps can be desktop apps that run on the device, or web apps. Some common .NET apps include:
-
-  - **Windows Presentation Foundation (WPF)**: Using .NET, you can create a WPF desktop app that runs on the device, or create a WPF web app. This app is commonly used by organizations that create line of business (LOB) desktop apps. For more information, see [WPF Application Development](/dotnet/desktop/wpf/app-development).
-  - **Windows Forms (WinForm)**: Using .NET, you can create a Windows Forms desktop app that runs on the device, and doesn't require a web browser or internet access. Just like Win32 apps, WinForm apps can access the local hardware and file system of the computer where the app is running. For more information, see [Desktop Guide (Windows Forms .NET)](/dotnet/desktop/winforms/overview).
-
-- **Windows apps**: 
-
-  > [!TIP]
-  > Starting with Windows 10, you can use the **Windows UI Library (WinUI 3)** to create .NET, Win32 desktop, and UWP apps. This library includes native Windows UI controls and other user interface elements familiar to Windows users. For more information, see [Windows UI Library (WinUI)](/windows/apps/winui/).
-
-  - **Apps**: All apps installed in `C:\Program Files\WindowsApps`. There are two classes of apps:
-
-    - **Provisioned**: Installed in user account the first time you sign in with a new user account. For a list of some common provisioned apps, see [Provisioned apps installed with the Windows client OS](provisioned-apps-windows-client-os.md).
-    - **Installed**: Installed as part of the OS.
-
-  - **Universal Windows Platform (UWP) apps**: These apps run and can be installed on many Windows platforms, including tablets, Microsoft HoloLens, Xbox, and more. All UWP apps are Windows apps. Not all Windows apps are UWP apps.
-
-    For more information, see [What's a Universal Windows Platform (UWP) app?](/windows/uwp/get-started/universal-application-platform-guide).
-
-  - **Win32 apps**: These apps are traditional Windows apps that run on the device, and are often called desktop apps. They require direct access to Windows and the device hardware, and typically don't require a web browser. These apps run in 32-bit mode on 64-bit devices, and don't depend on a managed runtime environment, like .NET.
-
-    For more information, see [Get started developing apps for Windows desktop](/windows/apps/get-started) and [Make your apps great on Windows 11](/windows/apps/get-started/make-apps-great-for-windows).
-
-  - **System apps**: Apps installed in the `C:\Windows\` directory. These apps are part of the Windows OS. For a list of some common system apps, see [System apps installed with the Windows client OS](system-apps-windows-client-os.md).
-
-- **Web apps** and **Progressive web apps (PWA)**: These apps run on a server, and don't run on the end user device. To use these apps, users must use a web browser and have internet access. **Progressive web apps** are designed to work for all users, work with any browser, and work on any platform.
-
-  Web apps are typically created in Visual Studio, and can be created with different languages. For more information, see [Create a Web App](https://azure.microsoft.com/get-started/web-app/). When the app is created and ready to be used, you deploy the web app to a web server. Using Azure, you can host your web apps in the cloud, instead of on-premises. For more information, see [App Service overview](/azure/app-service/overview).
-
-  Using an MDM provider, you can create shortcuts to your web apps and progressive web apps on devices.
-
-## Android&trade;️ apps
-
-Starting with Windows 11, users in the [Windows Insider program](https://insider.windows.com/) can use the Microsoft Store to search, download, and install Android&trade;️ apps. This feature uses the Windows Subsystem for Android, and allows users to interact with Android apps, just like others apps installed from the Microsoft Store.
-
-For more information, see:
-
-- [Windows Subsystem for Android](https://support.microsoft.com/windows/abed2335-81bf-490a-92e5-fe01b66e5c48)
-- [Windows Subsystem for Android developer information](/windows/android/wsa)
-
-## Add or deploy apps to devices
-
-When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
-
-> [!NOTE]
-> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
->Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps.
-
-- **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.
-
-  If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows client device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).
-
-  For an overview of the different types of device policies you can create, see [Apply features and settings on your devices using device profiles in Microsoft Intune](/mem/intune/configuration/device-profiles).
-
-- **Mobile device management (MDM)**: Use an MDM provider, like Microsoft Intune (cloud) or Configuration Manager (on-premises), to deploy apps. For example, you can create app policies that deploy Microsoft 365 apps, deploy Win32 apps, create shortcuts to web apps, add Store apps, and more.
-
-  For more information, see:
-
-  - [Add apps to Microsoft Intune](/mem/intune/apps/apps-add)
-  - [Application management in Configuration Manager](/mem/configmgr/apps/understand/introduction-to-application-management)
-
-- **Microsoft Store**: When you use the Microsoft Store app, Windows users can download apps from the public store. And, they can download apps provided by your organization, which is called the "private store". If your organization creates its own apps, you can use **[Windows Package Manager](/windows/package-manager)** to add apps to the private store.
-
-  To help manage the Microsoft Store on your devices, you can use policies:
-
-  - On premises, you can use Administrative Templates in Group Policy to control access to the Microsoft Store app:
-    - `User Configuration\Administrative Templates\Windows Components\Store`
-    - `Computer Configuration\Administrative Templates\Windows Components\Store`
-  - Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to control access to the Microsoft Store app.
-
-  For more information, see:
-
-  - [Microsoft Store for Business and Education](/microsoft-store/)
-  - [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423)
-
-- **MSIX for desktop apps**: MSIX packages your UWP, Win32, WPF, and WinForm desktop application files. MSIX reliably installs apps, helps optimize disk storage space, and reduces duplicate files. If your organization typically uses `.EXE` or `.MSI` files to install desktop apps, then you should look into MSIX.
-
-  To deploy MSIX packages and their apps, you can:
-
-  - Use an MDM provider, like Microsoft Intune and Configuration Manager.
-  - Use an App Installer. User users double-click an installer file, or select a link on a web page.
-  - And more.
-
-  For more information, see:
-
-  - [What is MSIX?](/windows/msix/overview)
-  - [MSIX app distribution for enterprises](/windows/msix/desktop/managing-your-msix-deployment-enterprise)
-
-- **Windows Package Manager**: Windows Package Manager is a command line tool commonly used by developers to install Windows apps. Using the command line, you can get apps from the Microsoft Store or from GitHub (and more), and install these apps on Windows devices. It's helpful if you want to bypass user interfaces for getting apps from organizations and from developers.
-
-  If your organization uses `.EXE`, `.MSIX`, or `.MSI` files, then Windows Package Manager might be the right deployment option for your organization.
-
-  For more information, see [Windows Package Manager](/windows/package-manager).
-
-- **Azure Virtual desktop with MSIX app attach**: With Azure virtual desktop, you can virtualize the Windows client OS desktop, and use virtual apps on this desktop. With MSIX app attach, you dynamically deliver MSIX packaged apps to users and user groups.
-
-  The benefit is to use the cloud to deliver virtual apps in real time, and as-needed. Users use the apps as if they're installed locally.
-
-  If you currently use App-V, and want to reduce your on-premises footprint, then **Azure Virtual desktop with MSIX app attach** might be the right deployment for your organization.
-
-  For more information, see:
-
-  - [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview)
-  - [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal)
-
-- **Application Virtualization (App-V)**: App-V allows Win32 apps to be used as virtual apps.
-
-  > [!NOTE]
-  > [!INCLUDE [Application Virtualization will be end of life in April 2026](./includes/app-v-end-life-statement.md)]
-
-  On an on-premises server, you install and configure the App-V server components, and then install your Win32 apps. On Windows Enterprise client devices, you use the App-V client components to run the virtualized apps. They allow users to open the virtual apps using the icons and file names they're familiar with. Users use the apps as if they're installed locally.
-
-  The benefit is to deliver virtual apps in real time, and as-needed. For more information, see [Application Virtualization (App-V) for Windows overview](./app-v/appv-for-windows.md).
-
-  To help manage App-V on your devices, you can use policies:
-
-  - On premises, you can use Administrative Templates in Group Policy to deploy App-V policies (`Computer Configuration\Administrative Templates\System\App-V`).
-  - Using Microsoft Intune, you can use [Administrative Templates](/mem/intune/configuration/administrative-templates-windows) (opens another Microsoft web site) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) (opens another Microsoft web site) to deploy App-V policies.
-
-
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index b358bcc686..b8d3bddc46 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -39,7 +39,7 @@
       "ms.collection": [
         "tier2"
       ],
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "ms.technology": "itpro-apps",
       "ms.topic": "article",
       "feedback_system": "GitHub",
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 19c8ec6649..1ed95c362a 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -1,8 +1,8 @@
 ---
 title: Remove background task resource restrictions
 description: Allow enterprise background tasks unrestricted access to computer resources.
-author: nicholasswhite
-ms.author: nwhite
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 10/03/2017
 ms.topic: article
diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md
index 14de444ad4..f9844e71b1 100644
--- a/windows/application-management/includes/app-v-end-life-statement.md
+++ b/windows/application-management/includes/app-v-end-life-statement.md
@@ -1,6 +1,6 @@
 ---
-author: nicholasswhite
-ms.author: nwhite
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 09/20/2021
 ms.topic: include
diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md
index 13ec789f1d..35084641c6 100644
--- a/windows/application-management/includes/applies-to-windows-client-versions.md
+++ b/windows/application-management/includes/applies-to-windows-client-versions.md
@@ -1,8 +1,9 @@
 ---
-author: nicholasswhite
-ms.author: nwhite
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 09/28/2021
+manager: aaroncz
 ms.topic: include
 ms.prod: windows-client
 ms.technology: itpro-apps
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index da969d420b..b08cd77d57 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -1,39 +1,46 @@
 ### YamlMime:Landing
 
 title: Windows application management
-summary: Learn about managing applications in Windows client, including how to remove background task resource restrictions.
+summary: Learn about managing applications in Windows client, including common app types.
 
 metadata:
   title: Windows application management
-  description: Learn about managing applications in Windows 10 and Windows 11.
-  author: nicholasswhite
-  ms.author: nwhite
+  description: Learn about managing applications in Windows client.
+  author: aczechowski
+  ms.author: aaroncz
   manager: aaroncz
-  ms.date: 08/24/2021
+  ms.date: 08/18/2023
   ms.topic: landing-page
   ms.prod: windows-client
   ms.collection:
     - tier1
     - highpri
 
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | tutorial | overview | quickstart | reference | sample | tutorial | video | whats-new
+
 landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Manage Windows applications
+  - title: Manage applications
     linkLists:
-      - linkListType: overview
+      - linkListType: how-to-guide
         links:
-          - text: Understand apps in Windows client OS
-            url: apps-in-windows-10.md
-          - text: How to add features
+          - text: Overview of apps in Windows
+            url: overview-windows-apps.md
+          - text: Add or hide Windows features
             url: add-apps-and-features.md
           - text: Sideload LOB apps
             url: sideload-apps-in-windows-10.md
           - text: Keep removed apps from returning during an update
             url: remove-provisioned-apps-during-update.md
 
-  # Card (optional)
+  - title: Manage services
+    linkLists:
+      - linkListType: reference
+        links:
+          - text: Per-user services in Windows
+            url: per-user-services-in-windows.md
+          - text: Changes to Service Host grouping in Windows 10
+            url: svchost-service-refactoring.md
+
   - title: Application Virtualization (App-V) 
     linkLists:
       - linkListType: overview
@@ -52,15 +59,3 @@ landingContent:
             url: app-v/appv-troubleshooting.md
           - text: Technical Reference for App-V
             url: app-v/appv-technical-reference.md
-
-  # Card (optional)
-  - title: Windows System Services
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Changes to Service Host grouping in Windows 10
-            url: svchost-service-refactoring.md
-          - text: Per-user services in Windows
-            url: per-user-services-in-windows.md
-          - text: Per-user services in Windows
-            url: per-user-services-in-windows.md
\ No newline at end of file
diff --git a/windows/application-management/overview-windows-apps.md b/windows/application-management/overview-windows-apps.md
new file mode 100644
index 0000000000..135c557b56
--- /dev/null
+++ b/windows/application-management/overview-windows-apps.md
@@ -0,0 +1,200 @@
+---
+title: Overview of apps on Windows client devices
+description: Learn about the different types of apps that run on Windows. For example, Universal Windows Platform (UWP), Windows Presentation Foundation (WPF), Win32, and Windows Forms apps. This article also includes the best way to install these apps.
+author: aczechowski
+ms.author: aaroncz
+manager: aaroncz
+ms.date: 08/28/2023
+ms.topic: overview
+ms.prod: windows-client
+ms.technology: itpro-apps
+ms.localizationpriority: medium
+ms.collection: tier2
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+---
+
+# Overview of apps on Windows client devices
+
+There are different types of apps that can run on your Windows client devices. This article provides an overview of some of the common apps used on Windows devices. It also explains the basics of how to install these apps.
+
+## Windows app types
+
+### Microsoft 365 apps
+
+These apps are used for business and productivity, and include Outlook, Word, Teams, OneNote, and more. Depending on the licenses your organization has, you may already have these apps. When you use an MDM provider, these apps can also be deployed to mobile devices, including smartphones.
+
+For more information on the Microsoft 365 license options, and what you get, see [Find the right Microsoft 365 enterprise plan for your organization](https://www.microsoft.com/microsoft-365/enterprise/microsoft365-plans-and-pricing).
+
+For more information on deploying Microsoft 365 apps, see the [Deployment guide for Microsoft 365 Apps](/DeployOffice/deployment-guide-microsoft-365-apps).
+
+### Power Apps
+
+These apps are custom, low-code apps to connect to business data, modernize processes, and solve unique challenges. Power Apps are available online and on-premises, can run in a web browser, and on mobile devices. They can be created by business analysts and professional developers. 
+
+For more information, see [What is Power Apps?](/power-apps/powerapps-overview).
+
+### .NET apps
+
+These apps can be desktop apps that run on the device, or web apps. Some common .NET apps include:
+
+- **Windows Presentation Foundation (WPF)**: Using .NET, you can create a WPF desktop app that runs on the device, or create a WPF web app. This app is commonly used by organizations that create line of business (LOB) desktop apps. For more information, see [WPF application development](/dotnet/desktop/wpf/app-development).
+
+- **Windows Forms (WinForm)**: Using .NET, you can create a Windows Forms desktop app that runs on the device, and doesn't require a web browser or internet access. Just like Win32 apps, WinForm apps can access the local hardware and file system of the computer where the app is running. For more information, see [Desktop Guide (Windows Forms .NET)](/dotnet/desktop/winforms/overview).
+
+### Windows apps
+
+> [!TIP]
+> Starting with Windows 10, you can use the **Windows UI Library (WinUI 3)** to create .NET, Win32 desktop, and UWP apps. This library includes native Windows UI controls and other user interface elements familiar to Windows users. For more information, see [Windows UI Library (WinUI)](/windows/apps/winui/).
+
+- **Apps**: All apps installed in the protected directory `C:\Program Files\WindowsApps`. There are two classes of these apps:
+
+  - **Installed**: Installed as part of the OS.
+
+  - **Provisioned**: Installed the first time you sign in with a new user account.
+
+    > [!TIP]
+    > To get a list of all provisioned apps, use Windows PowerShell:
+    >
+    > ```powershell
+    > Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
+    > ```
+    >
+    > The output lists all the provisioned apps, and their package names. For more information, see [Get-AppxProvisionedPackage](/powershell/module/dism/get-appxprovisionedpackage).
+
+- **Universal Windows Platform (UWP) apps**: These apps run and can be installed on many Windows platforms, including tablets, Microsoft HoloLens, Xbox, and more. All UWP apps are Windows apps. Not all Windows apps are UWP apps.
+
+    For more information, see [What's a Universal Windows Platform (UWP) app?](/windows/uwp/get-started/universal-application-platform-guide).
+
+- **Win32 apps**: These apps are traditional Windows apps that run on the device, and are often called desktop apps. They require direct access to Windows and the device hardware, and typically don't require a web browser. These apps run in 32-bit mode on 64-bit devices, and don't depend on a managed runtime environment, like .NET.
+
+    For more information, see [Get started developing apps for Windows desktop](/windows/apps/get-started) and [Top 11 things you can do to make your app great on Windows 11](/windows/apps/get-started/make-apps-great-for-windows).
+
+- **System apps**: Apps installed in the system root directory `C:\Windows\`. These apps are part of the Windows OS.
+
+    > [!TIP]
+    > To get a list of all the system apps, use Windows PowerShell:
+    >
+    > ```powershell
+    > `Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation
+    > ```
+    >
+    > The output lists all the system apps, and their installation location. For more information, see [Get-AppxPackage](/powershell/module/appx/get-appxpackage).
+
+### Web apps
+
+Web apps and progressive web apps (PWA) run on a server, and don't run on the end user device. To use these apps, users must use a web browser and have network access. **Progressive web apps** are designed to work for all users, work with any browser, and work on any platform.
+
+Web apps are typically created in Visual Studio, and can be created with different languages. For more information, see [Create a web app](/visualstudio/get-started/csharp/tutorial-aspnet-core). When the app is created and ready to be used, you deploy the web app to a web server. Using Azure, you can host your web apps in the cloud, instead of on-premises. For more information, see [App Service overview](/azure/app-service/overview).
+
+When you use an MDM provider like Microsoft Intune, you can create shortcuts to your web apps and progressive web apps on devices. For more information, see [Add web apps to Microsoft Intune](/mem/intune/apps/web-app).
+
+## Android&trade;️ apps
+
+Starting with Windows 11, you can install Android&trade;️ apps. This feature uses the Windows Subsystem for Android, and allows users to interact with mobile apps just like others apps.
+
+For more information, see the following articles:
+
+- [Apps from the Amazon Appstore](https://support.microsoft.com/windows/apps-from-the-amazon-appstore-abed2335-81bf-490a-92e5-fe01b66e5c48)
+
+- [Windows Subsystem for Android developer information](/windows/android/wsa)
+
+## Add or deploy apps to devices
+
+When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
+
+### Manually install
+
+On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.
+
+If you want to prevent users from downloading apps on organization owned devices, use an MDM provider, like Microsoft Intune. For example, you can create a policy that allows or prevents users from sideloading apps, only allow the private store, and more. For more information on the features you can restrict, see [Windows client device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10).
+
+For an overview of the different types of device policies you can create, see [Apply features and settings on your devices using device profiles in Microsoft Intune](/mem/intune/configuration/device-profiles).
+
+### Management service
+
+Use an MDM provider like Microsoft Intune, or an on-premises solution like Configuration Manager. For example, you can create app policies that deploy Microsoft 365 apps, deploy Win32 apps, create shortcuts to web apps, or add Store apps.
+
+For more information, see:
+
+- [Add apps to Microsoft Intune](/mem/intune/apps/apps-add)
+- [Application management in Configuration Manager](/mem/configmgr/apps/understand/introduction-to-application-management)
+
+### Microsoft Store
+
+When you use the Microsoft Store app, Windows users can download apps from the public store. They can also download apps provided by your organization, which is called the *private store*. If your organization creates its own apps, you can use [Windows Package Manager](/windows/package-manager) to add apps to the private store.
+
+> [!NOTE]
+> Retirement of the Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
+>
+> For more information, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/bc-p/3771217). This blog post describes the new Microsoft Store experience for both Windows 11 and Windows 10. To learn about other options for getting and managing apps, see [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft).
+
+To help manage the Microsoft Store on your devices, you can use policies:
+
+- On premises, you can use administrative templates in group policy to control access to the Microsoft Store app:
+  - `User Configuration\Administrative Templates\Windows Components\Store`
+  - `Computer Configuration\Administrative Templates\Windows Components\Store`
+
+- Using Microsoft Intune, you can use [administrative templates](/mem/intune/configuration/administrative-templates-windows) or the [Settings Catalog](/mem/intune/configuration/settings-catalog) to control access to the Microsoft Store app.
+
+### MSIX for desktop apps
+
+MSIX packages your UWP, Win32, WPF, and WinForm desktop application files. MSIX reliably installs apps, helps optimize disk storage space, and reduces duplicate files. If your organization typically uses `.EXE` or `.MSI` files to install desktop apps, then you should look into MSIX.
+
+To deploy MSIX packages and their apps, you can:
+
+- Use a management service, like Microsoft Intune and Configuration Manager.
+- Use an App Installer. User users double-click an installer file, or select a link on a web page.
+
+For more information, see the following articles:
+
+- [What is MSIX?](/windows/msix/overview)
+- [MSIX app distribution for enterprises](/windows/msix/desktop/managing-your-msix-deployment-enterprise)
+
+### Windows Package Manager
+
+Windows Package Manager is a command line tool commonly used by developers to install Windows apps. Using the command line, you can get apps from services like the Microsoft Store or GitHub, and install these apps on Windows devices. It's helpful if you want to bypass user interfaces for getting apps from organizations and from developers.
+
+If your organization uses `.EXE`, `.MSIX`, or `.MSI` files, then Windows Package Manager might be the right deployment option.
+
+For more information, see [Windows Package Manager](/windows/package-manager).
+
+### Azure Virtual desktop with MSIX app attach
+
+With Azure virtual desktop, you can virtualize the Windows client OS desktop, and use virtual apps on this desktop. With MSIX app attach, you dynamically deliver MSIX packaged apps to users and user groups.
+
+The benefit is to use the cloud to deliver virtual apps in real time, and as-needed. Users use the apps as if they're installed locally.
+
+If you currently use App-V, and want to reduce your on-premises footprint, then **Azure Virtual desktop with MSIX app attach** might be the right deployment for your organization.
+
+For more information, see the following articles:
+
+- [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview)
+- [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal)
+
+### Application Virtualization (App-V)
+
+App-V allows Win32 apps to be used as virtual apps.
+
+> [!NOTE]
+> [!INCLUDE [Application Virtualization will be end of life in April 2026](./includes/app-v-end-life-statement.md)]
+
+On an on-premises server, you install and configure the App-V server components, and then install your Win32 apps. On Windows Enterprise client devices, you use the App-V client components to run the virtualized apps. They allow users to open the virtual apps using the icons and file names they're familiar with. Users use the apps as if they're installed locally.
+
+The benefit is to deliver virtual apps in real time, and as-needed. For more information, see [Application Virtualization (App-V) for Windows overview](./app-v/appv-for-windows.md).
+
+## Manage apps
+
+To help manage your devices, and help manage apps on your devices, use a management service like Microsoft Intune and Configuration Manager. For more information, see the following articles:
+
+- [Overview of endpoint management](/mem/endpoint-manager-overview)
+- [Manage your apps and app data in Microsoft Intune](/mem/intune/fundamentals/manage-apps)
+- [Introduction to application management in Configuration Manager](/mem/configmgr/apps/understand/introduction-to-application-management)
+
+## Application compatibility
+
+Microsoft is committed to making sure your business-critical apps work on the latest versions of Windows. For more information, see the following articles:
+
+- [Compatibility for Windows 11](/windows/compatibility/windows-11/)
+- [FastTrack App Assure program](/windows/compatibility/app-assure)
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index d094fba726..200ea7e859 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -1,24 +1,21 @@
 ---
-title: Per-user services in Windows 10 and Windows Server
+title: Per-user services
 description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
-author: nicholasswhite
-ms.author: nwhite
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 09/14/2017
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server</a>
 ---
 
-# Per-user services in Windows 10 and Windows Server 
-
-**Applies to**:
-
-- Windows 10
-- Windows Server
+# Per-user services in Windows
 
 Per-user services are services that are created when a user signs into Windows or Windows Server and are stopped and deleted when that user signs out. These services run in the security context of the user account - this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks. 
 
@@ -80,9 +77,9 @@ In light of these restrictions, you can use the following methods to manage per-
 
 You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). For more information, visit [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings).
 
-For example: 
+For example:
 
-```
+```ini
 [Unicode]
 Unicode=yes
 [Version]
@@ -128,7 +125,7 @@ If you can't use Group Policy Preferences to manage the per-user services, you c
 To disable the Template Services, change the Startup Type for each service to 4 (disabled). 
 For example:
 
-```code
+```cmd
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\OneSyncSvc /v Start /t REG_DWORD /d 4 /f
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Start /t REG_DWORD /d 4 /f
@@ -163,9 +160,10 @@ You can create a script to change the Startup Type for the per-user services. Th
 
 Sample script using [sc.exe](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc990290(v=ws.11)?f=255&MSPPError=-2147217396):
 
-```
+```cmd
 sc.exe configure <service name> start= disabled
 ```
+
 The space after "=" is intentional.
 
 Sample script using the [Set-Service PowerShell cmdlet](/previous-versions/windows/it-pro/windows-powershell-1.0/ee176963(v=technet.10)):
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 926cb18f47..93ceaacb2c 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -1,8 +1,8 @@
 ---
 title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs
 description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices.
-author: nicholasswhite
-ms.author: nwhite
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 04/04/2023
 ms.topic: article
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
deleted file mode 100644
index 80dcf53c89..0000000000
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ /dev/null
@@ -1,488 +0,0 @@
----
-title: Get the provisioned apps on Windows client operating system | Microsoft Docs
-description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
-author: nicholasswhite
-ms.author: nwhite
-manager: aaroncz
-ms.date: 01/12/2023
-ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-apps
-ms.localizationpriority: medium
-ms.collection: tier1
-ms.reviewer:
----
-
-# Provisioned apps installed with the Windows client OS
-
-**Applies to**:
-
-- Windows 10
-- Windows 11
-
-Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They're per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
-
-This article lists some of the built-in provisioned apps on the different Windows client OS versions, and lists the Windows PowerShell command to get a list.
-
-## Use Windows PowerShell
-
-To get a list of all the provisioned apps, use Windows PowerShell:
-
-1. Open the Windows PowerShell app as administrator.
-2. Run the following script:
-
-    ```Powershell
-    Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
-    ```
-
-The output lists all the provisioned apps, and their package names. For more information on this command, see [Get-AppxProvisionedPackage](/powershell/module/dism/get-appxprovisionedpackage) (opens another Microsoft website).
-
-## Built-in provisioned apps list
-
-The following information lists some of the provisioned apps on the different Windows Enterprise client OS versions. Your specific OS version and image may have different apps. To confirm your app list, run the [PowerShell Get-AppxProvisionedPackage command](#use-windows-powershell) (in this article).
-
-Provisioned apps are also listed in **Settings** > **Apps and Features**.
-
-- [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | Package name: Microsoft.3DBuilder
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 
-    | --- | --- | --- | --- |
-    | ✔️ | ✔️ | ✔️ ||
-
-    ---
-
-- [Bing Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | Package name: Microsoft.BingWeather
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ✔️ | ✔️ | ✔️ | ✔️️|
-
-    ---
-
-- [Desktop App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | Package name: Microsoft.DesktopAppInstaller
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | Use Settings App | ✔️ | ✔️ | ✔️|
-
-    ---
-
-- [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | Package name: Microsoft.GetHelp
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    |---| --- | --- | --- |
-    | ❌ |  ✔️| ✔️| ✔️|
-
-    ---
-
-- [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | Package name: Microsoft.Getstarted
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️| ✔️|
-
-    ---
-
-- [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | Package name: Microsoft.HEIFImageExtension
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️| ✔️| ✔️|
-
-    ---
-    
-- [HEVC Video Extensions](ms-windows-store://pdp/?productid=9NMZLZ57R3T7) | Package name: Microsoft.HEVCVideoExtension 
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️|||
-    
-    ---  
-    >[!NOTE]
-    >For devices running Windows 11, version 21H2, and any supported version of Windows 10, you need to acquire the [HEVC Video Extensions](ms-windows-store://pdp/?productid=9NMZLZ57R3T7) from the Microsoft Store.
-
-- [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | Package name:Microsoft.Messaging
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Microsoft 3D Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | Package name: Microsoft.Microsoft3DViewer
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftOfficeHub
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ✔️ | ✔️ | ✔️ | ✔️️|
-
-    ---
-
-- [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftSolitaireCollection
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ✔️ | ✔️ | ✔️ | ✔️️|
-
-    ---
-
-- [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | Package name: Microsoft.MicrosoftStickyNotes
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | Package name: Microsoft.MixedReality.Portal
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | Package name: Microsoft.MSPaint
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | Package name: Microsoft.Office.OneNote
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ✔️ | ✔️ | ✔️ | ✔️️|
-
-    ---
-
-- [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | Package name: Microsoft.OneConnect
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- Microsoft.Outlook.DesktopIntegrationServices
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | Package name: Microsoft.People
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | Package name: Microsoft.Print3D
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | Package name: Microsoft.ScreenSketch
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | Package name: Microsoft.SkypeApp
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | Package name: Microsoft.StorePurchaseApp
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- Microsoft.VP9VideoExtensions
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | Package name: Microsoft.Wallet
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | Package name: Microsoft.WebMediaExtensions
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | Package name: Microsoft.WebpImageExtension
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | Package name: Microsoft.Windows.Photos
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | Package name: Microsoft.WindowsAlarms
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | Package name: Microsoft.WindowsCalculator
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | Package name: Microsoft.WindowsCamera
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | Package name: microsoft.windowscommunicationsapps
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | Package name: Microsoft.WindowsFeedbackHub
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | Package name: Microsoft.WindowsMaps
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | Package name: Microsoft.WindowsSoundRecorder
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | Package name: Microsoft.WindowsStore
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-  - The Store app shouldn't be removed. If you remove the Store app, and want to reinstall it, you must restore your system from a backup, or reset your system. Instead of removing the Store app, use group policies to hide or disable it.
-
-- [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | Package name: Microsoft.Xbox.TCUI
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | Package name: Microsoft.XboxApp
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | Package name: Microsoft.XboxGameOverlay
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | Package name: Microsoft.XboxGamingOverlay
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | Package name: Microsoft.XboxIdentityProvider
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- Microsoft.XboxSpeechToTextOverlay
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | Package name: Microsoft.YourPhone
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | Package name: Microsoft.ZuneMusic
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
-
-- [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | Package name: Microsoft.ZuneVideo
-  - Supported versions:
-
-    ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 |
-    | --- | --- | --- | --- |
-    | ❌ |  ✔️ | ✔️ | ✔️|  
-
-    ---
diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md
index 195ee09977..23b08e028e 100644
--- a/windows/application-management/remove-provisioned-apps-during-update.md
+++ b/windows/application-management/remove-provisioned-apps-during-update.md
@@ -1,22 +1,21 @@
 ---
-title: How to keep apps removed from Windows 10 from returning during an update
-description: How to keep provisioned apps that were removed from your machine from returning during an update.
-author: nicholasswhite
-ms.author: nwhite
+title: Keep removed apps from returning during an update
+description: When you remove provisioned apps from devices, this article explains how to keep those apps from returning during an update.
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 05/25/2018
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier1
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
-# How to keep apps removed from Windows 10 from returning during an update
 
-**Applies to**:
+# Keep removed apps from returning during an update
 
-- Windows 10
 
 When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed post-update. This can happen if the computer was offline when you removed the apps. Windows 10, version 1803 has fixed this issue.
 
@@ -97,7 +96,7 @@ You're now ready to update your computer. After the update, check the list of ap
 
 ## Registry keys for provisioned apps
 
-```syntax
+```console
 Windows Registry Editor Version 5.00
 ;1709 Registry Keys
 
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 30203efdaf..be0e459235 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -1,24 +1,21 @@
 ---
-title: Sideload LOB apps in Windows client OS | Microsoft Docs
-description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device.
-author: nicholasswhite
-ms.author: nwhite
+title: Sideload line of business apps
+description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device.
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/07/2017
-ms.topic: article
+ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
-ms.reviewer:
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Sideload line of business (LOB) apps in Windows client devices
-
-**Applies to**:
-
-- Windows 10
-- Windows 11
+# Sideload line of business (LOB) apps
 
 > [!NOTE]
 > Starting with Windows 10 2004, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
@@ -27,7 +24,7 @@ Sideloading apps is when you install apps that aren't from an official source, s
 
 When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1
 
-Starting with Windows 10, sideloading is different than earlier versions of Windows:
+Starting with Windows 10, sideloading is different than earlier versions of Windows:
 
 - You can unlock a device for sideloading using an enterprise policy, or through the **Settings** app.
 - License keys aren't required.
diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md
index f5c9589209..7bc1bcf117 100644
--- a/windows/application-management/svchost-service-refactoring.md
+++ b/windows/application-management/svchost-service-refactoring.md
@@ -1,23 +1,20 @@
 ---
-title: Service Host service refactoring in Windows 10 version 1703
-description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703.
-author: nicholasswhite
-ms.author: nwhite
+title: Service host grouping in Windows 10
+description: Learn about the Service Host (SvcHost) service refactoring introduced in Windows 10 version 1703.
+author: aczechowski
+ms.author: aaroncz
 manager: aaroncz
 ms.date: 07/20/2017
-ms.topic: article
+ms.topic: concept-article
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
-ms.colletion: tier1
-ms.reviewer:
+ms.colletion: tier2
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
-# Changes to Service Host grouping in Windows 10
-
-**Applies to**:
-
-- Windows 10
+# Service host grouping in Windows 10
 
 The **Service Host (svchost.exe)** is a shared-service process that serves as a shell for loading services from DLL files. Services are organized into related host groups, and each group runs inside a different instance of the Service Host process. In this way, a problem in one instance doesn't affect other instances. Service Host groups are determined by combining the services with matching security requirements. For example:
 
diff --git a/windows/application-management/system-apps-windows-client-os.md b/windows/application-management/system-apps-windows-client-os.md
deleted file mode 100644
index efc4c311ec..0000000000
--- a/windows/application-management/system-apps-windows-client-os.md
+++ /dev/null
@@ -1,357 +0,0 @@
----
-title: Get the system apps on Windows client operating system | Microsoft Docs
-description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
-author: nicholasswhite
-ms.author: nwhite
-manager: aaroncz
-ms.date: 2/14/2023
-ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-apps
-ms.localizationpriority: medium
-ms.collection: tier1
-ms.reviewer:
----
-
-# System apps installed with the Windows client OS
-
-**Applies to**:
-
-- Windows 10
-- Windows 11
-
-On all Windows devices, the OS automatically installs some apps. These apps are called system apps, and are typically installed in the `C:\Windows\` folder. On your Windows devices, you can use Windows PowerShell to see the system apps automatically installed.
-
-This article lists the built-in system apps on some Windows OS versions, and lists the Windows PowerShell command to get a list.
-
-## Use Windows PowerShell
-
-To get a list of all the system apps, use Windows PowerShell:
-
-1. Open the Windows PowerShell app as administrator.
-2. Run the following script:
-
-    ```Powershell
-    Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation
-    ```
-
-The output lists all the system apps, and their installation location. For more information on this command, see [Get-AppxPackage](/powershell/module/appx/get-appxpackage) (opens another Microsoft website).
-
-## Built-in system apps list
-
-The following information lists the system apps on some Windows Enterprise OS versions. Your specific OS version and image may have different apps. To confirm your app list, run the [PowerShell Get-AppxPackage command](#use-windows-powershell) (in this article).
-
-- File Picker | Package name: 1527c705-839a-4832-9118-54d4Bd6a0c89
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- File Explorer | Package name: c5e2524a-ea46-4f67-841f-6a9465d9d515
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- App Resolver UX | Package name: E2A4F912-2574-4A75-9BB0-0D023378592B
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Add Suggested Folders To Library | Package name: F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- InputApp
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ |  | | ✔️ |
-
-  ---
-
-- Microsoft.AAD.Broker.Plugin | Package name: Microsoft.AAD.Broker.Plugin
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.AccountsControl | Package name: Microsoft.AccountsControl
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.AsyncTextService | Package name: Microsoft.AsyncTextService
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Hello setup UI | Package name: Microsoft.BioEnrollment
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.CredDialogHost
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.ECApp
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.LockApp
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft Edge | Package name: Microsoft.MicrosoftEdge
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.MicrosoftEdgeDevToolsClient
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.PPIProjection
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ |  | | ✔️ |
-
-  ---
-
-- Microsoft.Win32WebViewHost
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.Apprep.ChxApp
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.AssignedAccessLockApp
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.CapturePicker
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.CloudExperienceHost
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.ContentDeliveryManager
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Cortana | Package name: Microsoft.Windows.Cortana
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ |  | | ✔️ |
-
-  ---
-
-- Microsoft.Windows.OOBENetworkCaptivePort
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.OOBENetworkConnectionFlow
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.ParentalControls
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- People Hub | Package name: Microsoft.Windows.PeopleExperienceHost
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.PinningConfirmationDialog
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.SecHealthUI
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.Windows.SecureAssessmentBrowser
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Start | Package name: Microsoft.Windows.ShellExperienceHost
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Microsoft.XboxGameCallableUI
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Windows.CBSPreview
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Settings | Package name: Windows.immersivecontrolpanel
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
-
-- Print 3D | Package name: Windows.Print3D
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ✔️ | ✔️ |  | | ✔️ |
-
-  ---
-
-- Print UI | Package name: Windows.PrintDialog
-
-  ---
-  | Uninstall through UI? | 22H2 | 22H1 | 21H2 | 20H2 | 1809 |
-  | --- | --- | --- | --- | --- | --- |
-  | | ❌ | ❌ | ✔️ | ✔️| ✔️ |
-
-  ---
diff --git a/windows/application-management/toc.yml b/windows/application-management/toc.yml
index 395cecb920..be08bb1e0f 100644
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@@ -2,25 +2,23 @@ items:
 - name: Manage Windows applications
   href: index.yml
 - name: Application management
-  items: 
-    - name: Apps in Windows client OS
-      items:
-        - name: Common app types
-          href: apps-in-windows-10.md
-        - name: Provisioned apps in Windows client OS
-          href: provisioned-apps-windows-client-os.md
-        - name: System apps in Windows client OS
-          href: system-apps-windows-client-os.md
-    - name: Add features in Windows client
+  items:
+    - name: Overview of apps in Windows
+      href: overview-windows-apps.md
+    - name: Add or hide Windows features
       href: add-apps-and-features.md
-    - name: Sideload apps
+    - name: Sideload line of business (LOB) apps
       href: sideload-apps-in-windows-10.md
     - name: Private app repo on Windows 11
       href: private-app-repository-mdm-company-portal-windows-11.md
     - name: Remove background task resource restrictions
       href: enterprise-background-activity-controls.md
-    - name: Enable or block Windows Mixed Reality apps in the enterprise
-      href: /windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality
+    - name: Service host grouping in Windows 10
+      href: svchost-service-refactoring.md
+    - name: Per-user services in Windows
+      href: per-user-services-in-windows.md
+    - name: Keep removed apps from returning during an update
+      href: remove-provisioned-apps-during-update.md
 - name: Application Virtualization (App-V)
   items: 
     - name: App-V for Windows overview
@@ -257,14 +255,3 @@ items:
               href: app-v/appv-viewing-appv-server-publishing-metadata.md
             - name: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
               href: app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
-
-- name: Reference
-  items: 
-    - name: Service Host process refactoring
-      href: svchost-service-refactoring.md
-    - name: Per-user services in Windows
-      href: per-user-services-in-windows.md
-    - name: Disabling System Services in Windows Server
-      href: /windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server
-    - name: How to keep apps removed from Windows from returning during an update
-      href: remove-provisioned-apps-during-update.md
\ No newline at end of file
diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
index 0bb98be706..7f11d203d5 100644
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -1,20 +1,11 @@
 ---
 title: Azure Active Directory integration with MDM
 description: Azure Active Directory is the world's largest enterprise cloud identity management service.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
 ms.collection:
 - highpri
 - tier2
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Azure Active Directory integration with MDM
@@ -57,7 +48,7 @@ Azure AD MDM enrollment is a two-step process:
 
 To support Azure AD enrollment, MDM vendors must host and expose a **Terms of Use endpoint** and an **MDM enrollment endpoint**.
 
-- **Terms of Use endpoint**: Use this endpoint to inform users of the ways in which their device can be controlled by their organization. The Terms of Use page is responsible for collecting user's consent before the actual enrollment phase begins.
+- **Terms of Use endpoint**: Use this endpoint to inform users of the ways in which their organization can control their device. The **Terms of Use** page is responsible for collecting user's consent before the actual enrollment phase begins.
 
     It's important to understand the Terms of Use flow is an "opaque box" to Windows and Azure AD. The whole web view is redirected to the Terms of Use URL. The user should be redirected back after approving or rejecting the Terms. This design allows the MDM vendor to customize their Terms of Use for different scenarios. For example, different levels of control are applied on BYOD vs. organization-owned devices. Or, implement user/group based targeting, like users in certain geographies may have stricter device management policies.
 
@@ -82,7 +73,7 @@ A cloud-based MDM is a SaaS application that provides device management capabili
 The MDM vendor must first register the application in their home tenant and mark it as a multi-tenant application. For more information about how to add multi-tenant applications to Azure AD, see the [Integrate an app that authenticates users and calls Microsoft Graph using the multi-tenant integration pattern (SaaS)](https://go.microsoft.com/fwlink/p/?LinkId=613661) code sample on GitHub.
 
 > [!NOTE]
-> For the MDM provider, if you don't have an existing Azure AD tenant with an Azure AD subscription that you manage, follow the step-by-step guides below:
+> For the MDM provider, if you don't have an existing Azure AD tenant with an Azure AD subscription that you manage, follow these step-by-step guides:
 >
 > - [Quickstart: Create a new tenant in Azure Active Directory](/azure/active-directory/fundamentals/active-directory-access-create-new-tenant) to set up a tenant.
 > - [Associate or add an Azure subscription to your Azure Active Directory tenant](/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory) to add a subscription, and manage it via the Azure Portal.
@@ -106,11 +97,11 @@ For more information about registering applications with Azure AD, see [Basics o
 
 The application keys used by your MDM service are a sensitive resource. They should be protected and rolled over periodically for greater security. Access tokens obtained by your MDM service to call the Microsoft Graph API are bearer tokens and should be protected to avoid unauthorized disclosure.
 
-For security best practices, see [Windows Azure Security Essentials](/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler).
+For security best practices, see [Microsoft Azure Security Essentials](/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler).
 
-For cloud-based MDM, you can roll over the application keys without requiring a customer interaction. There's a single set of keys across all customer tenants that are managed by the MDM vendor in their Azure AD tenant.
+For cloud-based MDM, you can roll over the application keys without requiring a customer interaction. There's a single set of keys across all customer tenants managed by the MDM vendor in their Azure AD tenant.
 
-For the on-premises MDM, the Azure AD authentication keys are within the customer tenant and must be rolled over by the customer's administrator. To improve security, provide guidance to customers about rolling over and protecting the keys.
+For the on-premises MDM, the Azure AD authentication keys are within the customer tenant and the customer's administrator must roll over the keys. To improve security, provide guidance to customers about rolling over and protecting the keys.
 
 ## Publish your MDM app to Azure AD app gallery
 
@@ -125,23 +116,23 @@ To publish your application, [submit a request to publish your application in Az
 
 The following table shows the required information to create an entry in the Azure AD app gallery.
 
-|Item|Description|
-|--- |--- |
-|**Application ID**|The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multi-tenant app.|
-|**Publisher**|A string that identifies the publisher of the app.|
-|**Application URL**|A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL isn't used for the actual enrollment.|
-|**Description**|A brief description of your MDM app, which must be under 255 characters.|
-|**Icons**|A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215|
+| Item                | Description                                                                                                                                                                                                    |
+|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Application ID**  | The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multi-tenant app.                                                                               |
+| **Publisher**       | A string that identifies the publisher of the app.                                                                                                                                                             |
+| **Application URL** | A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL isn't used for the actual enrollment. |
+| **Description**     | A brief description of your MDM app, which must be under 255 characters.                                                                                                                                       |
+| **Icons**           | A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215                                                                                                                                 |
 
 ### Add on-premises MDM to the app gallery
 
 There are no special requirements for adding on-premises MDM to the app gallery. There's a generic entry for administrators to add an app to their tenant.
 
-However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. The ID and key obtain authorization to access the Microsoft Graph API and for reporting device compliance.
+However, key management is different for on-premises MDM. You must obtain the client ID (app ID) and key assigned to the MDM app within the customer's tenant. The ID and key obtain authorization to access the Microsoft Graph API and  report device compliance.
 
 ## Themes
 
-The pages rendered by the MDM in the integrated enrollment process must use Windows templates ([Download the Windows templates and CSS files (1.1.4)](https://download.microsoft.com/download/0/7/0/0702afe3-dc1e-48f6-943e-886a4876f6ca/MDM-ISV_1.1.4.zip)). These templates are important for enrollment during the Azure AD Join experience in OOBE where all of the pages are edge-to-edge HTML pages. Don't try to copy the templates because you'll never get the button placement right.
+The pages rendered by the MDM in the integrated enrollment process must use Windows templates ([Download the Windows templates and CSS files (1.1.4)](https://download.microsoft.com/download/0/7/0/0702afe3-dc1e-48f6-943e-886a4876f6ca/MDM-ISV_1.1.4.zip)). These templates are important for enrollment during the Azure AD Join experience in OOBE where all of the pages are edge-to-edge HTML pages. Avoid copying the templates because it is difficult to get the button placement right.
 
 There are three distinct scenarios:
 
@@ -167,7 +158,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
 
 ## Terms of Use protocol semantics
 
-The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows does a full-page redirect to this endpoint. This redirect enables the MDM to display the terms and conditions that apply. It allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
+The MDM server hosts the **Terms of Use** endpoint. During the Azure AD Join protocol flow, Windows does a full-page redirect to this endpoint. This redirect enables the MDM to display the terms and conditions that apply. It allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
 
 ### Redirect to the Terms of Use endpoint
 
@@ -175,12 +166,12 @@ This redirect is a full page redirect to the Terms of User endpoint hosted by th
 
 The following parameters are passed in the query string:
 
-|Item|Description|
-|--- |--- |
-|redirect_uri|After the user accepts or rejects the Terms of Use, the user is redirected to this URL.|
-|client-request-id|A GUID that is used to correlate logs for diagnostic and debugging purposes. Use this parameter to log or trace the state of the enrollment request to help find the root cause of failures.|
-|api-version|Specifies the version of the protocol requested by the client. This value provides a mechanism to support version revisions of the protocol.|
-|mode|Specifies that the device is organization owned when mode=azureadjoin. This parameter isn't present for BYOD devices.|
+| Item              | Description                                                                                                                                                                                  |
+|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| redirect_uri      | After the user accepts or rejects the Terms of Use, the user is redirected to this URL.                                                                                                      |
+| client-request-id | A GUID that is used to correlate logs for diagnostic and debugging purposes. Use this parameter to log or trace the state of the enrollment request to help find the root cause of failures. |
+| api-version       | Specifies the version of the protocol requested by the client. This value provides a mechanism to support version revisions of the protocol.                                                 |
+| mode              | Specifies that the device is organization owned when mode=azureadjoin. This parameter isn't present for BYOD devices.                                                                        |
 
 ### Access token
 
@@ -190,12 +181,12 @@ Azure AD issues a bearer access token. The token is passed in the authorization
 
 The following claims are expected in the access token passed by Windows to the Terms of Use endpoint:
 
-|Item|Description|
-|--- |--- |
-|Object ID|Identifier of the user object corresponding to the authenticated user.|
-|UPN|A claim containing the user principal name (UPN) of the authenticated user.|
-|TID|A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.|
-|Resource|A sanitized URL representing the MDM application. Example: `https://fabrikam.contosomdm.com` |
+| Item      | Description                                                                                  |
+|-----------|----------------------------------------------------------------------------------------------|
+| Object ID | Identifier of the user object corresponding to the authenticated user.                       |
+| UPN       | A claim containing the user principal name (UPN) of the authenticated user.                  |
+| TID       | A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.       |
+| Resource  | A sanitized URL representing the MDM application. Example: `https://fabrikam.contosomdm.com` |
 
 > [!NOTE]
 > There's no device ID claim in the access token because the device may not yet be enrolled at this time.
@@ -209,7 +200,7 @@ https://fabrikam.contosomdm.com/TermsOfUse?redirect_uri=ms-appx-web://ContosoMdm
 Authorization: Bearer eyJ0eXAiOi
 ```
 
-The MDM is expected to validate the signature of the access token to ensure it was issued by Azure AD and ensure that recipient is appropriate.
+The MDM is expected to validate the signature of the access token to ensure it is issued by Azure AD and that the recipient is appropriate.
 
 ### Terms of Use content
 
@@ -234,7 +225,7 @@ At this point, the user is on the Terms of Use page shown during the OOBE or fro
   - **IsAccepted** - This Boolean value is required, and must be set to false. This option also applies if the user skipped the Terms of Use.
   - **OpaqueBlob** - This parameter isn't expected to be used. The enrollment is stopped with an error message shown to the user.
 
-Users skip the Terms of Use when they're adding a Microsoft work account to their device. However, they can't skip it during the Azure AD Join process. Don't show the decline button in the Azure AD Join process. MDM enrollment can't be declined by the user if configured by the administrator for the Azure AD Join.
+Users skip the Terms of Use when they're adding a Microsoft work account to their device. However, they can't skip it during the Azure AD Join process. Don't show the decline button in the Azure AD Join process. The user can't decline the MDM enrollment if configured by the administrator for the Azure AD Join.
 
 We recommend that you send the client-request-id parameters in the query string as part of this redirect response.
 
@@ -256,12 +247,12 @@ Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=A
 
 The following table shows the error codes.
 
-|Cause|HTTP status|Error|Description|
-|--- |--- |--- |--- |
-|api-version|302|invalid_request|unsupported version|
-|Tenant or user data are missing or other required prerequisites for device enrollment aren't met|302|unauthorized_client|unauthorized user or tenant|
-|Azure AD token validation failed|302|unauthorized_client|unauthorized_client|
-|internal service error|302|server_error|internal service error|
+| Cause                                                                                            | HTTP status | Error               | Description                 |
+|--------------------------------------------------------------------------------------------------|-------------|---------------------|-----------------------------|
+| api-version                                                                                      | 302         | invalid_request     | unsupported version         |
+| Tenant or user data are missing or other required prerequisites for device enrollment aren't met | 302         | unauthorized_client | unauthorized user or tenant |
+| Azure AD token validation failed                                                                 | 302         | unauthorized_client | unauthorized_client         |
+| internal service error                                                                           | 302         | server_error        | internal service error      |
 
 ## Enrollment protocol with Azure AD
 
@@ -291,7 +282,7 @@ There are two different MDM enrollment types that integrate with Azure AD, and u
 
 - **Multiple user management for Azure AD-joined devices**
 
-  In this scenario the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest user is logged on to the device.
+  In this scenario, the MDM enrollment applies to every Azure AD user who signs in to the Azure AD joined device - call this enrollment type a device enrollment or a multi-user enrollment. The management server can determine the user identity, determine what policies are targeted for this user, and send corresponding policies to the device. To allow management server to identify current user that is logged on to the device, the OMA DM client uses the Azure AD user tokens. Each management session contains an extra HTTP header that contains an Azure AD user token. This information is provided in the DM package sent to the management server. However, in some circumstances Azure AD user token isn't sent over to the management server. One such scenario happens immediately after MDM enrollments completes during Azure AD join process. Until Azure AD join process is finished and Azure AD user signs on to the machine, Azure AD user token isn't available to OMA-DM process. Typically, MDM enrollment completes before Azure AD user sign in to machine and the initial management session doesn't contain an Azure AD user token. The management server should check if the token is missing and only send device policies in such case. Another possible reason for a missing Azure AD token in the OMA-DM payload is when a guest is logged on to the device.
 
 - **Adding a work account and MDM enrollment to a device**:
 
@@ -312,7 +303,7 @@ There are two different MDM enrollment types that integrate with Azure AD, and u
   - Device ID - identifies the device that is checking in
   - Tenant ID
 
-  Access tokens issued by Azure AD are JSON web tokens (JWTs). A valid JWT token is presented by Windows at the MDM enrollment endpoint to start the enrollment process. There are a couple of options to evaluate the tokens:
+  Access tokens issued by Azure AD are JSON web tokens (JWTs). Windows presents a valid JWT token to the MDM enrollment endpoint to start the enrollment process. There are a couple of options to evaluate the tokens:
 
   - Use the JWT Token Handler extension for WIF to validate the contents of the access token and extract claims required for use. For more information, see [JwtSecurityTokenHandler Class](/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytokenhandler).
   - Refer to the Azure AD authentication code samples to get a sample for working with access tokens. For an example, see [NativeClient-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613667).
@@ -344,8 +335,8 @@ Alert sample:
 
 An alert is sent to the MDM server in DM package \#1.
 
-- Alert type - com.microsoft/MDM/LoginStatus
-- Alert format - chr
+- Alert type - `com.microsoft/MDM/LoginStatus`
+- Alert format - `chr`
 - Alert data - provide sign-in status information for the current active logged in user.
   - Signed-in user who has an Azure AD account - predefined text: user.
   - Signed-in user without an Azure AD account- predefined text: others.
@@ -371,7 +362,7 @@ Here's an example.
 
 ## Report device compliance to Azure AD
 
-Once a device is enrolled with the MDM for management, organization policies configured by the IT administrator are enforced on the device. The device compliance with configured policies is evaluated by the MDM and then reported to Azure AD. This section covers the Graph API call you can use to report a device compliance status to Azure AD.
+Once a device is enrolled with the MDM for management, organization policies configured by the IT administrator are enforced on the device. MDM evaluates the device compliance with configured policies and then reports it to Azure AD. This section covers the Graph API call you can use to report a device compliance status to Azure AD.
 
 For a sample that illustrates how an MDM can obtain an access token using OAuth 2.0 client\_credentials grant type, see [Daemon\_CertificateCredential-DotNet](https://go.microsoft.com/fwlink/p/?LinkId=613822).
 
@@ -380,7 +371,7 @@ For a sample that illustrates how an MDM can obtain an access token using OAuth
 
 ### Use Microsoft Graph API
 
-The following sample REST API call illustrates how an MDM can use the Microsoft Graph API to report compliance status of a device being managed by it.
+The following sample REST API call illustrates how an MDM can use the Microsoft Graph API to report compliance status of a managed device.
 
 > [!NOTE]
 > This API is only applicable for approved MDM apps on Windows devices.
diff --git a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index 1c9d410723..636a885451 100644
--- a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -1,29 +1,18 @@
 ---
 title: Automatic MDM enrollment in the Intune admin center
 description: Automatic MDM enrollment in the Intune admin center
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Automatic MDM enrollment in the Intune admin center
 
-Windows devices can be enrolled in to Intune automatically when they join or register with Azure Active Directory. Automatic enrollment can be configured in Azure Portal.
-
-1. Go to your Azure AD Blade.
+Windows devices can be enrolled in to Intune automatically when they join or register with Azure Active Directory. Automatic enrollment can be configured in Azure portal.
 
+1. Go to your Azure AD portal.
 1. Select **Mobility (MDM and MAM)**, and find the Microsoft Intune app.
-
-1. Select **Microsoft Intune** and configure the blade. You can specify settings to allow **All** users to enroll a device, or choose to allow **Some** users (and specify a group).
+1. Select **Microsoft Intune** and configure the enrollment options. You can specify settings to allow **All** users to enroll a device, or choose to allow **Some** users (and specify a group).
 
    ![Configure the Blade.](images/azure-intune-configure-scope.png)
 
-1. Select **Save** to configure MDM auto-enrollment for Azure AD joined devices and bring-your-own-device scenarios.
+1. Select **Save** to configure MDM autoenrollment for Azure AD joined devices and bring-your-own-device scenarios.
diff --git a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
index a09f295976..84c1486cec 100644
--- a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
@@ -1,26 +1,17 @@
 ---
 title: Bulk enrollment
-description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
+description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices.
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Bulk enrollment using Windows Configuration Designer
 
-Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. You can use the [Provisioning CSP](mdm/provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join enrollment scenario.
+Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices. You can use the [Provisioning CSP](mdm/provisioning-csp.md) for bulk enrollment, except for the Azure Active Directory Join enrollment scenario.
 
 ## Typical use cases
 
-- Set up devices in bulk for large organizations to be managed by MDM.
+- Set up devices in bulk for large organizations for MDM management.
 - Set up kiosks, such as ATMs or point-of-sale (POS) terminals.
 - Set up school computers.
 - Set up industrial machinery.
@@ -130,7 +121,7 @@ Using the WCD, create a provisioning package using the enrollment information re
 
 1. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (for example, **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
 1. When you're done adding all the settings, on the **File** menu, select **Save**.
-1. Export and build the package (steps 10-13 in the procedure above).
+1. Export and build the package (steps 10-13 in previous section).
 1. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
 1. Apply the package to your devices.
 
@@ -148,9 +139,9 @@ Using the WCD, create a provisioning package using the enrollment information re
 
 ## Retry logic if there's a failure
 
-- If the provisioning engine receives a failure from a CSP, it will retry to provision three times in a row.
-- If all immediate attempts fail, a delayed task is launched to try provisioning again later. It will retry four times at a decaying rate of 15 minutes -> 1 hr -> 4 hr -> "Next System Start". These attempts will be run from the SYSTEM context.
-- It will also retry to apply the provisioning each time it's launched, if started from somewhere else as well.
+- If the provisioning engine receives a failure from a CSP, it retries provisioning three times in a row.
+- If all immediate attempts fail, a delayed task is launched to try provisioning again later. It will retry four times at a decaying rate of 15 minutes -> 1 hr -> 4 hr -> "Next System Start". These attempts are run from the SYSTEM context.
+- It also retries the provisioning each time it's launched, if started from somewhere else as well.
 - In addition, provisioning will be restarted in the SYSTEM context after a sign in and the [system has been idle](/windows/win32/taskschd/task-idle-conditions).
 
 ## Related articles
diff --git a/windows/client-management/certificate-authentication-device-enrollment.md b/windows/client-management/certificate-authentication-device-enrollment.md
index 6db2ca38a4..c1ab833e1c 100644
--- a/windows/client-management/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/certificate-authentication-device-enrollment.md
@@ -1,17 +1,8 @@
 ---
 title: Certificate authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Certificate authentication device enrollment
diff --git a/windows/client-management/certificate-renewal-windows-mdm.md b/windows/client-management/certificate-renewal-windows-mdm.md
index d7c3443131..233a34e3dc 100644
--- a/windows/client-management/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/certificate-renewal-windows-mdm.md
@@ -1,22 +1,13 @@
 ---
 title: Certificate Renewal
 description: Learn how to find all the resources that you need to provide continuous access to client certificates.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Certificate Renewal
 
-The enrolled client certificate expires after a period of use. The expiration date of the certificate is specified by the server. To ensure continuous access to enterprise applications, Windows supports a user-triggered certificate renewal process. The user is prompted to provide the current password for the corporate account. The enrollment client gets a new client certificate from the enrollment server, and deletes the old certificate. The client generates a new private/public key pair, generates a PKCS\#7 request, and signs the PKCS\#7 request with the existing certificate. In Windows, automatic MDM client certificate renewal is also supported.
+The enrolled client certificate expires after a period of use. The expiration date of the certificate is specified by the server. To ensure continuous access to enterprise applications, Windows supports a user-triggered certificate renewal process. The user is prompted to provide the current password for the corporate account. The enrollment client gets a new client certificate from the enrollment server, and deletes the old certificate. The client generates a new private/public key pair, generates a PKCS#7 request, and signs the PKCS#7 request with the existing certificate. In Windows, automatic MDM client certificate renewal is also supported.
 
 > [!NOTE]
 > Make sure that the EntDMID in the DMClient configuration service provider is set before the certificate renewal request is triggered.
@@ -30,13 +21,13 @@ Windows supports automatic certificate renewal, also known as Renew On Behalf Of
 
 Auto certificate renewal is the only supported MDM client certificate renewal method for the device that's enrolled using WAB authentication. Meaning, the AuthPolicy is set to Federated. It also means if the server supports WAB authentication, then the MDM certificate enrollment server MUST also support client TLS to renew the MDM client certificate.
 
-For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP's](mdm/certificatestore-csp.md) ROBOSupport node under CertificateStore/My/WSTEP/Renew URL.
+For Windows devices, during the MDM client certificate enrollment phase or during MDM management section, the enrollment server or MDM server could configure the device to support automatic MDM client certificate renewal using [CertificateStore CSP's](mdm/certificatestore-csp.md) ROBOSupport node under `CertificateStore/My/WSTEP/Renew` URL.
 
-With automatic renewal, the PKCS\#7 message content isn't b64 encoded separately. With manual certificate renewal, there's an additional b64 encoding for PKCS\#7 message content.
+With automatic renewal, the PKCS#7 message content isn't base64 encoded separately. With manual certificate renewal, base64 encoding for PKCS#7 message content is required.
 
-During the automatic certificate renewal process, if the root certificate isn't trusted by the device, the authentication will fail. Use one of device pre-installed root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](mdm/certificatestore-csp.md).
+During the automatic certificate renewal process, if the device doesn't trust the root certificate, the authentication fails. Use one of device preinstalled root certificates, or configure the root cert over a DM session using the [CertificateStore CSP](mdm/certificatestore-csp.md).
 
-During the automatic certificate renew process, the device will deny HTTP redirect request from the server. It won't deny the request if the same redirect URL that the user accepted during the initial MDM enrollment process is used.
+During the automatic certificate renewal process, the device denies HTTP redirect request from the server. It doesn't deny the request if the same redirect URL that the user accepted during the initial MDM enrollment process is used.
 
 The following example shows the details of an automatic renewal request.
 
@@ -96,21 +87,21 @@ The following example shows the details of an automatic renewal request.
 
 In Windows, the renewal period can only be set during the MDM enrollment phase. Windows supports a certificate renewal period and renewal failure retry. They're configurable by both MDM enrollment server and later by the MDM management server using CertificateStore CSP's RenewPeriod and RenewInterval nodes. The device could retry automatic certificate renewal multiple times until the certificate expires. For manual certificate renewal, the Windows device reminds the user with a dialog at every renewal retry time until the certificate is expired.
 
-For more information about the parameters, see the CertificateStore configuration service provider.
+For more information about the parameters, see the [CertificateStore configuration service provider](mdm/certificatestore-csp.md).
 
-Unlike manual certificate renewal, the device will not do an automatic MDM client certificate renewal if the certificate is already expired. To make sure the device has enough time to automatically renew, we recommend you set a renewal period a couple months (40-60 days) before the certificate expires. And, set the renewal retry interval to every few days, like every 4-5 days instead every 7 days (weekly). This change increases the chance that the device will try to connect at different days of the week.
+Unlike manual certificate renewal, the device doesn't perform an automatic MDM client certificate renewal if the certificate is already expired. To make sure the device has enough time to automatically renew, we recommend you set a renewal period a couple months (40-60 days) before the certificate expires. And, set the renewal retry interval to every few days, like every 4-5 days instead of every seven days (weekly). This change increases the chance that the device will try to connect at different days of the week.
 
 ## Certificate renewal response
 
-When RequestType is set to Renew, the web service verifies the following (in additional to initial enrollment):
+When RequestType is set to Renew, the web service verifies the following (in addition to the initial enrollment):
 
-- The signature of the PKCS\#7 BinarySecurityToken is correct
+- The signature of the PKCS#7 BinarySecurityToken is correct
 - The client's certificate is in the renewal period
-- The certificate was issued by the enrollment service
+- The certificate is issued by the enrollment service
 - The requester is the same as the requester for initial enrollment
 - For standard client's request, the client hasn't been blocked
 
-After validation is completed, the web service retrieves the PKCS\#10 content from the PKCS\#7 BinarySecurityToken. The rest is the same as initial enrollment, except that the Provisioning XML only needs to have the new certificate issued by the CA.
+After validation is completed, the web service retrieves the PKCS#10 content from the PKCS#7 BinarySecurityToken. The rest is the same as initial enrollment, except that the Provisioning XML only needs to have the new certificate issued by the CA.
 
 > [!NOTE]
 > The HTTP server response must not be chunked; it must be sent as one message.
@@ -120,7 +111,8 @@ The following example shows the details of a certificate renewal response.
 ```xml
 <wap-provisioningdoc version="1.1">
    <characteristic type="CertificateStore">
-<!-- Root certificate provision is only needed here if it is not in the device already -->      <characteristic type="Root">
+   <!-- Root certificate provision is only needed here if it is not in the device already -->
+      <characteristic type="Root">
          <characteristic type="System">
             <characteristic type="EncodedRootCertHashInsertedHere ">
                <parm name="EncodedCertificate" value="EncodedCertInsertedHere" />
@@ -147,9 +139,9 @@ The following example shows the details of a certificate renewal response.
 
 ## Configuration service providers supported during MDM enrollment and certificate renewal
 
-The following configuration service providers are supported during MDM enrollment and certificate renewal process. See Configuration service provider reference for detailed descriptions of each configuration service provider.
+The following configuration service providers are supported during MDM enrollment and certificate renewal process.
 
-- CertificateStore
-- w7 APPLICATION
-- DMClient
-- EnterpriseAppManagement
+- [CertificateStore](mdm/certificatestore-csp.md)
+- [w7 APPLICATION](mdm/w7-application-csp.md)
+- [DMClient](mdm/dmclient-csp.md)
+- [EnterpriseAppManagement](mdm/enterpriseappvmanagement-csp.md)
diff --git a/windows/client-management/client-tools/administrative-tools-in-windows.md b/windows/client-management/client-tools/administrative-tools-in-windows.md
index a511db702c..7c30da23de 100644
--- a/windows/client-management/client-tools/administrative-tools-in-windows.md
+++ b/windows/client-management/client-tools/administrative-tools-in-windows.md
@@ -1,20 +1,12 @@
 ---
 title: Windows Tools/Administrative Tools
 description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
 ms.localizationpriority: medium
-ms.date: 04/11/2023
+ms.date: 08/10/2023
 ms.topic: article
 ms.collection:
 - highpri
 - tier2
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Windows Tools/Administrative Tools
@@ -70,6 +62,6 @@ These tools were included in previous versions of Windows. The associated docume
 > [!TIP]
 > If the linked content in this list doesn't provide the information you need to use that tool, send feedback with the **This page** link in the **Feedback** section at the bottom of this article.
 
-## Related topics
+## Related articles
 
 [Diagnostic data viewer](/windows/privacy/diagnostic-data-viewer-overview)
diff --git a/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md b/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
index 2959430065..1bcd9ff753 100644
--- a/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
@@ -1,17 +1,9 @@
 ---
 title: Windows default media removal policy
 description: In Windows 10 and later, the default removal policy for external storage media changed from Better performance to Quick removal.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 04/11/2023
+ms.date: 08/10/2023
 ms.topic: article
 ms.localizationpriority: medium
-manager: aaroncz
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Change in default removal policy for external storage media in Windows
@@ -24,7 +16,7 @@ You can change the policy setting for each external device, and the policy that
 
 You can use the storage device policy setting to change the manner in which Windows manages storage devices to better meet your needs. The policy settings have the following effects:
 
-- **Quick removal**: This policy manages storage operations in a manner that keeps the device ready to remove at any time. You can remove the device without using the Safely Remove Hardware process. However, to do this, Windows cannot cache disk write operations. This may degrade system performance.
+- **Quick removal**: This policy manages storage operations in a manner that keeps the device ready to remove at any time. You can remove the device without using the Safely Remove Hardware process. However, to do this, Windows can't cache disk write operations. This may degrade system performance.
 - **Better performance**: This policy manages storage operations in a manner that improves system performance. When this policy is in effect, Windows can cache write operations to the external device. However, you must use the Safely Remove Hardware process to remove the external drive. The Safely Remove Hardware process protects the integrity of data on the device by making sure that all cached operations finish.
 
 > [!IMPORTANT]
diff --git a/windows/client-management/client-tools/connect-to-remote-aadj-pc.md b/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
index 85c581ddd4..56f57c950e 100644
--- a/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
@@ -1,20 +1,12 @@
 ---
 title: Connect to remote Azure Active Directory joined device
 description: Learn how to use Remote Desktop Connection to connect to an Azure AD joined device.
-ms.prod: windows-client
-author: vinaypamnani-msft
 ms.localizationpriority: medium
-ms.author: vinpa
-ms.date: 04/11/2023
-manager: aaroncz
+ms.date: 08/10/2023
 ms.topic: article
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ms.collection:
 - highpri
 - tier2
-ms.technology: itpro-manage
 ---
 
 # Connect to remote Azure Active Directory joined device
diff --git a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
index da685db207..8efcf24c66 100644
--- a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
@@ -1,31 +1,19 @@
 ---
-title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
+title: Manage Device Installation with Group Policy
 description: Find out how to manage Device Installation Restrictions with Group Policy.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.date: 09/14/2021
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
+ms.date: 08/10/2023
 ms.topic: article
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
 ---
 
 # Manage Device Installation with Group Policy
 
-## Summary
-
 By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
 
 ## Introduction
 
 ### General
 
-This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and can't install. This guide applies to all Windows versions starting with RS5 (1809). The guide includes the following scenarios:
+This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and can't install. This guide applies to all Windows versions starting with Windows 10, version 1809. The guide includes the following scenarios:
 
 - Prevent users from installing devices that are on a "prohibited" list. If a device isn't on the list, then the user can install it.
 - Allow users to install only devices that are on an "approved" list. If a device isn't on the list, then the user can't install it.
@@ -62,32 +50,15 @@ You can ensure that users install only those devices that your technical support
 
 ## Scenario Overview
 
-The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site.
+The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to create a Group policy object to manage your client computers, see [Create a Group Policy Object](/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object).
 
-Group Policy guides:
-
-- [Create a Group Policy Object (Windows 10) - Windows Security](/windows/security/threat-protection/windows-firewall/create-a-group-policy-object)
-- [Advanced Group Policy Management - Microsoft Desktop Optimization Pack](/microsoft-desktop-optimization-pack/agpm)
-
-### Scenario #1: Prevent installation of all printers
-
-In this scenario, the administrator wants to prevent users from installing any printers. Thus is a basic scenario to introduce you to the 'prevent/allow' functionality of Device Installation policies in Group Policy.
-
-### Scenario #2: Prevent installation of a specific printer
-
-In this scenario, the administrator allows standard users to install all printers while but preventing them from installing a specific one.
-
-### Scenario #3: Prevent installation of all printers while allowing a specific printer to be installed
-
-In this scenario, you'll combine what you learned from both scenario #1 and scenario #2. The administrator wants to allow standard users to install only a specific printer while preventing the installation of all other printers. This scenario is a more realistic one and brings you a step farther in understanding of the Device Installation Restrictions policies.
-
-### Scenario #4: Prevent installation of a specific USB device
-
-This scenario, although similar to scenario #2, brings another layer of complexity—how does device connectivity work in the PnP tree. The administrator wants to prevent standard users from installing a specific USB device. By the end of the scenario, you should understand the way devices are nested in layers under the PnP device connectivity tree.
-
-### Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb drive
-
-In this scenario, combining all previous four scenarios, you'll learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the 'prevent' functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario.
+| Scenario | Description|
+|--|--|
+| Scenario #1: Prevent installation of all printers | In this scenario, the administrator wants to prevent users from installing any printers. Thus is a basic scenario to introduce you to the 'prevent/allow' functionality of Device Installation policies in Group Policy. |
+| Scenario #2: Prevent installation of a specific printer | In this scenario, the administrator allows standard users to install all printers while but preventing them from installing a specific one. |
+| Scenario #3: Prevent installation of all printers while allowing a specific printer to be installed | In this scenario, you combine what you learned from both scenario #1 and scenario #2. The administrator wants to allow standard users to install only a specific printer while preventing the installation of all other printers. This scenario is a more realistic one and brings you a step farther in understanding of the Device Installation Restrictions policies. |
+| Scenario #4: Prevent installation of a specific USB device | This scenario, although similar to scenario #2, brings another layer of complexity-how does device connectivity work in the PnP tree. The administrator wants to prevent standard users from installing a specific USB device. By the end of the scenario, you should understand the way devices are nested in layers under the PnP device connectivity tree. |
+| Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb drive | In this scenario, combining all previous four scenarios, you learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the 'prevent' functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario. |
 
 ## Technology Review
 
@@ -95,7 +66,7 @@ The following sections provide a brief overview of the core technologies discuss
 
 ### Device Installation in Windows
 
-A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition—it's a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type.
+A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition-it's a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type.
 
 When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those strings included with the driver packages.
 
@@ -124,7 +95,7 @@ Hardware IDs are the identifiers that provide the exact match between a device a
 
 Windows uses these identifiers to select a driver if the operating system can't find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they're generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
 
-When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see [How Windows selects a driver package for a device](/windows-hardware/drivers/install/how-windows-selects-a-driver-for-a-device).
+When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you're attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see [How Windows selects a driver package for a device](/windows-hardware/drivers/install/how-windows-selects-a-driver-for-a-device).
 
 > [!NOTE]
 > For more information about the driver installation process, see the "Technology review" section of the Step-by-Step Guide to Driver Signing and Staging.
@@ -197,7 +168,7 @@ Note: This policy setting takes precedence over any other policy settings that a
 
 ### Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
 
-This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:
+This policy setting changes the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supersedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:
 
 > **Device instance IDs** > **Device IDs** > **Device setup class** > **Removable devices**
 
@@ -206,7 +177,7 @@ This policy setting will change the evaluation order in which Allow and Prevent
 >
 > If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
 
-Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
+Some of these policies take precedence over other policies. The following flowchart illustrates how Windows processes them to determine whether a user can install a device or not.
 
 ![Device Installation policies flow chart.](images/device-installation-flowchart.png)<br/>_Device Installation policies flow chart_
 
@@ -217,11 +188,8 @@ Some of these policies take precedence over other policies. The flowchart shown
 To complete each of the scenarios, ensure you have:
 
 - A client computer running Windows.
-
 - A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a "removable disk drive", "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives don't require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
-
 - A USB/network printer pre-installed on the machine.
-
 - Access to the administrator account on the testing machine. The procedures in this guide require administrator privileges for most steps.
 
 ### Understanding implications of applying 'Prevent' policies retroactive
@@ -248,7 +216,7 @@ To find device identification strings using Device Manager
 
 1. Make sure your printer is plugged in and installed.
 
-1. To open Device Manager, click the Start button, type mmc devmgmt.msc in the Start Search box, and then press ENTER; or search for Device Manager as application.
+1. To open Device Manager, select the Start button, type mmc devmgmt.msc in the Start Search box, and then press ENTER; or search for Device Manager as application.
 
 1. Device Manager starts and displays a tree representing all of the devices detected on your computer. At the top of the tree is a node with your computers name next to it. Lower nodes represent the various categories of hardware into which your computers devices are grouped.
 
@@ -260,7 +228,7 @@ To find device identification strings using Device Manager
 
     !['Details' tab.](images/device-installation-dm-printer-details-screen.png)<br/>_Open the 'Details' tab to look for the device identifiers_
 
-1. From the 'Value' window, copy the most detailed Hardware ID—we'll use this value in the policies.
+1. From the 'Value' window, copy the most detailed Hardware ID-we'll use this value in the policies.
 
     ![HWID.](images/device-installation-dm-printer-hardware-ids.png)
 
@@ -349,27 +317,27 @@ Creating the policy to prevent all printers from being installed:
 
 1. Open **Prevent installation of devices using drivers that match these device setup classes** policy and select the 'Enable' radio button.
 
-1. In the lower left side, in the 'Options' window, click the 'Show...' box. This option will take you to a table where you can enter the class identifier to block.
+1. In the lower left side, in the 'Options' window, click the 'Show...' box. This option takes you to a table where you can enter the class identifier to block.
 
-1. Enter the printer class GUID you found above with the curly braces: `{4d36e979-e325-11ce-bfc1-08002be10318}`.
+1. Enter the printer class GUID you found with the curly braces: `{4d36e979-e325-11ce-bfc1-08002be10318}`.
 
-    ![List of prevent Class GUIDs.](images/device-installation-gpo-prevent-class-list.png)<br/>_List of prevent Class GUIDs_
+    ![List of prevent Class GUIDs](images/device-installation-gpo-prevent-class-list.png)<br/>_List of prevent Class GUIDs_
 
 1. Click 'OK'.
 
-1. Click 'Apply' on the bottom right of the policy's window—this option pushes the policy and blocks all future printer installations, but doesn't apply to existing installs.
+1. Click 'Apply' on the bottom right of the policy's window-this option pushes the policy and blocks all future printer installations, but doesn't apply to existing installs.
 
-1. Optional—if you would like to apply the policy to existing installs: Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed'
+1. Optional-if you would like to apply the policy to existing installs: Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed'
 
 > [!IMPORTANT]
 > Using a Prevent policy (like the one we used in scenario #1 above) and applying it to all previously installed devices (see step #9) could render crucial devices unusable; hence, use with caution. For example: If an IT admin wants to prevent all removable storage devices from being installed on the machine, using 'Disk Drive' class for blocking and applying it retroactive could render the internal hard-drive unusable and to break the machine.
 
-### Testing the scenario
+### Testing scenario 1
 
 1. If you haven't completed step #9, follow these steps:
 
    1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click "Uninstall device".
-   1. For USB printer—unplug and plug back the cable; for network device—make a search for the printer in the Windows Settings app.
+   1. For USB printer-unplug and plug back the cable; for network device-make a search for the printer in the Windows Settings app.
    1. You shouldn't be able to reinstall the printer.
 
 1. If you completed step #9 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use.
@@ -418,7 +386,7 @@ Creating the policy to prevent a single printer from being installed:
 
 1. Optionally, if you would like to apply the policy to an existing install, open the **Prevent installation of devices that match any of these device IDs** policy again. In the 'Options' window, mark the checkbox that says 'Also apply to matching devices that are already installed'.
 
-###	Testing the scenario
+### Testing scenario 2
 
 If you completed step #8 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use.
 
@@ -448,14 +416,14 @@ Setting up the environment for the scenario with the following steps:
 
 ### Scenario steps - preventing installation of an entire class while allowing a specific printer
 
-Getting the device identifier for both the Printer Class and a specific printer—following the steps in scenario #1 to find Class identifier and scenario #2 to find Device identifier you could get the identifiers you need for this scenario:
+Getting the device identifier for both the Printer Class and a specific printer-following the steps in scenario #1 to find Class identifier and scenario #2 to find Device identifier you could get the identifiers you need for this scenario:
 
 - ClassGuid = {4d36e979-e325-11ce-bfc1-08002be10318}
 - Hardware ID = WSDPRINT\CanonMX920_seriesC1A0
 
 First create a 'Prevent Class' policy and then create 'Allow Device' one:
 
-1. Open Group Policy Object Editor—either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search "Group Policy Editor" and open the UI.
+1. Open Group Policy Object Editor-either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search "Group Policy Editor" and open the UI.
 
 1. Navigate to the Device Installation Restriction page:
 
@@ -469,15 +437,15 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one:
 
 1. Enter the printer class GUID you found above with the curly braces (this value is important! Otherwise, it won't work): {4d36e979-e325-11ce-bfc1-08002be10318}
 
-    ![List of prevent Class GUIDs.](images/device-installation-gpo-prevent-class-list.png)<br/>_List of prevent Class GUIDs_
+    ![List of prevent Class IDs](images/device-installation-gpo-prevent-class-list.png)<br/>_List of prevent Class GUIDs_
 
 1. Click 'OK'.
 
-1. Click 'Apply' on the bottom right of the policy's window—this option pushes the policy and blocks all future printer installations, but doesn't apply to existing installs.
+1. Click 'Apply' on the bottom right of the policy's window-this option pushes the policy and blocks all future printer installations, but doesn't apply to existing installs.
 
 1. To complete the coverage of all future and existing printers, open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed' and click 'OK'
 
-1. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it—this policy will enable you to override the wide coverage of the 'Prevent' policy with a specific device.
+1. Open the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and enable it-this policy will enable you to override the wide coverage of the 'Prevent' policy with a specific device.
 
     :::image type="content" alt-text="Screenshot of Local Group Policy Editor that shows the policies under Device Installation Restrictions and the policy named in this step." source="images/device-installation-apply-layered_policy-1.png" lightbox="images/device-installation-apply-layered_policy-1.png":::
 
@@ -493,13 +461,13 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one:
 
 1. Click 'OK'.
 
-1. Click 'Apply' on the bottom right of the policy's window—this option pushes the policy and allows the target printer to be installed (or stayed installed).
+1. Click 'Apply' on the bottom right of the policy's window-this option pushes the policy and allows the target printer to be installed (or stayed installed).
 
-## Testing the scenario
+## Testing scenario 3
 
 1. Look for your printer under Device Manager or the Windows Settings app and see that it's still there and accessible. Or just print a test document.
 
-1. Go back to the Group Policy Editor, disable **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and test again your printer—you shouldn't be bale to print anything or able to access the printer at all.
+1. Go back to the Group Policy Editor, disable **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and test again your printer-you shouldn't be bale to print anything or able to access the printer at all.
 
 ## Scenario #4: Prevent installation of a specific USB device
 
@@ -552,7 +520,7 @@ Creating the policy to prevent a single USB thumb-drive from being installed:
 
 1. In the lower left side, in the 'Options' window, click the 'Show' box. This option will take you to a table where you can enter the device identifier to block.
 
-1. Enter the USB thumb-drive device ID you found above—`USBSTOR\DiskGeneric_Flash_Disk______8.07`.
+1. Enter the USB thumb-drive device ID you found above-`USBSTOR\DiskGeneric_Flash_Disk______8.07`.
 
     ![Prevent Device IDs list.](images/device-installation-gpo-prevent-device-id-list-usb.png)<br/>_Prevent Device IDs list_
 
@@ -562,7 +530,7 @@ Creating the policy to prevent a single USB thumb-drive from being installed:
 
 1. Optional - if you would like to apply the policy to an existing install, open the **Prevent installation of devices that match any of these device IDs** policy again. In the 'Options' window, mark the checkbox that says 'also apply to matching devices that are already installed'.
 
-### Testing the scenario
+### Testing scenario 4
 
 1. If you haven't completed step #8, follow these steps:
 
@@ -658,7 +626,7 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one:
 
 1. In the lower left side, in the 'Options' window, click the 'Show...' box. This option will take you to a table where you can enter the device identifier to allow.
 
-1. Enter the full list of USB device IDs you found above including the specific USB Thumb-drive you would like to authorize for installation—`USBSTOR\DiskGeneric_Flash_Disk______8.07`.
+1. Enter the full list of USB device IDs you found above including the specific USB Thumb-drive you would like to authorize for installation-`USBSTOR\DiskGeneric_Flash_Disk______8.07`.
 
     ![Image of an example list of devices that have been configured for the policy "Allow installation of devices that match any of these Device IDs.".](images/device-installation-gpo-allow-device-id-list-usb.png)<br/>_Allowed USB Device IDs list_
 
@@ -668,6 +636,6 @@ First create a 'Prevent Class' policy and then create 'Allow Device' one:
 
 1. To apply the 'Prevent' coverage of all currently installed USB devices, open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the 'Options' window mark the checkbox that says 'also apply to matching devices that are already installed' and click 'OK'.
 
-### Testing the scenario
+### Testing scenario 5
 
-You shouldn't be able to install any USB thumb-drive, except the one you authorized for usage
+You shouldn't be able to install any USB thumb-drive, except the one you authorized for usage.
diff --git a/windows/client-management/client-tools/manage-settings-app-with-group-policy.md b/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
index a0af81bb73..afc00a6203 100644
--- a/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
@@ -1,18 +1,8 @@
 ---
 title: Manage the Settings app with Group Policy
 description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.date: 04/13/2023
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
+ms.date: 08/10/2023
 ms.topic: article
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
 
 # Manage the Settings app with Group Policy
diff --git a/windows/client-management/client-tools/mandatory-user-profile.md b/windows/client-management/client-tools/mandatory-user-profile.md
index 181e7485db..5c867f498d 100644
--- a/windows/client-management/client-tools/mandatory-user-profile.md
+++ b/windows/client-management/client-tools/mandatory-user-profile.md
@@ -1,35 +1,26 @@
 ---
 title: Create mandatory user profiles
 description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 04/11/2023
-ms.reviewer:
-manager: aaroncz
+ms.date: 08/10/2023
 ms.topic: article
 ms.collection:
 - highpri
 - tier2
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Create mandatory user profiles
 
-A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to) icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned.
+A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but aren't limited to) icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile aren't saved when a mandatory user profile is assigned.
 
 Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles.
 
-When the server that stores the mandatory profile is unavailable, such as when the user is not connected to the corporate network, users with mandatory profiles can sign in with the locally cached copy of the mandatory profile, if one exists. Otherwise, the user will be signed in with a temporary profile.
+When the server that stores the mandatory profile is unavailable, such as when the user isn't connected to the corporate network, users with mandatory profiles can sign in with the locally cached copy of the mandatory profile, if one exists. Otherwise, the user is signed in with a temporary profile.
 
 User profiles become mandatory profiles when the administrator renames the `NTuser.dat` file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
 
 ## Profile extension for each Windows version
 
-The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
+The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it applies to. The following table lists the correct extension for each operating system version.
 
 | Client operating system version     | Server operating system version                 | Profile extension |
 |-------------------------------------|-------------------------------------------------|-------------------|
@@ -48,7 +39,7 @@ First, you create a default user profile with the customizations that you want,
 
 ### How to create a default user profile
 
-1. Sign in to a computer running Windows as a member of the local Administrator group. Do not use a domain account.
+1. Sign in to a computer running Windows as a member of the local Administrator group. Don't use a domain account.
 
    > [!NOTE]
    > Use a lab or extra computer running a clean installation of Windows to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders.
@@ -56,11 +47,11 @@ First, you create a default user profile with the customizations that you want,
 1. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on.
 
    > [!NOTE]
-   > Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-topics).
+   > Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-articles).
 
 1. [Create an answer file (Unattend.xml)](/windows-hardware/customize/desktop/wsim/create-or-open-an-answer-file) that sets the [CopyProfile](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-copyprofile) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user's profile folder to the default user profile. You can use [Windows System Image Manager](/windows-hardware/customize/desktop/wsim/windows-system-image-manager-technical-reference), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file.
 
-1. Uninstall any application you do not need or want from the PC. For examples on how to uninstall Windows Application see [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage?view=win10-ps&preserve-view=true). For a list of uninstallable applications, see [Understand the different apps included in Windows](/windows/application-management/apps-in-windows-10).
+1. Uninstall any application you don't need or want from the PC. For examples on how to uninstall Windows Application see [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage?view=win10-ps&preserve-view=true). For a list of uninstallable applications, see [Understand the different apps included in Windows](/windows/application-management/overview-windows-apps).
 
    > [!NOTE]
    > It is highly recommended to uninstall unwanted or unneeded apps as it will speed up user sign-in times.
@@ -82,27 +73,27 @@ First, you create a default user profile with the customizations that you want,
 
 1. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the setup, and then sign in to the computer using an account that has local administrator privileges.
 
-1. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
+1. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and select **Settings** in the **User Profiles** section.
 
-1. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
+1. In **User Profiles**, select **Default Profile**, and then select **Copy To**.
 
    ![Example of User Profiles UI.](images/copy-to.png)
 
-1. In **Copy To**, under **Permitted to use**, click **Change**.
+1. In **Copy To**, under **Permitted to use**, select **Change**.
 
    ![Example of Copy To UI.](images/copy-to-change.png)
 
-1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
+1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, select **Check Names**, and then select **OK**.
 
 1. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#profile-extension-for-each-windows-version) for the operating system version. For example, the folder name must end with `.v6` to identify it as a user profile folder for Windows 10, version 1607 or later.
 
-   - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
+   - If the device is joined to the domain and you're signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
 
      ![Example of Copy profile to.](images/copy-to-path.png)
 
-   - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.
+   - If the device isn't joined to the domain, you can save the profile locally, and then copy it to the shared folder location.
 
-1. Click **OK** to copy the default user profile.
+1. Select **OK** to copy the default user profile.
 
 ### How to make the user profile mandatory
 
@@ -118,7 +109,7 @@ First, you create a default user profile with the customizations that you want,
 1. Open the properties of the "profile.v6" folder.
 1. Select the **Security** tab and then select **Advanced**.
 1. Verify the **Owner** of the folder. It must be the builtin **Administrators** group. To change the owner, you must be a member of the Administrators group on the file server, or have "Set owner" privilege on the server.
-1. When you set the owner, select **Replace owner on subcontainers and objects** before you click OK.
+1. When you set the owner, select **Replace owner on subcontainers and objects** before you select OK.
 
 ## Apply a mandatory user profile to users
 
@@ -127,14 +118,10 @@ In a domain, you modify properties for the user account to point to the mandator
 ### How to apply a mandatory user profile to users
 
 1. Open **Active Directory Users and Computers** (dsa.msc).
-
-1. Navigate to the user account that you will assign the mandatory profile to.
-
+1. Navigate to the user account that you'll assign the mandatory profile to.
 1. Right-click the user name and open **Properties**.
-
 1. On the **Profile** tab, in the **Profile path** field, enter the path to the shared folder without the extension. For example, if the folder name is `\\server\share\profile.v6`, you would enter `\\server\share\profile`.
-
-1. Click **OK**.
+1. Select **OK**.
 
 It may take some time for this change to replicate to all domain controllers.
 
@@ -149,9 +136,9 @@ When a user is configured with a mandatory profile, Windows starts as though it
 | Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled | ✅         | ❌                 |
 
 > [!NOTE]
-> The Group Policy settings above can be applied in Windows Professional edition.
+> These Group Policy settings can be applied in Windows Professional edition.
 
-## Related topics
+## Related articles
 
 - [Manage Windows 10 Start layout and taskbar options](/windows/configuration/windows-10-start-layout-options-and-policies)
 - [Lock down Windows 10 to specific apps](/windows/configuration/lock-down-windows-10-to-specific-apps)
diff --git a/windows/client-management/client-tools/quick-assist.md b/windows/client-management/client-tools/quick-assist.md
index 9997673adf..615806cfd5 100644
--- a/windows/client-management/client-tools/quick-assist.md
+++ b/windows/client-management/client-tools/quick-assist.md
@@ -1,18 +1,9 @@
 ---
 title: Use Quick Assist to help users
 description: Learn how IT Pros can use Quick Assist to help users.
-ms.date: 04/11/2023
-ms.prod: windows-client
+ms.date: 08/10/2023
 ms.topic: article
-ms.technology: itpro-manage
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.reviewer: pmadrigal
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ms.collection:
 - highpri
 - tier1
diff --git a/windows/client-management/client-tools/windows-libraries.md b/windows/client-management/client-tools/windows-libraries.md
index 12e7efd5db..43666505af 100644
--- a/windows/client-management/client-tools/windows-libraries.md
+++ b/windows/client-management/client-tools/windows-libraries.md
@@ -1,20 +1,8 @@
 ---
 title: Windows Libraries
 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.reviewer:
-ms.technology: itpro-manage
 ms.topic: article
-ms.date: 04/11/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
+ms.date: 08/10/2023
 ---
 
 # Windows libraries
@@ -23,7 +11,7 @@ Libraries are virtual containers for users' content. A library can contain files
 
 ## Features for Users
 
-Windows libraries are backed by full content search and rich metadata. Libraries offer the following advantages to users:
+Windows libraries provide full content search and rich metadata. Libraries offer the following advantages to users:
 
 - Aggregate content from multiple storage locations into a single, unified presentation.
 - Enable users to stack and group library contents based on metadata.
@@ -63,7 +51,7 @@ Libraries are built upon the legacy known folders (such as My Documents, My Pict
 
 ### Hiding Default Libraries
 
-Users or administrators can hide or delete the default libraries, though the libraries node in the Navigation pane can't be hidden or deleted. Hiding a default library is preferable to deleting it, as applications like Windows Media Player rely on the default libraries and will re-create them if they don't exist on the computer. See [How to Hide Default Libraries](/previous-versions/windows/it-pro/windows-7/ee461108(v=ws.10)#BKMK_HideDefaultLibraries) for instructions.
+Users or administrators can hide or delete the default libraries, though the libraries node in the Navigation pane can't be hidden or deleted. Hiding a default library is preferable to deleting it, as applications like Windows Media Player rely on the default libraries and re-create them if they don't exist on the computer. See [How to Hide Default Libraries](/previous-versions/windows/it-pro/windows-7/ee461108(v=ws.10)#BKMK_HideDefaultLibraries) for instructions.
 
 ### Default Save Locations for Libraries
 
@@ -117,9 +105,7 @@ The following library attributes can be modified within Windows Explorer, the Li
 - Order of library locations
 - Default save location
 
-The library icon can be modified by the administrator or user by directly editing the Library Description schema file.
-
-See [Library Description Schema](/windows/win32/shell/library-schema-entry) for information on creating Library Description files.
+The library icon can be modified by the administrator or user by directly editing the Library Description schema file. See [Library Description Schema](/windows/win32/shell/library-schema-entry) for information on creating Library Description files.
 
 ## See also
 
diff --git a/windows/client-management/client-tools/windows-version-search.md b/windows/client-management/client-tools/windows-version-search.md
index 42f0454fa7..a9ff816f27 100644
--- a/windows/client-management/client-tools/windows-version-search.md
+++ b/windows/client-management/client-tools/windows-version-search.md
@@ -1,17 +1,8 @@
 ---
 title: What version of Windows am I running?
 description: Discover which version of Windows you're running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 04/13/2023
-ms.reviewer:
-manager: aaroncz
-ms.topic: troubleshooting
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
+ms.topic: article
 ---
 
 # What version of Windows am I running?
@@ -20,11 +11,11 @@ The [Long-Term Servicing Channel](/windows/deployment/update/waas-overview#servi
 
 In the [General Availability Channel](/windows/deployment/update/waas-overview#servicing-channels), you can set feature updates as soon as Microsoft releases them. This servicing modal is ideal for pilot deployments and to test Windows feature updates and for users like developers who need to work with the latest features immediately. Once you've tested the latest release, you can choose when to roll it out broadly in your deployment.
 
-To determine if your device is enrolled in the Long-Term Servicing Channel or the General Availability Channel, you'll need to know what version of Windows you're running. There are a few ways to figure this out. Each method provides a different set of details, so it's useful to learn about all of them.
+To determine if your device is enrolled in the Long-Term Servicing Channel or the General Availability Channel, you need to know what version of Windows you're running. There are a few ways to figure this out. Each method provides a different set of details, so it's useful to learn about all of them.
 
 ## System Properties
 
-Select **Start** > **Settings** > **System**, then select **About**. You'll then see **Edition**, **Version**, and **OS Build** information.
+Select **Start** > **Settings** > **System**, then select **About**. You then see **Edition**, **Version**, and **OS Build** information.
 
 :::image type="content" source="images/systemcollage.png" alt-text="screenshot of the system properties window for a device running Windows 10.":::
 
@@ -49,6 +40,6 @@ You can type the following in the search bar and press **ENTER** to see version
 
     :::image type="content" source="images/refcmd.png" alt-text="screenshot of system information display text.":::
 
-- At the PowerShell or Command Prompt, type `slmgr /dlv`, and then press ENTER. The /dlv command displays the detailed licensing information. Notice the output displays "EnterpriseS" as seen in the image below:
+- At the PowerShell or Command Prompt, type `slmgr /dlv`, and then press ENTER. The /dlv command displays the detailed licensing information. Notice the output displays "EnterpriseS" as seen in the following image:
 
     :::image type="content" source="images/slmgr-dlv.png" alt-text="screenshot of software licensing manager.":::
diff --git a/windows/client-management/config-lock.md b/windows/client-management/config-lock.md
index d32bed289c..443c29c949 100644
--- a/windows/client-management/config-lock.md
+++ b/windows/client-management/config-lock.md
@@ -1,20 +1,15 @@
 ---
 title: Secured-core configuration lock
 description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 05/24/2022
+ms.date: 08/10/2023
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
 
 # Secured-core PC configuration lock
 
-In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with config lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
+In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a noncompliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with config lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
 
 Secured-core configuration lock (config lock) is a new [secured-core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC.
 
@@ -24,11 +19,11 @@ To summarize, config lock:
 - Detects drift remediates within seconds
 - Doesn't prevent malicious attacks
 
+[!INCLUDE [secured-core-configuration-lock](../../includes/licensing/secured-core-configuration-lock.md)]
+
 ## Configuration Flow
 
-After a [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure) reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
-
-[!INCLUDE [secured-core-configuration-lock](../../includes/licensing/secured-core-configuration-lock.md)]
+After a [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure) reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock doesn't apply. If the device is a secured-core PC, config lock locks the policies listed under [List of locked policies](#list-of-locked-policies).
 
 ## Enabling config lock using Microsoft Intune
 
@@ -39,23 +34,24 @@ The steps to turn on config lock using Microsoft Intune are as follows:
 1. Ensure that the device to turn on config lock is enrolled in Microsoft Intune.
 1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Configuration Profiles** > **Create a profile**.
 1. Select the following and press **Create**:
-    - **Platform**: Windows 10 and later
-    - **Profile type**: Templates
+    - **Platform**: `Windows 10 and later`
+    - **Profile type**: `Templates`
     - **Template name**: Custom
 
     :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates.":::
 
 1. Name your profile.
 1. When you reach the Configuration Settings step, select "Add" and add the following information:
-    - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock
-    - **Data type**: Integer
-    - **Value**: 1 </br>
+    - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock`
+    - **Data type**: `Integer`
+    - **Value**: `1`
+
     To turn off config lock, change the value to 0.
 
-    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of config lock, a Description of Turn on config lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1.":::
+    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of config lock, a Description of Turn-on config lock and the OMA-URI set, along with a Data type of Integer set to a Value of 1.":::
 
 1. Select the devices to turn on config lock. If you're using a test tenant, you can select "+ Add all devices".
-1. You'll not need to set any applicability rules for test purposes.
+1. You don't need to set any applicability rules for test purposes.
 1. Review the Configuration and select "Create" if everything is correct.
 1. After the device syncs with the Microsoft Intune server, you can confirm if the config lock was successfully enabled.
 
@@ -75,52 +71,52 @@ Config lock is designed to ensure that a secured-core PC isn't unintentionally m
 
 ## List of locked policies
 
-|**CSPs**     |
-|-----|
-|[BitLocker](mdm/bitlocker-csp.md)      |
-|[PassportForWork](mdm/passportforwork-csp.md)       |
-|[WindowsDefenderApplicationGuard](mdm/windowsdefenderapplicationguard-csp.md)       |
-|[ApplicationControl](mdm/applicationcontrol-csp.md)
+| **CSPs**                                                                      |
+|-------------------------------------------------------------------------------|
+| [BitLocker](mdm/bitlocker-csp.md)                                             |
+| [PassportForWork](mdm/passportforwork-csp.md)                                 |
+| [WindowsDefenderApplicationGuard](mdm/windowsdefenderapplicationguard-csp.md) |
+| [ApplicationControl](mdm/applicationcontrol-csp.md)                           |
 
-|**MDM policies**     | **Supported by Group Policy** |
-|-----|-----|
-|[DataProtection/AllowDirectMemoryAccess](mdm/policy-csp-dataprotection.md)      | No |
-|[DataProtection/LegacySelectiveWipeID](mdm/policy-csp-dataprotection.md)      | No |
-|[DeviceGuard/ConfigureSystemGuardLaunch](mdm/policy-csp-deviceguard.md)      | Yes |
-|[DeviceGuard/EnableVirtualizationBasedSecurity](mdm/policy-csp-deviceguard.md)      | Yes |
-|[DeviceGuard/LsaCfgFlags](mdm/policy-csp-deviceguard.md)      | Yes |
-|[DeviceGuard/RequirePlatformSecurityFeatures](mdm/policy-csp-deviceguard.md)      | Yes |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md)      | Yes |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md)      | Yes |
-|[DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventDeviceMetadataFromNetwork](mdm/policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](mdm/policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md) | Yes |
-|[DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md) | Yes |
-|[DmaGuard/DeviceEnumerationPolicy](mdm/policy-csp-dmaguard.md) | Yes |
-|[WindowsDefenderSecurityCenter/CompanyName](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableAccountProtectionUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableAppBrowserUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableClearTpmButton](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableEnhancedNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableFamilyUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableHealthUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableNetworkUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](mdm/policy-csp-windowsdefendersecuritycenter.md)| Yes |
-|[WindowsDefenderSecurityCenter/DisableVirusUI](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/Email](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/EnableCustomizedToasts](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/EnableInAppCustomization](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideSecureBoot](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideTPMTroubleshooting](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/Phone](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[WindowsDefenderSecurityCenter/URL](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes |
-|[SmartScreen/EnableAppInstallControl](mdm/policy-csp-smartscreen.md)| Yes |
-|[SmartScreen/EnableSmartScreenInShell](mdm/policy-csp-smartscreen.md) | Yes |
-|[SmartScreen/PreventOverrideForFilesInShell](mdm/policy-csp-smartscreen.md) | Yes |
+| **MDM policies**                                                                                                            | **Supported by Group Policy** |
+|-----------------------------------------------------------------------------------------------------------------------------|-------------------------------|
+| [DataProtection/AllowDirectMemoryAccess](mdm/policy-csp-dataprotection.md)                                                  | No                            |
+| [DataProtection/LegacySelectiveWipeID](mdm/policy-csp-dataprotection.md)                                                    | No                            |
+| [DeviceGuard/ConfigureSystemGuardLaunch](mdm/policy-csp-deviceguard.md)                                                     | Yes                           |
+| [DeviceGuard/EnableVirtualizationBasedSecurity](mdm/policy-csp-deviceguard.md)                                              | Yes                           |
+| [DeviceGuard/LsaCfgFlags](mdm/policy-csp-deviceguard.md)                                                                    | Yes                           |
+| [DeviceGuard/RequirePlatformSecurityFeatures](mdm/policy-csp-deviceguard.md)                                                | Yes                           |
+| [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md)                             | Yes                           |
+| [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md)                     | Yes                           |
+| [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md)                    | Yes                           |
+| [DeviceInstallation/PreventDeviceMetadataFromNetwork](mdm/policy-csp-deviceinstallation.md)                                 | Yes                           |
+| [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](mdm/policy-csp-deviceinstallation.md)    | Yes                           |
+| [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](mdm/policy-csp-deviceinstallation.md)                           | Yes                           |
+| [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](mdm/policy-csp-deviceinstallation.md)                   | Yes                           |
+| [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](mdm/policy-csp-deviceinstallation.md)                  | Yes                           |
+| [DmaGuard/DeviceEnumerationPolicy](mdm/policy-csp-dmaguard.md)                                                              | Yes                           |
+| [WindowsDefenderSecurityCenter/CompanyName](mdm/policy-csp-windowsdefendersecuritycenter.md)                                | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableAccountProtectionUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                 | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableAppBrowserUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                        | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableClearTpmButton](mdm/policy-csp-windowsdefendersecuritycenter.md)                      | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableDeviceSecurityUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                    | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableEnhancedNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md)               | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableFamilyUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                            | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableHealthUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                            | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableNetworkUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                           | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableNotifications](mdm/policy-csp-windowsdefendersecuritycenter.md)                       | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning](mdm/policy-csp-windowsdefendersecuritycenter.md)            | Yes                           |
+| [WindowsDefenderSecurityCenter/DisableVirusUI](mdm/policy-csp-windowsdefendersecuritycenter.md)                             | Yes                           |
+| [WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride](mdm/policy-csp-windowsdefendersecuritycenter.md)          | Yes                           |
+| [WindowsDefenderSecurityCenter/Email](mdm/policy-csp-windowsdefendersecuritycenter.md)                                      | Yes                           |
+| [WindowsDefenderSecurityCenter/EnableCustomizedToasts](mdm/policy-csp-windowsdefendersecuritycenter.md)                     | Yes                           |
+| [WindowsDefenderSecurityCenter/EnableInAppCustomization](mdm/policy-csp-windowsdefendersecuritycenter.md)                   | Yes                           |
+| [WindowsDefenderSecurityCenter/HideRansomwareDataRecovery](mdm/policy-csp-windowsdefendersecuritycenter.md)                 | Yes                           |
+| [WindowsDefenderSecurityCenter/HideSecureBoot](mdm/policy-csp-windowsdefendersecuritycenter.md)                             | Yes                           |
+| [WindowsDefenderSecurityCenter/HideTPMTroubleshooting](mdm/policy-csp-windowsdefendersecuritycenter.md)                     | Yes                           |
+| [WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl](mdm/policy-csp-windowsdefendersecuritycenter.md) | Yes                           |
+| [WindowsDefenderSecurityCenter/Phone](mdm/policy-csp-windowsdefendersecuritycenter.md)                                      | Yes                           |
+| [WindowsDefenderSecurityCenter/URL](mdm/policy-csp-windowsdefendersecuritycenter.md)                                        | Yes                           |
+| [SmartScreen/EnableAppInstallControl](mdm/policy-csp-smartscreen.md)                                                        | Yes                           |
+| [SmartScreen/EnableSmartScreenInShell](mdm/policy-csp-smartscreen.md)                                                       | Yes                           |
+| [SmartScreen/PreventOverrideForFilesInShell](mdm/policy-csp-smartscreen.md)                                                 | Yes                           |
diff --git a/windows/client-management/device-update-management.md b/windows/client-management/device-update-management.md
index 9680e7249e..e6c914668a 100644
--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@@ -1,20 +1,11 @@
 ---
 title: Mobile device management MDM for device updates
 description: Windows provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
+ms.date: 08/10/2023
 ms.collection:
 - highpri
 - tier2
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Mobile device management (MDM) for device updates
@@ -59,8 +50,8 @@ This section describes this setup. The following diagram shows the server-server
 
 MSDN provides much information about the Server-Server sync protocol. In particular:
 
-- It's a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development.
-- You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it's even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to `https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx`.
+- It's a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, to simplify development.
+- You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it's even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL generates an incorrect binding URL. The binding URL should be set to `https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx`.
 
 Some important highlights:
 
@@ -73,7 +64,7 @@ Some important highlights:
 
 ### Examples of update metadata XML structure and element descriptions
 
-The response of the GetUpdateData call returns an array of ServerSyncUpdateData that contains the update metadata in the XmlUpdateBlob element. The schema of the update xml is available at [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). Some of the key elements are described below:
+The response of the GetUpdateData call returns an array of ServerSyncUpdateData that contains the update metadata in the XmlUpdateBlob element. The schema of the update xml is available at [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). Some of the key elements are described here:
 
 - **UpdateID** - The unique identifier for an update
 - **RevisionNumber** - Revision number for the update in case the update was modified.
@@ -103,9 +94,9 @@ First some background:
 
 The following procedure describes a basic algorithm for a metadata sync service:
 
-1. Create an empty list of "needed update IDs to fault in". This list will get updated by the MDM service component that uses OMA DM. We recommend not adding definition updates to this list, since they're temporary. For example, Defender can release new definition updates many times per day, each of which is cumulative.
+1. Create an empty list of "needed update IDs to fault in". This list gets updated by the MDM service component that uses OMA DM. We recommend not adding definition updates to this list, since they're temporary. For example, Defender can release new definition updates many times per day, each of which is cumulative.
 1. Sync periodically (we recommend once every 2 hours - no more than once/hour).
-   1. Implement the authorization phase of the protocol to get a cookie if you don't already have a non-expired cookie. See **Sample 1: Authorization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a).
+   1. Implement the authorization phase of the protocol to get a cookie if you don't already have a nonexpired cookie. See **Sample 1: Authorization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a).
    1. Implement the metadata portion of the protocol. See **Sample 2: Metadata and Deployments Synchronization** in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a)), and call GetUpdateData for all updates in the "needed update IDs to fault in" list if the update metadata hasn't already been pulled into the DB.
         - If the update is a newer revision of an existing update (same UpdateID, higher revision number), replace the previous update metadata with the new one.
         - Remove updates from the "needed update IDs to fault in" list once they've been brought in.
@@ -131,7 +122,7 @@ Updates are configured using the [Update Policy CSP](mdm/policy-csp-update.md).
 
 ### Update management user experience screenshot
 
-The following screenshots of the administrator console show the list of update titles, approval status, and additional metadata fields.
+The following screenshots of the administrator console show the list of update titles, approval status, and other metadata fields.
 
 :::image type="content" source="images/deviceupdatescreenshot1.png" alt-text="mdm update management screenshot.":::
 
diff --git a/windows/client-management/disconnecting-from-mdm-unenrollment.md b/windows/client-management/disconnecting-from-mdm-unenrollment.md
index 6e4d3f8d8c..9b12683d3e 100644
--- a/windows/client-management/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/disconnecting-from-mdm-unenrollment.md
@@ -1,23 +1,14 @@
 ---
 title: Disconnecting from the management infrastructure (unenrollment)
 description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/13/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Disconnecting from the management infrastructure (unenrollment)
 
 The Disconnecting process is done either locally by the user who uses a phone or remotely by the IT administrator using management server. The user-initiated disconnection process is similar to the initial connection, wherein its initiation is from the same location in the Setting Control Panel as creating the workplace account.
-The users choose to disconnect for any number of reasons, such as the ones described below: leaving the company or getting a new device or not needing access to their LOB apps on the old device, anymore. When an IT administrator initiates a disconnection, the enrollment client performs the disconnection during the next regular maintenance session. Administrators choose to disconnect users' device after they've left the company or because the device is regularly failing to comply with the organization's security settings policy.
+The users choose to disconnect for any number of reasons, such as leaving the company or getting a new device or not needing access to their LOB apps on the old device anymore. When an IT administrator initiates a disconnection, the enrollment client performs the disconnection during the next regular maintenance session. Administrators choose to disconnect users' device after they've left the company or because the device is regularly failing to comply with the organization's security settings policy.
 
 During disconnection, the client executes the following tasks:
 
@@ -29,7 +20,7 @@ During disconnection, the client executes the following tasks:
 
 ## User-initiated disconnection
 
-In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This notification is a best-effort action as no retry is built-in to ensure the notification is successfully sent to the device.
+In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This notification is a best-effort action as no retry is built in to ensure the notification is successfully sent to the device.
 
 This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work.
 
@@ -40,7 +31,7 @@ The vendor uses the Type attribute to specify what type of generic alert it is.
 
 After the user elects to unenroll, any active MDM OMA DM sessions are terminated. After that, the DM client starts a DM session, including a user unenroll generic alert in the first package that it sends to the server.
 
-The following sample shows an OMA DM first package that contains a generic alert message. For more information on WP OMA DM support, see the [OMA DM protocol support](oma-dm-protocol-support.md) topic.
+The following sample shows an OMA DM first package that contains a generic alert message. For more information on WP OMA DM support, see the [OMA DM protocol support](oma-dm-protocol-support.md) article.
 
 ```xml
 <SyncML xmlns=&#39;SYNCML:SYNCML1.2&#39;>
@@ -91,7 +82,7 @@ After the previous package is sent, the unenrollment process begins.
 
 ## Server-initiated disconnection
 
-When the server initiates disconnection, all undergoing sessions for the enrollment ID are aborted immediately to avoid deadlocks. The server will not get a response for the unenrollment, instead a generic alert notification is sent with `messageid=1`.
+When the server initiates disconnection, all undergoing sessions for the enrollment ID are aborted immediately to avoid deadlocks. The server doesn't get a response for the unenrollment, instead a generic alert notification is sent with `messageid=1`.
 
 ```xml
 <Alert>
@@ -109,7 +100,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm
 
 ## Unenrollment from Work Access settings page
 
-If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the Azure AD association to the device.
+If the user is enrolled into MDM using an Azure Active Directory (Azure AD Join or by adding a Microsoft work account), the MDM account shows up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the Azure AD association to the device.
 
 You can only use the Work Access page to unenroll under the following conditions:
 
@@ -118,18 +109,18 @@ You can only use the Work Access page to unenroll under the following conditions
 
 ## Unenrollment from Azure Active Directory Join
 
-When a user is enrolled into MDM through Azure Active Directory Join and later, the enrollment disconnects, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data.
+When a user is enrolled into MDM through Azure Active Directory Join and later, the enrollment disconnects, there's no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message doesn't indicate the loss of WIP data.
 
 ![aadj unenerollment.](images/azure-ad-unenrollment.png)
 
-During the process in which a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be re-imaged. When devices are remotely unenrolled from MDM, the Azure Active Directory association is also removed. This safeguard is in place to avoid leaving the corporate devices in un-managed state.
+During the process in which a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Azure Active Directory association is also removed. This safeguard is in place to avoid leaving the corporate devices in unmanaged state.
 
-Before remotely un-enrolling corporate devices, you must ensure that there is at least one admin user on the device that is not part of the Azure tenant, otherwise the device will not have any admin user after the operation.
+Before remotely unenrolling corporate devices, you must ensure that there is at least one admin user on the device that isn't part of Azure AD, otherwise the device won't have any admin user after the operation.
 
-In mobile devices, remote unenrollment for Azure Active Directory Joined devices will fail. To remove corporate content from these devices, we recommend you remotely wipe the device.
+In mobile devices, remote unenrollment for Azure Active Directory Joined devices fails. To remove corporate content from these devices, we recommend you remotely wipe the device.
 
 ## IT admin-requested disconnection
 
-The server requests an enterprise management disconnection by issuing an Exec OMA DM SyncML XML command to the device, using the DMClient configuration service provider's Unenroll node during the next client-initiated DM session. The Data tag inside the Exec command should be the value of the provisioned DM server ProviderID. For more information, see the Enterprise-specific DMClient configuration topic.
+The server requests an enterprise management disconnection by issuing an Exec OMA DM SyncML XML command to the device, using the DMClient configuration service provider's Unenroll node during the next client-initiated DM session. The Data tag inside the Exec command should be the value of the provisioned DM server ProviderID. For more information, see the Enterprise-specific DMClient configuration article.
 
 When the disconnection is completed, the user is notified that the device has been disconnected from enterprise management.
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index 1aecb97d90..06a528a0ca 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -39,10 +39,13 @@
         "tier2"
       ],
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "ms.technology": "itpro-manage",
       "audience": "ITPro",
+      "ms.prod": "windows-client",
       "ms.topic": "article",
+      "ms.author": "vinpa",
+      "author": "vinaypamnani-msft",
       "manager": "aaroncz",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
@@ -72,7 +75,18 @@
         "Windows 10"
       ]
     },
-    "fileMetadata": {},
+    "fileMetadata": {
+      "appliesto": {
+        "./*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+        ],
+        "client-tools/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+        ]
+      }
+    },
     "template": [],
     "dest": "win-client-management",
     "markdownEngineName": "markdig"
diff --git a/windows/client-management/enable-admx-backed-policies-in-mdm.md b/windows/client-management/enable-admx-backed-policies-in-mdm.md
index c60b1439b5..bd41f63d4d 100644
--- a/windows/client-management/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md
@@ -1,18 +1,9 @@
 ---
 title: Enable ADMX policies in MDM
 description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
 ms.localizationpriority: medium
-ms.date: 11/01/2017
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Enable ADMX policies in MDM
@@ -41,9 +32,9 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 
 1. Use the Group Policy Editor to determine whether you need additional information to enable the policy. Run GPEdit.msc
 
-    1. Click **Start**, then in the text box type **gpedit**.
+    1. Select **Start**, then in the text box type **gpedit**.
 
-    2. Under **Best match**, click **Edit group policy** to launch it.
+    2. Under **Best match**, select **Edit group policy** to launch it.
 
        ![GPEdit search.](images/admx-gpedit-search.png)
 
@@ -109,7 +100,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 
    1. Search for GP name **Publishing_Server2_policy**.
 
-   1. Under **policy name="Publishing_Server2_Policy"** you can see the \<elements> listed. The *text id* and *enum id* represent the *data id* you need to include in the SyncML data payload. They correspond to the fields you see in the Group Policy Editor.
+   1. Under **policy name="Publishing_Server2_Policy"** you can see the `<elements>` listed. The `text id` and `enum id` represent the `data id` you need to include in the SyncML data payload. They correspond to the fields you see in the Group Policy Editor.
 
       Here's the snippet from appv.admx:
 
@@ -201,7 +192,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
       </policy>
       ```
 
-   1. From the **\<elements>**  tag, copy all of the *text id* and *enum id* and create an XML with *data id* and *value* fields. The *value* field contains the configuration settings that you would enter in the Group Policy Editor.
+   1. From the `<elements>`  tag, copy all of the `text id` and `enum id` and create an XML with `data id` and `value` fields. The *value* field contains the configuration settings that you would enter in the Group Policy Editor.
 
       Here's the example XML for Publishing_Server2_Policy:
 
@@ -260,7 +251,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 
 ## Disable a policy
 
-The \<Data> payload is \<disabled/>. Here is an example to disable AppVirtualization/PublishingAllowServer2.
+The \<Data> payload is \<disabled/>. Here's an example to disable AppVirtualization/PublishingAllowServer2.
 
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
diff --git a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
index fc976f6277..031f810c1b 100644
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,25 +1,16 @@
 ---
 title: Enroll a Windows device automatically using Group Policy
-description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
-ms.author: vinpa
+description: Learn how to use a Group Policy to trigger autoenrollment to MDM for Active Directory (AD) domain-joined devices.
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/13/2023
-ms.reviewer:
-manager: aaroncz
+ms.date: 08/10/2023
 ms.collection:
 - highpri
 - tier2
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Enroll a Windows device automatically using Group Policy
 
-You can use a Group Policy to trigger auto-enrollment to Mobile Device Management (MDM) for Active Directory (AD) domain-joined devices.
+You can use a Group Policy to trigger autoenrollment to Mobile Device Management (MDM) for Active Directory (AD) domain-joined devices.
 
 The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This cause-and-effect mechanism means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
 
@@ -28,7 +19,7 @@ The enrollment into Intune is triggered by a group policy created on your local
 - The Active Directory joined device must be running a [supported version of Windows](/windows/release-health/supported-versions-windows-client).
 - The enterprise has configured a Mobile Device Management (MDM) service.
 - The on-premises Active Directory must be [integrated with Azure AD (via Azure AD Connect)](/azure/architecture/reference-architectures/identity/azure-ad).
-- The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`).
+- The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents fail enrollment with `error 0x80180026`).
 - The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. For more information, see [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan).
 
 > [!TIP]
@@ -38,28 +29,28 @@ The enrollment into Intune is triggered by a group policy created on your local
 > - [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan)
 > - [Azure Active Directory integration with MDM](./azure-active-directory-integration-with-mdm.md)
 
-The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically Azure AD-registered.
+The autoenrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically Azure AD-registered.
 
 > [!NOTE]
 > In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
 
-When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
+When the autoenrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task uses the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user gets prompted to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
 
 - Starting in Windows 10, version 1709, when the same policy is configured in Group Policy and MDM, Group Policy policy takes precedence over MDM.
 - Starting in Windows 10, version 1803, a new setting allows you to change precedence to MDM. For more information, see [Windows Group Policy vs. Intune MDM Policy who wins?](/archive/blogs/cbernier/windows-10-group-policy-vs-intune-mdm-policy-who-wins).
 
 For this policy to work, you must verify that the MDM service provider allows Group Policy initiated MDM enrollment for domain-joined devices.
 
-## Configure the auto-enrollment for a group of devices
+## Configure the autoenrollment for a group of devices
 
-To configure auto-enrollment using a group policy, use the following steps:
+To configure autoenrollment using a group policy, use the following steps:
 
 1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
 1. Create a Security Group for the PCs.
 1. Link the GPO.
 1. Filter using Security Groups.
 
-If you don't see the policy, it may be because you don't have the ADMX for Windows 10, version 1803 or later installed. To fix the issue, use the following procedures. Note that the latest MDM.admx is backwards compatible.
+If you don't see the policy, it may be because you don't have the ADMX for Windows 10, version 1803 or later installed. To fix the issue, use the following procedures. The latest MDM.admx is backwards compatible.
 
 1. Download the administrative templates for the desired version:
 
@@ -76,17 +67,17 @@ If you don't see the policy, it may be because you don't have the ADMX for Windo
 
 1. Install the package on the Domain Controller.
 
-1. Navigate to `C:\Program Files (x86)\Microsoft Group Policy`, and locate the appropriate sub-directory depending on the installed version.
+1. Navigate to `C:\Program Files (x86)\Microsoft Group Policy`, and locate the appropriate subdirectory depending on the installed version.
 
 1. Copy the PolicyDefinitions folder to `\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions`.
 
-   If this folder doesn't exist, then you'll be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
+   If this folder doesn't exist, then copy the files to the [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your domain.
 
 1. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
 
-## Configure the auto-enrollment Group Policy for a single PC
+## Configure the autoenrollment Group Policy for a single PC
 
-This procedure is only for illustration purposes to show how the new auto-enrollment policy works. It's not recommended for the production environment in the enterprise.
+This procedure is only for illustration purposes to show how the new autoenrollment policy works. It's not recommended for the production environment in the enterprise.
 
 1. Run `GPEdit.msc`. Choose **Start**, then in the text box type `gpedit`.
 
@@ -105,7 +96,7 @@ This procedure is only for illustration purposes to show how the new auto-enroll
 
 When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called **Schedule created by enrollment client for automatically enrolling in MDM from Azure Active Directory**. To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
 
-If two-factor authentication is required, you'll be prompted to complete the process. Here's an example screenshot.
+If two-factor authentication is required, you are prompted to complete the process. Here's an example screenshot.
 
 :::image type="content" source="images/autoenrollment-2-factor-auth.png" alt-text="Screenshot of Two-factor authentication notification.":::
 
@@ -127,16 +118,16 @@ Select **Start**, then in the text box type `task scheduler`. Under **Best match
 
 In **Task Scheduler Library**, open **Microsoft > Windows** , then select **EnterpriseMgmt**.
 
-:::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png":::
+:::image type="content" alt-text="Autoenrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png":::
 
-To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. You can see the logs in the **History** tab.
+To see the result of the task, move the scroll bar to see the **Last Run Result**. You can see the logs in the **History** tab.
 
 The message **0x80180026** is a failure message (`MENROLL_E_DEVICE_MANAGEMENT_BLOCKED`). If the device enrollment is blocked, your IT admin might have enabled the **Disable MDM Enrollment** policy.
 
 > [!NOTE]
 > The GPEdit console doesn't reflect the status of policies set by your IT admin on your device. It's only used by the user to set policies.
 
-## Related topics
+## Related articles
 
 - [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11))
 - [Create and Edit a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754740(v=ws.11))
diff --git a/windows/client-management/enterprise-app-management.md b/windows/client-management/enterprise-app-management.md
index 197087b7dc..56d0b0809b 100644
--- a/windows/client-management/enterprise-app-management.md
+++ b/windows/client-management/enterprise-app-management.md
@@ -1,22 +1,13 @@
 ---
 title: Enterprise app management
 description: This article covers one of the key mobile device management (MDM) features for managing the lifecycle of apps across Windows devices.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/13/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Enterprise app management
 
-This article will discuss one of the key features of Windows' Mobile Device Management (MDM) capabilities: the ability to manage apps' lifecycle on all Windows devices. This includes both Store and non-Store apps, which can be managed natively through MDM.
+This article discusses one of the key features of Windows' Mobile Device Management (MDM) capabilities: the ability to manage apps' lifecycle on all Windows devices. This includes both Store and non-Store apps, which can be managed natively through MDM.
 
 By using Windows MDM to manage app lifecycles, administrators can deploy and manage updates, remove outdated or unused apps, and ensure that all devices have the necessary apps installed to meet the organization's needs. This feature streamlines the app management process and saves time and effort for IT professionals.
 
@@ -38,18 +29,18 @@ Windows offers the ability for management servers to:
 Windows lets you inventory all apps deployed to a user, and inventory all apps for all users of a Windows device. The [EnterpriseModernAppManagement](mdm/enterprisemodernappmanagement-csp.md) configuration service provider (CSP) inventories packaged apps and doesn't include traditional Win32 apps installed via MSI or executables. When the apps are inventoried, they're separated based on the following app classifications:
 
 - **Store**: Apps that have been acquired from the Microsoft Store, either directly or delivered with the enterprise from the Store for Business.
-- **nonStore**: Apps that were not acquired from the Microsoft Store.
-- **System**: Apps that are part of the operating system and cannot be uninstalled. This classification is read-only and can only be inventoried.
+- **nonStore**: Apps that weren't acquired from the Microsoft Store.
+- **System**: Apps that are part of the operating system and can't be uninstalled. This classification is read-only and can only be inventoried.
 
 Each app is identified by one package family name and one or more package full names, and the apps are grouped based on their origin. The EnterpriseModernAppManagement CSP displays these classifications as nodes.
 
 Inventory can be run recursively at any level from the AppManagement node through the package full name. You can also choose to inventory specific attributes only. The inventory is specific to the package full name and lists bundled and resource packs as applicable under the package family name.
 
-For more information on each node, refer to the detailed descriptions provided in the [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md).
+For more information on each node, see the detailed descriptions provided in the [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md).
 
 ### App inventory
 
-You can use the EnterpriseModernAppManagement CSP to query for all apps installed for a user or device. The query returns all apps, even if they were installed using MDM or other methods. Inventory can run at the user or device level. Inventory at the device level will return information for all users on the device.
+You can use the EnterpriseModernAppManagement CSP to query for all apps installed for a user or device. The query returns all apps, even if they were installed using MDM or other methods. Inventory can run at the user or device level. Inventory at the device level returns information for all users on the device.
 
 Doing a full inventory of a device can be resource-intensive based on the hardware and number of apps that are installed. The data returned can also be large. You may want to chunk these requests to reduce the impact to clients and network traffic.
 
@@ -83,7 +74,7 @@ Doing a full inventory of a device can be resource-intensive based on the hardwa
 
 ### Store license inventory
 
-You can use the EnterpriseModernAppManagement CSP to query for all app licenses installed for a user or device. The query returns all app licenses, event if they were installed via MDM or other methods. Inventory can run at the user or device level. Inventory at the device level will return information for all users on the device.
+You can use the EnterpriseModernAppManagement CSP to query for all app licenses installed for a user or device. The query returns all app licenses, event if they were installed via MDM or other methods. Inventory can run at the user or device level. Inventory at the device level returns information for all users on the device.
 
 For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md).
 
@@ -237,8 +228,8 @@ Here are the changes from the previous release:
 
 1. The `{CatID}` reference should be updated to `{ProductID}`. This value is acquired as a part of the Store for Business management tool.
 1. The value for flags can be 0 or 1.
-   - When using "0", the management tool calls back to the Store for Business sync to assign a user a seat of an application.
-   - When using "1", the management tool doesn't call back in to the Store for Business sync to assign a user a seat of an application. The CSP will claim a seat if one is available.
+   - **0**: The management tool calls back to the Store for Business sync to assign a user a seat of an application.
+   - **1**: The management tool doesn't call back in to the Store for Business sync to assign a user a seat of an application. The CSP claims a seat if one is available.
 1. The `skuid` is a new parameter that is required. This value is acquired as a part of the Store for Business to management tool sync.
 
 ### Deploy an offline license to a user
@@ -386,7 +377,7 @@ The Add command for the package family name is required to ensure proper removal
 
 ### Provision apps for all users of a device
 
-Provisioning allows you to stage the app to the device and all users of the device can have the app registered on their next login. This feature is only supported for app purchased from the Store for Business, and the app is specified for an offline license or the app is a non-Store app. The app must be offered from a hosted location. The app is installed as a local system. To install to a local file share, the 'local system' of the device must have access to the share.
+Provisioning allows you to stage the app to the device and all users of the device can have the app registered on their next sign in. This feature is only supported for app purchased from the Store for Business, and the app is specified for an offline license or the app is a non-Store app. The app must be offered from a hosted location. The app is installed as a local system. To install to a local file share, the 'local system' of the device must have access to the share.
 
 Here are the requirements for this scenario:
 
@@ -432,7 +423,7 @@ To provision app for all users of a device from a hosted location, the managemen
   The HostedInstall Exec command contains a Data node that requires an embedded XML. Here are the requirements for the data XML:
 
   - Application node has a required parameter, PackageURI, which can be a local file location, UNC, or HTTPS location.
-  - Dependencies can be specified if required to be installed with the package. This is optional.
+  - Dependencies can be specified if necessary to be installed with the package. This is optional.
 
   The DeploymentOptions parameter is only available in the user context.
 
@@ -583,7 +574,7 @@ To uninstall an app, you delete it under the origin node, package family name, a
 
 ### Removed provisioned apps from a device
 
-You can remove provisioned apps from a device for a specific version, or for all versions of a package family. When a provisioned app is removed, it isn't available to future users for the device. Logged in users who have the app registered to them will continue to have access to the app. If you want to remove the app for those users, you must explicitly uninstall the app for those users.
+You can remove provisioned apps from a device for a specific version, or for all versions of a package family. When a provisioned app is removed, it isn't available to future users for the device. Logged in users who have the app registered to them continue to have access to the app. If you want to remove the app for those users, you must explicitly uninstall the app for those users.
 
 > [!NOTE]
 > You can only remove an app that has an inventory value IsProvisioned = 1.
@@ -755,7 +746,7 @@ The Universal Windows app can share application data between the users of the de
 
 The [ApplicationManagement/AllowSharedUserAppData](mdm/policy-csp-applicationmanagement.md) policy enables or disables app packages to share data between app packages when there are multiple users. If you enable this policy, applications can share data between packages in their package family. Data can be shared through ShareLocal folder for that package family and local machine. This folder is available through the Windows.Storage API.
 
-If you disable this policy, applications can't share user application data among multiple users. However, pre-written shared data will persist. The clean pre-written shared data, use DISM ((`/Get-ProvisionedAppxPackage` to detect if there's any shared data, and `/Remove-SharedAppxData` to remove it).
+If you disable this policy, applications can't share user application data among multiple users. However, prewritten shared data persists. To clean prewritten shared data, use DISM (`/Get-ProvisionedAppxPackage` to detect if there's any shared data, and `/Remove-SharedAppxData` to remove it).
 
 The valid values are 0 (off, default value) and 1 (on).
 
diff --git a/windows/client-management/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md
index 48902df441..21cae9d2ac 100644
--- a/windows/client-management/esim-enterprise-management.md
+++ b/windows/client-management/esim-enterprise-management.md
@@ -1,23 +1,16 @@
 ---
 title: eSIM Enterprise Management
 description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
-ms.prod: windows-client
-author: vinaypamnani-msft
 ms.localizationpriority: medium
-ms.author: vinpa
 ms.topic: conceptual
-ms.technology: itpro-manage
-ms.date: 12/31/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
 
 The eSIM Profile Management Solution places the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already-existing solution that customers are familiar with and use to manage devices.
 
-The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/un-assignment, etc.) the same way as they currently do device management.
+The expectations from an MDM are that it uses the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/un-assignment, etc.) the same way as they currently do device management.
 
 If you're a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps:
 
@@ -30,6 +23,7 @@ If you're a Mobile Device Management (MDM) Provider and want to support eSIM Man
 
   - [HPE Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html)
   - [IDEMIA The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub)
+  - [Nokia IMPACT Mobile Device Manager](https://www.nokia.com/networks/internet-of-things/impact-mobile-device-manager/)
 
 - Assess solution type that you would like to provide your customers
 - Batch/offline solution
diff --git a/windows/client-management/federated-authentication-device-enrollment.md b/windows/client-management/federated-authentication-device-enrollment.md
index 7ae977249a..a96b2ed7e3 100644
--- a/windows/client-management/federated-authentication-device-enrollment.md
+++ b/windows/client-management/federated-authentication-device-enrollment.md
@@ -1,17 +1,8 @@
 ---
 title: Federated authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Federated authentication device enrollment
@@ -72,10 +63,10 @@ After the device gets a response from the server, the device sends a POST reques
 
 The following logic is applied:
 
-1. The device first tries HTTPS. If the server cert isn't trusted by the device, the HTTPS fails.
+1. The device first tries HTTPS. If the device doesn't trust the server cert, the HTTPS attempt fails.
 1. If that fails, the device tries HTTP to see whether it's redirected:
-   - If the device isn't redirected, it prompts the user for the server address.
-   - If the device is redirected, it prompts the user to allow the redirect.
+   - If the device isn't redirected, the user is prompted for the server address.
+   - If the device is redirected, the user is prompted to allow the redirect.
 
 The following example shows a request via an HTTP POST command to the discovery web service given `user@contoso.com` as the email address
 
@@ -125,13 +116,13 @@ The following example shows the discovery service request.
 The discovery response is in the XML format and includes the following fields:
 
 - Enrollment service URL (EnrollmentServiceUrl) - Specifies the URL of the enrollment endpoint that is exposed by the management service. The device should call this URL after the user has been authenticated. This field is mandatory.
-- Authentication policy (AuthPolicy) - Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
+- Authentication policy (AuthPolicy) - Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user is authenticated when calling the management service URL. This field is mandatory.
 - In Windows, Federated is added as another supported value. This addition allows the server to use the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
 
 > [!NOTE]
 > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
-When authentication policy is set to be Federated, Web Authentication Broker (WAB) will be used by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client will call the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage will be used by the enrollment client as the device security secret during the client certificate enrollment request call.
+When authentication policy is set to be Federated, Web Authentication Broker (WAB) is used by the enrollment client to get a security token. The WAB start page URL is provided by the discovery service in the response message. The enrollment client calls the WAB API within the response message to start the WAB process. WAB pages are server hosted web pages. The server should build those pages to fit the device screen nicely and be as consistent as possible to other builds in the MDM enrollment UI. The opaque security token that is returned from WAB as an endpage is used by the enrollment client as the device security secret during the client certificate enrollment request call.
 
 > [!NOTE]
 > Instead of relying on the user agent string that is passed during authentication to get information, such as the OS version, use the following guidance:
@@ -148,7 +139,7 @@ A new XML tag, **AuthenticationServiceUrl**, is introduced in the DiscoveryRespo
 The following are the explicit requirements for the server.
 
 - The `<DiscoveryResponse>``<AuthenticationServiceUrl>` element must support HTTPS.
-- The authentication server must use a device trusted root certificate. Otherwise, the WAP call will fail.
+- The authentication server must use a device trusted root certificate. Otherwise, the WAP call fails.
 - WP doesn't support Windows Integrated Authentication (WIA) for ADFS during WAB authentication. ADFS 2012 R2 if used needs to be configured to not attempt WIA for Windows device.
 
 The enrollment client issues an HTTPS request as follows:
@@ -157,8 +148,8 @@ The enrollment client issues an HTTPS request as follows:
 AuthenticationServiceUrl?appru=<appid>&amp;login_hint=<User Principal Name>
 ```
 
-- `<appid>` is of the form ms-app://string
-- `<User Principal Name>` is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign-in page. The value of this attribute serves as a hint that can be used by the authentication server as part of the authentication.
+- `<appid>` is of the form `ms-app://string`
+- `<User Principal Name>` is the name of the enrolling user, for example, user@constoso.com as input by the user in an enrollment sign-in page. The value of this attribute serves as a hint that is used by the authentication server as part of the authentication.
 
 After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter.
 
@@ -192,7 +183,7 @@ Content-Length: 556
 </html>
 ```
 
-The server has to send a POST to a redirect URL of the form ms-app://string (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `<wsse:BinarySecurityToken>` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form it's just HTML encoded. This string is opaque to the enrollment client; the client doesn't interpret the string.
+The server has to send a POST to a redirect URL of the form `ms-app://string` (the URL scheme is ms-app) as indicated in the POST method action. The security token value is the base64-encoded string `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\#base64binary` contained in the `<wsse:BinarySecurityToken>` EncodingType attribute. Windows does the binary encode when it sends it back to enrollment server, in the form its just HTML encoded. This string is opaque to the enrollment client; the client doesn't interpret the string.
 
 The following example shows a response received from the discovery web service that requires authentication via WAB.
 
@@ -380,7 +371,7 @@ This web service implements the MS-WSTEP protocol. It processes the RequestSecur
 
 The RequestSecurityToken (RST) must have the user credential and a certificate request. The user credential in an RST SOAP envelope is the same as in GetPolicies, and can vary depending on whether the authentication policy is OnPremise or Federated. The BinarySecurityToken in an RST SOAP body contains a Base64-encoded PKCS\#10 certificate request, which is generated by the client based on the enrollment policy. The client could have requested an enrollment policy by using MS-XCEP before requesting a certificate using MS-WSTEP. If the PKCS\#10 certificate request is accepted by the certification authority (CA) (the key length, hashing algorithm, and so on, match the certificate template), the client can enroll successfully.
 
-The RequestSecurityToken will use a custom TokenType (`http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken`), because our enrollment token is more than an X.509 v3 certificate. For more information, see the Response section.
+The RequestSecurityToken uses a custom TokenType (`http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken`), because our enrollment token is more than an X.509 v3 certificate. For more information, see the Response section.
 
 The RST may also specify many AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
 
@@ -475,14 +466,14 @@ After validating the request, the web service looks up the assigned certificate
 > [!NOTE]
 > The HTTP server response must not set Transfer-Encoding to Chunked; it must be sent as one message.
 
-Similar to the TokenType in the RST, the RSTR will use a custom ValueType in the BinarySecurityToken (`http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc`), because the token is more than an X.509 v3 certificate.
+Similar to the TokenType in the RST, the RSTR uses a custom ValueType in the BinarySecurityToken (`http://schemas.microsoft.com/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc`), because the token is more than an X.509 v3 certificate.
 
 The provisioning XML contains:
 
 - The requested certificates (required)
 - The DM client configuration (required)
 
-The client will install the client certificate, the enterprise root certificate, and intermediate CA certificate if there's one. The DM configuration includes the name and address of the DM server, which client certificate to use, and schedules when the DM client calls back to the server.
+The client installs the client certificate, the enterprise root certificate, and intermediate CA certificate if there's one. The DM configuration includes the name and address of the DM server, which client certificate to use, and schedules when the DM client calls back to the server.
 
 Enrollment provisioning XML should contain a maximum of one root certificate and one intermediate CA certificate that is needed to chain up the MDM client certificate. More root and intermediate CA certificates could be provisioned during an OMA DM session.
 
diff --git a/windows/client-management/implement-server-side-mobile-application-management.md b/windows/client-management/implement-server-side-mobile-application-management.md
index 01cff16e92..2927f3eefe 100644
--- a/windows/client-management/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/implement-server-side-mobile-application-management.md
@@ -1,17 +1,8 @@
 ---
 title: Support for mobile application management on Windows
 description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices.
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Support for mobile application management on Windows
@@ -24,11 +15,11 @@ The Windows version of mobile application management (MAM) is a lightweight solu
 
 MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).
 
-MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices will be enrolled to MAM or MDM, depending on the user's actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.
+MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices are enrolled to MAM or MDM, depending on the user's actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device is enrolled to MAM. If a user joins their device to Azure AD, it's enrolled to MDM. In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.
 
 On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft 365 apps. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.
 
-Regular non-admin users can enroll to MAM.
+Regular non administrator users can enroll to MAM.
 
 ## Integration with Windows Information Protection
 
@@ -46,11 +37,11 @@ MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID
 
 ## Configuring an Azure AD tenant for MAM enrollment
 
-MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. The same cloud-based Management MDM app in Azure AD will support both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration.
+MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. The same cloud-based Management MDM app in Azure AD supports both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. This screenshot illustrates the management app for an IT admin configuration.
 
 :::image type="content" alt-text="Mobile application management app." source="images/implement-server-side-mobile-application-management.png":::
 
-MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM.
+MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that contains both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM.
 
 > [!NOTE]
 > If the MDM service in an organization isn't integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured.
@@ -59,11 +50,11 @@ MAM and MDM services in an organization could be provided by different vendors.
 
 MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). MAM enrollment supports Azure AD [federated authentication](federated-authentication-device-enrollment.md) as the only authentication method.
 
-Below are protocol changes for MAM enrollment:
+These are the protocol changes for MAM enrollment:
 
 - MDM discovery isn't supported.
 - APPAUTH node in [DMAcc CSP](mdm/dmacc-csp.md) is optional.
-- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication.
+- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way TLS/SSL using server certificate authentication.
 
 Here's an example provisioning XML for MAM enrollment.
 
@@ -79,11 +70,11 @@ Here's an example provisioning XML for MAM enrollment.
 </wap-provisioningdoc>
 ```
 
-Since the [Poll](mdm/dmclient-csp.md#deviceproviderprovideridpoll) node isn't provided above, the device would default to once every 24 hours.
+Since the [Poll](mdm/dmclient-csp.md#deviceproviderprovideridpoll) node isn't provided in this example, the device would default to once every 24 hours.
 
 ## Supported CSPs
 
-MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback:
+MAM on Windows supports the following configuration service providers (CSPs). All other CSPs are blocked. Note the list may change later based on customer feedback:
 
 - [AppLocker CSP](mdm/applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
 - [ClientCertificateInstall CSP](mdm/clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
@@ -104,12 +95,12 @@ MAM on Windows supports the following configuration service providers (CSPs). Al
 
 MAM supports device lock policies similar to MDM. The policies are configured by DeviceLock area of Policy CSP and PassportForWork CSP.
 
-We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows:
+We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client behaves as follows:
 
 - When EAS policies are sent to a device that already has MAM policies, Windows evaluates whether the existing MAM policies are compliant with the configured EAS policies, and reports compliance with EAS.
-- If the device is found to be compliant, EAS will report compliance with the server to allow mail to sync. MAM supports mandatory EAS policies only. Checking EAS compliance doesn't require device admin rights.
-- If the device is found to be non-compliant, EAS will enforce its own policies to the device and the resultant set of policies will be a superset of both. Applying EAS policies to the device requires admin rights.
-- If a device that already has EAS policies is enrolled to MAM, the device will have both sets of policies: MAM and EAS, and the resultant set of policies will be a superset of both.
+- If the device is found to be compliant, EAS reports compliance with the server to allow mail to sync. MAM supports mandatory EAS policies only. Checking EAS compliance doesn't require device admin rights.
+- If the device is found to be noncompliant, EAS enforces its own policies to the device and the resultant set of policies are a superset of both. Applying EAS policies to the device requires admin rights.
+- If a device that already has EAS policies is enrolled to MAM, the device has both sets of policies: MAM and EAS, and the resultant set of policies are a superset of both.
 
 ## Policy sync
 
@@ -122,7 +113,7 @@ Windows doesn't support applying both MAM and MDM policies to the same devices.
 > [!NOTE]
 > When users upgrade from MAM to MDM on Windows Home edition, they lose access to Windows Information Protection. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
 
-To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment.
+To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL is used for MDM enrollment.
 
 In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when Windows Information Protection policies are removed from the device, the user's access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
 
@@ -130,4 +121,4 @@ In the process of changing MAM enrollment to MDM, MAM policies will be removed f
 - EDP CSP Enterprise ID is the same for both MAM and MDM.
 - EDP CSP RevokeOnMDMHandoff is set to false.
 
-If the MAM device is properly configured for MDM enrollment, then the Enroll only to device management link will be displayed in **Settings > Accounts > Access work or school**. The user can select this link, provide their credentials, and the enrollment will be changed to MDM. Their Azure AD account won't be affected.
+If the MAM device is properly configured for MDM enrollment, then the *Enroll only to device management* link is displayed in **Settings > Accounts > Access work or school**. The user can select this link, provide their credentials, and the enrollment will be changed to MDM. Their Azure AD account won't be affected.
diff --git a/windows/client-management/index.yml b/windows/client-management/index.yml
index 8b288e7905..9501d46c0a 100644
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@@ -14,7 +14,7 @@ metadata:
     - tier1
   author: aczechowski
   ms.author: aaroncz
-  manager: dougeby
+  manager: aaroncz
   ms.date: 04/13/2023
   localization_priority: medium
 
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 3595276771..5b432d5e1d 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -1,18 +1,9 @@
 ---
 title: Manage Windows devices in your organization - transitioning to modern management
 description: This article offers strategies for deploying and managing Windows devices, including deploying Windows in a mixed environment.
-ms.prod: windows-client
 ms.localizationpriority: medium
-ms.date: 04/05/2023
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.reviewer:
-manager: aaroncz
-ms.topic: overview
-ms.technology: itpro-manage
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
+ms.topic: article
 ---
 
 # Manage Windows devices in your organization - transitioning to modern management
@@ -47,7 +38,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
 
 With Windows, you can continue to use traditional OS deployment, but you can also "manage out of the box". To transform new devices into fully configured, fully managed devices, you can:
 
-- Avoid re-imaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
+- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
 
 - Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
 
@@ -109,7 +100,7 @@ There are various steps you can take to begin the process of modernizing device
 
 **Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Intune](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune.
 
-**Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
+**Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you with the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
 
 **Review the decision trees in this article.** With the different options in Windows, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario.
 
diff --git a/windows/client-management/mdm-collect-logs.md b/windows/client-management/mdm-collect-logs.md
index d544eab6d4..5756913331 100644
--- a/windows/client-management/mdm-collect-logs.md
+++ b/windows/client-management/mdm-collect-logs.md
@@ -1,20 +1,11 @@
 ---
 title: Collect MDM logs
 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows devices managed by an MDM server.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/13/2023
+ms.date: 08/10/2023
 ms.collection:
 - highpri
 - tier2
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Collect MDM logs
@@ -24,14 +15,14 @@ To help diagnose enrollment or device management issues in Windows devices manag
 ## Download the MDM Diagnostic Information log from Windows devices
 
 1. On your managed device, go to **Settings** > **Accounts** > **Access work or school**.
-1. Click your work or school account, then click **Info**.
+1. Select your work or school account, then select **Info**.
 
    ![Access work or school page in Settings.](images/diagnose-mdm-failures15.png)
 
-1. At the bottom of the **Settings** page, click **Create report**.
+1. At the bottom of the **Settings** page, select **Create report**.
 
    ![Access work or school page and then Create report.](images/diagnose-mdm-failures16.png)
-1. A window opens that shows the path to the log files. Click **Export**.
+1. A window opens that shows the path to the log files. Select **Export**.
 
    ![Access work or school log files.](images/diagnose-mdm-failures17.png)
 
@@ -49,12 +40,12 @@ mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zi
 
 ### Understanding zip structure
 
-The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
+The zip file has logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
 
 - DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
 - DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
 - MDMDiagHtmlReport.html: Summary snapshot of MDM configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
-- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
+- MdmDiagLogMetadata.json: mdmdiagnosticstool metadata file that contains command-line arguments used to run the tool.
 - MDMDiagReport.xml: contains a more detailed view into the MDM configurations, such as enrollment variables, provisioning packages, multivariant conditions, and others. For more information about diagnosing provisioning packages, see [Diagnose provisioning packages](/windows/configuration/provisioning-packages/diagnose-provisioning-packages).
 - MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
 - MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
@@ -74,23 +65,23 @@ In this location, the **Admin** channel logs events by default. However, if you
 
 ### Collect admin logs
 
-1. Right click on the **Admin** node.
+1. Right-click the **Admin** node.
 1. Select **Save all events as**.
 1. Choose a location and enter a filename.
-1. Click **Save**.
+1. Select **Save**.
 1. Choose **Display information for these languages** and then select **English**.
-1. Click **Ok**.
+1. Select **Ok**.
 
-For more detailed logging, you can enable **Debug** logs. Right click on the **Debug** node and then click **Enable Log**.
+For more detailed logging, you can enable **Debug** logs. Right-click on the **Debug** node and then select **Enable Log**.
 
 ### Collect debug logs
 
-1. Right click on the **Debug** node.
+1. Right-click on the **Debug** node.
 1. Select **Save all events as**.
 1. Choose a location and enter a filename.
-1. Click **Save**.
+1. Select **Save**.
 1. Choose **Display information for these languages** and then select **English**.
-1. Click **Ok**.
+1. Select **Ok**.
 
 You can open the log files (.evtx files) in the Event Viewer on a Windows device.
 
@@ -250,17 +241,17 @@ For best results, ensure that the PC or VM on which you're viewing logs matches
     ![event viewer screenshot.](images/diagnose-mdm-failures9.png)
 
 1. Navigate to the etl file that you got from the device and then open the file.
-1. Click **Yes** when prompted to save it to the new log format.
+1. Select **Yes** when prompted to save it to the new log format.
 
     ![event viewer prompt.](images/diagnose-mdm-failures10.png)
 
     ![diagnose mdm failures.](images/diagnose-mdm-failures11.png)
 
-1. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
+1. The new view contains traces from the channel. Select **Filter Current Log** from the **Actions** menu.
 
     ![event viewer actions.](images/diagnose-mdm-failures12.png)
 
-1. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
+1. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and select **OK**.
 
     ![event filter for Device Management.](images/diagnose-mdm-failures13.png)
 
diff --git a/windows/client-management/mdm-diagnose-enrollment.md b/windows/client-management/mdm-diagnose-enrollment.md
index 5022ba4bf1..08c2a6ed6b 100644
--- a/windows/client-management/mdm-diagnose-enrollment.md
+++ b/windows/client-management/mdm-diagnose-enrollment.md
@@ -1,32 +1,23 @@
 ---
 title: Diagnose MDM enrollment failures
 description: Learn how to diagnose enrollment failures for Windows devices
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/12/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Diagnose MDM enrollment
 
 This article provides suggestions for troubleshooting device enrollment issues for MDM.
 
-## Verify auto-enrollment requirements and settings
+## Verify autoenrollment requirements and settings
 
-To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly. The following steps demonstrate required settings using the Intune service:
+To ensure that the autoenrollment feature is working as expected, you must verify that various requirements and settings are configured correctly. The following steps demonstrate required settings using the Intune service:
 
 1. Verify that the user who is going to enroll the device has a valid [Intune license](/mem/intune/fundamentals/licenses).
 
    :::image type="content" alt-text="Screenshot of Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png":::
 
-1. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM) with Intune. For more information, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
+1. Verify that autoenrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM) with Intune. For more information, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
 
     ![Auto-enrollment activation verification.](images/auto-enrollment-activation-verification.png)
 
@@ -37,7 +28,7 @@ To ensure that the auto-enrollment feature is working as expected, you must veri
 
 1. Verify that the device is running a [supported version of Windows](/windows/release-health/supported-versions-windows-client).
 
-1. Auto-enrollment into Intune via Group Policy is valid only for devices that are hybrid Azure AD joined. This condition means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line.
+1. Autoenrollment into Intune via Group Policy is valid only for devices that are hybrid Azure AD joined. This condition means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line.
 
     You can confirm that the device is properly hybrid-joined if both **AzureAdJoined** and **DomainJoined** are set to **YES**.
 
@@ -49,13 +40,13 @@ To ensure that the auto-enrollment feature is working as expected, you must veri
 
     This information can also be found on the Azure AD device list.
 
-1. Verify that the MDM discovery URL during auto-enrollment is `https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc`.
+1. Verify that the MDM discovery URL during autoenrollment is `https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc`.
 
     ![MDM discovery URL.](images/auto-enrollment-mdm-discovery-url.png)
 
-1. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
+1. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your autoenrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
 
-   :::image type="content" alt-text="Screenshot of Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png":::
+   :::image type="content" alt-text="Screenshot of Mobility setting MDM Intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png":::
 
 1. When using group policy for enrollment, verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices that should be enrolled into Intune. You may contact your domain administrators to verify if the group policy has been deployed successfully.
 
@@ -65,7 +56,7 @@ To ensure that the auto-enrollment feature is working as expected, you must veri
 
 ## Troubleshoot group policy enrollment
 
-Investigate the logs if you have issues even after performing all the verification steps. The first log file to investigate is the event log on the target Windows device. To collect Event Viewer logs:
+Investigate the logs if you have issues even after performing all the verification steps. The first log file to investigate is the event log, on the target Windows device. To collect Event Viewer logs:
 
 1. Open Event Viewer.
 
@@ -74,21 +65,21 @@ Investigate the logs if you have issues even after performing all the verificati
     > [!TIP]
     > For guidance on how to collect event logs for Intune, see [Collect MDM Event Viewer Log YouTube video](https://www.youtube.com/watch?v=U_oCe2RmQEc).
 
-1. Search for event ID 75, which represents a successful auto-enrollment. Here's an example screenshot that shows the auto-enrollment completed successfully:
+1. Search for event ID 75, which represents a successful autoenrollment. Here's an example screenshot that shows the autoenrollment completed successfully:
 
    :::image type="content" alt-text="Screenshot of Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png"  lightbox="images/auto-enrollment-troubleshooting-event-id-75.png":::
 
-If you can't find event ID 75 in the logs, it indicates that the auto-enrollment failed. This failure can happen because of the following reasons:
+If you can't find event ID 75 in the logs, it indicates that the autoenrollment failed. This failure can happen because of the following reasons:
 
-- The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here's an example screenshot that shows that the auto-enrollment failed:
+- The enrollment failed with error. In this case, search for event ID 76, which represents failed autoenrollment. Here's an example screenshot that shows that the autoenrollment failed:
 
    :::image type="content" alt-text="Screenshot of Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png":::
 
    To troubleshoot, check the error code that appears in the event. For more information, see [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors).
 
-- The auto-enrollment didn't trigger at all. In this case, you'll not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described below:
+- The autoenrollment didn't trigger at all. In this case, you won't find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described here:
 
-   The auto-enrollment process is triggered by a task (**Microsoft** > **Windows** > **EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM**) is successfully deployed to the target machine as shown in the following screenshot:
+   The autoenrollment process is triggered by a task (**Microsoft** > **Windows** > **EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM**) is successfully deployed to the target machine as shown in the following screenshot:
 
    :::image type="content" alt-text="Screenshot of Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png":::
 
@@ -103,16 +94,16 @@ If you can't find event ID 75 in the logs, it indicates that the auto-enrollment
 
    :::image type="content" alt-text="Screenshot of Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png":::
 
-   The task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This status-display means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It doesn't indicate the success or failure of auto-enrollment.
+   The task scheduler log displays event ID 102 (task completed) regardless of the autoenrollment success or failure. This status-display means that the task scheduler log is only useful to confirm if the autoenrollment task is triggered or not. It doesn't indicate the success or failure of autoenrollment.
 
    If you can't see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from Azure AD is initiated, there's possibly an issue with the group policy. Immediately run the command `gpupdate /force` in a command prompt to get the group policy object applied. If this step still doesn't help, further troubleshooting on Active Directory is required.
    One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
 
    :::image type="content" alt-text="Screenshot of Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png":::
 
-   By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs** > **Microsoft** > **Windows** > **Task Scheduler** > **Operational** event log file under event ID 7016.
+   By default, these entries are removed when the device is unenrolled, but occasionally the registry key remains even after unenrollment. In this case, `gpupdate /force` fails to initiate the autoenrollment task and error code 2149056522 is displayed in the **Applications and Services Logs** > **Microsoft** > **Windows** > **Task Scheduler** > **Operational** event log file under event ID 7016.
 
-   A resolution to this issue is to remove the registry key manually. If you don't know which registry key to remove, go for the key that displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
+   A resolution to this issue is to remove the registry key manually. If you don't know which registry key to remove, go for the key that displays most entries as the previous screenshot shows. All other keys display fewer entries as shown in the following screenshot:
 
    :::image type="content" alt-text="Screenshot showing manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png":::
 
diff --git a/windows/client-management/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md
index 7974866d71..9c772124fe 100644
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@@ -1,20 +1,11 @@
 ---
 title: MDM enrollment of Windows devices
 description: Learn about mobile device management (MDM) enrollment of Windows devices to simplify access to your organization's resources.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
 ms.collection:
 - highpri
 - tier2
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # MDM enrollment of Windows devices
@@ -51,11 +42,11 @@ To join a domain:
 
 1. Type in your Azure AD username. This username is the email address you use to log into Microsoft Office 365 and similar services.
 
-    If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page will change to show the organization's custom branding, and you'll be able to enter your password directly on this page. If the tenant is part of a federated domain, you'll be redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
+    If the tenant is a cloud-only, password hash sync, or pass-through authentication tenant, this page changes to show the organization's custom branding, and you're able to enter your password directly on this page. If the tenant is part of a federated domain, you're redirected to the organization's on-premises federation server, such as Active Directory Federation Services (AD FS) for authentication.
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant isn't configured for auto-enrollment, you'll have to go through the enrollment flow a second time to [connect your device to MDM](#enroll-in-device-management-only). After you complete the flow, your device will be connected to your organization's Azure AD domain.
+    If your Azure AD tenant has autoenrollment configured, your device also gets enrolled into MDM during this flow. For more information, see [these steps](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md). If your tenant isn't configured for autoenrollment, you must go through the enrollment flow a second time to [connect your device to MDM](#enroll-in-device-management-only). After you complete the flow, your device will be connected to your organization's Azure AD domain.
 
     ![azure ad signin.](images/unifiedenrollment-rs1-13.png)
 
@@ -91,7 +82,7 @@ To create a local account and connect the device:
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant isn't configured for auto-enrollment, you'll have to go through the enrollment flow a second time to connect your device to MDM.
+    If your Azure AD tenant has autoenrollment configured, your device also gets enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant isn't configured for autoenrollment, you must go through the enrollment flow a second time to connect your device to MDM.
 
     After you reach the end of the flow, your device should be connected to your organization's Azure AD domain. You may now sign out of your current account and sign in using your Azure AD username.
 
@@ -106,9 +97,9 @@ There are a few instances where your device can't be connected to an Azure AD do
 | Your device is connected to an Azure AD domain. | Your device can only be connected to a single Azure AD domain at a time. |
 | Your device is already connected to an Active Directory domain. | Your device can either be connected to an Azure AD domain or an Active Directory domain. You can't connect to both simultaneously. |
 | Your device already has a user connected to a work account. | You can either connect to an Azure AD domain or connect to a work or school account. You can't connect to both simultaneously. |
-| You're logged in as a standard user. | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. You'll need to switch to an administrator account to continue. |
-| Your device is already managed by MDM. | The connect to Azure AD flow will attempt to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. |
-| Your device is running Home edition. | This feature isn't available on Windows Home edition, so you'll be unable to connect to an Azure AD domain. You'll need to upgrade to Pro, Enterprise, or Education edition to continue. |
+| You're logged in as a standard user. | Your device can only be connected to an Azure AD domain if you're logged in as an administrative user. You must switch to an administrator account to continue. |
+| Your device is already managed by MDM. | The connect to Azure AD flow attempts to enroll your device into MDM if your Azure AD tenant has a preconfigured MDM endpoint. Your device must be unenrolled from MDM to be able to connect to Azure AD in this case. |
+| Your device is running Home edition. | This feature isn't available on Windows Home edition, so you can't connect to an Azure AD domain. You must upgrade to Pro, Enterprise, or Education edition to continue. |
 
 ## Connect personally owned devices
 
@@ -116,7 +107,7 @@ Personally owned devices, also known as bring your own device (BYOD), can be con
 
 All Windows devices can be connected to a work or school account. You can connect to a work or school account either through the Settings app or through any of the numerous Universal Windows Platform (UWP) apps, such as the universal Office apps.
 
-### Register device in AAD and enroll in MDM
+### Register device in Azure AD and enroll in MDM
 
 To create a local account and connect the device:
 
@@ -140,9 +131,9 @@ To create a local account and connect the device:
 
     Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-    If your Azure AD tenant has auto-enrollment configured, your device will also be enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant isn't configured for auto-enrollment, you'll have to go through the enrollment flow a second time to [connect your device to MDM](#enroll-in-device-management-only).
+    If your Azure AD tenant has autoenrollment configured, your device also gets enrolled into MDM during this flow. For more information, see [this blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/). If your tenant isn't configured for autoenrollment, you must go through the enrollment flow a second time to [connect your device to MDM](#enroll-in-device-management-only).
 
-    You'll see the status page that shows the progress of your device being set up.
+    You can see the status page that shows the progress of your device being set up.
 
     ![corporate sign in - screen and option](images/unifiedenrollment-rs1-26.png)
 
@@ -160,7 +151,7 @@ There are a few instances where your device may not be able to connect to work.
 | We couldn't find your identity in your organization's cloud. | The username you entered wasn't found on your Azure AD tenant. |
 | Your device is already being managed by an organization. | Your device is either already managed by MDM or Microsoft Configuration Manager. |
 | You don't have the right privileges to perform this operation. Talk to your admin. | You can't enroll your device into MDM as a standard user. You must be on an administrator account. |
-| We couldn't auto-discover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. |
+| We couldn't autodiscover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered. |
 
 ## Enroll in device management only
 
@@ -186,27 +177,27 @@ All Windows devices can be connected to MDM. You can connect to an MDM through t
 
    ![set up work or school account screen](images/unifiedenrollment-rs1-32.png)
 
-1. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you'll be presented with a new window that will ask you for more authentication information.
+1. If the device finds an endpoint that only supports on-premises authentication, this page changes and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you're presented with a new window that asks you for more authentication information.
 
-   Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. You'll see the enrollment progress on screen.
+   Based on IT policy, you may also be prompted to provide a second factor of authentication at this point. You can see the enrollment progress on screen.
 
    ![screen to set up your device](images/unifiedenrollment-rs1-33-b.png)
 
-   After you complete the flow, your device will be connected to your organization's MDM.
+   After you complete the flow, your device is connected to your organization's MDM.
 
 ## Connect your Windows device to work using a deep link
 
-Windows devices may be connected to work using a deep link. Users will be able to select or open a link in a particular format from anywhere in Windows, and be directed to the new enrollment experience.
+Windows devices may be connected to work using a deep link. Users can select or open a link in a particular format from anywhere in Windows, and be directed to the new enrollment experience.
 
-The deep link used for connecting your device to work will always use the following format.
+The deep link used for connecting your device to work uses the following format.
 
 **ms-device-enrollment:?mode={mode\_name}**:
 
 | Parameter | Description | Supported Value for Windows |
 |--|--|--|
-| mode | Describes which mode will be executed in the enrollment app. | Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory-joined. |
+| mode | Describes which mode is executed in the enrollment app. | Mobile Device Management (MDM), Adding Work Account (AWA), and Azure Active Directory-joined. |
 | username | Specifies the email address or UPN of the user who should be enrolled into MDM. | string |
-| servername | Specifies the MDM server URL that will be used to enroll the device. | string |
+| servername | Specifies the MDM server URL that is used to enroll the device. | string |
 | accesstoken | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used as a token to validate the enrollment request. | string |
 | deviceidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to pass in a unique device identifier. | GUID |
 | tenantidentifier | Custom parameter for MDM servers to use as they see fit. Typically, this parameter's value can be used to identify which tenant the device or user belongs to. | GUID or string |
@@ -224,7 +215,7 @@ To connect your devices to MDM using deep links:
 
 1. Create a link to launch the built-in enrollment app using the URI **ms-device-enrollment:?mode=mdm**, and user-friendly display text, such as **Click here to connect Windows to work**:
 
-    (This link will launch the flow equivalent to the Enroll into the device management option.)
+    This link launches the flow equivalent to the Enroll into the device management option.
 
     - IT admins can add this link to a welcome email that users can select to enroll into MDM.
 
@@ -241,7 +232,7 @@ To connect your devices to MDM using deep links:
 
     ![set up a work or school account screen](images/deeplinkenrollment3.png)
 
-1. If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you'll be presented with a new window that will ask you for more authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
+1. If the device finds an endpoint that only supports on-premises authentication, this page changes and asks you for your password. If the device finds an MDM endpoint that supports federated authentication, you're presented with a new window that asks for more authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
     After you complete the flow, your device will be connected to your organization's MDM.
 
@@ -249,7 +240,7 @@ To connect your devices to MDM using deep links:
 
 ## Manage connections
 
-To manage your work or school connections, select **Settings** > **Accounts** > **Access work or school**. Your connections will show on this page and selecting one will expand options for that connection.
+To manage your work or school connections, select **Settings** > **Accounts** > **Access work or school**. Your connections are displayed on this page and selecting one expands options for that connection.
 
 ![managing work or school account.](images/unifiedenrollment-rs1-34-b.png)
 
@@ -257,21 +248,21 @@ To manage your work or school connections, select **Settings** > **Accounts** >
 
 The **Info** button can be found on work or school connections involving MDM. This button is included in the following scenarios:
 
-- Connecting your device to an Azure AD domain that has auto-enroll into MDM configured.
-- Connecting your device to a work or school account that has auto-enroll into MDM configured.
+- Connecting your device to an Azure AD domain that has autoenroll into MDM configured.
+- Connecting your device to a work or school account that has autoenroll into MDM configured.
 - Connecting your device to MDM.
 
-Selecting the **Info** button will open a new page in the Settings app that provides details about your MDM connection. You'll be able to view your organization's support information (if configured) on this page. You'll also be able to start a sync session that forces your device to communicate to the MDM server and fetch any updates to policies if needed.
+Selecting the **Info** button opens a new page in the Settings app that provides details about your MDM connection. You're able to view your organization's support information (if configured) on this page. You can also start a sync session that forces your device to communicate to the MDM server and fetch any updates to policies if needed.
 
-Selecting the **Info** button will show a list of policies and line-of-business apps installed by your organization. Here's an example screenshot.
+Selecting the **Info** button shows a list of policies and line-of-business apps installed by your organization. Here's an example screenshot.
 
 ![work or school info.](images/unifiedenrollment-rs1-35-b.png)
 
 ### Disconnect
 
-The **Disconnect** button can be found on all work connections. Generally, selecting the **Disconnect** button will remove the connection from the device. There are a few exceptions to this functionality:
+The **Disconnect** button can be found on all work connections. Generally, selecting the **Disconnect** button removes the connection from the device. There are a few exceptions to this functionality:
 
-- Devices that enforce the AllowManualMDMUnenrollment policy won't allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
+- Devices that enforce the AllowManualMDMUnenrollment policy don't allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
 - On mobile devices, you can't disconnect from Azure AD. These connections can only be removed by wiping the device.
 
 > [!WARNING]
@@ -281,6 +272,6 @@ The **Disconnect** button can be found on all work connections. Generally, selec
 
 You can collect diagnostic logs around your work connections by going to **Settings** > **Accounts** > **Access work or school**, and then selecting the **Export your management logs** link under **Related Settings**. Next, select **Export**, and follow the path displayed to retrieve your management log files.
 
-You can get the advanced diagnostic report by going to **Settings** > **Accounts** > **Access work or school**, and selecting the **Info** button. At the bottom of the Settings page, you'll see the button to create a report.
+You can get the advanced diagnostic report by going to **Settings** > **Accounts** > **Access work or school**, and selecting the **Info** button. At the bottom of the Settings page, you see the button to create a report.
 
 For more information, see [Collect MDM logs](mdm-collect-logs.md).
diff --git a/windows/client-management/mdm-known-issues.md b/windows/client-management/mdm-known-issues.md
index 8c3dc27e89..7676911fc4 100644
--- a/windows/client-management/mdm-known-issues.md
+++ b/windows/client-management/mdm-known-issues.md
@@ -1,17 +1,8 @@
 ---
 title: Known issues in MDM
 description: Learn about known issues for Windows devices in MDM
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/12/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Known issues
@@ -36,7 +27,7 @@ The certificate setting under "SSL Settings" in the IIS server for SCEP must be
 
 ## MDM enrollment fails on the Windows device when traffic is going through proxy
 
-When the Windows device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that doesn't require authentication or remove the proxy setting from the connected network.
+When the Windows device is configured to use a proxy that requires authentication, the enrollment fails. To work around this issue, the user can use a proxy that doesn't require authentication or remove the proxy setting from the connected network.
 
 ## Server-initiated unenrollment failure
 
@@ -46,7 +37,7 @@ Remote server unenrollment is disabled for mobile devices enrolled via Azure Act
 
 ## Certificates causing issues with Wi-Fi and VPN
 
-When using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This dual installation may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We're working to fix this issue.
+When using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store also gets installed in the user store. This dual installation may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We're working to fix this issue.
 
 ## Version information for Windows 11
 
@@ -65,10 +56,10 @@ A production ready deployment must have the appropriate certificate details as p
 
 EAP XML must be updated with relevant information for your environment. This task can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
 
-- For Wi-Fi, look for the &lt;EAPConfig&gt; section of your current WLAN Profile XML (This detail is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags, you'll find the complete EAP configuration. Replace the section under &lt;EAPConfig&gt; with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM's guidance on how to deploy a new Wi-Fi profile.
+- For Wi-Fi, look for the &lt;EAPConfig&gt; section of your current WLAN Profile XML (This detail is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags, you can find the complete EAP configuration. Replace the section under &lt;EAPConfig&gt; with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM's guidance on how to deploy a new Wi-Fi profile.
 - For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
 
-For information about EAP Settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
+For information about EAP Settings, see [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access).
 
 For information about generating an EAP XML, see [EAP configuration](mdm/eap-configuration.md).
 
@@ -208,7 +199,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
     > [!NOTE]
     > For PEAP or TTLS, select the appropriate method and continue following this procedure.
 
-1. Click the **Properties** button underneath the drop-down menu.
+1. Select the **Properties** button underneath the drop-down menu.
 
 1. In the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
 
@@ -218,14 +209,14 @@ Alternatively you can use the following procedure to create an EAP Configuration
 
     :::image type="content" alt-text="configure certificate selection window." source="images/certfiltering3.png":::
 
-1. Click **OK** to close the windows to get back to the main `rasphone.exe` dialog box.
+1. Select **OK** to close the windows to get back to the main `rasphone.exe` dialog box.
 
 1. Close the rasphone dialog box.
 
 1. Continue following the procedure in [EAP configuration](mdm/eap-configuration.md) from Step 9 to get an EAP TLS profile with appropriate filtering.
 
 > [!NOTE]
-> You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)).
+> You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access).
 
 ## MDM client will immediately check in with the MDM server after client renews WNS channel URI
 
diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md
index 65a8d393da..ceca839aaa 100644
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -1,17 +1,9 @@
 ---
 title: Mobile Device Management overview
 description: Windows provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
-ms.date: 04/05/2023
-ms.technology: itpro-manage
+ms.date: 08/10/2023
 ms.topic: article
-ms.prod: windows-client
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ms.collection:
 - highpri
 - tier2
@@ -26,7 +18,7 @@ There are two parts to the Windows management component:
 - The enrollment client, which enrolls and configures the device to communicate with the enterprise management server. For more information, see [Enrollment overview](mobile-device-enrollment.md).
 - The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
 
-Third-party MDM servers can manage Windows devices using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows users. MDM servers don't need to create or download a client to manage Windows.
+Third-party MDM servers can manage Windows devices using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server has the same consistent first-party user experience for enrollment, which also provides simplicity for Windows users. MDM servers don't need to create or download a client to manage Windows.
 
 For details about the MDM protocols, see
 
@@ -56,7 +48,7 @@ For more information about the MDM policies defined in the MDM security baseline
 
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
-[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)]
+[!INCLUDE [modern-device-management-through-mdm](../../includes/licensing/modern-device-management-through-mdm.md)]
 
 ## Frequently Asked Questions
 
@@ -67,7 +59,7 @@ No. Only one MDM is allowed.
 ### How do I set the maximum number of Azure Active Directory-joined devices per user?
 
 1. Sign in to the portal as tenant admin: <https://portal.azure.com>.
-1. Navigate to **Azure AD**, then **Devices**, and then click **Device Settings**.
+1. Navigate to **Azure AD**, then **Devices**, and then select **Device Settings**.
 1. Change the number under **Maximum number of devices per user**.
 
 ### What is dmwappushsvc?
@@ -76,4 +68,4 @@ No. Only one MDM is allowed.
 | --------------- | -------------------- |
 | What is dmwappushsvc? | It's a Windows service that ships in Windows operating system as a part of the windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
 | What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
-| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service will cause your management to fail. |
+| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and  required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |
diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md
index 70081db8ca..25ff8939c4 100644
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the LanguagePackManagement CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -48,7 +48,7 @@ The following list shows the LanguagePackManagement configuration service provid
 <!-- Device-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-Applicability-End -->
 
 <!-- Device-Install-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Language to be installed or being installed.
 <!-- Device-Install-{Language ID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-{Language ID}-Applicability-End -->
 
 <!-- Device-Install-{Language ID}-OmaUri-Begin -->
@@ -127,7 +127,7 @@ Language tag of the language to be installed or being installed.
 <!-- Device-Install-{Language ID}-CopyToDeviceInternationalSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-{Language ID}-CopyToDeviceInternationalSettings-Applicability-End -->
 
 <!-- Device-Install-{Language ID}-CopyToDeviceInternationalSettings-OmaUri-Begin -->
@@ -176,7 +176,7 @@ Copies the language to the international settings (that is, locale, input layout
 <!-- Device-Install-{Language ID}-EnableLanguageFeatureInstallations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-{Language ID}-EnableLanguageFeatureInstallations-Applicability-End -->
 
 <!-- Device-Install-{Language ID}-EnableLanguageFeatureInstallations-OmaUri-Begin -->
@@ -225,7 +225,7 @@ Enables installations of all available language features when the value is true.
 <!-- Device-Install-{Language ID}-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-{Language ID}-ErrorCode-Applicability-End -->
 
 <!-- Device-Install-{Language ID}-ErrorCode-OmaUri-Begin -->
@@ -264,7 +264,7 @@ Error code of queued language installation. 0 if there is no error.
 <!-- Device-Install-{Language ID}-StartInstallation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-{Language ID}-StartInstallation-Applicability-End -->
 
 <!-- Device-Install-{Language ID}-StartInstallation-OmaUri-Begin -->
@@ -303,7 +303,7 @@ Execution node to queue a language for installation on the device.
 <!-- Device-Install-{Language ID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-Install-{Language ID}-Status-Applicability-End -->
 
 <!-- Device-Install-{Language ID}-Status-OmaUri-Begin -->
@@ -342,7 +342,7 @@ Status of the language queued for install. 0 - not started; 1 - in progress; 2 -
 <!-- Device-InstalledLanguages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-InstalledLanguages-Applicability-End -->
 
 <!-- Device-InstalledLanguages-OmaUri-Begin -->
@@ -381,7 +381,7 @@ Languages currently installed on the device.
 <!-- Device-InstalledLanguages-{Language ID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-InstalledLanguages-{Language ID}-Applicability-End -->
 
 <!-- Device-InstalledLanguages-{Language ID}-OmaUri-Begin -->
@@ -421,7 +421,7 @@ Language tag of an installed language on the device. Delete to uninstall.
 <!-- Device-InstalledLanguages-{Language ID}-LanguageFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-InstalledLanguages-{Language ID}-LanguageFeatures-Applicability-End -->
 
 <!-- Device-InstalledLanguages-{Language ID}-LanguageFeatures-OmaUri-Begin -->
@@ -460,7 +460,7 @@ Numeric representation of the language features installed. Basic Typing - 1 (0x1
 <!-- Device-InstalledLanguages-{Language ID}-Providers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-InstalledLanguages-{Language ID}-Providers-Applicability-End -->
 
 <!-- Device-InstalledLanguages-{Language ID}-Providers-OmaUri-Begin -->
@@ -499,7 +499,7 @@ Numeric representation of how a language is installed. 1 - The system language p
 <!-- Device-LanguageSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-LanguageSettings-Applicability-End -->
 
 <!-- Device-LanguageSettings-OmaUri-Begin -->
@@ -538,7 +538,7 @@ Language settings of the device.
 <!-- Device-LanguageSettings-SystemPreferredUILanguages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-LanguageSettings-SystemPreferredUILanguages-Applicability-End -->
 
 <!-- Device-LanguageSettings-SystemPreferredUILanguages-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 9863ad1ccf..4fdc019a91 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -1,81 +1,304 @@
 ---
 title: AccountManagement CSP
-description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
+description: Learn more about the AccountManagement CSP.
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 08/29/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 03/23/2018
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- AccountManagement-Begin -->
 # AccountManagement CSP
 
-AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
+<!-- AccountManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition.
 
 > [!NOTE]
 > The AccountManagement CSP is only supported in Windows Holographic for Business edition.
+<!-- AccountManagement-Editable-End -->
 
-The following syntax shows the AccountManagement configuration service provider in tree format.
+<!-- AccountManagement-Tree-Begin -->
+The following list shows the AccountManagement configuration service provider nodes:
 
-```console
-./Vendor/MSFT
-AccountManagement
-----UserProfileManagement
---------EnableProfileManager
---------DeletionPolicy
---------StorageCapacityStartDeletion
---------StorageCapacityStopDeletion
---------ProfileInactivityThreshold
+- ./Device/Vendor/MSFT/AccountManagement
+  - [UserProfileManagement](#userprofilemanagement)
+    - [DeletionPolicy](#userprofilemanagementdeletionpolicy)
+    - [EnableProfileManager](#userprofilemanagementenableprofilemanager)
+    - [ProfileInactivityThreshold](#userprofilemanagementprofileinactivitythreshold)
+    - [StorageCapacityStartDeletion](#userprofilemanagementstoragecapacitystartdeletion)
+    - [StorageCapacityStopDeletion](#userprofilemanagementstoragecapacitystopdeletion)
+<!-- AccountManagement-Tree-End -->
+
+<!-- Device-UserProfileManagement-Begin -->
+## UserProfileManagement
+
+<!-- Device-UserProfileManagement-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-Applicability-End -->
+
+<!-- Device-UserProfileManagement-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement
 ```
+<!-- Device-UserProfileManagement-OmaUri-End -->
 
-<a href="" id="accountmanagement"></a>**./Vendor/MSFT/AccountManagement**
-Root node for the AccountManagement configuration service provider.
+<!-- Device-UserProfileManagement-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- Device-UserProfileManagement-Description-End -->
 
-<a href="" id="accountmanagement-userprofilemanagemen-enableprofilemanager"></a>**UserProfileManagement**
-Interior node.
+<!-- Device-UserProfileManagement-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-Editable-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-deletionpolicy"></a>**UserProfileManagement/EnableProfileManager**
-Enable profile lifetime management for shared or communal device scenarios. Default value is false.
+<!-- Device-UserProfileManagement-DFProperties-Begin -->
+**Description framework properties**:
 
-Supported operations are Add, Get, Replace, and Delete.
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+<!-- Device-UserProfileManagement-DFProperties-End -->
 
-Value type is bool.
+<!-- Device-UserProfileManagement-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-Examples-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystartdeletion"></a>**UserProfileManagement/DeletionPolicy**
-Configures when profiles will be deleted. Default value is 1.
+<!-- Device-UserProfileManagement-End -->
 
-Valid values:
+<!-- Device-UserProfileManagement-DeletionPolicy-Begin -->
+### UserProfileManagement/DeletionPolicy
 
--  0 - delete immediately when the device returns to a state with no currently active users
--  1 - delete at storage capacity threshold
--  2 - delete at both storage capacity threshold and profile inactivity threshold
+<!-- Device-UserProfileManagement-DeletionPolicy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-DeletionPolicy-Applicability-End -->
 
-Supported operations are Add, Get, Replace, and Delete.
+<!-- Device-UserProfileManagement-DeletionPolicy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/DeletionPolicy
+```
+<!-- Device-UserProfileManagement-DeletionPolicy-OmaUri-End -->
 
-Value type is integer.
+<!-- Device-UserProfileManagement-DeletionPolicy-Description-Begin -->
+<!-- Description-Source-DDF -->
+Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).
+<!-- Device-UserProfileManagement-DeletionPolicy-Description-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStartDeletion**
-Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
+<!-- Device-UserProfileManagement-DeletionPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-DeletionPolicy-Editable-End -->
 
-Supported operations are Add, Get, Replace, and Delete.
+<!-- Device-UserProfileManagement-DeletionPolicy-DFProperties-Begin -->
+**Description framework properties**:
 
-Value type is integer.
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- Device-UserProfileManagement-DeletionPolicy-DFProperties-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStopDeletion**
-Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
+<!-- Device-UserProfileManagement-DeletionPolicy-AllowedValues-Begin -->
+**Allowed values**:
 
-Supported operations are Add, Get, Replace, and Delete.
+| Value | Description |
+|:--|:--|
+| 0 | Delete immediately upon device returning to a state with no currently active users). |
+| 1 (Default) | Delete at storage capacity threshold. |
+| 2 | Delete at both storage capacity threshold and profile inactivity threshold. |
+<!-- Device-UserProfileManagement-DeletionPolicy-AllowedValues-End -->
 
-Value type is integer.
+<!-- Device-UserProfileManagement-DeletionPolicy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-DeletionPolicy-Examples-End -->
 
-<a href="" id="accountmanagement-userprofilemanagement-profileinactivitythreshold"></a>**UserProfileManagement/ProfileInactivityThreshold**
-Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
+<!-- Device-UserProfileManagement-DeletionPolicy-End -->
 
-Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+<!-- Device-UserProfileManagement-EnableProfileManager-Begin -->
+### UserProfileManagement/EnableProfileManager
 
-## Related topics
+<!-- Device-UserProfileManagement-EnableProfileManager-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-EnableProfileManager-Applicability-End -->
 
-[Configuration service provider reference](index.yml)
+<!-- Device-UserProfileManagement-EnableProfileManager-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/EnableProfileManager
+```
+<!-- Device-UserProfileManagement-EnableProfileManager-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enable profile lifetime mangement for shared or communal device scenarios.
+<!-- Device-UserProfileManagement-EnableProfileManager-Description-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-EnableProfileManager-Editable-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | false |
+<!-- Device-UserProfileManagement-EnableProfileManager-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | False. |
+| true | True. |
+<!-- Device-UserProfileManagement-EnableProfileManager-AllowedValues-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-EnableProfileManager-Examples-End -->
+
+<!-- Device-UserProfileManagement-EnableProfileManager-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Begin -->
+### UserProfileManagement/ProfileInactivityThreshold
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Applicability-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/ProfileInactivityThreshold
+```
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Description-Begin -->
+<!-- Description-Source-DDF -->
+Start deleting profiles when they haven't been logged-on during the specified period, given as number of days.
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Description-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Editable-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 30 |
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-Examples-End -->
+
+<!-- Device-UserProfileManagement-ProfileInactivityThreshold-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Begin -->
+### UserProfileManagement/StorageCapacityStartDeletion
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Applicability-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/StorageCapacityStartDeletion
+```
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Description-Begin -->
+<!-- Description-Source-DDF -->
+Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Description-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Editable-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 25 |
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-Examples-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStartDeletion-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Begin -->
+### UserProfileManagement/StorageCapacityStopDeletion
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Applicability-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/AccountManagement/UserProfileManagement/StorageCapacityStopDeletion
+```
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-OmaUri-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Description-Begin -->
+<!-- Description-Source-DDF -->
+Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Description-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Editable-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 50 |
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-DFProperties-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-Examples-End -->
+
+<!-- Device-UserProfileManagement-StorageCapacityStopDeletion-End -->
+
+<!-- AccountManagement-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- AccountManagement-CspMoreInfo-End -->
+
+<!-- AccountManagement-End -->
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index c6ec83beff..7589b07ab4 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -1,203 +1,232 @@
 ---
 title: AccountManagement DDF file
-description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
+description: View the XML file containing the device description framework (DDF) for the AccountManagement configuration service provider.
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 08/29/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 03/23/2018
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
 # AccountManagement DDF file
 
-This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
-
-The XML below is for Windows 10, version 1803.
+The following XML file contains the device description framework (DDF) for the AccountManagement configuration service provider.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
   <VerDTD>1.2</VerDTD>
+  <MSFT:Diagnostics>
+  </MSFT:Diagnostics>
+  <Node>
+    <NodeName>AccountManagement</NodeName>
+    <Path>./Device/Vendor/MSFT</Path>
+    <DFProperties>
+      <AccessType>
+        <Get />
+      </AccessType>
+      <DFFormat>
+        <node />
+      </DFFormat>
+      <Occurrence>
+        <One />
+      </Occurrence>
+      <Scope>
+        <Permanent />
+      </Scope>
+      <DFType>
+        <MIME />
+      </DFType>
+      <MSFT:Applicability>
+        <MSFT:OsBuildVersion>10.0.19041</MSFT:OsBuildVersion>
+        <MSFT:CspVersion>1.0</MSFT:CspVersion>
+        <MSFT:EditionAllowList>0x88;</MSFT:EditionAllowList>
+      </MSFT:Applicability>
+    </DFProperties>
+    <Node>
+      <NodeName>UserProfileManagement</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName />
+        </DFType>
+      </DFProperties>
       <Node>
-        <NodeName>AccountManagement</NodeName>
-        <Path>./Device/Vendor/MSFT</Path>
+        <NodeName>EnableProfileManager</NodeName>
         <DFProperties>
           <AccessType>
+            <Add />
+            <Delete />
             <Get />
+            <Replace />
           </AccessType>
+          <DefaultValue>false</DefaultValue>
+          <Description>Enable profile lifetime mangement for shared or communal device scenarios.</Description>
           <DFFormat>
-            <node />
+            <bool />
           </DFFormat>
           <Occurrence>
-            <One />
+            <ZeroOrOne />
           </Occurrence>
           <Scope>
-            <Permanent />
+            <Dynamic />
           </Scope>
+          <DFTitle>Enable profile manager</DFTitle>
           <DFType>
-            <MIME>com.microsoft/1.0/MDM/AccountManagement</MIME>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>false</MSFT:Value>
+              <MSFT:ValueDescription>False</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>true</MSFT:Value>
+              <MSFT:ValueDescription>True</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>DeletionPolicy</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>1</DefaultValue>
+          <Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Profile deletion policy</DFTitle>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Delete immediately upon device returning to a state with no currently active users)</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Delete at storage capacity threshold</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>2</MSFT:Value>
+              <MSFT:ValueDescription>Delete at both storage capacity threshold and profile inactivity threshold</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>StorageCapacityStartDeletion</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>25</DefaultValue>
+          <Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
+          <DFType>
+            <MIME />
           </DFType>
         </DFProperties>
-        <Node>
-          <NodeName>UserProfileManagement</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-            </AccessType>
-            <DFFormat>
-              <node />
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <DFType>
-              <DDFName></DDFName>
-            </DFType>
-          </DFProperties>
-          <Node>
-            <NodeName>EnableProfileManager</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>false</DefaultValue>
-              <Description>Enable profile lifetime management for shared or communal device scenarios.</Description>
-              <DFFormat>
-                <bool />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Enable profile manager</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>DeletionPolicy</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>1</DefaultValue>
-              <Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Profile deletion policy</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>StorageCapacityStartDeletion</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>25</DefaultValue>
-              <Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>StorageCapacityStopDeletion</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>50</DefaultValue>
-              <Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-          <Node>
-            <NodeName>ProfileInactivityThreshold</NodeName>
-            <DFProperties>
-              <AccessType>
-                <Get />
-                <Add />
-                <Delete />
-                <Replace />
-              </AccessType>
-              <DefaultValue>30</DefaultValue>
-              <Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
-              <DFFormat>
-                <int />
-              </DFFormat>
-              <Occurrence>
-                <ZeroOrOne />
-              </Occurrence>
-              <Scope>
-                <Dynamic />
-              </Scope>
-              <DFTitle>Profile inactive threshold</DFTitle>
-              <DFType>
-                <MIME>text/plain</MIME>
-              </DFType>
-            </DFProperties>
-          </Node>
-        </Node>
       </Node>
+      <Node>
+        <NodeName>StorageCapacityStopDeletion</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>50</DefaultValue>
+          <Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>ProfileInactivityThreshold</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>30</DefaultValue>
+          <Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFTitle>Profile inactive threshold</DFTitle>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+    </Node>
+  </Node>
 </MgmtTree>
 ```
 
-## Related topics
+## Related articles
 
-[AccountManagement configuration service provider](accountmanagement-csp.md)
\ No newline at end of file
+[AccountManagement configuration service provider reference](accountmanagement-csp.md)
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index 685680a0db..842d9225c2 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the ActiveSync CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -64,7 +64,7 @@ The following list shows the ActiveSync configuration service provider nodes:
 <!-- User-Accounts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-Applicability-End -->
 
 <!-- User-Accounts-OmaUri-Begin -->
@@ -103,7 +103,7 @@ The parent node group all active sync accounts.
 <!-- User-Accounts-{Account GUID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-OmaUri-Begin -->
@@ -129,6 +129,7 @@ When managing over OMA DM, make sure to always use a unique GUID. Provisioning w
 |:--|:--|
 | Format | `node` |
 | Access Type | Add, Delete, Get, Replace |
+| Atomic Required | True |
 | Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
 | Allowed Values | Regular Expression: `\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}` |
 <!-- User-Accounts-{Account GUID}-DFProperties-End -->
@@ -162,7 +163,7 @@ For OMA DM, you must use the ASCII values of %7B and %7D for the opening and clo
 <!-- User-Accounts-{Account GUID}-AccountIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-AccountIcon-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-AccountIcon-OmaUri-Begin -->
@@ -202,7 +203,7 @@ The account icon can be used as a tile in the Start list or an icon in the appli
 <!-- User-Accounts-{Account GUID}-AccountName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-AccountName-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-AccountName-OmaUri-Begin -->
@@ -241,7 +242,7 @@ The name that refers to the account on the device.
 <!-- User-Accounts-{Account GUID}-AccountType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-AccountType-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-AccountType-OmaUri-Begin -->
@@ -280,7 +281,7 @@ Specify the account type. This value is entered during setup and can't be modifi
 <!-- User-Accounts-{Account GUID}-Domain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Domain-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Domain-OmaUri-Begin -->
@@ -319,7 +320,7 @@ Domain name of the Exchange server.
 <!-- User-Accounts-{Account GUID}-EmailAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-EmailAddress-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-EmailAddress-OmaUri-Begin -->
@@ -359,7 +360,7 @@ This email address is entered by the user during setup and must be in the fully
 <!-- User-Accounts-{Account GUID}-Options-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-OmaUri-Begin -->
@@ -398,7 +399,7 @@ Specifies whether email, contacts, and calendar need to synchronize by default,
 <!-- User-Accounts-{Account GUID}-Options-CalendarAgeFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-CalendarAgeFilter-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-CalendarAgeFilter-OmaUri-Begin -->
@@ -437,7 +438,7 @@ Specifies the time window used for syncing calendar items to the phone.
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-OmaUri-Begin -->
@@ -476,7 +477,7 @@ Interior node for Content Types.
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-OmaUri-Begin -->
@@ -516,7 +517,7 @@ Enables or disables syncing email, contacts, task, and calendar. Each is represe
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Enabled-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Enabled-OmaUri-Begin -->
@@ -565,7 +566,7 @@ Enables or disables Sync for Email, contacts, calendar, and Tasks.
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Name-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-ContentTypes-{Content Type GUID}-Name-OmaUri-Begin -->
@@ -604,7 +605,7 @@ The name of the content type.
 <!-- User-Accounts-{Account GUID}-Options-Logging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-Logging-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-Logging-OmaUri-Begin -->
@@ -654,7 +655,7 @@ Specifies whether diagnostic logging is enabled and at what level.
 <!-- User-Accounts-{Account GUID}-Options-MailAgeFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-MailAgeFilter-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-MailAgeFilter-OmaUri-Begin -->
@@ -708,7 +709,7 @@ Specifies the time window used for syncing email items to the phone.
 <!-- User-Accounts-{Account GUID}-Options-MailBodyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-MailBodyType-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-MailBodyType-OmaUri-Begin -->
@@ -759,7 +760,7 @@ Indicates format type of the Email. Supported values are 0 (none), 1 (text), 2 (
 <!-- User-Accounts-{Account GUID}-Options-MailHTMLTruncation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-MailHTMLTruncation-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-MailHTMLTruncation-OmaUri-Begin -->
@@ -798,7 +799,7 @@ This setting specifies the size beyond which HTML-formatted e-mail messages are
 <!-- User-Accounts-{Account GUID}-Options-MailPlainTextTruncation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-MailPlainTextTruncation-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-MailPlainTextTruncation-OmaUri-Begin -->
@@ -837,7 +838,7 @@ This setting specifies the size beyond which text-formatted e-mail messages are
 <!-- User-Accounts-{Account GUID}-Options-Schedule-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-Schedule-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-Schedule-OmaUri-Begin -->
@@ -878,7 +879,7 @@ Specifies the time until the next sync is performed in minutes. If -1 is chosen,
 <!-- User-Accounts-{Account GUID}-Options-UseSSL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Options-UseSSL-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Options-UseSSL-OmaUri-Begin -->
@@ -927,7 +928,7 @@ Specifies whether SSL is used.
 <!-- User-Accounts-{Account GUID}-Password-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Password-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Password-OmaUri-Begin -->
@@ -966,7 +967,7 @@ A character string that specifies the password for the account. For the Get comm
 <!-- User-Accounts-{Account GUID}-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Policies-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Policies-OmaUri-Begin -->
@@ -1005,7 +1006,7 @@ Specifies the mail body type and email age filter.
 <!-- User-Accounts-{Account GUID}-Policies-MailBodyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Policies-MailBodyType-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Policies-MailBodyType-OmaUri-Begin -->
@@ -1053,7 +1054,7 @@ Specifies the email body type. HTML or plain.
 <!-- User-Accounts-{Account GUID}-Policies-MaxMailAgeFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-Policies-MaxMailAgeFilter-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-Policies-MaxMailAgeFilter-OmaUri-Begin -->
@@ -1092,7 +1093,7 @@ Specifies the time window used for syncing mail items to the device.
 <!-- User-Accounts-{Account GUID}-ServerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-ServerName-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-ServerName-OmaUri-Begin -->
@@ -1131,7 +1132,7 @@ Specifies the server name used by the account.
 <!-- User-Accounts-{Account GUID}-UserName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Accounts-{Account GUID}-UserName-Applicability-End -->
 
 <!-- User-Accounts-{Account GUID}-UserName-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index 5128680488..06f77c27b9 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/16/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -100,6 +100,7 @@ The following XML file contains the device description framework (DDF) for the A
           <MSFT:AllowedValues ValueType="RegEx">
             <MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
           </MSFT:AllowedValues>
+          <MSFT:AtomicRequired />
         </DFProperties>
         <Node>
           <NodeName>EmailAddress</NodeName>
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 27821afa03..199adf8620 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/16/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.18362</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 0e70e6f96a..9c5875b5a4 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the ApplicationControl CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -53,7 +53,7 @@ The following list shows the ApplicationControl configuration service provider n
 <!-- Device-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-Applicability-End -->
 
 <!-- Device-Policies-OmaUri-Begin -->
@@ -93,7 +93,7 @@ Each policy is identified by their globally unique identifier (GUID).
 <!-- Device-Policies-{Policy GUID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-OmaUri-Begin -->
@@ -134,7 +134,7 @@ Each Policy GUID node contains a Policy node and a corresponding PolicyInfo node
 <!-- Device-Policies-{Policy GUID}-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-Policy-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-Policy-OmaUri-Begin -->
@@ -174,7 +174,7 @@ Default value is empty.
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-OmaUri-Begin -->
@@ -213,7 +213,7 @@ Information Describing the Policy indicated by the GUID.
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-FriendlyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-FriendlyName-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-FriendlyName-OmaUri-Begin -->
@@ -252,7 +252,7 @@ The FriendlyName of the Policy Indicated by the Policy GUID.
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsAuthorized-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsAuthorized-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsAuthorized-OmaUri-Begin -->
@@ -295,7 +295,7 @@ Supported values are as follows:
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsBasePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsBasePolicy-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsBasePolicy-OmaUri-Begin -->
@@ -334,7 +334,7 @@ TRUE/FALSE if the Policy is a Base Policy versus a Supplemental Policy.
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsDeployed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsDeployed-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsDeployed-OmaUri-Begin -->
@@ -377,7 +377,7 @@ Supported values are as follows:
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsEffective-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsEffective-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsEffective-OmaUri-Begin -->
@@ -420,7 +420,7 @@ Supported values are as follows:
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsSystemPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsSystemPolicy-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-IsSystemPolicy-OmaUri-Begin -->
@@ -459,7 +459,7 @@ TRUE/FALSE if the Policy is a System Policy, that's a policy managed by Microsof
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Status-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Status-OmaUri-Begin -->
@@ -499,7 +499,7 @@ Default value is 0, which indicates that the policy status is `OK`.
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Version-Applicability-End -->
 
 <!-- Device-Policies-{Policy GUID}-PolicyInfo-Version-OmaUri-Begin -->
@@ -538,7 +538,7 @@ Version of the Policy indicated by the GUID, as a string. When parsing use a uin
 <!-- Device-Tokens-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Tokens-Applicability-End -->
 
 <!-- Device-Tokens-OmaUri-Begin -->
@@ -577,7 +577,7 @@ Beginning of a Subtree that contains all tokens.
 <!-- Device-Tokens-{ID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Tokens-{ID}-Applicability-End -->
 
 <!-- Device-Tokens-{ID}-OmaUri-Begin -->
@@ -617,7 +617,7 @@ Arbitrary ID used to differentiate tokens.
 <!-- Device-Tokens-{ID}-Token-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Tokens-{ID}-Token-Applicability-End -->
 
 <!-- Device-Tokens-{ID}-Token-OmaUri-Begin -->
@@ -656,7 +656,7 @@ The token binary encoded as base64. Supported value is a binary file, obtained f
 <!-- Device-Tokens-{ID}-TokenInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Tokens-{ID}-TokenInfo-Applicability-End -->
 
 <!-- Device-Tokens-{ID}-TokenInfo-OmaUri-Begin -->
@@ -695,7 +695,7 @@ Information Describing the Token indicated by the corresponding ID.
 <!-- Device-Tokens-{ID}-TokenInfo-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Tokens-{ID}-TokenInfo-Status-Applicability-End -->
 
 <!-- Device-Tokens-{ID}-TokenInfo-Status-OmaUri-Begin -->
@@ -734,7 +734,7 @@ The Current Status of the Token Indicated by the Token ID.
 <!-- Device-Tokens-{ID}-TokenInfo-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Tokens-{ID}-TokenInfo-Type-Applicability-End -->
 
 <!-- Device-Tokens-{ID}-TokenInfo-Type-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 608969a753..e7b2417319 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the AppLocker CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -76,7 +76,7 @@ The following list shows the AppLocker configuration service provider nodes:
 <!-- Device-ApplicationLaunchRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-OmaUri-Begin -->
@@ -122,7 +122,7 @@ Defines restrictions for applications.
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-OmaUri-Begin -->
@@ -162,7 +162,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-CodeIntegrity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-CodeIntegrity-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-CodeIntegrity-OmaUri-Begin -->
@@ -200,7 +200,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-CodeIntegrity-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-CodeIntegrity-Policy-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-CodeIntegrity-Policy-OmaUri-Begin -->
@@ -242,7 +242,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-OmaUri-Begin -->
@@ -281,7 +281,7 @@ Defines restrictions for processing DLL files.
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-EnforcementMode-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-EnforcementMode-OmaUri-Begin -->
@@ -320,7 +320,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-NonInteractiveProcessEnforcement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-NonInteractiveProcessEnforcement-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-NonInteractiveProcessEnforcement-OmaUri-Begin -->
@@ -358,7 +358,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-Policy-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-DLL-Policy-OmaUri-Begin -->
@@ -399,7 +399,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-OmaUri-Begin -->
@@ -438,7 +438,7 @@ Defines restrictions for launching executable applications.
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-EnforcementMode-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-EnforcementMode-OmaUri-Begin -->
@@ -477,7 +477,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-NonInteractiveProcessEnforcement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-NonInteractiveProcessEnforcement-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-NonInteractiveProcessEnforcement-OmaUri-Begin -->
@@ -515,7 +515,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-Policy-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-EXE-Policy-OmaUri-Begin -->
@@ -556,7 +556,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-OmaUri-Begin -->
@@ -595,7 +595,7 @@ Defines restrictions for executing Windows Installer files.
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-EnforcementMode-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-EnforcementMode-OmaUri-Begin -->
@@ -634,7 +634,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-Policy-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-MSI-Policy-OmaUri-Begin -->
@@ -675,7 +675,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-OmaUri-Begin -->
@@ -714,7 +714,7 @@ Defines restrictions for running scripts.
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-EnforcementMode-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-EnforcementMode-OmaUri-Begin -->
@@ -753,7 +753,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-Policy-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-Script-Policy-OmaUri-Begin -->
@@ -794,7 +794,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-OmaUri-Begin -->
@@ -833,7 +833,7 @@ Defines restrictions for running apps from the Microsoft Store.
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-EnforcementMode-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-EnforcementMode-OmaUri-Begin -->
@@ -872,7 +872,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-Policy-Applicability-End -->
 
 <!-- Device-ApplicationLaunchRestrictions-{Grouping}-StoreApps-Policy-OmaUri-Begin -->
@@ -913,7 +913,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-EnterpriseDataProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EnterpriseDataProtection-Applicability-End -->
 
 <!-- Device-EnterpriseDataProtection-OmaUri-Begin -->
@@ -972,7 +972,7 @@ Additional information:
 <!-- Device-EnterpriseDataProtection-{Grouping}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EnterpriseDataProtection-{Grouping}-Applicability-End -->
 
 <!-- Device-EnterpriseDataProtection-{Grouping}-OmaUri-Begin -->
@@ -1012,7 +1012,7 @@ Grouping nodes are dynamic nodes, and there may be any number of them for a give
 <!-- Device-EnterpriseDataProtection-{Grouping}-EXE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EnterpriseDataProtection-{Grouping}-EXE-Applicability-End -->
 
 <!-- Device-EnterpriseDataProtection-{Grouping}-EXE-OmaUri-Begin -->
@@ -1051,7 +1051,7 @@ Defines restrictions for launching executable applications.
 <!-- Device-EnterpriseDataProtection-{Grouping}-EXE-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EnterpriseDataProtection-{Grouping}-EXE-Policy-Applicability-End -->
 
 <!-- Device-EnterpriseDataProtection-{Grouping}-EXE-Policy-OmaUri-Begin -->
@@ -1092,7 +1092,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-EnterpriseDataProtection-{Grouping}-StoreApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EnterpriseDataProtection-{Grouping}-StoreApps-Applicability-End -->
 
 <!-- Device-EnterpriseDataProtection-{Grouping}-StoreApps-OmaUri-Begin -->
@@ -1131,7 +1131,7 @@ Defines restrictions for running apps from the Microsoft Store.
 <!-- Device-EnterpriseDataProtection-{Grouping}-StoreApps-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EnterpriseDataProtection-{Grouping}-StoreApps-Policy-Applicability-End -->
 
 <!-- Device-EnterpriseDataProtection-{Grouping}-StoreApps-Policy-OmaUri-Begin -->
@@ -1172,7 +1172,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-FamilySafety-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-Applicability-End -->
 
 <!-- Device-FamilySafety-OmaUri-Begin -->
@@ -1210,7 +1210,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-FamilySafety-{Grouping}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-OmaUri-Begin -->
@@ -1249,7 +1249,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-FamilySafety-{Grouping}-EXE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-EXE-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-EXE-OmaUri-Begin -->
@@ -1287,7 +1287,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-FamilySafety-{Grouping}-EXE-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-EXE-EnforcementMode-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-EXE-EnforcementMode-OmaUri-Begin -->
@@ -1326,7 +1326,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-FamilySafety-{Grouping}-EXE-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-EXE-Policy-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-EXE-Policy-OmaUri-Begin -->
@@ -1367,7 +1367,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-FamilySafety-{Grouping}-StoreApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-StoreApps-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-StoreApps-OmaUri-Begin -->
@@ -1405,7 +1405,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-FamilySafety-{Grouping}-StoreApps-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-StoreApps-EnforcementMode-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-StoreApps-EnforcementMode-OmaUri-Begin -->
@@ -1444,7 +1444,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-FamilySafety-{Grouping}-StoreApps-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FamilySafety-{Grouping}-StoreApps-Policy-Applicability-End -->
 
 <!-- Device-FamilySafety-{Grouping}-StoreApps-Policy-OmaUri-Begin -->
@@ -1485,7 +1485,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-LaunchControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-Applicability-End -->
 
 <!-- Device-LaunchControl-OmaUri-Begin -->
@@ -1523,7 +1523,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-LaunchControl-{Grouping}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-OmaUri-Begin -->
@@ -1562,7 +1562,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-LaunchControl-{Grouping}-EXE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-EXE-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-EXE-OmaUri-Begin -->
@@ -1600,7 +1600,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-LaunchControl-{Grouping}-EXE-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-EXE-EnforcementMode-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-EXE-EnforcementMode-OmaUri-Begin -->
@@ -1639,7 +1639,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-LaunchControl-{Grouping}-EXE-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-EXE-Policy-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-EXE-Policy-OmaUri-Begin -->
@@ -1680,7 +1680,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-LaunchControl-{Grouping}-StoreApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-StoreApps-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-StoreApps-OmaUri-Begin -->
@@ -1718,7 +1718,7 @@ Policy nodes define the policy for launching executables, Windows Installer file
 <!-- Device-LaunchControl-{Grouping}-StoreApps-EnforcementMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-StoreApps-EnforcementMode-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-StoreApps-EnforcementMode-OmaUri-Begin -->
@@ -1757,7 +1757,7 @@ The EnforcementMode node for Windows Information Protection (formerly known as E
 <!-- Device-LaunchControl-{Grouping}-StoreApps-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LaunchControl-{Grouping}-StoreApps-Policy-Applicability-End -->
 
 <!-- Device-LaunchControl-{Grouping}-StoreApps-Policy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index af3f58ccbe..9ffbf897b8 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/23/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 3f7964e416..6aea2cc955 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the AssignedAccess CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -50,7 +50,7 @@ The following list shows the AssignedAccess configuration service provider nodes
 <!-- Device-Configuration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Configuration-Applicability-End -->
 
 <!-- Device-Configuration-OmaUri-Begin -->
@@ -145,7 +145,7 @@ For more examples, see [AssignedAccessConfiguration examples](#assignedaccesscon
 <!-- Device-KioskModeApp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-KioskModeApp-Applicability-End -->
 
 <!-- Device-KioskModeApp-OmaUri-Begin -->
@@ -284,7 +284,7 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
 <!-- Device-ShellLauncher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-ShellLauncher-Applicability-End -->
 
 <!-- Device-ShellLauncher-OmaUri-Begin -->
@@ -720,7 +720,7 @@ For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllau
 <!-- Device-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Status-Applicability-End -->
 
 <!-- Device-Status-OmaUri-Begin -->
@@ -854,7 +854,7 @@ Additionally, the Status payload includes the following fields:
 <!-- Device-StatusConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-StatusConfiguration-Applicability-End -->
 
 <!-- Device-StatusConfiguration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index f91d0c0381..5ef69490c0 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/27/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the A
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index ff28625681..f5d9653eed 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -76,7 +76,7 @@ The following list shows the BitLocker configuration service provider nodes:
 <!-- Device-AllowStandardUserEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AllowStandardUserEncryption-Applicability-End -->
 
 <!-- Device-AllowStandardUserEncryption-OmaUri-Begin -->
@@ -154,7 +154,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-AllowSuspensionOfBitLockerProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-AllowSuspensionOfBitLockerProtection-Applicability-End -->
 
 <!-- Device-AllowSuspensionOfBitLockerProtection-OmaUri-Begin -->
@@ -212,7 +212,7 @@ The expected values for this policy are:
 <!-- Device-AllowWarningForOtherDiskEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-AllowWarningForOtherDiskEncryption-Applicability-End -->
 
 <!-- Device-AllowWarningForOtherDiskEncryption-OmaUri-Begin -->
@@ -301,7 +301,7 @@ Windows will attempt to silently enable BitLocker for value 0.
 <!-- Device-ConfigureRecoveryPasswordRotation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigureRecoveryPasswordRotation-Applicability-End -->
 
 <!-- Device-ConfigureRecoveryPasswordRotation-OmaUri-Begin -->
@@ -362,7 +362,7 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
 <!-- Device-EncryptionMethodByDriveType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-EncryptionMethodByDriveType-Applicability-End -->
 
 <!-- Device-EncryptionMethodByDriveType-OmaUri-Begin -->
@@ -468,7 +468,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-FixedDrivesEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-FixedDrivesEncryptionType-Applicability-End -->
 
 <!-- Device-FixedDrivesEncryptionType-OmaUri-Begin -->
@@ -543,7 +543,7 @@ Possible values:
 <!-- Device-FixedDrivesRecoveryOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-FixedDrivesRecoveryOptions-Applicability-End -->
 
 <!-- Device-FixedDrivesRecoveryOptions-OmaUri-Begin -->
@@ -670,7 +670,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-FixedDrivesRequireEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-FixedDrivesRequireEncryption-Applicability-End -->
 
 <!-- Device-FixedDrivesRequireEncryption-OmaUri-Begin -->
@@ -748,7 +748,7 @@ To disable this policy, use hte following SyncML:
 <!-- Device-IdentificationField-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-IdentificationField-Applicability-End -->
 
 <!-- Device-IdentificationField-OmaUri-Begin -->
@@ -828,7 +828,7 @@ Sample value for this node to enable this policy is:
 <!-- Device-RemovableDrivesConfigureBDE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-RemovableDrivesConfigureBDE-Applicability-End -->
 
 <!-- Device-RemovableDrivesConfigureBDE-OmaUri-Begin -->
@@ -901,7 +901,7 @@ Sample value for this node to enable this policy is:
 <!-- Device-RemovableDrivesEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-RemovableDrivesEncryptionType-Applicability-End -->
 
 <!-- Device-RemovableDrivesEncryptionType-OmaUri-Begin -->
@@ -972,7 +972,7 @@ Possible values:
 <!-- Device-RemovableDrivesExcludedFromEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-RemovableDrivesExcludedFromEncryption-Applicability-End -->
 
 <!-- Device-RemovableDrivesExcludedFromEncryption-OmaUri-Begin -->
@@ -1012,7 +1012,7 @@ When enabled, allows you to exclude removable drives and devices connected over
 <!-- Device-RemovableDrivesRequireEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-RemovableDrivesRequireEncryption-Applicability-End -->
 
 <!-- Device-RemovableDrivesRequireEncryption-OmaUri-Begin -->
@@ -1108,7 +1108,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-RequireDeviceEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-RequireDeviceEncryption-Applicability-End -->
 
 <!-- Device-RequireDeviceEncryption-OmaUri-Begin -->
@@ -1201,7 +1201,7 @@ To disable RequireDeviceEncryption:
 <!-- Device-RequireStorageCardEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-RequireStorageCardEncryption-Applicability-End -->
 
 <!-- Device-RequireStorageCardEncryption-OmaUri-Begin -->
@@ -1258,7 +1258,7 @@ Disabling the policy won't turn off the encryption on the storage card. But will
 <!-- Device-RotateRecoveryPasswords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-RotateRecoveryPasswords-Applicability-End -->
 
 <!-- Device-RotateRecoveryPasswords-OmaUri-Begin -->
@@ -1330,7 +1330,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI
 <!-- Device-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Status-Applicability-End -->
 
 <!-- Device-Status-OmaUri-Begin -->
@@ -1368,7 +1368,7 @@ Supported Values: String form of request ID. Example format of request ID is GUI
 <!-- Device-Status-DeviceEncryptionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Status-DeviceEncryptionStatus-Applicability-End -->
 
 <!-- Device-Status-DeviceEncryptionStatus-OmaUri-Begin -->
@@ -1406,7 +1406,9 @@ This value represents a bitmask with each bit and the corresponding error code d
 | 13 |A TPM isn't available for BitLocker, either because it isn't present, it has been made unavailable in the Registry, or the OS is on a removable drive. |
 | 14 |The TPM isn't ready for BitLocker.|
 | 15 |The network isn't available, which is required for recovery key backup. |
-| 16-31 |For future use.|
+| 16 |The encryption type of the OS volume for full disk versus used space only encryption doesn't match the BitLocker policy.|
+| 17 |The encryption type of the fixed drive for full disk versus used space only encryption doesn't match the BitLocker policy.|
+| 18-31 |For future use.|
 <!-- Device-Status-DeviceEncryptionStatus-Editable-End -->
 
 <!-- Device-Status-DeviceEncryptionStatus-DFProperties-Begin -->
@@ -1430,7 +1432,7 @@ This value represents a bitmask with each bit and the corresponding error code d
 <!-- Device-Status-RemovableDrivesEncryptionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Status-RemovableDrivesEncryptionStatus-Applicability-End -->
 
 <!-- Device-Status-RemovableDrivesEncryptionStatus-OmaUri-Begin -->
@@ -1469,7 +1471,7 @@ This node reports compliance state of removal drive encryption. "0" Value means
 <!-- Device-Status-RotateRecoveryPasswordsRequestID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-Status-RotateRecoveryPasswordsRequestID-Applicability-End -->
 
 <!-- Device-Status-RotateRecoveryPasswordsRequestID-OmaUri-Begin -->
@@ -1510,7 +1512,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta
 <!-- Device-Status-RotateRecoveryPasswordsStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-Status-RotateRecoveryPasswordsStatus-Applicability-End -->
 
 <!-- Device-Status-RotateRecoveryPasswordsStatus-OmaUri-Begin -->
@@ -1553,7 +1555,7 @@ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure.
 <!-- Device-SystemDrivesDisallowStandardUsersCanChangePIN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesDisallowStandardUsersCanChangePIN-Applicability-End -->
 
 <!-- Device-SystemDrivesDisallowStandardUsersCanChangePIN-OmaUri-Begin -->
@@ -1618,7 +1620,7 @@ Sample value for this node to disable this policy is: `<disabled/>`
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Applicability-End -->
 
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-OmaUri-Begin -->
@@ -1686,7 +1688,7 @@ Sample value for this node to enable this policy is: `<enabled/>`
 <!-- Device-SystemDrivesEnablePreBootPinExceptionOnDECapableDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEnablePreBootPinExceptionOnDECapableDevice-Applicability-End -->
 
 <!-- Device-SystemDrivesEnablePreBootPinExceptionOnDECapableDevice-OmaUri-Begin -->
@@ -1746,7 +1748,7 @@ Sample value for this node to enable this policy is: `<enabled/>`
 <!-- Device-SystemDrivesEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEncryptionType-Applicability-End -->
 
 <!-- Device-SystemDrivesEncryptionType-OmaUri-Begin -->
@@ -1822,7 +1824,7 @@ Possible values:
 <!-- Device-SystemDrivesEnhancedPIN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-SystemDrivesEnhancedPIN-Applicability-End -->
 
 <!-- Device-SystemDrivesEnhancedPIN-OmaUri-Begin -->
@@ -1887,7 +1889,7 @@ Sample value for this node to enable this policy is: `<enabled/>`
 <!-- Device-SystemDrivesMinimumPINLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-SystemDrivesMinimumPINLength-Applicability-End -->
 
 <!-- Device-SystemDrivesMinimumPINLength-OmaUri-Begin -->
@@ -1974,7 +1976,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-SystemDrivesRecoveryMessage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-SystemDrivesRecoveryMessage-Applicability-End -->
 
 <!-- Device-SystemDrivesRecoveryMessage-OmaUri-Begin -->
@@ -2083,7 +2085,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-SystemDrivesRecoveryOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-SystemDrivesRecoveryOptions-Applicability-End -->
 
 <!-- Device-SystemDrivesRecoveryOptions-OmaUri-Begin -->
@@ -2209,7 +2211,7 @@ To disable this policy, use the following SyncML:
 <!-- Device-SystemDrivesRequireStartupAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-SystemDrivesRequireStartupAuthentication-Applicability-End -->
 
 <!-- Device-SystemDrivesRequireStartupAuthentication-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index a5b1dd75f5..c6d82985f8 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the B
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index bc6a90e378..cc17da3674 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the CertificateStore CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -113,7 +113,7 @@ The following list shows the CertificateStore configuration service provider nod
 <!-- Device-CA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-Applicability-End -->
 
 <!-- Device-CA-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This cryptographic store contains intermediary certification authorities.
 <!-- Device-CA-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-OmaUri-Begin -->
@@ -192,7 +192,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s
 <!-- Device-CA-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -231,7 +231,7 @@ The base64 Encoded X.509 certificate.
 <!-- Device-CA-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -270,7 +270,7 @@ The name of the certificate issuer. This node is implicitly created only when th
 <!-- Device-CA-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -309,7 +309,7 @@ The name of the certificate subject. This node is implicitly created only when t
 <!-- Device-CA-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -348,7 +348,7 @@ Returns the certificate template name.
 <!-- Device-CA-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -387,7 +387,7 @@ The starting date of the certificate's validity. This node is implicitly created
 <!-- Device-CA-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -426,7 +426,7 @@ The expiration date of the certificate. This node is implicitly created only whe
 <!-- Device-CA-System-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-Applicability-End -->
 
 <!-- Device-CA-System-OmaUri-Begin -->
@@ -467,7 +467,7 @@ This store holds the System portion of the CA store.
 <!-- Device-CA-System-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-OmaUri-Begin -->
@@ -507,7 +507,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s
 <!-- Device-CA-System-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -546,7 +546,7 @@ The base64 Encoded X.509 certificate.
 <!-- Device-CA-System-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -585,7 +585,7 @@ The name of the certificate issuer. This node is implicitly created only when th
 <!-- Device-CA-System-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -624,7 +624,7 @@ The name of the certificate subject. This node is implicitly created only when t
 <!-- Device-CA-System-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -663,7 +663,7 @@ Returns the certificate template name.
 <!-- Device-CA-System-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -702,7 +702,7 @@ The starting date of the certificate's validity. This node is implicitly created
 <!-- Device-CA-System-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-System-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-CA-System-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -741,7 +741,7 @@ The expiration date of the certificate. This node is implicitly created only whe
 <!-- Device-MY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-Applicability-End -->
 
 <!-- Device-MY-OmaUri-Begin -->
@@ -783,7 +783,7 @@ This store keeps all end-user personal certificates.
 <!-- Device-MY-SCEP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-Applicability-End -->
 
 <!-- Device-MY-SCEP-OmaUri-Begin -->
@@ -824,7 +824,7 @@ This store holds the SCEP portion of the MY store and handle operations related
 <!-- Device-MY-SCEP-{UniqueID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-OmaUri-Begin -->
@@ -863,7 +863,7 @@ The UniqueID for the SCEP enrollment request. Each client certificate should've
 <!-- Device-MY-SCEP-{UniqueID}-CertThumbPrint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-CertThumbPrint-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-CertThumbPrint-OmaUri-Begin -->
@@ -903,7 +903,7 @@ Specify the current cert's thumbprint.
 <!-- Device-MY-SCEP-{UniqueID}-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-ErrorCode-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-ErrorCode-OmaUri-Begin -->
@@ -942,7 +942,7 @@ Specify the last hresult in case enroll action failed.
 <!-- Device-MY-SCEP-{UniqueID}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-OmaUri-Begin -->
@@ -983,7 +983,7 @@ The group to represent the install request.
 <!-- Device-MY-SCEP-{UniqueID}-Install-CAThumbPrint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-CAThumbPrint-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-CAThumbPrint-OmaUri-Begin -->
@@ -1023,7 +1023,7 @@ Specify root CA thumbprint.
 <!-- Device-MY-SCEP-{UniqueID}-Install-Challenge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-Challenge-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-Challenge-OmaUri-Begin -->
@@ -1063,7 +1063,7 @@ The value must be base64 encoded. Challenge is deleted shortly after the Exec co
 <!-- Device-MY-SCEP-{UniqueID}-Install-EKUMapping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-EKUMapping-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-EKUMapping-OmaUri-Begin -->
@@ -1102,7 +1102,7 @@ Specify extended key usages. The list of OIDs are separated by plus "+".
 <!-- Device-MY-SCEP-{UniqueID}-Install-Enroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-Enroll-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-Enroll-OmaUri-Begin -->
@@ -1142,7 +1142,7 @@ The MDM server can later query the device to find out whether the new certificat
 <!-- Device-MY-SCEP-{UniqueID}-Install-HashAlgrithm-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-HashAlgrithm-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-HashAlgrithm-OmaUri-Begin -->
@@ -1182,7 +1182,7 @@ Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by the MDM server. If mult
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyLength-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyLength-OmaUri-Begin -->
@@ -1222,7 +1222,7 @@ Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyProtection-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyProtection-OmaUri-Begin -->
@@ -1266,7 +1266,7 @@ Although the private key is protected by TPM, it isn't protected with TPM PIN. S
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyUsage-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-KeyUsage-OmaUri-Begin -->
@@ -1306,7 +1306,7 @@ The value must be specified in decimal format and should at least have second (0
 <!-- Device-MY-SCEP-{UniqueID}-Install-RetryCount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-RetryCount-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-RetryCount-OmaUri-Begin -->
@@ -1346,7 +1346,7 @@ Default value is 3. Max value can't be larger than 30. If it's larger than 30, t
 <!-- Device-MY-SCEP-{UniqueID}-Install-RetryDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-RetryDelay-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-RetryDelay-OmaUri-Begin -->
@@ -1386,7 +1386,7 @@ Default value is 5 and the minimum value is 1.
 <!-- Device-MY-SCEP-{UniqueID}-Install-ServerURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-ServerURL-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-ServerURL-OmaUri-Begin -->
@@ -1425,7 +1425,7 @@ Specify the cert enrollment server.
 <!-- Device-MY-SCEP-{UniqueID}-Install-SubjectAlternativeNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-SubjectAlternativeNames-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-SubjectAlternativeNames-OmaUri-Begin -->
@@ -1465,7 +1465,7 @@ or example, multiple subject alternative names are presented in the format `<nam
 <!-- Device-MY-SCEP-{UniqueID}-Install-SubjectName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-SubjectName-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-SubjectName-OmaUri-Begin -->
@@ -1505,7 +1505,7 @@ The SubjectName value is quoted if it contains leading or trailing white space o
 <!-- Device-MY-SCEP-{UniqueID}-Install-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-TemplateName-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-TemplateName-OmaUri-Begin -->
@@ -1544,7 +1544,7 @@ Certificate Template Name OID (As in AD used by PKI infrastructure.
 <!-- Device-MY-SCEP-{UniqueID}-Install-ValidPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-ValidPeriod-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-ValidPeriod-OmaUri-Begin -->
@@ -1588,7 +1588,7 @@ Valid values are one of the following:
 <!-- Device-MY-SCEP-{UniqueID}-Install-ValidPeriodUnit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Install-ValidPeriodUnit-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Install-ValidPeriodUnit-OmaUri-Begin -->
@@ -1631,7 +1631,7 @@ Default is 0. The period is defined in ValidPeriod node. The valid period specif
 <!-- Device-MY-SCEP-{UniqueID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-SCEP-{UniqueID}-Status-Applicability-End -->
 
 <!-- Device-MY-SCEP-{UniqueID}-Status-OmaUri-Begin -->
@@ -1676,7 +1676,7 @@ Valid values are one of the following values:
 <!-- Device-MY-User-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-Applicability-End -->
 
 <!-- Device-MY-User-OmaUri-Begin -->
@@ -1715,7 +1715,7 @@ This store holds the User portion of the MY store.
 <!-- Device-MY-User-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-OmaUri-Begin -->
@@ -1755,7 +1755,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s
 <!-- Device-MY-User-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -1794,7 +1794,7 @@ The base64 Encoded X.509 certificate. Note that though during MDM enrollment, en
 <!-- Device-MY-User-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -1833,7 +1833,7 @@ The name of the certificate issuer. This node is implicitly created only when th
 <!-- Device-MY-User-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -1872,7 +1872,7 @@ The name of the certificate subject. This node is implicitly created only when t
 <!-- Device-MY-User-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -1911,7 +1911,7 @@ Returns the certificate template name.
 <!-- Device-MY-User-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -1950,7 +1950,7 @@ The starting date of the certificate's validity. This node is implicitly created
 <!-- Device-MY-User-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-User-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-MY-User-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -1989,7 +1989,7 @@ The expiration date of the certificate. This node is implicitly created only whe
 <!-- Device-MY-WSTEP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Applicability-End -->
 
 <!-- Device-MY-WSTEP-OmaUri-Begin -->
@@ -2029,7 +2029,7 @@ The nodes under WSTEP are mostly for MDM client certificate renew requests.
 <!-- Device-MY-WSTEP-CertThumprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-CertThumprint-Applicability-End -->
 
 <!-- Device-MY-WSTEP-CertThumprint-OmaUri-Begin -->
@@ -2069,7 +2069,7 @@ If renewal succeeds, it shows the renewed certificate thumbprint. If renewal fai
 <!-- Device-MY-WSTEP-Renew-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-OmaUri-Begin -->
@@ -2109,7 +2109,7 @@ The parent node to group renewal related settings.
 <!-- Device-MY-WSTEP-Renew-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-ErrorCode-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-ErrorCode-OmaUri-Begin -->
@@ -2148,7 +2148,7 @@ If certificate renew fails, this node provide the last hresult code during renew
 <!-- Device-MY-WSTEP-Renew-LastRenewalAttemptTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-MY-WSTEP-Renew-LastRenewalAttemptTime-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-LastRenewalAttemptTime-OmaUri-Begin -->
@@ -2187,7 +2187,7 @@ Time of last attempted renew.
 <!-- Device-MY-WSTEP-Renew-RenewNow-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-MY-WSTEP-Renew-RenewNow-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-RenewNow-OmaUri-Begin -->
@@ -2226,7 +2226,7 @@ Initiate a renew now.
 <!-- Device-MY-WSTEP-Renew-RenewPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-RenewPeriod-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-RenewPeriod-OmaUri-Begin -->
@@ -2273,7 +2273,7 @@ The default value is 42 and the valid values are 1-1000.
 <!-- Device-MY-WSTEP-Renew-RetryAfterExpiryInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-MY-WSTEP-Renew-RetryAfterExpiryInterval-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-RetryAfterExpiryInterval-OmaUri-Begin -->
@@ -2312,7 +2312,7 @@ How long after the enrollment cert has expiried to keep trying to renew.
 <!-- Device-MY-WSTEP-Renew-RetryInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-RetryInterval-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-RetryInterval-OmaUri-Begin -->
@@ -2355,7 +2355,7 @@ Optional. This parameter specifies retry interval when previous renew failed (in
 <!-- Device-MY-WSTEP-Renew-ROBOSupport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-ROBOSupport-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-ROBOSupport-OmaUri-Begin -->
@@ -2405,7 +2405,7 @@ Optional. Notify the client whether enrollment server supports ROBO auto certifi
 <!-- Device-MY-WSTEP-Renew-ServerURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-ServerURL-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-ServerURL-OmaUri-Begin -->
@@ -2448,7 +2448,7 @@ If this node doesn't exist, the client uses the initial certificate enrollment U
 <!-- Device-MY-WSTEP-Renew-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MY-WSTEP-Renew-Status-Applicability-End -->
 
 <!-- Device-MY-WSTEP-Renew-Status-OmaUri-Begin -->
@@ -2487,7 +2487,7 @@ Show the latest action status for this certificate. Supported values are one of
 <!-- Device-ROOT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-Applicability-End -->
 
 <!-- Device-ROOT-OmaUri-Begin -->
@@ -2526,7 +2526,7 @@ This store holds only root (self-signed) certificates.
 <!-- Device-ROOT-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-OmaUri-Begin -->
@@ -2566,7 +2566,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s
 <!-- Device-ROOT-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -2605,7 +2605,7 @@ The base64 Encoded X.509 certificate.
 <!-- Device-ROOT-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -2644,7 +2644,7 @@ The name of the certificate issuer. This node is implicitly created only when th
 <!-- Device-ROOT-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -2683,7 +2683,7 @@ The name of the certificate subject. This node is implicitly created only when t
 <!-- Device-ROOT-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -2722,7 +2722,7 @@ Returns the certificate template name.
 <!-- Device-ROOT-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -2761,7 +2761,7 @@ The starting date of the certificate's validity. This node is implicitly created
 <!-- Device-ROOT-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-ROOT-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -2800,7 +2800,7 @@ The expiration date of the certificate. This node is implicitly created only whe
 <!-- Device-ROOT-System-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-Applicability-End -->
 
 <!-- Device-ROOT-System-OmaUri-Begin -->
@@ -2839,7 +2839,7 @@ This store holds the System portion of the root store.
 <!-- Device-ROOT-System-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-OmaUri-Begin -->
@@ -2879,7 +2879,7 @@ The SHA1 hash for the certificate. The 20-byte SHA1 hash of the certificate is s
 <!-- Device-ROOT-System-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -2918,7 +2918,7 @@ The base64 Encoded X.509 certificate.
 <!-- Device-ROOT-System-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -2957,7 +2957,7 @@ The name of the certificate issuer. This node is implicitly created only when th
 <!-- Device-ROOT-System-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -2996,7 +2996,7 @@ The name of the certificate subject. This node is implicitly created only when t
 <!-- Device-ROOT-System-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -3035,7 +3035,7 @@ Returns the certificate template name.
 <!-- Device-ROOT-System-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -3074,7 +3074,7 @@ The starting date of the certificate's validity. This node is implicitly created
 <!-- Device-ROOT-System-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ROOT-System-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-ROOT-System-{CertHash}-ValidTo-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index 8cf58152f0..5c819f96bc 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/16/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the C
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 8e74c3c59e..48a1d87c37 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the ClientCertificateInstall CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -111,7 +111,7 @@ The following list shows the ClientCertificateInstall configuration service prov
 <!-- Device-PFXCertInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-Applicability-End -->
 
 <!-- Device-PFXCertInstall-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Required for PFX certificate installation. The parent node grouping the PFX cert
 <!-- Device-PFXCertInstall-{UniqueID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-OmaUri-Begin -->
@@ -195,7 +195,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha
 <!-- Device-PFXCertInstall-{UniqueID}-ContainerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-ContainerName-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-ContainerName-OmaUri-Begin -->
@@ -236,7 +236,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this
 <!-- Device-PFXCertInstall-{UniqueID}-KeyLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-KeyLocation-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-KeyLocation-OmaUri-Begin -->
@@ -286,7 +286,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertBlob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertBlob-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertBlob-OmaUri-Begin -->
@@ -333,7 +333,7 @@ In other words, using Replace or Add will result in the effect of either overwri
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPassword-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPassword-OmaUri-Begin -->
@@ -372,7 +372,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-OmaUri-Begin -->
@@ -414,7 +414,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionType-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionType-OmaUri-Begin -->
@@ -469,7 +469,7 @@ If the value is
 <!-- Device-PFXCertInstall-{UniqueID}-PFXKeyExportable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-PFXKeyExportable-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-PFXKeyExportable-OmaUri-Begin -->
@@ -523,7 +523,7 @@ The PFX isn't exportable when it's installed to TPM.
 <!-- Device-PFXCertInstall-{UniqueID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-Status-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-Status-OmaUri-Begin -->
@@ -562,7 +562,7 @@ Returns the error code of the PFX installation from the GetLastError command cal
 <!-- Device-PFXCertInstall-{UniqueID}-Thumbprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-PFXCertInstall-{UniqueID}-Thumbprint-Applicability-End -->
 
 <!-- Device-PFXCertInstall-{UniqueID}-Thumbprint-OmaUri-Begin -->
@@ -601,7 +601,7 @@ Returns the thumbprint of the PFX certificate installed.
 <!-- Device-SCEP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-Applicability-End -->
 
 <!-- Device-SCEP-OmaUri-Begin -->
@@ -640,7 +640,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed.
 <!-- Device-SCEP-{UniqueID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-OmaUri-Begin -->
@@ -683,7 +683,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
 <!-- Device-SCEP-{UniqueID}-CertThumbprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-CertThumbprint-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-CertThumbprint-OmaUri-Begin -->
@@ -724,7 +724,7 @@ Optional. Specify the current cert's thumbprint if certificate enrollment succee
 <!-- Device-SCEP-{UniqueID}-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-ErrorCode-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-ErrorCode-OmaUri-Begin -->
@@ -763,7 +763,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er
 <!-- Device-SCEP-{UniqueID}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-OmaUri-Begin -->
@@ -802,7 +802,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install
 <!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-AADKeyIdentifierList-OmaUri-Begin -->
@@ -841,7 +841,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O
 <!-- Device-SCEP-{UniqueID}-Install-CAThumbprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-CAThumbprint-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-CAThumbprint-OmaUri-Begin -->
@@ -880,7 +880,7 @@ Required. Specify root CA thumbprint. It's a 20-byte value of the SHA1 certifica
 <!-- Device-SCEP-{UniqueID}-Install-Challenge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-Challenge-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-Challenge-OmaUri-Begin -->
@@ -919,7 +919,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge.
 <!-- Device-SCEP-{UniqueID}-Install-ContainerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-ContainerName-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-ContainerName-OmaUri-Begin -->
@@ -960,7 +960,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this
 <!-- Device-SCEP-{UniqueID}-Install-CustomTextToShowInPrompt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-CustomTextToShowInPrompt-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-CustomTextToShowInPrompt-OmaUri-Begin -->
@@ -999,7 +999,7 @@ Optional. Specifies the custom text to show on the NGC PIN prompt during certifi
 <!-- Device-SCEP-{UniqueID}-Install-EKUMapping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-EKUMapping-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-EKUMapping-OmaUri-Begin -->
@@ -1038,7 +1038,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T
 <!-- Device-SCEP-{UniqueID}-Install-Enroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-Enroll-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-Enroll-OmaUri-Begin -->
@@ -1077,7 +1077,7 @@ Required. Trigger the device to start the cert enrollment. The device won't noti
 <!-- Device-SCEP-{UniqueID}-Install-HashAlgorithm-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-HashAlgorithm-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-HashAlgorithm-OmaUri-Begin -->
@@ -1118,7 +1118,7 @@ For NGC, only SHA256 is supported as the supported algorithm.
 <!-- Device-SCEP-{UniqueID}-Install-KeyLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-KeyLength-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-KeyLength-OmaUri-Begin -->
@@ -1171,7 +1171,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
 <!-- Device-SCEP-{UniqueID}-Install-KeyProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-KeyProtection-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-KeyProtection-OmaUri-Begin -->
@@ -1224,7 +1224,7 @@ SCEP enrolled cert doesn't support TPM PIN protection.
 <!-- Device-SCEP-{UniqueID}-Install-KeyUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-KeyUsage-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-KeyUsage-OmaUri-Begin -->
@@ -1263,7 +1263,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for
 <!-- Device-SCEP-{UniqueID}-Install-RetryCount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-RetryCount-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-RetryCount-OmaUri-Begin -->
@@ -1306,7 +1306,7 @@ The min value is 0 which means no retry.
 <!-- Device-SCEP-{UniqueID}-Install-RetryDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-RetryDelay-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-RetryDelay-OmaUri-Begin -->
@@ -1350,7 +1350,7 @@ The min value is 1.
 <!-- Device-SCEP-{UniqueID}-Install-ServerURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-ServerURL-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-ServerURL-OmaUri-Begin -->
@@ -1389,7 +1389,7 @@ Required for SCEP certificate enrollment. Specify the cert enrollment server. Th
 <!-- Device-SCEP-{UniqueID}-Install-SubjectAlternativeNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-SubjectAlternativeNames-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-SubjectAlternativeNames-OmaUri-Begin -->
@@ -1428,7 +1428,7 @@ Optional. Specify subject alternative name. Multiple alternative names could be
 <!-- Device-SCEP-{UniqueID}-Install-SubjectName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-SubjectName-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-SubjectName-OmaUri-Begin -->
@@ -1468,7 +1468,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/
 <!-- Device-SCEP-{UniqueID}-Install-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-TemplateName-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-TemplateName-OmaUri-Begin -->
@@ -1507,7 +1507,7 @@ Optional. OID of certificate template name. Note that this name is typically ign
 <!-- Device-SCEP-{UniqueID}-Install-ValidPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-ValidPeriod-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-ValidPeriod-OmaUri-Begin -->
@@ -1559,7 +1559,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio
 <!-- Device-SCEP-{UniqueID}-Install-ValidPeriodUnits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Install-ValidPeriodUnits-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Install-ValidPeriodUnits-OmaUri-Begin -->
@@ -1602,7 +1602,7 @@ Optional. Specify desired number of units used in validity period. Subjected to
 <!-- Device-SCEP-{UniqueID}-RespondentServerUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-RespondentServerUrl-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-RespondentServerUrl-OmaUri-Begin -->
@@ -1641,7 +1641,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re
 <!-- Device-SCEP-{UniqueID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SCEP-{UniqueID}-Status-Applicability-End -->
 
 <!-- Device-SCEP-{UniqueID}-Status-OmaUri-Begin -->
@@ -1687,7 +1687,7 @@ Valid values are:
 <!-- User-PFXCertInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-Applicability-End -->
 
 <!-- User-PFXCertInstall-OmaUri-Begin -->
@@ -1726,7 +1726,7 @@ Required for PFX certificate installation. The parent node grouping the PFX cert
 <!-- User-PFXCertInstall-{UniqueID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-OmaUri-Begin -->
@@ -1771,7 +1771,7 @@ Calling Delete on the this node, should delete the certificates and the keys tha
 <!-- User-PFXCertInstall-{UniqueID}-ContainerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-ContainerName-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-ContainerName-OmaUri-Begin -->
@@ -1812,7 +1812,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this
 <!-- User-PFXCertInstall-{UniqueID}-KeyLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-KeyLocation-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-KeyLocation-OmaUri-Begin -->
@@ -1862,7 +1862,7 @@ Required for PFX certificate installation. Indicates the KeyStorage provider to
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertBlob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertBlob-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertBlob-OmaUri-Begin -->
@@ -1909,7 +1909,7 @@ In other words, using Replace or Add will result in the effect of either overwri
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPassword-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPassword-OmaUri-Begin -->
@@ -1948,7 +1948,7 @@ Password that protects the PFX blob. This is required if the PFX is password pro
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionStore-OmaUri-Begin -->
@@ -1990,7 +1990,7 @@ When a value of "2" is contained iin PFXCertPasswordEncryptionType, specify the
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionType-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-PFXCertPasswordEncryptionType-OmaUri-Begin -->
@@ -2045,7 +2045,7 @@ If the value is
 <!-- User-PFXCertInstall-{UniqueID}-PFXKeyExportable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-PFXKeyExportable-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-PFXKeyExportable-OmaUri-Begin -->
@@ -2097,7 +2097,7 @@ Optional. Used to specify if the private key installed is exportable (can be exp
 <!-- User-PFXCertInstall-{UniqueID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-Status-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-Status-OmaUri-Begin -->
@@ -2136,7 +2136,7 @@ Returns the error code of the PFX installation from the GetLastError command cal
 <!-- User-PFXCertInstall-{UniqueID}-Thumbprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-PFXCertInstall-{UniqueID}-Thumbprint-Applicability-End -->
 
 <!-- User-PFXCertInstall-{UniqueID}-Thumbprint-OmaUri-Begin -->
@@ -2175,7 +2175,7 @@ Returns the thumbprint of the PFX certificate installed.
 <!-- User-SCEP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-Applicability-End -->
 
 <!-- User-SCEP-OmaUri-Begin -->
@@ -2214,7 +2214,7 @@ Node for SCEP. An alert is sent after the SCEP certificate is installed.
 <!-- User-SCEP-{UniqueID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-OmaUri-Begin -->
@@ -2257,7 +2257,7 @@ Calling Delete on the this node, should delete the corresponding SCEP certificat
 <!-- User-SCEP-{UniqueID}-CertThumbprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-CertThumbprint-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-CertThumbprint-OmaUri-Begin -->
@@ -2298,7 +2298,7 @@ Optional. Specify the current cert's thumbprint if certificate enrollment succee
 <!-- User-SCEP-{UniqueID}-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-ErrorCode-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-ErrorCode-OmaUri-Begin -->
@@ -2337,7 +2337,7 @@ Optional. The integer value that indicates the HRESULT of the last enrollment er
 <!-- User-SCEP-{UniqueID}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-OmaUri-Begin -->
@@ -2376,7 +2376,7 @@ Required for SCEP certificate enrollment. Parent node to group SCEP cert install
 <!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-AADKeyIdentifierList-OmaUri-Begin -->
@@ -2415,7 +2415,7 @@ Optional. Specify the AAD Key Identifier List as a semicolon separated values. O
 <!-- User-SCEP-{UniqueID}-Install-CAThumbprint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-CAThumbprint-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-CAThumbprint-OmaUri-Begin -->
@@ -2454,7 +2454,7 @@ Required. Specify root CA thumbprint. It's a 20-byte value of the SHA1 certifica
 <!-- User-SCEP-{UniqueID}-Install-Challenge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-Challenge-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-Challenge-OmaUri-Begin -->
@@ -2493,7 +2493,7 @@ Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge.
 <!-- User-SCEP-{UniqueID}-Install-ContainerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-ContainerName-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-ContainerName-OmaUri-Begin -->
@@ -2534,7 +2534,7 @@ Specifies the NGC container name (if NGC KSP is chosen for above node). If this
 <!-- User-SCEP-{UniqueID}-Install-CustomTextToShowInPrompt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-CustomTextToShowInPrompt-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-CustomTextToShowInPrompt-OmaUri-Begin -->
@@ -2573,7 +2573,7 @@ Optional. Specifies the custom text to show on the NGC PIN prompt during certifi
 <!-- User-SCEP-{UniqueID}-Install-EKUMapping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-EKUMapping-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-EKUMapping-OmaUri-Begin -->
@@ -2612,7 +2612,7 @@ Required. Specify extended key usages. Subjected to SCEP server configuration. T
 <!-- User-SCEP-{UniqueID}-Install-Enroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-Enroll-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-Enroll-OmaUri-Begin -->
@@ -2651,7 +2651,7 @@ Required. Trigger the device to start the cert enrollment. The device won't noti
 <!-- User-SCEP-{UniqueID}-Install-HashAlgorithm-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-HashAlgorithm-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-HashAlgorithm-OmaUri-Begin -->
@@ -2692,7 +2692,7 @@ For NGC, only SHA256 is supported as the supported algorithm.
 <!-- User-SCEP-{UniqueID}-Install-KeyLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-KeyLength-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-KeyLength-OmaUri-Begin -->
@@ -2745,7 +2745,7 @@ Valid value: 1024, 2048, 4096. For NGC, only 2048 is the supported keylength.
 <!-- User-SCEP-{UniqueID}-Install-KeyProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-KeyProtection-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-KeyProtection-OmaUri-Begin -->
@@ -2798,7 +2798,7 @@ SCEP enrolled cert doesn't support TPM PIN protection.
 <!-- User-SCEP-{UniqueID}-Install-KeyUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-KeyUsage-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-KeyUsage-OmaUri-Begin -->
@@ -2837,7 +2837,7 @@ Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for
 <!-- User-SCEP-{UniqueID}-Install-RetryCount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-RetryCount-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-RetryCount-OmaUri-Begin -->
@@ -2880,7 +2880,7 @@ The min value is 0 which means no retry.
 <!-- User-SCEP-{UniqueID}-Install-RetryDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-RetryDelay-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-RetryDelay-OmaUri-Begin -->
@@ -2924,7 +2924,7 @@ The min value is 1.
 <!-- User-SCEP-{UniqueID}-Install-ServerURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-ServerURL-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-ServerURL-OmaUri-Begin -->
@@ -2963,7 +2963,7 @@ Required for SCEP certificate enrollment. Specify the cert enrollment server. Th
 <!-- User-SCEP-{UniqueID}-Install-SubjectAlternativeNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-SubjectAlternativeNames-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-SubjectAlternativeNames-OmaUri-Begin -->
@@ -3002,7 +3002,7 @@ Optional. Specify subject alternative name. Multiple alternative names could be
 <!-- User-SCEP-{UniqueID}-Install-SubjectName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-SubjectName-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-SubjectName-OmaUri-Begin -->
@@ -3042,7 +3042,7 @@ For more information, see [CertNameToStrA function](/windows/win32/api/wincrypt/
 <!-- User-SCEP-{UniqueID}-Install-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-TemplateName-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-TemplateName-OmaUri-Begin -->
@@ -3081,7 +3081,7 @@ Optional. OID of certificate template name. Note that this name is typically ign
 <!-- User-SCEP-{UniqueID}-Install-ValidPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-ValidPeriod-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-ValidPeriod-OmaUri-Begin -->
@@ -3133,7 +3133,7 @@ MDM server expected certificate validation period (ValidPeriodUnits + ValidPerio
 <!-- User-SCEP-{UniqueID}-Install-ValidPeriodUnits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Install-ValidPeriodUnits-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Install-ValidPeriodUnits-OmaUri-Begin -->
@@ -3176,7 +3176,7 @@ Optional. Specify desired number of units used in validity period. Subjected to
 <!-- User-SCEP-{UniqueID}-RespondentServerUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-RespondentServerUrl-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-RespondentServerUrl-OmaUri-Begin -->
@@ -3215,7 +3215,7 @@ Required. Returns the URL of the SCEP server that responded to the enrollment re
 <!-- User-SCEP-{UniqueID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-SCEP-{UniqueID}-Status-Applicability-End -->
 
 <!-- User-SCEP-{UniqueID}-Status-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index 08abb4da3e..c5b24365ff 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/24/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the C
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -1129,7 +1129,7 @@ Valid values are:
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/clouddesktop-csp.md b/windows/client-management/mdm/clouddesktop-csp.md
new file mode 100644
index 0000000000..050f915ba6
--- /dev/null
+++ b/windows/client-management/mdm/clouddesktop-csp.md
@@ -0,0 +1,149 @@
+---
+title: CloudDesktop CSP
+description: Learn more about the CloudDesktop CSP.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 08/10/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- CloudDesktop-Begin -->
+# CloudDesktop CSP
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+<!-- CloudDesktop-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- CloudDesktop-Editable-End -->
+
+<!-- CloudDesktop-Tree-Begin -->
+The following list shows the CloudDesktop configuration service provider nodes:
+
+- ./Device/Vendor/MSFT/CloudDesktop
+  - [EnableBootToCloudSharedPCMode](#enableboottocloudsharedpcmode)
+<!-- CloudDesktop-Tree-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-Begin -->
+## EnableBootToCloudSharedPCMode
+
+<!-- Device-EnableBootToCloudSharedPCMode-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.22631.2050] |
+<!-- Device-EnableBootToCloudSharedPCMode-Applicability-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/CloudDesktop/EnableBootToCloudSharedPCMode
+```
+<!-- Device-EnableBootToCloudSharedPCMode-OmaUri-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-Description-Begin -->
+<!-- Description-Source-DDF -->
+Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling boot to cloud shared pc feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.
+<!-- Device-EnableBootToCloudSharedPCMode-Description-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-EnableBootToCloudSharedPCMode-Editable-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | false |
+<!-- Device-EnableBootToCloudSharedPCMode-DFProperties-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Not configured. |
+| true | Boot to cloud shared pc mode enabled. |
+<!-- Device-EnableBootToCloudSharedPCMode-AllowedValues-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-EnableBootToCloudSharedPCMode-Examples-End -->
+
+<!-- Device-EnableBootToCloudSharedPCMode-End -->
+
+<!-- CloudDesktop-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+## EnableBootToCloudSharedPCMode technical reference
+
+EnableBootToCloudSharedPCMode setting is used to configure **Boot to Cloud** feature for shared user mode. When you enable this setting, multiple policies are applied to achieve the intended behavior.
+
+> [!NOTE]
+> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared user mode.
+
+### MDM Policies
+
+When this mode is enabled, these MDM policies are applied for the Device scope (all users):
+
+| Setting                                                                                                                    | Value   | Value Description                                           |
+|----------------------------------------------------------------------------------------------------------------------------|---------|-------------------------------------------------------------|
+| [CloudDesktop/BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode)                                                 | 1       | Enable Boot to Cloud Desktop                                |
+| [WindowsLogon/OverrideShellProgram](policy-csp-windowslogon.md#overrideshellprogram)                                       | 1       | Apply Lightweight Shell                                     |
+| [ADMX_CredentialProviders/DefaultCredentialProvider](policy-csp-admx-credentialproviders.md#defaultcredentialprovider)     | Enabled | Configures default credential provider to password provider |
+| [ADMX_Logon/DisableExplorerRunLegacy_2](policy-csp-admx-logon.md#disableexplorerrunlegacy_2)                               | Enabled | Don't process the computer legacy run list                  |
+| [TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode) | 1       | When no keyboard is attached                                |
+
+### Group Policies
+
+When this mode is enabled, these local group policies are configured for all users:
+
+| Policy setting                                                                                                         | Status                                |
+|------------------------------------------------------------------------------------------------------------------------|---------------------------------------|
+| Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
+| Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in                      | Enabled                               |
+| Control Panel/Personalization/Prevent enabling lock screen slide show                                                  | Enabled                               |
+| System/Logon/Block user from showing account details on sign-in                                                        | Enabled                               |
+| System/Logon/Enumerate local users on domain-joined computers                                                          | Disabled                              |
+| System/Logon/Hide entry points for Fast User Switching                                                                 | Enabled                               |
+| System/Logon/Show first sign-in animation                                                                              | Disabled                              |
+| System/Logon/Turn off app notifications on the lock screen                                                             | Enabled                               |
+| System/Logon/Turn off picture password sign-in                                                                         | Enabled                               |
+| System/Logon/Turn on convenience PIN sign-in                                                                           | Disabled                              |
+| Windows Components/App Package Deployment/Allow a Windows app to share application data between users                  | Enabled                               |
+| Windows Components/Biometrics/Allow the use of biometrics                                                              | Disabled                              |
+| Windows Components/Biometrics/Allow users to log on using biometrics                                                   | Disabled                              |
+| Windows Components/Biometrics/Allow domain users to log on using biometrics                                            | Disabled                              |
+| Windows Components/File Explorer/Show lock in the user tile menu                                                       | Disabled                              |
+| Windows Components/File History/Turn off File History                                                                  | Enabled                               |
+| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage                                             | Enabled                               |
+| Windows Components/Windows Hello for Business/Use biometrics                                                           | Disabled                              |
+| Windows Components/Windows Hello for Business/Use Windows Hello for Business                                           | Disabled                              |
+| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart          | Disabled                              |
+| Windows Components/Microsoft Passport for Work                                                                         | Disabled                              |
+| System/Ctrl+Alt+Del Options/Remove Task Manager                                                                        | Enabled                               |
+| System/Ctrl+Alt+Del Options/Remove Change Password                                                                     | Enabled                               |
+| Start Menu and Taskbar/Notifications/Turn off toast notifications                                                      | Enabled                               |
+| Start Menu and Taskbar/Notifications/Remove Notifications and Action Center                                            | Enabled                               |
+| System/Logon/Do not process the legacy run list                                                                        | Enabled                               |
+
+### Registry
+
+When this mode is enabled, these registry changes are performed:
+
+| Registry setting                                                                             | Status |
+|----------------------------------------------------------------------------------------------|--------|
+| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0      |
+| Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work)        | 0      |
+<!-- CloudDesktop-CspMoreInfo-End -->
+
+<!-- CloudDesktop-End -->
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/clouddesktop-ddf-file.md b/windows/client-management/mdm/clouddesktop-ddf-file.md
new file mode 100644
index 0000000000..8128e3e6e5
--- /dev/null
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@@ -0,0 +1,95 @@
+---
+title: CloudDesktop DDF file
+description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 08/29/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+# CloudDesktop DDF file
+
+The following XML file contains the device description framework (DDF) for the CloudDesktop configuration service provider.
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+  <MSFT:Diagnostics>
+  </MSFT:Diagnostics>
+  <Node>
+    <NodeName>CloudDesktop</NodeName>
+    <Path>./Device/Vendor/MSFT</Path>
+    <DFProperties>
+      <AccessType>
+        <Get />
+      </AccessType>
+      <Description>The CloudDesktop configuration service provider is used to configure different Cloud PC related scenarios.</Description>
+      <DFFormat>
+        <node />
+      </DFFormat>
+      <Occurrence>
+        <One />
+      </Occurrence>
+      <Scope>
+        <Permanent />
+      </Scope>
+      <DFType>
+        <MIME />
+      </DFType>
+      <MSFT:Applicability>
+        <MSFT:OsBuildVersion>22631.2050</MSFT:OsBuildVersion>
+        <MSFT:CspVersion>1.0</MSFT:CspVersion>
+        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
+      </MSFT:Applicability>
+    </DFProperties>
+    <Node>
+      <NodeName>EnableBootToCloudSharedPCMode</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>false</DefaultValue>
+        <Description>Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. For enabling Boot to Cloud Shared PC feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned.</Description>
+        <DFFormat>
+          <bool />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
+        <DFTitle>Enable boot to cloud shared PC mode</DFTitle>
+        <DFType>
+          <MIME />
+        </DFType>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>false</MSFT:Value>
+            <MSFT:ValueDescription>Not configured</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>true</MSFT:Value>
+            <MSFT:ValueDescription>Boot to cloud shared pc mode enabled</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+  </Node>
+</MgmtTree>
+```
+
+## Related articles
+
+[CloudDesktop configuration service provider reference](clouddesktop-csp.md)
diff --git a/windows/client-management/mdm/configuration-service-provider-support.md b/windows/client-management/mdm/configuration-service-provider-support.md
index 578d4aa804..84472ed120 100644
--- a/windows/client-management/mdm/configuration-service-provider-support.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@@ -16,7 +16,7 @@ ms.collection:
 
 # Configuration service provider support
 
-A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
+A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over-the-air for OMA Client Provisioning, or it can be included in the device image as a `.provxml` file that is installed during boot.
 
 - For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
 - For CSP DDF files, see [CSP DDF files download](configuration-service-provider-ddf.md).
@@ -999,11 +999,9 @@ A configuration service provider (CSP) is an interface to read, set, modify, or
 <!--EndSKU-->
 <!--EndCSP-->
 
-
-<hr/>
 <!--EndCSPs-->
 
-## <a href="" id="hololens"></a>CSPs supported in HoloLens devices
+## CSPs supported in HoloLens devices
 
 The following list shows the CSPs supported in HoloLens devices:
 
@@ -1041,7 +1039,7 @@ The following list shows the CSPs supported in HoloLens devices:
 | [WindowsLicensing CSP](windowslicensing-csp.md)   | Yes | Yes       | No |
 
 
-## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
+## CSPs supported in Microsoft Surface Hub
 
 -   [Accounts CSP](accounts-csp.md)
     > [!NOTE]
@@ -1075,31 +1073,3 @@ The following list shows the CSPs supported in HoloLens devices:
 -   [Wifi-CSP](wifi-csp.md)
 -   [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
 -   [Wirednetwork-CSP](wirednetwork-csp.md)
-
-
-## <a href="" id="iotcoresupport"></a>CSPs supported in Windows 10 IoT Core
-
-- [AllJoynManagement CSP](alljoynmanagement-csp.md)
-- [Application CSP](application-csp.md)
-- [CertificateStore CSP](certificatestore-csp.md)
-- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
-- [CustomDeviceUI CSP](customdeviceui-csp.md)
-- [DevDetail CSP](devdetail-csp.md)
-- [DevInfo CSP](devinfo-csp.md)
-- [DiagnosticLog CSP](diagnosticlog-csp.md)
-- [DMAcc CSP](dmacc-csp.md)
-- [DMClient CSP](dmclient-csp.md)
-- [HealthAttestation CSP](healthattestation-csp.md)
-- [NetworkProxy CSP](networkproxy-csp.md)
-- [Policy CSP](policy-configuration-service-provider.md)
-- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
-- [Reboot CSP](reboot-csp.md)
-- [RemoteWipe CSP](remotewipe-csp.md)
-- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
-- [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
-- [Update CSP](update-csp.md)
-- [VPNv2 CSP](vpnv2-csp.md)
-- [WiFi CSP](wifi-csp.md)
-
-<hr>
-
diff --git a/windows/client-management/mdm/contribute-csp-reference.md b/windows/client-management/mdm/contribute-csp-reference.md
new file mode 100644
index 0000000000..4f2f637895
--- /dev/null
+++ b/windows/client-management/mdm/contribute-csp-reference.md
@@ -0,0 +1,103 @@
+---
+title: Contributing to CSP reference articles
+description: Learn more about contributing to the CSP reference articles.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 07/18/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+# Contributing to the CSP reference articles
+
+CSP reference articles are automatically generated using the [device description framework (DDF)](configuration-service-provider-ddf.md) v2 files that define the CSP. When applicable, the CSP definition includes a mapping to a group policy. The automation uses this mapping, when possible, to provide a friendly description for the CSP policies.
+
+> [!IMPORTANT]
+> Each automated CSP article provides editable sections to provide additional information about the CSP, the policies within the CSP, and usage examples. Any edits outside the designated editable sections are overwritten by the automation.
+
+## CSP article structure
+
+Each automated CSP article is broken into three sections.
+
+> [!NOTE]
+> To view these sections, visit the article that you want to update, then select the **Pencil** icon.
+> :::image type="content" source="images/csp-contribute-link.png" alt-text="Screenshot showing the Pencil icon to edit a published article":::
+
+1. **Header**: The header includes the CSP name, and provides an editable section where additional information about the CSP can be provided.
+
+   :::image type="content" source="images/csp-header.png" alt-text="Screenshot of the CSP header section":::
+
+1. **Policies**: The policies section contains a list of policies, where each policy has an editable section for providing additional information and examples.
+
+   :::image type="content" source="images/csp-policy.png" alt-text="Screenshot of the CSP policy section":::
+
+1. **Footer**: The footer indicates the end of the CSP article, and provides an editable section where more information about the CSP can be provided.
+
+   :::image type="content" source="images/csp-footer.png" alt-text="Screenshot of the CSP footer section":::
+
+## Provide feedback on documentation
+
+CSP articles are automated using the DDF v2 and ADMX files, which are part of the Windows codebase. Intune settings catalog also uses the DDF v2 files to present the settings and help text. As such, the feedback for these articles is best addressed when submitted directly to the engineering team using [Feedback Hub app](#send-feedback-with-the-feedback-hub-app). CSP reference articles and the Intune settings catalog are updated periodically using the latest copy of DDF v2 files, and benefit from the feedback addressed by the engineering team.
+
+Automated CSP articles also contain [editable content](#csp-article-structure), which is preserved by the automation. For any feedback about the editable content, use the [Microsoft Learn documentation contributor guide][CONTRIB-1].
+
+:::image type="content" source="images/csp-feedback-flow.svg" alt-text="Diagram showing the feedback flow for CSP articles":::
+
+Use these sections to determine where you should submit feedback.
+
+### Feedback for policy description
+
+Policy descriptions are sourced from DDF or ADMX files and are located within the `<[CSP-Name]-Description-Begin>` section for the policy in the markdown file. `<[CSP-Name]-Description-Begin>` also includes a reference to the source that was used to provide the policy description.
+
+- `Description-Source-ADMX` or `Description-Source-ADMX-Forced`: The description was captured from the group policy that the CSP setting maps to. If this description is incorrect, [Send feedback with the Feedback Hub app](#send-feedback-with-the-feedback-hub-app).
+- `Description-Source-DDF` or `Description-Source-DDF-Forced`: The description was captured from the DDF file that defines the CSP. If this description is incorrect, [Send feedback with the Feedback Hub app](#send-feedback-with-the-feedback-hub-app).
+- `Description-Source-Manual-Forced`: The description is defined in the automation code. If this description is incorrect, [submit an issue](/contribute/#create-quality-issues).
+
+Any additional information about the policy setting can be provided in the `[Policy-Name]-Editable-Begin` section that immediately follows the `<[CSP-Name]-Description-End>` section. This section allows further expansion of the policy description, and is generated manually. For any feedback for the editable content, use the [Microsoft Learn documentation contributor guide][CONTRIB-1] to update the section or submit an issue.
+
+### Feedback for policy examples
+
+Policy examples aren't provided by the automation. Each policy node in the markdown file includes a `[Policy-Name]-Examples-Begin` section that contains the examples. If the example is incorrect or needs to be updated, use the [Microsoft Learn documentation contributor guide][CONTRIB-1] to update the example or submit an issue.
+
+### Feedback for policy applicability
+
+Policy applicability is defined in the DDF v2 file for the CSP. Each policy node in the markdown file includes a `[Policy-Name]-Applicability-Begin` section that contains the operating system applicability.
+
+If it's incorrect or needs to be updated, [Send feedback with the Feedback Hub app](#send-feedback-with-the-feedback-hub-app).
+
+### Feedback for policy allowed values
+
+Policy allowed values are defined in the DDF v2 file for the CSP. When applicable, each policy node in the markdown file includes a `[Policy-Name]-AllowedValues-Begin` section that contains a table that describes the allowed values for the policy.
+
+If these values are incorrect or need to be updated, [Send feedback with the Feedback Hub app](#send-feedback-with-the-feedback-hub-app).
+
+### Feedback for group policy mapping
+
+Group policy mappings are defined in the DDF v2 file for the CSP. When applicable, each policy node in the markdown file includes a `[Policy-Name]-AdmxBacked-Begin` or `[Policy-Name]-GpMapping-Begin` section that contains the group policy mapping.
+
+If this mapping is incorrect, [Send feedback with the Feedback Hub app](#send-feedback-with-the-feedback-hub-app).
+
+### Other feedback
+
+For any other feedback, use the [Microsoft Learn documentation contributor guide][CONTRIB-1].
+
+## Send feedback with the Feedback Hub app
+
+The Feedback Hub app lets you tell Microsoft about any problems you run into while using Windows. For more information about using Feedback Hub, see [Send feedback to Microsoft with the Feedback Hub app](https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332). When you submit feedback for CSP documentation with the Feedback Hub app, use these steps:
+
+1. **Enter your feedback**: Prefix your feedback summary with `[CSP Documentation]` in the **Summarize your feedback** section. Add details about the feedback, including the link to the CSP article.
+1. **Choose a category**: Select **Security and Privacy > Work or School Account** as the category.
+1. **Find similar feedback**: Select an existing feedback that matches your feedback, if applicable.
+1. **Add more details**: Select **Other** as the subcategory.
+1. Select **Submit**.
+
+## Related articles
+
+- [Contributor guide overview][CONTRIB-1]
+
+<!-- Links -->
+
+[CONTRIB-1]: /contribute
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 72fb71fe7b..fb4186237a 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,10 +30,13 @@ The following list shows the Defender configuration service provider nodes:
     - [AllowDatagramProcessingOnWinServer](#configurationallowdatagramprocessingonwinserver)
     - [AllowNetworkProtectionDownLevel](#configurationallownetworkprotectiondownlevel)
     - [AllowNetworkProtectionOnWinServer](#configurationallownetworkprotectiononwinserver)
+    - [AllowSwitchToAsyncInspection](#configurationallowswitchtoasyncinspection)
     - [ASROnlyPerRuleExclusions](#configurationasronlyperruleexclusions)
     - [DataDuplicationDirectory](#configurationdataduplicationdirectory)
     - [DataDuplicationLocalRetentionPeriod](#configurationdataduplicationlocalretentionperiod)
+    - [DataDuplicationMaximumQuota](#configurationdataduplicationmaximumquota)
     - [DataDuplicationRemoteLocation](#configurationdataduplicationremotelocation)
+    - [DaysUntilAggressiveCatchupQuickScan](#configurationdaysuntilaggressivecatchupquickscan)
     - [DefaultEnforcement](#configurationdefaultenforcement)
     - [DeviceControl](#configurationdevicecontrol)
       - [PolicyGroups](#configurationdevicecontrolpolicygroups)
@@ -43,7 +46,9 @@ The following list shows the Defender configuration service provider nodes:
         - [{RuleId}](#configurationdevicecontrolpolicyrulesruleid)
           - [RuleData](#configurationdevicecontrolpolicyrulesruleidruledata)
     - [DeviceControlEnabled](#configurationdevicecontrolenabled)
+    - [DisableCacheMaintenance](#configurationdisablecachemaintenance)
     - [DisableCpuThrottleOnIdleScans](#configurationdisablecputhrottleonidlescans)
+    - [DisableDatagramProcessing](#configurationdisabledatagramprocessing)
     - [DisableDnsOverTcpParsing](#configurationdisablednsovertcpparsing)
     - [DisableDnsParsing](#configurationdisablednsparsing)
     - [DisableFtpParsing](#configurationdisableftpparsing)
@@ -52,24 +57,29 @@ The following list shows the Defender configuration service provider nodes:
     - [DisableInboundConnectionFiltering](#configurationdisableinboundconnectionfiltering)
     - [DisableLocalAdminMerge](#configurationdisablelocaladminmerge)
     - [DisableNetworkProtectionPerfTelemetry](#configurationdisablenetworkprotectionperftelemetry)
+    - [DisableQuicParsing](#configurationdisablequicparsing)
     - [DisableRdpParsing](#configurationdisablerdpparsing)
     - [DisableSmtpParsing](#configurationdisablesmtpparsing)
     - [DisableSshParsing](#configurationdisablesshparsing)
     - [DisableTlsParsing](#configurationdisabletlsparsing)
+    - [EnableConvertWarnToBlock](#configurationenableconvertwarntoblock)
     - [EnableDnsSinkhole](#configurationenablednssinkhole)
     - [EnableFileHashComputation](#configurationenablefilehashcomputation)
     - [EngineUpdatesChannel](#configurationengineupdateschannel)
+    - [ExcludedIpAddresses](#configurationexcludedipaddresses)
     - [HideExclusionsFromLocalAdmins](#configurationhideexclusionsfromlocaladmins)
     - [HideExclusionsFromLocalUsers](#configurationhideexclusionsfromlocalusers)
     - [IntelTDTEnabled](#configurationinteltdtenabled)
     - [MeteredConnectionUpdates](#configurationmeteredconnectionupdates)
     - [OobeEnableRtpAndSigUpdate](#configurationoobeenablertpandsigupdate)
     - [PassiveRemediation](#configurationpassiveremediation)
+    - [PerformanceModeStatus](#configurationperformancemodestatus)
     - [PlatformUpdatesChannel](#configurationplatformupdateschannel)
     - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes)
     - [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled)
     - [SchedulerRandomizationTime](#configurationschedulerrandomizationtime)
     - [SecuredDevicesConfiguration](#configurationsecureddevicesconfiguration)
+    - [SecurityIntelligenceLocationUpdateAtScheduledTimeOnly](#configurationsecurityintelligencelocationupdateatscheduledtimeonly)
     - [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel)
     - [SupportLogLocation](#configurationsupportloglocation)
     - [TamperProtection](#configurationtamperprotection)
@@ -118,7 +128,7 @@ The following list shows the Defender configuration service provider nodes:
 <!-- Device-Configuration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Configuration-Applicability-End -->
 
 <!-- Device-Configuration-OmaUri-Begin -->
@@ -157,7 +167,7 @@ An interior node to group Windows Defender configuration information.
 <!-- Device-Configuration-AllowDatagramProcessingOnWinServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-AllowDatagramProcessingOnWinServer-Applicability-End -->
 
 <!-- Device-Configuration-AllowDatagramProcessingOnWinServer-OmaUri-Begin -->
@@ -206,7 +216,7 @@ This settings controls whether Network Protection is allowed to enable datagram
 <!-- Device-Configuration-AllowNetworkProtectionDownLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-AllowNetworkProtectionDownLevel-Applicability-End -->
 
 <!-- Device-Configuration-AllowNetworkProtectionDownLevel-OmaUri-Begin -->
@@ -255,7 +265,7 @@ This settings controls whether Network Protection is allowed to be configured in
 <!-- Device-Configuration-AllowNetworkProtectionOnWinServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Configuration-AllowNetworkProtectionOnWinServer-Applicability-End -->
 
 <!-- Device-Configuration-AllowNetworkProtectionOnWinServer-OmaUri-Begin -->
@@ -298,13 +308,62 @@ This settings controls whether Network Protection is allowed to be configured in
 
 <!-- Device-Configuration-AllowNetworkProtectionOnWinServer-End -->
 
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Begin -->
+### Configuration/AllowSwitchToAsyncInspection
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Applicability-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/AllowSwitchToAsyncInspection
+```
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-OmaUri-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Description-Begin -->
+<!-- Description-Source-DDF -->
+Control whether network protection can improve performance by switching from real-time inspection to asynchronous inspection.
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Description-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Editable-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-DFProperties-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Allow switching to asynchronous inspection. |
+| 0 (Default) | Don’t allow asynchronous inspection. |
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-AllowedValues-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-Examples-End -->
+
+<!-- Device-Configuration-AllowSwitchToAsyncInspection-End -->
+
 <!-- Device-Configuration-ASROnlyPerRuleExclusions-Begin -->
 ### Configuration/ASROnlyPerRuleExclusions
 
 <!-- Device-Configuration-ASROnlyPerRuleExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Configuration-ASROnlyPerRuleExclusions-Applicability-End -->
 
 <!-- Device-Configuration-ASROnlyPerRuleExclusions-OmaUri-Begin -->
@@ -343,7 +402,7 @@ Apply ASR only per rule exclusions.
 <!-- Device-Configuration-DataDuplicationDirectory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DataDuplicationDirectory-Applicability-End -->
 
 <!-- Device-Configuration-DataDuplicationDirectory-OmaUri-Begin -->
@@ -382,7 +441,7 @@ Define data duplication directory for device control.
 <!-- Device-Configuration-DataDuplicationLocalRetentionPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DataDuplicationLocalRetentionPeriod-Applicability-End -->
 
 <!-- Device-Configuration-DataDuplicationLocalRetentionPeriod-OmaUri-Begin -->
@@ -417,13 +476,54 @@ Define the retention period in days of how much time the evidence data will be k
 
 <!-- Device-Configuration-DataDuplicationLocalRetentionPeriod-End -->
 
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Begin -->
+### Configuration/DataDuplicationMaximumQuota
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Applicability-End -->
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DataDuplicationMaximumQuota
+```
+<!-- Device-Configuration-DataDuplicationMaximumQuota-OmaUri-End -->
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Description-Begin -->
+<!-- Description-Source-DDF -->
+Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. The valid interval is [5-5000] MB. By default, the maximum quota will be 500 MB.
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Description-End -->
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Editable-End -->
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[5-5000]` |
+| Default Value  | 500 |
+<!-- Device-Configuration-DataDuplicationMaximumQuota-DFProperties-End -->
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DataDuplicationMaximumQuota-Examples-End -->
+
+<!-- Device-Configuration-DataDuplicationMaximumQuota-End -->
+
 <!-- Device-Configuration-DataDuplicationRemoteLocation-Begin -->
 ### Configuration/DataDuplicationRemoteLocation
 
 <!-- Device-Configuration-DataDuplicationRemoteLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DataDuplicationRemoteLocation-Applicability-End -->
 
 <!-- Device-Configuration-DataDuplicationRemoteLocation-OmaUri-Begin -->
@@ -456,13 +556,54 @@ Define data duplication remote location for device control.
 
 <!-- Device-Configuration-DataDuplicationRemoteLocation-End -->
 
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Begin -->
+### Configuration/DaysUntilAggressiveCatchupQuickScan
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Applicability-End -->
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DaysUntilAggressiveCatchupQuickScan
+```
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-OmaUri-End -->
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-Begin -->
+<!-- Description-Source-DDF -->
+Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-End -->
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Editable-End -->
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[7-60]` |
+| Default Value  | 25 |
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-DFProperties-End -->
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Examples-End -->
+
+<!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-End -->
+
 <!-- Device-Configuration-DefaultEnforcement-Begin -->
 ### Configuration/DefaultEnforcement
 
 <!-- Device-Configuration-DefaultEnforcement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DefaultEnforcement-Applicability-End -->
 
 <!-- Device-Configuration-DefaultEnforcement-OmaUri-Begin -->
@@ -511,7 +652,7 @@ Control Device Control default enforcement. This is the enforcement applied if t
 <!-- Device-Configuration-DeviceControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-OmaUri-Begin -->
@@ -549,7 +690,7 @@ Control Device Control default enforcement. This is the enforcement applied if t
 <!-- Device-Configuration-DeviceControl-PolicyGroups-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-PolicyGroups-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyGroups-OmaUri-Begin -->
@@ -587,7 +728,7 @@ Control Device Control default enforcement. This is the enforcement applied if t
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-OmaUri-Begin -->
@@ -625,7 +766,7 @@ Control Device Control default enforcement. This is the enforcement applied if t
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-GroupData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-GroupData-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-GroupData-OmaUri-Begin -->
@@ -664,7 +805,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova
 <!-- Device-Configuration-DeviceControl-PolicyRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-PolicyRules-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyRules-OmaUri-Begin -->
@@ -702,7 +843,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-OmaUri-Begin -->
@@ -740,7 +881,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-RuleData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-RuleData-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-RuleData-OmaUri-Begin -->
@@ -779,7 +920,7 @@ For more information, see [Microsoft Defender for Endpoint Device Control Remova
 <!-- Device-Configuration-DeviceControlEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-DeviceControlEnabled-Applicability-End -->
 
 <!-- Device-Configuration-DeviceControlEnabled-OmaUri-Begin -->
@@ -822,13 +963,62 @@ Control Device Control feature.
 
 <!-- Device-Configuration-DeviceControlEnabled-End -->
 
+<!-- Device-Configuration-DisableCacheMaintenance-Begin -->
+### Configuration/DisableCacheMaintenance
+
+<!-- Device-Configuration-DisableCacheMaintenance-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
+<!-- Device-Configuration-DisableCacheMaintenance-Applicability-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DisableCacheMaintenance
+```
+<!-- Device-Configuration-DisableCacheMaintenance-OmaUri-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-Description-Begin -->
+<!-- Description-Source-DDF -->
+Defines whether the cache maintenance idle task will perform the cache maintenance or not.
+<!-- Device-Configuration-DisableCacheMaintenance-Description-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableCacheMaintenance-Editable-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-DisableCacheMaintenance-DFProperties-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Cache maintenance is disabled. |
+| 0 (Default) | Cache maintenance is enabled (default). |
+<!-- Device-Configuration-DisableCacheMaintenance-AllowedValues-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableCacheMaintenance-Examples-End -->
+
+<!-- Device-Configuration-DisableCacheMaintenance-End -->
+
 <!-- Device-Configuration-DisableCpuThrottleOnIdleScans-Begin -->
 ### Configuration/DisableCpuThrottleOnIdleScans
 
 <!-- Device-Configuration-DisableCpuThrottleOnIdleScans-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableCpuThrottleOnIdleScans-Applicability-End -->
 
 <!-- Device-Configuration-DisableCpuThrottleOnIdleScans-OmaUri-Begin -->
@@ -871,13 +1061,62 @@ Indicates whether the CPU will be throttled for scheduled scans while the device
 
 <!-- Device-Configuration-DisableCpuThrottleOnIdleScans-End -->
 
+<!-- Device-Configuration-DisableDatagramProcessing-Begin -->
+### Configuration/DisableDatagramProcessing
+
+<!-- Device-Configuration-DisableDatagramProcessing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
+<!-- Device-Configuration-DisableDatagramProcessing-Applicability-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DisableDatagramProcessing
+```
+<!-- Device-Configuration-DisableDatagramProcessing-OmaUri-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-Description-Begin -->
+<!-- Description-Source-DDF -->
+Control whether network protection inspects User Datagram Protocol (UDP) traffic.
+<!-- Device-Configuration-DisableDatagramProcessing-Description-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableDatagramProcessing-Editable-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-DisableDatagramProcessing-DFProperties-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | UDP inspection is off. |
+| 0 (Default) | UDP inspection is on. |
+<!-- Device-Configuration-DisableDatagramProcessing-AllowedValues-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableDatagramProcessing-Examples-End -->
+
+<!-- Device-Configuration-DisableDatagramProcessing-End -->
+
 <!-- Device-Configuration-DisableDnsOverTcpParsing-Begin -->
 ### Configuration/DisableDnsOverTcpParsing
 
 <!-- Device-Configuration-DisableDnsOverTcpParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableDnsOverTcpParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableDnsOverTcpParsing-OmaUri-Begin -->
@@ -926,7 +1165,7 @@ This setting disables DNS over TCP Parsing for Network Protection.
 <!-- Device-Configuration-DisableDnsParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableDnsParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableDnsParsing-OmaUri-Begin -->
@@ -975,7 +1214,7 @@ This setting disables DNS Parsing for Network Protection.
 <!-- Device-Configuration-DisableFtpParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableFtpParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableFtpParsing-OmaUri-Begin -->
@@ -1024,7 +1263,7 @@ This setting disables FTP Parsing for Network Protection.
 <!-- Device-Configuration-DisableGradualRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableGradualRelease-Applicability-End -->
 
 <!-- Device-Configuration-DisableGradualRelease-OmaUri-Begin -->
@@ -1073,7 +1312,7 @@ Enable this policy to disable gradual rollout of Defender updates.
 <!-- Device-Configuration-DisableHttpParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableHttpParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableHttpParsing-OmaUri-Begin -->
@@ -1122,7 +1361,7 @@ This setting disables HTTP Parsing for Network Protection.
 <!-- Device-Configuration-DisableInboundConnectionFiltering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableInboundConnectionFiltering-Applicability-End -->
 
 <!-- Device-Configuration-DisableInboundConnectionFiltering-OmaUri-Begin -->
@@ -1171,7 +1410,7 @@ This setting disables Inbound connection filtering for Network Protection.
 <!-- Device-Configuration-DisableLocalAdminMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableLocalAdminMerge-Applicability-End -->
 
 <!-- Device-Configuration-DisableLocalAdminMerge-OmaUri-Begin -->
@@ -1182,7 +1421,7 @@ This setting disables Inbound connection filtering for Network Protection.
 
 <!-- Device-Configuration-DisableLocalAdminMerge-Description-Begin -->
 <!-- Description-Source-DDF -->
-When this value is set to false, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings.
+When this value is set to no, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings.
 <!-- Device-Configuration-DisableLocalAdminMerge-Description-End -->
 
 <!-- Device-Configuration-DisableLocalAdminMerge-Editable-Begin -->
@@ -1204,8 +1443,8 @@ When this value is set to false, it allows a local admin the ability to specify
 
 | Value | Description |
 |:--|:--|
-| 1 | Disable Local Admin Merge. |
-| 0 (Default) | Enable Local Admin Merge. |
+| 1 | Yes. |
+| 0 (Default) | No. |
 <!-- Device-Configuration-DisableLocalAdminMerge-AllowedValues-End -->
 
 <!-- Device-Configuration-DisableLocalAdminMerge-Examples-Begin -->
@@ -1220,7 +1459,7 @@ When this value is set to false, it allows a local admin the ability to specify
 <!-- Device-Configuration-DisableNetworkProtectionPerfTelemetry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableNetworkProtectionPerfTelemetry-Applicability-End -->
 
 <!-- Device-Configuration-DisableNetworkProtectionPerfTelemetry-OmaUri-Begin -->
@@ -1263,13 +1502,62 @@ This setting disables the gathering and send of performance telemetry from Netwo
 
 <!-- Device-Configuration-DisableNetworkProtectionPerfTelemetry-End -->
 
+<!-- Device-Configuration-DisableQuicParsing-Begin -->
+### Configuration/DisableQuicParsing
+
+<!-- Device-Configuration-DisableQuicParsing-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-DisableQuicParsing-Applicability-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/DisableQuicParsing
+```
+<!-- Device-Configuration-DisableQuicParsing-OmaUri-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-Description-Begin -->
+<!-- Description-Source-DDF -->
+This setting disables QUIC Parsing for Network Protection.
+<!-- Device-Configuration-DisableQuicParsing-Description-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableQuicParsing-Editable-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-DisableQuicParsing-DFProperties-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | QUIC parsing is disabled. |
+| 0 (Default) | QUIC parsing is enabled. |
+<!-- Device-Configuration-DisableQuicParsing-AllowedValues-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-DisableQuicParsing-Examples-End -->
+
+<!-- Device-Configuration-DisableQuicParsing-End -->
+
 <!-- Device-Configuration-DisableRdpParsing-Begin -->
 ### Configuration/DisableRdpParsing
 
 <!-- Device-Configuration-DisableRdpParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableRdpParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableRdpParsing-OmaUri-Begin -->
@@ -1318,7 +1606,7 @@ This setting disables RDP Parsing for Network Protection.
 <!-- Device-Configuration-DisableSmtpParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableSmtpParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableSmtpParsing-OmaUri-Begin -->
@@ -1367,7 +1655,7 @@ This setting disables SMTP Parsing for Network Protection.
 <!-- Device-Configuration-DisableSshParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableSshParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableSshParsing-OmaUri-Begin -->
@@ -1416,7 +1704,7 @@ This setting disables SSH Parsing for Network Protection.
 <!-- Device-Configuration-DisableTlsParsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-DisableTlsParsing-Applicability-End -->
 
 <!-- Device-Configuration-DisableTlsParsing-OmaUri-Begin -->
@@ -1459,13 +1747,62 @@ This setting disables TLS Parsing for Network Protection.
 
 <!-- Device-Configuration-DisableTlsParsing-End -->
 
+<!-- Device-Configuration-EnableConvertWarnToBlock-Begin -->
+### Configuration/EnableConvertWarnToBlock
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
+<!-- Device-Configuration-EnableConvertWarnToBlock-Applicability-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/EnableConvertWarnToBlock
+```
+<!-- Device-Configuration-EnableConvertWarnToBlock-OmaUri-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-Description-Begin -->
+<!-- Description-Source-DDF -->
+This setting controls whether network protection blocks network traffic instead of displaying a warning.
+<!-- Device-Configuration-EnableConvertWarnToBlock-Description-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-EnableConvertWarnToBlock-Editable-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-EnableConvertWarnToBlock-DFProperties-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Warn verdicts are converted to block. |
+| 0 (Default) | Warn verdicts aren't converted to block. |
+<!-- Device-Configuration-EnableConvertWarnToBlock-AllowedValues-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-EnableConvertWarnToBlock-Examples-End -->
+
+<!-- Device-Configuration-EnableConvertWarnToBlock-End -->
+
 <!-- Device-Configuration-EnableDnsSinkhole-Begin -->
 ### Configuration/EnableDnsSinkhole
 
 <!-- Device-Configuration-EnableDnsSinkhole-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-EnableDnsSinkhole-Applicability-End -->
 
 <!-- Device-Configuration-EnableDnsSinkhole-OmaUri-Begin -->
@@ -1514,7 +1851,7 @@ This setting enables the DNS Sinkhole feature for Network Protection, respecting
 <!-- Device-Configuration-EnableFileHashComputation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Configuration-EnableFileHashComputation-Applicability-End -->
 
 <!-- Device-Configuration-EnableFileHashComputation-OmaUri-Begin -->
@@ -1563,7 +1900,7 @@ Enables or disables file hash computation feature. When this feature is enabled
 <!-- Device-Configuration-EngineUpdatesChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-EngineUpdatesChannel-Applicability-End -->
 
 <!-- Device-Configuration-EngineUpdatesChannel-OmaUri-Begin -->
@@ -1610,13 +1947,53 @@ Enable this policy to specify when devices receive Microsoft Defender engine upd
 
 <!-- Device-Configuration-EngineUpdatesChannel-End -->
 
+<!-- Device-Configuration-ExcludedIpAddresses-Begin -->
+### Configuration/ExcludedIpAddresses
+
+<!-- Device-Configuration-ExcludedIpAddresses-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
+<!-- Device-Configuration-ExcludedIpAddresses-Applicability-End -->
+
+<!-- Device-Configuration-ExcludedIpAddresses-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/ExcludedIpAddresses
+```
+<!-- Device-Configuration-ExcludedIpAddresses-OmaUri-End -->
+
+<!-- Device-Configuration-ExcludedIpAddresses-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses.
+<!-- Device-Configuration-ExcludedIpAddresses-Description-End -->
+
+<!-- Device-Configuration-ExcludedIpAddresses-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-ExcludedIpAddresses-Editable-End -->
+
+<!-- Device-Configuration-ExcludedIpAddresses-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
+<!-- Device-Configuration-ExcludedIpAddresses-DFProperties-End -->
+
+<!-- Device-Configuration-ExcludedIpAddresses-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-ExcludedIpAddresses-Examples-End -->
+
+<!-- Device-Configuration-ExcludedIpAddresses-End -->
+
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Begin -->
 ### Configuration/HideExclusionsFromLocalAdmins
 
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Applicability-End -->
 
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-OmaUri-Begin -->
@@ -1667,7 +2044,7 @@ This policy setting controls whether or not exclusions are visible to local admi
 <!-- Device-Configuration-HideExclusionsFromLocalUsers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-HideExclusionsFromLocalUsers-Applicability-End -->
 
 <!-- Device-Configuration-HideExclusionsFromLocalUsers-OmaUri-Begin -->
@@ -1716,7 +2093,7 @@ This policy setting controls whether or not exclusions are visible to local user
 <!-- Device-Configuration-IntelTDTEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-Configuration-IntelTDTEnabled-Applicability-End -->
 
 <!-- Device-Configuration-IntelTDTEnabled-OmaUri-Begin -->
@@ -1766,7 +2143,7 @@ This policy setting configures the Intel TDT integration level for Intel TDT-cap
 <!-- Device-Configuration-MeteredConnectionUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-MeteredConnectionUpdates-Applicability-End -->
 
 <!-- Device-Configuration-MeteredConnectionUpdates-OmaUri-Begin -->
@@ -1815,7 +2192,7 @@ Allow managed devices to update through metered connections. Default is 0 - not
 <!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-OobeEnableRtpAndSigUpdate-Applicability-End -->
 
 <!-- Device-Configuration-OobeEnableRtpAndSigUpdate-OmaUri-Begin -->
@@ -1864,7 +2241,7 @@ This setting allows you to configure whether real-time protection and Security I
 <!-- Device-Configuration-PassiveRemediation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-PassiveRemediation-Applicability-End -->
 
 <!-- Device-Configuration-PassiveRemediation-OmaUri-Begin -->
@@ -1889,7 +2266,7 @@ Setting to control automatic remediation for Sense scans.
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
-| Default Value  | 0 |
+| Default Value  | 0x0 |
 <!-- Device-Configuration-PassiveRemediation-DFProperties-End -->
 
 <!-- Device-Configuration-PassiveRemediation-AllowedValues-Begin -->
@@ -1897,6 +2274,7 @@ Setting to control automatic remediation for Sense scans.
 
 | Flag | Description |
 |:--|:--|
+| 0x0 (Default) | Passive Remediation is turned off (default). |
 | 0x1 | PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation. |
 | 0x2 | PASSIVE_REMEDIATION_FLAG_RTP_AUDIT: Passive Remediation Realtime Protection Audit. |
 | 0x4 | PASSIVE_REMEDIATION_FLAG_RTP_REMEDIATION: Passive Remediation Realtime Protection Remediation. |
@@ -1908,13 +2286,62 @@ Setting to control automatic remediation for Sense scans.
 
 <!-- Device-Configuration-PassiveRemediation-End -->
 
+<!-- Device-Configuration-PerformanceModeStatus-Begin -->
+### Configuration/PerformanceModeStatus
+
+<!-- Device-Configuration-PerformanceModeStatus-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+<!-- Device-Configuration-PerformanceModeStatus-Applicability-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/PerformanceModeStatus
+```
+<!-- Device-Configuration-PerformanceModeStatus-OmaUri-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-Description-Begin -->
+<!-- Description-Source-DDF -->
+This setting allows IT admins to configure performance mode in either enabled or disabled mode for managed devices.
+<!-- Device-Configuration-PerformanceModeStatus-Description-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-PerformanceModeStatus-Editable-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-PerformanceModeStatus-DFProperties-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Performance mode is enabled (default). A service restart is required after changing this value. |
+| 1 | Performance mode is disabled. A service restart is required after changing this value. |
+<!-- Device-Configuration-PerformanceModeStatus-AllowedValues-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-PerformanceModeStatus-Examples-End -->
+
+<!-- Device-Configuration-PerformanceModeStatus-End -->
+
 <!-- Device-Configuration-PlatformUpdatesChannel-Begin -->
 ### Configuration/PlatformUpdatesChannel
 
 <!-- Device-Configuration-PlatformUpdatesChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-PlatformUpdatesChannel-Applicability-End -->
 
 <!-- Device-Configuration-PlatformUpdatesChannel-OmaUri-Begin -->
@@ -1967,7 +2394,7 @@ Enable this policy to specify when devices receive Microsoft Defender platform u
 <!-- Device-Configuration-RandomizeScheduleTaskTimes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-RandomizeScheduleTaskTimes-Applicability-End -->
 
 <!-- Device-Configuration-RandomizeScheduleTaskTimes-OmaUri-Begin -->
@@ -2001,7 +2428,7 @@ In Microsoft Defender Antivirus, randomize the start time of the scan to any int
 | Value | Description |
 |:--|:--|
 | 1 (Default) | Widen or narrow the randomization period for scheduled scans. Specify a randomization window of between 1 and 23 hours by using the setting SchedulerRandomizationTime. |
-| 0 | Scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler. |
+| 0 | Scheduled tasks won't be randomized. |
 <!-- Device-Configuration-RandomizeScheduleTaskTimes-AllowedValues-End -->
 
 <!-- Device-Configuration-RandomizeScheduleTaskTimes-Examples-Begin -->
@@ -2016,7 +2443,7 @@ In Microsoft Defender Antivirus, randomize the start time of the scan to any int
 <!-- Device-Configuration-ScanOnlyIfIdleEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-ScanOnlyIfIdleEnabled-Applicability-End -->
 
 <!-- Device-Configuration-ScanOnlyIfIdleEnabled-OmaUri-Begin -->
@@ -2065,7 +2492,7 @@ In Microsoft Defender Antivirus, this setting will run scheduled scans only if t
 <!-- Device-Configuration-SchedulerRandomizationTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-SchedulerRandomizationTime-Applicability-End -->
 
 <!-- Device-Configuration-SchedulerRandomizationTime-OmaUri-Begin -->
@@ -2106,7 +2533,7 @@ This setting allows you to configure the scheduler randomization in hours. The r
 <!-- Device-Configuration-SecuredDevicesConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Configuration-SecuredDevicesConfiguration-Applicability-End -->
 
 <!-- Device-Configuration-SecuredDevicesConfiguration-OmaUri-Begin -->
@@ -2131,6 +2558,7 @@ Defines what are the devices primary ids that should be secured by Defender Devi
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `|`) |
 <!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-End -->
 
 <!-- Device-Configuration-SecuredDevicesConfiguration-Examples-Begin -->
@@ -2139,13 +2567,62 @@ Defines what are the devices primary ids that should be secured by Defender Devi
 
 <!-- Device-Configuration-SecuredDevicesConfiguration-End -->
 
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Begin -->
+### Configuration/SecurityIntelligenceLocationUpdateAtScheduledTimeOnly
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Applicability-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/SecurityIntelligenceLocationUpdateAtScheduledTimeOnly
+```
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-OmaUri-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Description-Begin -->
+<!-- Description-Source-DDF -->
+This setting allows you to configure security intelligence updates according to the scheduler for VDI-configured computers. It's used together with the shared security intelligence location (SecurityIntelligenceLocation).
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Description-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Editable-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-DFProperties-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | If you enable this setting and configure SecurityIntelligenceLocation, updates from the configured location occur only at the previously configured scheduled update time. |
+| 0 (Default) | If you either disable or don't configure this setting, updates occur whenever a new security intelligence update is detected at the location that's specified by SecurityIntelligenceLocation. |
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-AllowedValues-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-Examples-End -->
+
+<!-- Device-Configuration-SecurityIntelligenceLocationUpdateAtScheduledTimeOnly-End -->
+
 <!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-Begin -->
 ### Configuration/SecurityIntelligenceUpdatesChannel
 
 <!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-Applicability-End -->
 
 <!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-OmaUri-Begin -->
@@ -2195,7 +2672,7 @@ Enable this policy to specify when devices receive Microsoft Defender security i
 <!-- Device-Configuration-SupportLogLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-SupportLogLocation-Applicability-End -->
 
 <!-- Device-Configuration-SupportLogLocation-OmaUri-Begin -->
@@ -2246,7 +2723,7 @@ More details:
 <!-- Device-Configuration-TamperProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Configuration-TamperProtection-Applicability-End -->
 
 <!-- Device-Configuration-TamperProtection-OmaUri-Begin -->
@@ -2288,7 +2765,7 @@ Tamper protection helps protect important security features from unwanted change
 <!-- Device-Configuration-ThrottleForScheduledScanOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-ThrottleForScheduledScanOnly-Applicability-End -->
 
 <!-- Device-Configuration-ThrottleForScheduledScanOnly-OmaUri-Begin -->
@@ -2337,7 +2814,7 @@ A CPU usage limit can be applied to scheduled scans only, or to scheduled and cu
 <!-- Device-Detections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-Applicability-End -->
 
 <!-- Device-Detections-OmaUri-Begin -->
@@ -2376,7 +2853,7 @@ An interior node to group all threats detected by Windows Defender.
 <!-- Device-Detections-{ThreatId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-OmaUri-Begin -->
@@ -2416,7 +2893,7 @@ The ID of a threat that has been detected by Windows Defender.
 <!-- Device-Detections-{ThreatId}-Category-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-Category-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-Category-OmaUri-Begin -->
@@ -2559,7 +3036,7 @@ Threat category ID. Supported values:
 <!-- Device-Detections-{ThreatId}-CurrentStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-CurrentStatus-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-CurrentStatus-OmaUri-Begin -->
@@ -2624,7 +3101,7 @@ Information about the current status of the threat. The following list shows the
 <!-- Device-Detections-{ThreatId}-ExecutionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-ExecutionStatus-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-ExecutionStatus-OmaUri-Begin -->
@@ -2663,7 +3140,7 @@ Information about the execution status of the threat.
 <!-- Device-Detections-{ThreatId}-InitialDetectionTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-InitialDetectionTime-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-InitialDetectionTime-OmaUri-Begin -->
@@ -2702,7 +3179,7 @@ The first time this particular threat was detected.
 <!-- Device-Detections-{ThreatId}-LastThreatStatusChangeTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-LastThreatStatusChangeTime-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-LastThreatStatusChangeTime-OmaUri-Begin -->
@@ -2741,7 +3218,7 @@ The last time this particular threat was changed.
 <!-- Device-Detections-{ThreatId}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-Name-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-Name-OmaUri-Begin -->
@@ -2780,7 +3257,7 @@ The name of the specific threat.
 <!-- Device-Detections-{ThreatId}-NumberOfDetections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-NumberOfDetections-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-NumberOfDetections-OmaUri-Begin -->
@@ -2819,7 +3296,7 @@ Number of times this threat has been detected on a particular client.
 <!-- Device-Detections-{ThreatId}-Severity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-Severity-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-Severity-OmaUri-Begin -->
@@ -2872,7 +3349,7 @@ Threat severity ID. The following list shows the supported values:
 <!-- Device-Detections-{ThreatId}-URL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Detections-{ThreatId}-URL-Applicability-End -->
 
 <!-- Device-Detections-{ThreatId}-URL-OmaUri-Begin -->
@@ -2911,7 +3388,7 @@ URL link for additional threat information.
 <!-- Device-Health-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-Applicability-End -->
 
 <!-- Device-Health-OmaUri-Begin -->
@@ -2950,7 +3427,7 @@ An interior node to group information about Windows Defender health status.
 <!-- Device-Health-ComputerState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-ComputerState-Applicability-End -->
 
 <!-- Device-Health-ComputerState-OmaUri-Begin -->
@@ -3005,7 +3482,7 @@ Provide the current state of the device. The following list shows the supported
 <!-- Device-Health-DefenderEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-DefenderEnabled-Applicability-End -->
 
 <!-- Device-Health-DefenderEnabled-OmaUri-Begin -->
@@ -3044,7 +3521,7 @@ Indicates whether the Windows Defender service is running.
 <!-- Device-Health-DefenderVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-DefenderVersion-Applicability-End -->
 
 <!-- Device-Health-DefenderVersion-OmaUri-Begin -->
@@ -3083,7 +3560,7 @@ Version number of Windows Defender on the device.
 <!-- Device-Health-EngineVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-EngineVersion-Applicability-End -->
 
 <!-- Device-Health-EngineVersion-OmaUri-Begin -->
@@ -3122,7 +3599,7 @@ Version number of the current Windows Defender engine on the device.
 <!-- Device-Health-FullScanOverdue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-FullScanOverdue-Applicability-End -->
 
 <!-- Device-Health-FullScanOverdue-OmaUri-Begin -->
@@ -3161,7 +3638,7 @@ Indicates whether a Windows Defender full scan is overdue for the device. A Full
 <!-- Device-Health-FullScanRequired-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-FullScanRequired-Applicability-End -->
 
 <!-- Device-Health-FullScanRequired-OmaUri-Begin -->
@@ -3200,7 +3677,7 @@ Indicates whether a Windows Defender full scan is required.
 <!-- Device-Health-FullScanSigVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-FullScanSigVersion-Applicability-End -->
 
 <!-- Device-Health-FullScanSigVersion-OmaUri-Begin -->
@@ -3239,7 +3716,7 @@ Signature version used for the last full scan of the device.
 <!-- Device-Health-FullScanTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-FullScanTime-Applicability-End -->
 
 <!-- Device-Health-FullScanTime-OmaUri-Begin -->
@@ -3278,7 +3755,7 @@ Time of the last Windows Defender full scan of the device.
 <!-- Device-Health-IsVirtualMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Health-IsVirtualMachine-Applicability-End -->
 
 <!-- Device-Health-IsVirtualMachine-OmaUri-Begin -->
@@ -3317,7 +3794,7 @@ Indicates whether the device is a virtual machine.
 <!-- Device-Health-NisEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-NisEnabled-Applicability-End -->
 
 <!-- Device-Health-NisEnabled-OmaUri-Begin -->
@@ -3356,7 +3833,7 @@ Indicates whether network protection is running.
 <!-- Device-Health-ProductStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Health-ProductStatus-Applicability-End -->
 
 <!-- Device-Health-ProductStatus-OmaUri-Begin -->
@@ -3468,7 +3945,7 @@ Provide the current state of the product. This is a bitmask flag value that can
 <!-- Device-Health-QuickScanOverdue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-QuickScanOverdue-Applicability-End -->
 
 <!-- Device-Health-QuickScanOverdue-OmaUri-Begin -->
@@ -3507,7 +3984,7 @@ Indicates whether a Windows Defender quick scan is overdue for the device. A Qui
 <!-- Device-Health-QuickScanSigVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-QuickScanSigVersion-Applicability-End -->
 
 <!-- Device-Health-QuickScanSigVersion-OmaUri-Begin -->
@@ -3546,7 +4023,7 @@ Signature version used for the last quick scan of the device.
 <!-- Device-Health-QuickScanTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-QuickScanTime-Applicability-End -->
 
 <!-- Device-Health-QuickScanTime-OmaUri-Begin -->
@@ -3585,7 +4062,7 @@ Time of the last Windows Defender quick scan of the device.
 <!-- Device-Health-RebootRequired-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-RebootRequired-Applicability-End -->
 
 <!-- Device-Health-RebootRequired-OmaUri-Begin -->
@@ -3624,7 +4101,7 @@ Indicates whether a device reboot is needed.
 <!-- Device-Health-RtpEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-RtpEnabled-Applicability-End -->
 
 <!-- Device-Health-RtpEnabled-OmaUri-Begin -->
@@ -3663,7 +4140,7 @@ Indicates whether real-time protection is running.
 <!-- Device-Health-SignatureOutOfDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-SignatureOutOfDate-Applicability-End -->
 
 <!-- Device-Health-SignatureOutOfDate-OmaUri-Begin -->
@@ -3702,7 +4179,7 @@ Indicates whether the Windows Defender signature is outdated.
 <!-- Device-Health-SignatureVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Health-SignatureVersion-Applicability-End -->
 
 <!-- Device-Health-SignatureVersion-OmaUri-Begin -->
@@ -3741,7 +4218,7 @@ Version number of the current Windows Defender signatures on the device.
 <!-- Device-Health-TamperProtectionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Health-TamperProtectionEnabled-Applicability-End -->
 
 <!-- Device-Health-TamperProtectionEnabled-OmaUri-Begin -->
@@ -3780,7 +4257,7 @@ Indicates whether the Windows Defender tamper protection feature is enabled.
 <!-- Device-OfflineScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-OfflineScan-Applicability-End -->
 
 <!-- Device-OfflineScan-OmaUri-Begin -->
@@ -3820,7 +4297,7 @@ OfflineScan action starts a Microsoft Defender Offline scan on the computer wher
 <!-- Device-RollbackEngine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-RollbackEngine-Applicability-End -->
 
 <!-- Device-RollbackEngine-OmaUri-Begin -->
@@ -3860,7 +4337,7 @@ RollbackEngine action rolls back Microsoft Defender engine to it's last known go
 <!-- Device-RollbackPlatform-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-RollbackPlatform-Applicability-End -->
 
 <!-- Device-RollbackPlatform-OmaUri-Begin -->
@@ -3900,7 +4377,7 @@ RollbackPlatform action rolls back Microsoft Defender to it's last known good in
 <!-- Device-Scan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Scan-Applicability-End -->
 
 <!-- Device-Scan-OmaUri-Begin -->
@@ -3948,7 +4425,7 @@ Node that can be used to start a Windows Defender scan on a device.
 <!-- Device-UpdateSignature-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-UpdateSignature-Applicability-End -->
 
 <!-- Device-UpdateSignature-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 09e0cb692e..22e2b101f9 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -1033,6 +1033,37 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>ExcludedIpAddresses</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Allows an administrator to explicitly disable network packet inspection made by wdnisdrv on a particular set of IP addresses.</Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="None">
+            <MSFT:List Delimiter="|" />
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>AllowNetworkProtectionOnWinServer</NodeName>
         <DFProperties>
@@ -1121,7 +1152,7 @@ The following XML file contains the device description framework (DDF) for the D
             <Replace />
           </AccessType>
           <DefaultValue>0</DefaultValue>
-          <Description>When this value is set to false, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings</Description>
+          <Description>When this value is set to no, it allows a local admin the ability to specify some settings for complex list type that will then merge /override the Preference settings with the Policy settings</Description>
           <DFFormat>
             <int />
           </DFFormat>
@@ -1141,11 +1172,11 @@ The following XML file contains the device description framework (DDF) for the D
           <MSFT:AllowedValues ValueType="ENUM">
             <MSFT:Enum>
               <MSFT:Value>1</MSFT:Value>
-              <MSFT:ValueDescription>Disable Local Admin Merge</MSFT:ValueDescription>
+              <MSFT:ValueDescription>Yes</MSFT:ValueDescription>
             </MSFT:Enum>
             <MSFT:Enum>
               <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Enable Local Admin Merge</MSFT:ValueDescription>
+              <MSFT:ValueDescription>No</MSFT:ValueDescription>
             </MSFT:Enum>
           </MSFT:AllowedValues>
         </DFProperties>
@@ -1803,6 +1834,84 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DisableDatagramProcessing</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>Control whether network protection inspects User Datagram Protocol (UDP) traffic</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>UDP inspection is off</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>UDP inspection is on</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>EnableConvertWarnToBlock</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This setting controls whether network protection blocks network traffic instead of displaying a warning</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Warn verdicts are converted to block</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Warn verdicts are not converted to block</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>DisableNetworkProtectionPerfTelemetry</NodeName>
         <DFProperties>
@@ -1959,6 +2068,84 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>PerformanceModeStatus</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This setting allows IT admins to configure performance mode in either enabled or disabled mode for managed devices.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.22000</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Performance mode is enabled (default). A service restart is required after changing this value.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Performance mode is disabled. A service restart is required after changing this value.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>SecurityIntelligenceLocationUpdateAtScheduledTimeOnly</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This setting allows you to configure security intelligence updates according to the scheduler for VDI-configured computers. It is used together with the shared security intelligence location (SecurityIntelligenceLocation).</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.18362</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>If you enable this setting and configure SecurityIntelligenceLocation, updates from the configured location occur only at the previously configured scheduled update time.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>If you either disable or do not configure this setting, updates occur whenever a new security intelligence update is detected at the location that is specified by SecurityIntelligenceLocation.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>ThrottleForScheduledScanOnly</NodeName>
         <DFProperties>
@@ -1998,6 +2185,38 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DaysUntilAggressiveCatchupQuickScan</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>25</DefaultValue>
+          <Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="Range">
+            <MSFT:Value>[7-60]</MSFT:Value>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>ASROnlyPerRuleExclusions</NodeName>
         <DFProperties>
@@ -2115,6 +2334,39 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="None">
+            <MSFT:List Delimiter="|" />
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>DataDuplicationMaximumQuota</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>500</DefaultValue>
+          <Description>Defines the maximum data duplication quota in MB that can be collected. When the quota is reached the filter will stop duplicating any data until the service manages to dispatch the existing collected data, thus decreasing the quota again below the maximum. The valid interval is [5-5000] MB. By default, the maximum quota will be 500 MB.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="Range">
+            <MSFT:Value>[5-5000]</MSFT:Value>
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
@@ -2239,7 +2491,7 @@ The following XML file contains the device description framework (DDF) for the D
             <Get />
             <Replace />
           </AccessType>
-          <DefaultValue>0</DefaultValue>
+          <DefaultValue>0x0</DefaultValue>
           <Description>Setting to control automatic remediation for Sense scans.</Description>
           <DFFormat>
             <int />
@@ -2258,6 +2510,10 @@ The following XML file contains the device description framework (DDF) for the D
             <MSFT:CspVersion>1.3</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="Flag">
+            <MSFT:Enum>
+              <MSFT:Value>0x0</MSFT:Value>
+              <MSFT:ValueDescription>Passive Remediation is turned off (default)</MSFT:ValueDescription>
+            </MSFT:Enum>
             <MSFT:Enum>
               <MSFT:Value>0x1</MSFT:Value>
               <MSFT:ValueDescription>PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation</MSFT:ValueDescription>
@@ -2355,6 +2611,84 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DisableQuicParsing</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This setting disables QUIC Parsing for Network Protection.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>QUIC parsing is disabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>QUIC parsing is enabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>AllowSwitchToAsyncInspection</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>Control whether network protection can improve performance by switching from real-time inspection to asynchronous inspection</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Allow switching to asynchronous inspection</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Don’t allow asynchronous inspection</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>RandomizeScheduleTaskTimes</NodeName>
         <DFProperties>
@@ -2389,7 +2723,7 @@ The following XML file contains the device description framework (DDF) for the D
             </MSFT:Enum>
             <MSFT:Enum>
               <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler.</MSFT:ValueDescription>
+              <MSFT:ValueDescription>Scheduled tasks will not be randomized.</MSFT:ValueDescription>
             </MSFT:Enum>
           </MSFT:AllowedValues>
         </DFProperties>
@@ -2433,6 +2767,45 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DisableCacheMaintenance</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>Defines whether the cache maintenance idle task will perform the cache maintenance or not.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Cache maintenance is disabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Cache maintenance is enabled (default)</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
     </Node>
     <Node>
       <NodeName>Scan</NodeName>
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 76ba715582..de6aaa2a90 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DevDetail CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -73,7 +73,7 @@ The following list shows the DevDetail configuration service provider nodes:
 <!-- Device-DevTyp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DevTyp-Applicability-End -->
 
 <!-- Device-DevTyp-OmaUri-Begin -->
@@ -112,7 +112,7 @@ Returns the device model name /SystemProductName as a string.
 <!-- Device-Ext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Applicability-End -->
 
 <!-- Device-Ext-OmaUri-Begin -->
@@ -151,7 +151,7 @@ Subtree to hold vendor-specific parameters.
 <!-- Device-Ext-DeviceHardwareData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Ext-DeviceHardwareData-Applicability-End -->
 
 <!-- Device-Ext-DeviceHardwareData-OmaUri-Begin -->
@@ -192,7 +192,7 @@ Added in Windows 10 version 1703. Returns a base64 encoded string of the hardwar
 <!-- Device-Ext-Microsoft-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-OmaUri-Begin -->
@@ -231,7 +231,7 @@ Subtree to hold vendor-specific parameters.
 <!-- Device-Ext-Microsoft-CommercializationOperator-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-CommercializationOperator-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-CommercializationOperator-OmaUri-Begin -->
@@ -270,7 +270,7 @@ Returns the name of the mobile operator if it exists; otherwise it returns 404.
 <!-- Device-Ext-Microsoft-DeviceName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-DeviceName-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-DeviceName-OmaUri-Begin -->
@@ -310,7 +310,7 @@ Contains the user-specified device name. Support for Replace operation for Windo
 <!-- Device-Ext-Microsoft-DNSComputerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-Ext-Microsoft-DNSComputerName-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-DNSComputerName-OmaUri-Begin -->
@@ -356,7 +356,7 @@ On desktop PCs, this setting specifies the DNS hostname of the computer (Compute
 <!-- Device-Ext-Microsoft-FreeStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-FreeStorage-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-FreeStorage-OmaUri-Begin -->
@@ -395,7 +395,7 @@ Total free storage in MB from first internal drive on the device.
 <!-- Device-Ext-Microsoft-LocalTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-LocalTime-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-LocalTime-OmaUri-Begin -->
@@ -434,7 +434,7 @@ Returns the client local time in ISO 8601 format. Example: 2003-06-16. T18:37:44
 <!-- Device-Ext-Microsoft-MobileID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-MobileID-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-MobileID-OmaUri-Begin -->
@@ -473,7 +473,7 @@ Returns the mobile device ID associated with the cellular network. Returns 404 f
 <!-- Device-Ext-Microsoft-OSPlatform-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-OSPlatform-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-OSPlatform-OmaUri-Begin -->
@@ -512,7 +512,7 @@ Returns the OS platform of the device. For Windows 10 for desktop editions, it r
 <!-- Device-Ext-Microsoft-ProcessorArchitecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-ProcessorArchitecture-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-ProcessorArchitecture-OmaUri-Begin -->
@@ -551,7 +551,7 @@ Returns the processor architecture of the device as "arm" or "x86".
 <!-- Device-Ext-Microsoft-ProcessorType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-ProcessorType-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-ProcessorType-OmaUri-Begin -->
@@ -590,7 +590,7 @@ Returns the processor type of the device as documented in SYSTEM_INFO.
 <!-- Device-Ext-Microsoft-RadioSwV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-RadioSwV-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-RadioSwV-OmaUri-Begin -->
@@ -629,7 +629,7 @@ Returns the radio stack software version number.
 <!-- Device-Ext-Microsoft-Resolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-Resolution-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-Resolution-OmaUri-Begin -->
@@ -668,7 +668,7 @@ Resolution of the device in the format of WidthxLength (e.g., "400x800").
 <!-- Device-Ext-Microsoft-SMBIOSSerialNumber-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Ext-Microsoft-SMBIOSSerialNumber-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-SMBIOSSerialNumber-OmaUri-Begin -->
@@ -707,7 +707,7 @@ SMBIOS Serial Number of the device.
 <!-- Device-Ext-Microsoft-SMBIOSVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Ext-Microsoft-SMBIOSVersion-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-SMBIOSVersion-OmaUri-Begin -->
@@ -746,7 +746,7 @@ SMBIOS version of the device.
 <!-- Device-Ext-Microsoft-SystemSKU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-SystemSKU-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-SystemSKU-OmaUri-Begin -->
@@ -785,7 +785,7 @@ Returns the System SKU, as defined in the registry key HKEY_LOCAL_MACHINE\HARDWA
 <!-- Device-Ext-Microsoft-TotalRAM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-TotalRAM-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-TotalRAM-OmaUri-Begin -->
@@ -824,7 +824,7 @@ Total available memory in MB on the device (may be less than total physical memo
 <!-- Device-Ext-Microsoft-TotalStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Microsoft-TotalStorage-Applicability-End -->
 
 <!-- Device-Ext-Microsoft-TotalStorage-OmaUri-Begin -->
@@ -863,7 +863,7 @@ Total available storage in MB from first internal drive on the device (may be le
 <!-- Device-Ext-VoLTEServiceSetting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-VoLTEServiceSetting-Applicability-End -->
 
 <!-- Device-Ext-VoLTEServiceSetting-OmaUri-Begin -->
@@ -902,7 +902,7 @@ The VoLTE service setting on or off. Only exposed to Mobile Operator-based OMA-D
 <!-- Device-Ext-WlanDnsSuffix-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-WlanDnsSuffix-Applicability-End -->
 
 <!-- Device-Ext-WlanDnsSuffix-OmaUri-Begin -->
@@ -941,7 +941,7 @@ The DNS suffix of the active WiFi connection. Only exposed to Enterprise-based O
 <!-- Device-Ext-WlanIPv4Address-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-WlanIPv4Address-Applicability-End -->
 
 <!-- Device-Ext-WlanIPv4Address-OmaUri-Begin -->
@@ -980,7 +980,7 @@ The IPv4 address of the active WiFi connection. Only exposed to Enterprise-based
 <!-- Device-Ext-WlanIPv6Address-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-WlanIPv6Address-Applicability-End -->
 
 <!-- Device-Ext-WlanIPv6Address-OmaUri-Begin -->
@@ -1019,7 +1019,7 @@ The IPv6 address of the active WiFi connection. Only exposed to Enterprise-based
 <!-- Device-Ext-WLANMACAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-WLANMACAddress-Applicability-End -->
 
 <!-- Device-Ext-WLANMACAddress-OmaUri-Begin -->
@@ -1060,7 +1060,7 @@ The MAC address of the active WiFi connection.
 <!-- Device-Ext-WlanSubnetMask-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-WlanSubnetMask-Applicability-End -->
 
 <!-- Device-Ext-WlanSubnetMask-OmaUri-Begin -->
@@ -1099,7 +1099,7 @@ The subnet mask for the active WiFi connection. Only exposed to Enterprise-based
 <!-- Device-FwV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FwV-Applicability-End -->
 
 <!-- Device-FwV-OmaUri-Begin -->
@@ -1138,7 +1138,7 @@ Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\
 <!-- Device-HwV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-HwV-Applicability-End -->
 
 <!-- Device-HwV-OmaUri-Begin -->
@@ -1177,7 +1177,7 @@ Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\
 <!-- Device-LrgObj-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LrgObj-Applicability-End -->
 
 <!-- Device-LrgObj-OmaUri-Begin -->
@@ -1216,7 +1216,7 @@ Returns whether the device uses OMA DM Large Object Handling, as defined in the
 <!-- Device-OEM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-OEM-Applicability-End -->
 
 <!-- Device-OEM-OmaUri-Begin -->
@@ -1255,7 +1255,7 @@ Returns the name of the Original Equipment Manufacturer (OEM) as a string, as de
 <!-- Device-SwV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SwV-Applicability-End -->
 
 <!-- Device-SwV-OmaUri-Begin -->
@@ -1294,7 +1294,7 @@ Returns the Windows 10 OS software version in the format MajorVersion. MinorVers
 <!-- Device-URI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-URI-Applicability-End -->
 
 <!-- Device-URI-OmaUri-Begin -->
@@ -1332,7 +1332,7 @@ Returns the Windows 10 OS software version in the format MajorVersion. MinorVers
 <!-- Device-URI-MaxDepth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-URI-MaxDepth-Applicability-End -->
 
 <!-- Device-URI-MaxDepth-OmaUri-Begin -->
@@ -1371,7 +1371,7 @@ Returns the maximum depth of the management tree that the device supports. The d
 <!-- Device-URI-MaxSegLen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-URI-MaxSegLen-Applicability-End -->
 
 <!-- Device-URI-MaxSegLen-OmaUri-Begin -->
@@ -1410,7 +1410,7 @@ Returns the total length of any URI segment in a URI that addresses a node or no
 <!-- Device-URI-MaxTotLen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-URI-MaxTotLen-Applicability-End -->
 
 <!-- Device-URI-MaxTotLen-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index 143225fc55..542ddf9b2d 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 4052d4cdeb..38250ba79f 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceManageability CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -42,7 +42,7 @@ The following list shows the DeviceManageability configuration service provider
 <!-- Device-Capabilities-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Capabilities-Applicability-End -->
 
 <!-- Device-Capabilities-OmaUri-Begin -->
@@ -80,7 +80,7 @@ The following list shows the DeviceManageability configuration service provider
 <!-- Device-Capabilities-CSPVersions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Capabilities-CSPVersions-Applicability-End -->
 
 <!-- Device-Capabilities-CSPVersions-OmaUri-Begin -->
@@ -119,7 +119,7 @@ Returns the versions of all configuration service providers (CSP) for MDM.
 <!-- Device-Provider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-Applicability-End -->
 
 <!-- Device-Provider-OmaUri-Begin -->
@@ -157,7 +157,7 @@ Returns the versions of all configuration service providers (CSP) for MDM.
 <!-- Device-Provider-{ProviderID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-OmaUri-Begin -->
@@ -198,7 +198,7 @@ Provider ID should be unique among the different config sources.
 <!-- Device-Provider-{ProviderID}-ConfigInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-ConfigInfo-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigInfo-OmaUri-Begin -->
@@ -237,7 +237,7 @@ Configuration Info string value set by the config source. Recommended to be used
 <!-- Device-Provider-{ProviderID}-EnrollmentInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-EnrollmentInfo-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnrollmentInfo-OmaUri-Begin -->
@@ -276,7 +276,7 @@ Enrollment Info string value set by the config source. Recommended to sent to se
 <!-- Device-Provider-{ProviderID}-PayloadTransfer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-PayloadTransfer-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-PayloadTransfer-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 3436c3b0bb..9c0d424446 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devicepreparation-csp.md b/windows/client-management/mdm/devicepreparation-csp.md
index 540f8617fd..1f3ec6eaa1 100644
--- a/windows/client-management/mdm/devicepreparation-csp.md
+++ b/windows/client-management/mdm/devicepreparation-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DevicePreparation CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -44,7 +44,7 @@ The following list shows the DevicePreparation configuration service provider no
 <!-- Device-BootstrapperAgent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-BootstrapperAgent-Applicability-End -->
 
 <!-- Device-BootstrapperAgent-OmaUri-Begin -->
@@ -83,7 +83,7 @@ The subnodes configure settings for the Bootstrapper Agent.
 <!-- Device-BootstrapperAgent-ClassID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-BootstrapperAgent-ClassID-Applicability-End -->
 
 <!-- Device-BootstrapperAgent-ClassID-OmaUri-Begin -->
@@ -122,7 +122,7 @@ This node stores the class ID for the Bootstrapper Agent WinRT object.
 <!-- Device-BootstrapperAgent-ExecutionContext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-BootstrapperAgent-ExecutionContext-Applicability-End -->
 
 <!-- Device-BootstrapperAgent-ExecutionContext-OmaUri-Begin -->
@@ -161,7 +161,7 @@ This node holds opaque data that will be passed to the Bootstrapper Agent as a p
 <!-- Device-BootstrapperAgent-InstallationStatusUri-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-BootstrapperAgent-InstallationStatusUri-Applicability-End -->
 
 <!-- Device-BootstrapperAgent-InstallationStatusUri-OmaUri-Begin -->
@@ -200,7 +200,7 @@ This node holds a URI that can be queried for the status of the Bootstrapper Age
 <!-- Device-MdmAgentInstalled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-MdmAgentInstalled-Applicability-End -->
 
 <!-- Device-MdmAgentInstalled-OmaUri-Begin -->
@@ -240,7 +240,7 @@ This node indicates whether the MDM agent was installed or not. When set to true
 <!-- Device-MDMProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-MDMProvider-Applicability-End -->
 
 <!-- Device-MDMProvider-OmaUri-Begin -->
@@ -279,7 +279,7 @@ The subnode configures the settings for the MDMProvider.
 <!-- Device-MDMProvider-Progress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-MDMProvider-Progress-Applicability-End -->
 
 <!-- Device-MDMProvider-Progress-OmaUri-Begin -->
@@ -318,7 +318,7 @@ Node for reporting progress status as opaque data.
 <!-- Device-PageEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-PageEnabled-Applicability-End -->
 
 <!-- Device-PageEnabled-OmaUri-Begin -->
@@ -367,7 +367,7 @@ This node determines whether to enable or show the Device Preparation page.
 <!-- Device-PageSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-PageSettings-Applicability-End -->
 
 <!-- Device-PageSettings-OmaUri-Begin -->
@@ -406,7 +406,7 @@ This node configures specific settings for the Device Preparation page.
 <!-- Device-PageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-PageStatus-Applicability-End -->
 
 <!-- Device-PageStatus-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devicepreparation-ddf-file.md b/windows/client-management/mdm/devicepreparation-ddf-file.md
index 9d1713e298..3174ac4dab 100644
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 9878cc510b..f9d45fdc5e 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceStatus CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -82,7 +82,7 @@ The following list shows the DeviceStatus configuration service provider nodes:
 <!-- Device-Antispyware-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Antispyware-Applicability-End -->
 
 <!-- Device-Antispyware-OmaUri-Begin -->
@@ -121,7 +121,7 @@ Node for the antispyware query.
 <!-- Device-Antispyware-SignatureStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Antispyware-SignatureStatus-Applicability-End -->
 
 <!-- Device-Antispyware-SignatureStatus-OmaUri-Begin -->
@@ -162,7 +162,7 @@ This node also returns 0 when no anti-spyware provider is active.
 <!-- Device-Antispyware-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Antispyware-Status-Applicability-End -->
 
 <!-- Device-Antispyware-Status-OmaUri-Begin -->
@@ -202,7 +202,7 @@ Integer that specifies the status of the antispyware. Valid values: 0 - The stat
 <!-- Device-Antivirus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Antivirus-Applicability-End -->
 
 <!-- Device-Antivirus-OmaUri-Begin -->
@@ -241,7 +241,7 @@ Node for the antivirus query.
 <!-- Device-Antivirus-SignatureStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Antivirus-SignatureStatus-Applicability-End -->
 
 <!-- Device-Antivirus-SignatureStatus-OmaUri-Begin -->
@@ -282,7 +282,7 @@ This node also returns 0 when no antivirus provider is active.
 <!-- Device-Antivirus-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Antivirus-Status-Applicability-End -->
 
 <!-- Device-Antivirus-Status-OmaUri-Begin -->
@@ -322,7 +322,7 @@ Integer that specifies the status of the antivirus. Valid values: 0 - Antivirus
 <!-- Device-Battery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Battery-Applicability-End -->
 
 <!-- Device-Battery-OmaUri-Begin -->
@@ -361,7 +361,7 @@ Node for the battery query.
 <!-- Device-Battery-EstimatedChargeRemaining-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Battery-EstimatedChargeRemaining-Applicability-End -->
 
 <!-- Device-Battery-EstimatedChargeRemaining-OmaUri-Begin -->
@@ -401,7 +401,7 @@ Integer that specifies the estimated battery charge remaining. This is the value
 <!-- Device-Battery-EstimatedRuntime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Battery-EstimatedRuntime-Applicability-End -->
 
 <!-- Device-Battery-EstimatedRuntime-OmaUri-Begin -->
@@ -441,7 +441,7 @@ Integer that specifies the estimated runtime of the battery. This is the value r
 <!-- Device-Battery-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Battery-Status-Applicability-End -->
 
 <!-- Device-Battery-Status-OmaUri-Begin -->
@@ -481,7 +481,7 @@ Integer that specifies the status of the battery.
 <!-- Device-CellularIdentities-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-Applicability-End -->
 
 <!-- Device-CellularIdentities-OmaUri-Begin -->
@@ -522,7 +522,7 @@ Node for queries on the SIM cards.
 <!-- Device-CellularIdentities-{IMEI}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-OmaUri-Begin -->
@@ -562,7 +562,7 @@ The unique International Mobile Station Equipment Identity (IMEI) number of the
 <!-- Device-CellularIdentities-{IMEI}-CommercializationOperator-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-CommercializationOperator-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-CommercializationOperator-OmaUri-Begin -->
@@ -601,7 +601,7 @@ The mobile service provider or mobile operator associated with the specific IMEI
 <!-- Device-CellularIdentities-{IMEI}-ICCID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-ICCID-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-ICCID-OmaUri-Begin -->
@@ -640,7 +640,7 @@ The Integrated Circuit Card ID (ICCID) of the SIM card associated with the speci
 <!-- Device-CellularIdentities-{IMEI}-IMSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-IMSI-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-IMSI-OmaUri-Begin -->
@@ -679,7 +679,7 @@ The International Mobile Subscriber Identity (IMSI) associated with the IMEI num
 <!-- Device-CellularIdentities-{IMEI}-PhoneNumber-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-PhoneNumber-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-PhoneNumber-OmaUri-Begin -->
@@ -718,7 +718,7 @@ Phone number associated with the specific IMEI number.
 <!-- Device-CellularIdentities-{IMEI}-RoamingCompliance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-RoamingCompliance-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-RoamingCompliance-OmaUri-Begin -->
@@ -757,7 +757,7 @@ Boolean value that indicates compliance with the enforced enterprise roaming pol
 <!-- Device-CellularIdentities-{IMEI}-RoamingStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CellularIdentities-{IMEI}-RoamingStatus-Applicability-End -->
 
 <!-- Device-CellularIdentities-{IMEI}-RoamingStatus-OmaUri-Begin -->
@@ -796,7 +796,7 @@ Indicates whether the SIM card associated with the specific IMEI number is roami
 <!-- Device-CertAttestation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-CertAttestation-Applicability-End -->
 
 <!-- Device-CertAttestation-OmaUri-Begin -->
@@ -835,7 +835,7 @@ Node for Certificate Attestation.
 <!-- Device-CertAttestation-MDMClientCertAttestation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-CertAttestation-MDMClientCertAttestation-Applicability-End -->
 
 <!-- Device-CertAttestation-MDMClientCertAttestation-OmaUri-Begin -->
@@ -874,7 +874,7 @@ MDM Certificate attestation information. This will return an XML blob containing
 <!-- Device-Compliance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Compliance-Applicability-End -->
 
 <!-- Device-Compliance-OmaUri-Begin -->
@@ -913,7 +913,7 @@ Node for the compliance query.
 <!-- Device-Compliance-EncryptionCompliance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Compliance-EncryptionCompliance-Applicability-End -->
 
 <!-- Device-Compliance-EncryptionCompliance-OmaUri-Begin -->
@@ -952,7 +952,7 @@ Boolean value that indicates compliance with the enterprise encryption policy fo
 <!-- Device-DeviceGuard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceGuard-Applicability-End -->
 
 <!-- Device-DeviceGuard-OmaUri-Begin -->
@@ -991,7 +991,7 @@ Node for Device Guard query.
 <!-- Device-DeviceGuard-HypervisorEnforcedCodeIntegrityStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-DeviceGuard-HypervisorEnforcedCodeIntegrityStatus-Applicability-End -->
 
 <!-- Device-DeviceGuard-HypervisorEnforcedCodeIntegrityStatus-OmaUri-Begin -->
@@ -1030,7 +1030,7 @@ Hypervisor Enforced Code Integrity (HVCI) status. 0 - Running, 1 - Reboot requir
 <!-- Device-DeviceGuard-LsaCfgCredGuardStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceGuard-LsaCfgCredGuardStatus-Applicability-End -->
 
 <!-- Device-DeviceGuard-LsaCfgCredGuardStatus-OmaUri-Begin -->
@@ -1069,7 +1069,7 @@ Local System Authority (LSA) credential guard status. 0 - Running, 1 - Reboot re
 <!-- Device-DeviceGuard-SystemGuardStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-DeviceGuard-SystemGuardStatus-Applicability-End -->
 
 <!-- Device-DeviceGuard-SystemGuardStatus-OmaUri-Begin -->
@@ -1108,7 +1108,7 @@ System Guard status. 0 - Running, 1 - Reboot required, 2 - Not configured, 3 - S
 <!-- Device-DeviceGuard-VirtualizationBasedSecurityHwReq-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceGuard-VirtualizationBasedSecurityHwReq-Applicability-End -->
 
 <!-- Device-DeviceGuard-VirtualizationBasedSecurityHwReq-OmaUri-Begin -->
@@ -1147,7 +1147,7 @@ Virtualization-based security hardware requirement status. The value is a 256 va
 <!-- Device-DeviceGuard-VirtualizationBasedSecurityStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceGuard-VirtualizationBasedSecurityStatus-Applicability-End -->
 
 <!-- Device-DeviceGuard-VirtualizationBasedSecurityStatus-OmaUri-Begin -->
@@ -1186,7 +1186,7 @@ Virtualization-based security status. Value is one of the following: 0 - Running
 <!-- Device-DMA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-DMA-Applicability-End -->
 
 <!-- Device-DMA-OmaUri-Begin -->
@@ -1225,7 +1225,7 @@ Node for DMA query.
 <!-- Device-DMA-BootDMAProtectionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-DMA-BootDMAProtectionStatus-Applicability-End -->
 
 <!-- Device-DMA-BootDMAProtectionStatus-OmaUri-Begin -->
@@ -1264,7 +1264,7 @@ Boot DMA Protection status. 1 - Enabled, 2 - Disabled.
 <!-- Device-DomainName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DomainName-Applicability-End -->
 
 <!-- Device-DomainName-OmaUri-Begin -->
@@ -1303,7 +1303,7 @@ Returns the fully qualified domain name of the device(if any).
 <!-- Device-Firewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Firewall-Applicability-End -->
 
 <!-- Device-Firewall-OmaUri-Begin -->
@@ -1342,7 +1342,7 @@ Node for the firewall query.
 <!-- Device-Firewall-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Firewall-Status-Applicability-End -->
 
 <!-- Device-Firewall-Status-OmaUri-Begin -->
@@ -1382,7 +1382,7 @@ Integer that specifies the status of the firewall. Valid values: 0 - Firewall is
 <!-- Device-NetworkIdentifiers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-NetworkIdentifiers-Applicability-End -->
 
 <!-- Device-NetworkIdentifiers-OmaUri-Begin -->
@@ -1421,7 +1421,7 @@ Node for queries on network and device properties.
 <!-- Device-NetworkIdentifiers-{MacAddress}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-NetworkIdentifiers-{MacAddress}-Applicability-End -->
 
 <!-- Device-NetworkIdentifiers-{MacAddress}-OmaUri-Begin -->
@@ -1461,7 +1461,7 @@ MAC address of the wireless network card. A MAC address is present for each netw
 <!-- Device-NetworkIdentifiers-{MacAddress}-IPAddressV4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-NetworkIdentifiers-{MacAddress}-IPAddressV4-Applicability-End -->
 
 <!-- Device-NetworkIdentifiers-{MacAddress}-IPAddressV4-OmaUri-Begin -->
@@ -1500,7 +1500,7 @@ IPv4 address of the network card associated with the MAC address.
 <!-- Device-NetworkIdentifiers-{MacAddress}-IPAddressV6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-NetworkIdentifiers-{MacAddress}-IPAddressV6-Applicability-End -->
 
 <!-- Device-NetworkIdentifiers-{MacAddress}-IPAddressV6-OmaUri-Begin -->
@@ -1539,7 +1539,7 @@ IPv6 address of the network card associated with the MAC address.
 <!-- Device-NetworkIdentifiers-{MacAddress}-IsConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-NetworkIdentifiers-{MacAddress}-IsConnected-Applicability-End -->
 
 <!-- Device-NetworkIdentifiers-{MacAddress}-IsConnected-OmaUri-Begin -->
@@ -1578,7 +1578,7 @@ Boolean value that indicates whether the network card associated with the MAC ad
 <!-- Device-NetworkIdentifiers-{MacAddress}-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-NetworkIdentifiers-{MacAddress}-Type-Applicability-End -->
 
 <!-- Device-NetworkIdentifiers-{MacAddress}-Type-OmaUri-Begin -->
@@ -1617,7 +1617,7 @@ Type of network connection. The value is one of the following: 2 - WLAN (or othe
 <!-- Device-OS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-OS-Applicability-End -->
 
 <!-- Device-OS-OmaUri-Begin -->
@@ -1656,7 +1656,7 @@ Node for the OS query.
 <!-- Device-OS-Edition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-OS-Edition-Applicability-End -->
 
 <!-- Device-OS-Edition-OmaUri-Begin -->
@@ -1696,7 +1696,7 @@ String that specifies the OS edition.
 <!-- Device-OS-Mode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-OS-Mode-Applicability-End -->
 
 <!-- Device-OS-Mode-OmaUri-Begin -->
@@ -1736,7 +1736,7 @@ Read only node that specifies the device mode. Valid values: 0 - the device is i
 <!-- Device-SecureBootState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-SecureBootState-Applicability-End -->
 
 <!-- Device-SecureBootState-OmaUri-Begin -->
@@ -1775,7 +1775,7 @@ Indicates whether secure boot is enabled. The value is one of the following: 0 -
 <!-- Device-TPM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-TPM-Applicability-End -->
 
 <!-- Device-TPM-OmaUri-Begin -->
@@ -1814,7 +1814,7 @@ Node for the TPM query.
 <!-- Device-TPM-ManufacturerId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TPM-ManufacturerId-Applicability-End -->
 
 <!-- Device-TPM-ManufacturerId-OmaUri-Begin -->
@@ -1854,7 +1854,7 @@ String that specifies the TPM manufacturer ID as a number.
 <!-- Device-TPM-ManufacturerIdTxt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TPM-ManufacturerIdTxt-Applicability-End -->
 
 <!-- Device-TPM-ManufacturerIdTxt-OmaUri-Begin -->
@@ -1894,7 +1894,7 @@ String that specifies the TPM manufacturer ID as text.
 <!-- Device-TPM-ManufacturerVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1387] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1387] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1387] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1387] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TPM-ManufacturerVersion-Applicability-End -->
 
 <!-- Device-TPM-ManufacturerVersion-OmaUri-Begin -->
@@ -1934,7 +1934,7 @@ String that specifies the manufacturer version.
 <!-- Device-TPM-SpecificationVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-TPM-SpecificationVersion-Applicability-End -->
 
 <!-- Device-TPM-SpecificationVersion-OmaUri-Begin -->
@@ -1974,7 +1974,7 @@ String that specifies the specification version.
 <!-- Device-UAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-UAC-Applicability-End -->
 
 <!-- Device-UAC-OmaUri-Begin -->
@@ -2013,7 +2013,7 @@ Node for the UAC query.
 <!-- Device-UAC-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-UAC-Status-Applicability-End -->
 
 <!-- Device-UAC-Status-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 63dbac6ba7..231f3f5a26 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index b7c8a992e9..1a9e74c3a2 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DevInfo CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -45,7 +45,7 @@ The following list shows the DevInfo configuration service provider nodes:
 <!-- Device-DevId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DevId-Applicability-End -->
 
 <!-- Device-DevId-OmaUri-Begin -->
@@ -90,7 +90,7 @@ An unique device identifier. An application-specific global unique device identi
 <!-- Device-DmV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DmV-Applicability-End -->
 
 <!-- Device-DmV-OmaUri-Begin -->
@@ -129,7 +129,7 @@ The current management client revision of the device.
 <!-- Device-Ext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-Applicability-End -->
 
 <!-- Device-Ext-OmaUri-Begin -->
@@ -168,7 +168,7 @@ Parent node for nodes extended by Microsoft.
 <!-- Device-Ext-ICCID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Ext-ICCID-Applicability-End -->
 
 <!-- Device-Ext-ICCID-OmaUri-Begin -->
@@ -207,7 +207,7 @@ Retrieves the ICCID of the first adapter.
 <!-- Device-Lang-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Lang-Applicability-End -->
 
 <!-- Device-Lang-OmaUri-Begin -->
@@ -246,7 +246,7 @@ Returns the current user interface (UI) language setting of the device as define
 <!-- Device-Man-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Man-Applicability-End -->
 
 <!-- Device-Man-OmaUri-Begin -->
@@ -285,7 +285,7 @@ Returns the name of the OEM. For Windows 10 for desktop editions, it returns the
 <!-- Device-Mod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Mod-Applicability-End -->
 
 <!-- Device-Mod-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 633bc085bd..f28018452e 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -48,7 +48,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 91047e273f..ae23d729eb 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DiagnosticLog CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -70,7 +70,7 @@ The following list shows the DiagnosticLog configuration service provider nodes:
 <!-- Device-DeviceStateData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceStateData-Applicability-End -->
 
 <!-- Device-DeviceStateData-OmaUri-Begin -->
@@ -110,7 +110,7 @@ The DeviceStateData functionality within the DiagnosticLog CSP provides extra de
 <!-- Device-DeviceStateData-MdmConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-DeviceStateData-MdmConfiguration-Applicability-End -->
 
 <!-- Device-DeviceStateData-MdmConfiguration-OmaUri-Begin -->
@@ -171,7 +171,7 @@ This node is to trigger snapping of the Device Management state data with "SNAP"
 <!-- Device-DiagnosticArchive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-DiagnosticArchive-Applicability-End -->
 
 <!-- Device-DiagnosticArchive-OmaUri-Begin -->
@@ -216,7 +216,7 @@ DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an I
 <!-- Device-DiagnosticArchive-ArchiveDefinition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-DiagnosticArchive-ArchiveDefinition-Applicability-End -->
 
 <!-- Device-DiagnosticArchive-ArchiveDefinition-OmaUri-Begin -->
@@ -339,7 +339,7 @@ Additionally, the XML may include **One or more data gathering directives, which
 <!-- Device-DiagnosticArchive-ArchiveResults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-DiagnosticArchive-ArchiveResults-Applicability-End -->
 
 <!-- Device-DiagnosticArchive-ArchiveResults-OmaUri-Begin -->
@@ -427,7 +427,7 @@ To learn how to read the resulting data, see [How to review ArchiveResults](#how
 <!-- Device-EtwLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Applicability-End -->
 
 <!-- Device-EtwLog-OmaUri-Begin -->
@@ -472,7 +472,7 @@ The ETW log feature is designed for advanced usage, and assumes developers' fami
 <!-- Device-EtwLog-Channels-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Channels-Applicability-End -->
 
 <!-- Device-EtwLog-Channels-OmaUri-Begin -->
@@ -522,7 +522,7 @@ For more information about using DiagnosticLog to collect logs remotely from a P
 <!-- Device-EtwLog-Channels-{ChannelName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Channels-{ChannelName}-Applicability-End -->
 
 <!-- Device-EtwLog-Channels-{ChannelName}-OmaUri-Begin -->
@@ -604,7 +604,7 @@ Each dynamic node represents a registered 'Channel' node. The node name must be
 <!-- Device-EtwLog-Channels-{ChannelName}-Export-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Channels-{ChannelName}-Export-Applicability-End -->
 
 <!-- Device-EtwLog-Channels-{ChannelName}-Export-OmaUri-Begin -->
@@ -661,7 +661,7 @@ This node is to trigger exporting events into a log file from this node's associ
 <!-- Device-EtwLog-Channels-{ChannelName}-Filter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Channels-{ChannelName}-Filter-Applicability-End -->
 
 <!-- Device-EtwLog-Channels-{ChannelName}-Filter-OmaUri-Begin -->
@@ -719,7 +719,7 @@ This node is used for setting or getting the xpath query string to filter the ev
 <!-- Device-EtwLog-Channels-{ChannelName}-State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Channels-{ChannelName}-State-Applicability-End -->
 
 <!-- Device-EtwLog-Channels-{ChannelName}-State-OmaUri-Begin -->
@@ -810,7 +810,7 @@ This node is used for setting or getting the 'Enabled' state of this node's asso
 <!-- Device-EtwLog-Collectors-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-OmaUri-Begin -->
@@ -890,7 +890,7 @@ To gather diagnostics using this CSP:
 <!-- Device-EtwLog-Collectors-{CollectorName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-OmaUri-Begin -->
@@ -972,7 +972,7 @@ Each dynamic node represents a registered 'Collector' node. CSP will maintain an
 <!-- Device-EtwLog-Collectors-{CollectorName}-LogFileSizeLimitMB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-LogFileSizeLimitMB-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-LogFileSizeLimitMB-OmaUri-Begin -->
@@ -1013,7 +1013,7 @@ This node is used for setting or getting the trace log file size limit(in Megaby
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-OmaUri-Begin -->
@@ -1052,7 +1052,7 @@ Root node of all providers registered in this collector node.
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-OmaUri-Begin -->
@@ -1134,7 +1134,7 @@ Each dynamic node represents an ETW provider registered in this collector node.
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-Keywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-Keywords-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-Keywords-OmaUri-Begin -->
@@ -1220,7 +1220,7 @@ This node is used for setting or getting the keywords of the event provider in t
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-State-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-State-OmaUri-Begin -->
@@ -1293,7 +1293,7 @@ Set provider State:
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-TraceLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-TraceLevel-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-Providers-{ProviderGuid}-TraceLevel-OmaUri-Begin -->
@@ -1369,7 +1369,7 @@ Set provider TraceLevel:
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceControl-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceControl-OmaUri-Begin -->
@@ -1466,7 +1466,7 @@ After you've added a logging task, you can start/stop a trace by running an Exec
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceLogFileMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceLogFileMode-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceLogFileMode-OmaUri-Begin -->
@@ -1515,7 +1515,7 @@ This node is used for setting or getting the trace log file mode of this collect
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceStatus-Applicability-End -->
 
 <!-- Device-EtwLog-Collectors-{CollectorName}-TraceStatus-OmaUri-Begin -->
@@ -1554,7 +1554,7 @@ This node is used for getting the status of this collector node's associated tra
 <!-- Device-FileDownload-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-Applicability-End -->
 
 <!-- Device-FileDownload-OmaUri-Begin -->
@@ -1605,7 +1605,7 @@ The FileDownload feature of the DiagnosticLog CSP enables a management server to
 <!-- Device-FileDownload-DMChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-OmaUri-Begin -->
@@ -1644,7 +1644,7 @@ Root node of all csp nodes that are used for controlling file download for their
 <!-- Device-FileDownload-DMChannel-{FileContext}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-OmaUri-Begin -->
@@ -1684,7 +1684,7 @@ Each dynamic node represents a 'FileContext' node corresponding to a log file ge
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockCount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockCount-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockCount-OmaUri-Begin -->
@@ -1741,7 +1741,7 @@ This node is used for getting the total number of blocks for the associated log
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockData-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockData-OmaUri-Begin -->
@@ -1798,7 +1798,7 @@ This node is used to get the binary data of the block that 'BlockIndexToRead' no
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockIndexToRead-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockIndexToRead-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockIndexToRead-OmaUri-Begin -->
@@ -1884,7 +1884,7 @@ This node is used for setting and getting the block index that points to the dat
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockSizeKB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockSizeKB-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-BlockSizeKB-OmaUri-Begin -->
@@ -1968,7 +1968,7 @@ This node is used for setting or getting the block size (in Kilobytes) for the d
 <!-- Device-FileDownload-DMChannel-{FileContext}-DataBlocks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-DataBlocks-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-DataBlocks-OmaUri-Begin -->
@@ -2007,7 +2007,7 @@ Root node of all 'BlockNumber' nodes for the associated log file. The number of
 <!-- Device-FileDownload-DMChannel-{FileContext}-DataBlocks-{BlockNumber}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-FileDownload-DMChannel-{FileContext}-DataBlocks-{BlockNumber}-Applicability-End -->
 
 <!-- Device-FileDownload-DMChannel-{FileContext}-DataBlocks-{BlockNumber}-OmaUri-Begin -->
@@ -2047,7 +2047,7 @@ Each dynamic node represents a 'BlockNumber' node. The node name is an integer e
 <!-- Device-Policy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Applicability-End -->
 
 <!-- Device-Policy-OmaUri-Begin -->
@@ -2087,7 +2087,7 @@ This can be used to configure Windows event log policies, such as maximum log si
 <!-- Device-Policy-Channels-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Channels-Applicability-End -->
 
 <!-- Device-Policy-Channels-OmaUri-Begin -->
@@ -2126,7 +2126,7 @@ Contains policy for Event Log channel settings.
 <!-- Device-Policy-Channels-{ChannelName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Channels-{ChannelName}-Applicability-End -->
 
 <!-- Device-Policy-Channels-{ChannelName}-OmaUri-Begin -->
@@ -2231,7 +2231,7 @@ Each dynamic node represents a registered 'Channel' node. The node name must be
 <!-- Device-Policy-Channels-{ChannelName}-ActionWhenFull-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Channels-{ChannelName}-ActionWhenFull-Applicability-End -->
 
 <!-- Device-Policy-Channels-{ChannelName}-ActionWhenFull-OmaUri-Begin -->
@@ -2372,7 +2372,7 @@ If you disable or don't configure this policy setting, the locally configured va
 <!-- Device-Policy-Channels-{ChannelName}-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Channels-{ChannelName}-Enabled-Applicability-End -->
 
 <!-- Device-Policy-Channels-{ChannelName}-Enabled-OmaUri-Begin -->
@@ -2512,7 +2512,7 @@ If you disable or don't configure this policy setting, the locally configured va
 <!-- Device-Policy-Channels-{ChannelName}-MaximumFileSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Channels-{ChannelName}-MaximumFileSize-Applicability-End -->
 
 <!-- Device-Policy-Channels-{ChannelName}-MaximumFileSize-OmaUri-Begin -->
@@ -2646,7 +2646,7 @@ Maximum size of the channel log file in MB.
 <!-- Device-Policy-Channels-{ChannelName}-SDDL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-Policy-Channels-{ChannelName}-SDDL-Applicability-End -->
 
 <!-- Device-Policy-Channels-{ChannelName}-SDDL-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index e87402d67d..3308eaf8c9 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index ce77f658d1..5a4154759f 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DMAcc CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -73,7 +73,7 @@ The following list shows the DMAcc configuration service provider nodes:
 <!-- Device-{AccountUID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Applicability-End -->
 
 <!-- Device-{AccountUID}-OmaUri-Begin -->
@@ -114,7 +114,7 @@ node is generated from the 256-bit version of SHA-2 hash of the w7 PROVIDER-ID p
 <!-- Device-{AccountUID}-AAuthPref-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AAuthPref-Applicability-End -->
 
 <!-- Device-{AccountUID}-AAuthPref-OmaUri-Begin -->
@@ -162,7 +162,7 @@ Specifies the application authentication preference. Supported values: BASIC, DI
 <!-- Device-{AccountUID}-AppAddr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-OmaUri-Begin -->
@@ -201,7 +201,7 @@ Interior node for DM server address.
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-OmaUri-Begin -->
@@ -241,7 +241,7 @@ Defines the OMA DM server address. Only one server address can be configured. Wh
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Addr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Addr-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Addr-OmaUri-Begin -->
@@ -280,7 +280,7 @@ Specifies the address of the OMA DM account. The type of address stored is speci
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-AddrType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-AddrType-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-AddrType-OmaUri-Begin -->
@@ -329,7 +329,7 @@ Specifies the format and interpretation of the Addr node value. The default is "
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-OmaUri-Begin -->
@@ -368,7 +368,7 @@ Interior node for port information.
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-{ObjectName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-{ObjectName}-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-{ObjectName}-OmaUri-Begin -->
@@ -408,7 +408,7 @@ Only one port number can be configured. When mapping the [w7 APPLICATION](w7-app
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-{ObjectName}-PortNbr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-{ObjectName}-PortNbr-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAddr-{ObjectName}-Port-{ObjectName}-PortNbr-OmaUri-Begin -->
@@ -447,7 +447,7 @@ Specifies the port number of the OMA MD account address. This must be a decimal
 <!-- Device-{AccountUID}-AppAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-OmaUri-Begin -->
@@ -486,7 +486,7 @@ Defines authentication settings.
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-OmaUri-Begin -->
@@ -526,7 +526,7 @@ Defines one set of authentication settings. When mapping the [w7 APPLICATION](w7
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthData-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthData-OmaUri-Begin -->
@@ -565,7 +565,7 @@ Specifies the next nonce used for authentication. "Nonce" refers to a number use
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthLevel-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthLevel-OmaUri-Begin -->
@@ -613,7 +613,7 @@ Specifies the application authentication level. A value of "CLCRED" indicates th
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthName-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthName-OmaUri-Begin -->
@@ -652,7 +652,7 @@ Specifies the authentication name.
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthSecret-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthSecret-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthSecret-OmaUri-Begin -->
@@ -691,7 +691,7 @@ Specifies the password or secret used for authentication.
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthType-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppAuth-{ObjectName}-AAuthType-OmaUri-Begin -->
@@ -740,7 +740,7 @@ Specifies the authentication type. If AAuthLevel is CLCRED, the supported types
 <!-- Device-{AccountUID}-AppID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-AppID-Applicability-End -->
 
 <!-- Device-{AccountUID}-AppID-OmaUri-Begin -->
@@ -788,7 +788,7 @@ Specifies the application identifier for the OMA DM account.. The only supported
 <!-- Device-{AccountUID}-Ext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-OmaUri-Begin -->
@@ -827,7 +827,7 @@ Defines a set of extended parameters. This element holds vendor-specific informa
 <!-- Device-{AccountUID}-Ext-Microsoft-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-OmaUri-Begin -->
@@ -866,7 +866,7 @@ Defines a set of Microsoft-specific extended parameters. This element is created
 <!-- Device-{AccountUID}-Ext-Microsoft-BackCompatRetryDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-BackCompatRetryDisabled-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-BackCompatRetryDisabled-OmaUri-Begin -->
@@ -919,7 +919,7 @@ false (default) -- Compatibility with down-level servers is enabled true -- Comp
 <!-- Device-{AccountUID}-Ext-Microsoft-ConnRetryFreq-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-ConnRetryFreq-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-ConnRetryFreq-OmaUri-Begin -->
@@ -959,7 +959,7 @@ This node specifies how many times DM client will retry a connection to the serv
 <!-- Device-{AccountUID}-Ext-Microsoft-CRLCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-CRLCheck-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-CRLCheck-OmaUri-Begin -->
@@ -1007,7 +1007,7 @@ Allows connection to the DM server to check the Certificate Revocation List (CRL
 <!-- Device-{AccountUID}-Ext-Microsoft-DefaultEncoding-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-DefaultEncoding-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-DefaultEncoding-OmaUri-Begin -->
@@ -1056,7 +1056,7 @@ This node specifies the encoding that the OMA-DM client will use to encode its f
 <!-- Device-{AccountUID}-Ext-Microsoft-DisableOnRoaming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-DisableOnRoaming-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-DisableOnRoaming-OmaUri-Begin -->
@@ -1104,7 +1104,7 @@ Determines whether the OMA DM client should be launched when roaming.
 <!-- Device-{AccountUID}-Ext-Microsoft-InitialBackOffTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-InitialBackOffTime-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-InitialBackOffTime-OmaUri-Begin -->
@@ -1145,7 +1145,7 @@ time grows exponentially. The default value is 16000 milliseconds.
 <!-- Device-{AccountUID}-Ext-Microsoft-InitiateSession-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-InitiateSession-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-InitiateSession-OmaUri-Begin -->
@@ -1184,7 +1184,7 @@ When this node is added, a session is started with the MDM server.
 <!-- Device-{AccountUID}-Ext-Microsoft-MaxBackOffTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-MaxBackOffTime-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-MaxBackOffTime-OmaUri-Begin -->
@@ -1224,7 +1224,7 @@ This node specifies the maximum number of milliseconds to wait before attempting
 <!-- Device-{AccountUID}-Ext-Microsoft-ProtoVer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-ProtoVer-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-ProtoVer-OmaUri-Begin -->
@@ -1274,7 +1274,7 @@ The protocol version set by this element will match the protocol version that th
 <!-- Device-{AccountUID}-Ext-Microsoft-Role-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-Role-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-Role-OmaUri-Begin -->
@@ -1326,7 +1326,7 @@ The acceptable access roles for this node can't be more than the roles assigned
 <!-- Device-{AccountUID}-Ext-Microsoft-SSLCLIENTCERTSEARCHCRITERIA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-SSLCLIENTCERTSEARCHCRITERIA-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-SSLCLIENTCERTSEARCHCRITERIA-OmaUri-Begin -->
@@ -1369,7 +1369,7 @@ The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certific
 <!-- Device-{AccountUID}-Ext-Microsoft-UseHwDevID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-UseHwDevID-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-UseHwDevID-OmaUri-Begin -->
@@ -1420,7 +1420,7 @@ the UUID of the device.
 <!-- Device-{AccountUID}-Ext-Microsoft-UseNonceResync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Ext-Microsoft-UseNonceResync-Applicability-End -->
 
 <!-- Device-{AccountUID}-Ext-Microsoft-UseNonceResync-OmaUri-Begin -->
@@ -1476,7 +1476,7 @@ true: Nonce resynchronization is enabled.
 <!-- Device-{AccountUID}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-Name-Applicability-End -->
 
 <!-- Device-{AccountUID}-Name-OmaUri-Begin -->
@@ -1515,7 +1515,7 @@ Specifies the display name of the application.
 <!-- Device-{AccountUID}-PrefConRef-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-PrefConRef-Applicability-End -->
 
 <!-- Device-{AccountUID}-PrefConRef-OmaUri-Begin -->
@@ -1555,7 +1555,7 @@ will use the default connection provided by connection manager.
 <!-- Device-{AccountUID}-ServerID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{AccountUID}-ServerID-Applicability-End -->
 
 <!-- Device-{AccountUID}-ServerID-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 57bfdbcc89..8f0a89e31b 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 6bf14c7333..7c11cf5f09 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DMClient CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -143,7 +143,7 @@ The following list shows the DMClient configuration service provider nodes:
 <!-- Device-HWDevID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-HWDevID-Applicability-End -->
 
 <!-- Device-HWDevID-OmaUri-Begin -->
@@ -182,7 +182,7 @@ Returns the hardware device ID.
 <!-- Device-Provider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-Applicability-End -->
 
 <!-- Device-Provider-OmaUri-Begin -->
@@ -221,7 +221,7 @@ The root node for all settings that belong to a single management server.
 <!-- Device-Provider-{ProviderID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-OmaUri-Begin -->
@@ -261,7 +261,7 @@ This node contains the URI-encoded value of the bootstrapped device management a
 <!-- Device-Provider-{ProviderID}-AADDeviceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Provider-{ProviderID}-AADDeviceID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-AADDeviceID-OmaUri-Begin -->
@@ -300,7 +300,7 @@ Device ID used for AAD device registration.
 <!-- Device-Provider-{ProviderID}-AADResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-AADResourceID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-AADResourceID-OmaUri-Begin -->
@@ -340,7 +340,7 @@ For more information about Azure AD enrollment, see [Azure Active Directory inte
 <!-- Device-Provider-{ProviderID}-AADSendDeviceToken-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-AADSendDeviceToken-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-AADSendDeviceToken-OmaUri-Begin -->
@@ -388,7 +388,7 @@ For Azure AD backed enrollments, this will cause the client to send a Device Tok
 <!-- Device-Provider-{ProviderID}-CertRenewTimeStamp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-CertRenewTimeStamp-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CertRenewTimeStamp-OmaUri-Begin -->
@@ -427,7 +427,7 @@ The time in OMA DM standard time format. This node is designed to reduce the ris
 <!-- Device-Provider-{ProviderID}-CommercialID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Provider-{ProviderID}-CommercialID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CommercialID-OmaUri-Begin -->
@@ -466,7 +466,7 @@ Configures the identifier used to uniquely associate this diagnostic data of thi
 <!-- Device-Provider-{ProviderID}-ConfigLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-ConfigLock-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigLock-OmaUri-Begin -->
@@ -508,7 +508,7 @@ This node enables [Config Lock](../config-lock.md) feature. If enabled, policies
 <!-- Device-Provider-{ProviderID}-ConfigLock-Lock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-ConfigLock-Lock-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigLock-Lock-OmaUri-Begin -->
@@ -557,7 +557,7 @@ This node specifies how the client will perform the lock mode for SecureCore PC.
 <!-- Device-Provider-{ProviderID}-ConfigLock-SecureCore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-ConfigLock-SecureCore-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigLock-SecureCore-OmaUri-Begin -->
@@ -596,7 +596,7 @@ The node returns the boolean value whether the device is a SecureCore PC.
 <!-- Device-Provider-{ProviderID}-ConfigLock-UnlockDuration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-ConfigLock-UnlockDuration-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigLock-UnlockDuration-OmaUri-Begin -->
@@ -636,7 +636,7 @@ This node, when it's set, tells the client to set how many minutes the device sh
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-OmaUri-Begin -->
@@ -675,7 +675,7 @@ Parent node for ConfigRefresh nodes.
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Cadence-OmaUri-Begin -->
@@ -716,7 +716,7 @@ This node determines the number of minutes between refreshes.
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-Enabled-OmaUri-Begin -->
@@ -765,7 +765,7 @@ This node determines whether or not a periodic settings refresh for MDM policies
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ConfigRefresh-PausePeriod-OmaUri-Begin -->
@@ -806,7 +806,7 @@ This node determines the number of minutes ConfigRefresh should be paused for.
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-OmaUri-Begin -->
@@ -845,7 +845,7 @@ These nodes provision custom text for the enrollment page.
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-BodyText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-BodyText-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-BodyText-OmaUri-Begin -->
@@ -884,7 +884,7 @@ Specifies the body text of the all done page that appears at the end of the MDM
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-HyperlinkHref-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-HyperlinkHref-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-HyperlinkHref-OmaUri-Begin -->
@@ -923,7 +923,7 @@ Specifies the URL that's shown at the end of the MDM enrollment flow.
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-HyperlinkText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-HyperlinkText-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-HyperlinkText-OmaUri-Begin -->
@@ -962,7 +962,7 @@ Specifies the display text for the URL that's shown at the end of the MDM enroll
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-Title-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-Title-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-CustomEnrollmentCompletePage-Title-OmaUri-Begin -->
@@ -1001,7 +1001,7 @@ Specifies the title of the all done page that appears at the end of the MDM enro
 <!-- Device-Provider-{ProviderID}-EnableOmaDmKeepAliveMessage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Provider-{ProviderID}-EnableOmaDmKeepAliveMessage-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnableOmaDmKeepAliveMessage-OmaUri-Begin -->
@@ -1082,7 +1082,7 @@ Here's an example of DM message sent by the device when it's in pending state:
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-OmaUri-Begin -->
@@ -1120,7 +1120,7 @@ Here's an example of DM message sent by the device when it's in pending state:
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Cert0-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Cert0-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Cert0-OmaUri-Begin -->
@@ -1159,7 +1159,7 @@ The node contains the primary certificate - the public key to use.
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Cert1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Cert1-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-Cert1-OmaUri-Begin -->
@@ -1198,7 +1198,7 @@ The node contains the secondary certificate - the public key to use.
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-SecurityMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-SecurityMode-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-SecurityMode-OmaUri-Begin -->
@@ -1249,7 +1249,7 @@ This node specifies how the client will perform the app layer signing and encryp
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-UseCertIfRevocationCheckOffline-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-UseCertIfRevocationCheckOffline-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnhancedAppLayerSecurity-UseCertIfRevocationCheckOffline-OmaUri-Begin -->
@@ -1298,7 +1298,7 @@ This node, when it's set, tells the client to use the certificate even when the
 <!-- Device-Provider-{ProviderID}-EnrollmentType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Provider-{ProviderID}-EnrollmentType-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EnrollmentType-OmaUri-Begin -->
@@ -1337,7 +1337,7 @@ Type of MDM enrollment (Device or Full).
 <!-- Device-Provider-{ProviderID}-EntDeviceName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-EntDeviceName-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EntDeviceName-OmaUri-Begin -->
@@ -1376,7 +1376,7 @@ Character string that contains the user-friendly device name used by the IT admi
 <!-- Device-Provider-{ProviderID}-EntDMID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-EntDMID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-EntDMID-OmaUri-Begin -->
@@ -1417,7 +1417,7 @@ Character string that contains the unique enterprise device ID. The value is set
 <!-- Device-Provider-{ProviderID}-ExchangeID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-ExchangeID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ExchangeID-OmaUri-Begin -->
@@ -1470,7 +1470,7 @@ Character string that contains the unique Exchange device ID used by the Outlook
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-OmaUri-Begin -->
@@ -1508,7 +1508,7 @@ Character string that contains the unique Exchange device ID used by the Outlook
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-AllowCollectLogsButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-AllowCollectLogsButton-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-AllowCollectLogsButton-OmaUri-Begin -->
@@ -1557,7 +1557,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-BlockInStatusPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-BlockInStatusPage-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-BlockInStatusPage-OmaUri-Begin -->
@@ -1608,7 +1608,7 @@ Device Only. This node determines whether or not the MDM progress page is blocki
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-CustomErrorText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-CustomErrorText-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-CustomErrorText-OmaUri-Begin -->
@@ -1647,7 +1647,7 @@ This node allows the MDM to set custom error text, detailing what the user needs
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedModernAppPackages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedModernAppPackages-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedModernAppPackages-OmaUri-Begin -->
@@ -1687,7 +1687,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedMSIAppPackages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedMSIAppPackages-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedMSIAppPackages-OmaUri-Begin -->
@@ -1727,7 +1727,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedNetworkProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedNetworkProfiles-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedNetworkProfiles-OmaUri-Begin -->
@@ -1767,7 +1767,7 @@ This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profil
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedPFXCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedPFXCerts-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedPFXCerts-OmaUri-Begin -->
@@ -1807,7 +1807,7 @@ This node contains a list of LocURIs that refer to certs the ISV expects to prov
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedPolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedPolicies-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedPolicies-OmaUri-Begin -->
@@ -1847,7 +1847,7 @@ This node contains a list of LocURIs that refer to Policies the ISV expects to p
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedSCEPCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedSCEPCerts-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ExpectedSCEPCerts-OmaUri-Begin -->
@@ -1887,7 +1887,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-IsSyncDone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-IsSyncDone-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-IsSyncDone-OmaUri-Begin -->
@@ -1935,7 +1935,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ServerHasFinishedProvisioning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ServerHasFinishedProvisioning-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-ServerHasFinishedProvisioning-OmaUri-Begin -->
@@ -1983,7 +1983,7 @@ This node is set by the server to inform the UX that the server has finished pro
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipDeviceStatusPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipDeviceStatusPage-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipDeviceStatusPage-OmaUri-Begin -->
@@ -2032,7 +2032,7 @@ Device only. This node decides whether or not the MDM device progress page skips
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipUserStatusPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipUserStatusPage-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-SkipUserStatusPage-OmaUri-Begin -->
@@ -2081,7 +2081,7 @@ Device only. This node decides whether or not the MDM user progress page skips a
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-TimeOutUntilSyncFailure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-TimeOutUntilSyncFailure-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-TimeOutUntilSyncFailure-OmaUri-Begin -->
@@ -2122,7 +2122,7 @@ This node determines how long we will poll until we surface an error message to
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-WasDeviceSuccessfullyProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-WasDeviceSuccessfullyProvisioned-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-FirstSyncStatus-WasDeviceSuccessfullyProvisioned-OmaUri-Begin -->
@@ -2171,7 +2171,7 @@ Integer node determining if a Device was Successfully provisioned. 0 is failure,
 <!-- Device-Provider-{ProviderID}-ForceAadToken-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1766] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1766] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1766] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.739] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1766] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1766] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1766] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.739] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-ForceAadToken-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ForceAadToken-OmaUri-Begin -->
@@ -2222,7 +2222,7 @@ Force device to send device AAD token during check-in as a separate header.
 <!-- Device-Provider-{ProviderID}-HelpEmailAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-HelpEmailAddress-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-HelpEmailAddress-OmaUri-Begin -->
@@ -2261,7 +2261,7 @@ The character string that allows the user experience to include a customized hel
 <!-- Device-Provider-{ProviderID}-HelpPhoneNumber-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-HelpPhoneNumber-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-HelpPhoneNumber-OmaUri-Begin -->
@@ -2300,7 +2300,7 @@ The character string that allows the user experience to include a customized hel
 <!-- Device-Provider-{ProviderID}-HelpWebsite-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-HelpWebsite-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-HelpWebsite-OmaUri-Begin -->
@@ -2339,7 +2339,7 @@ The character string that allows the user experience to include a customized hel
 <!-- Device-Provider-{ProviderID}-HWDevID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Provider-{ProviderID}-HWDevID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-HWDevID-OmaUri-Begin -->
@@ -2378,7 +2378,7 @@ Returns the hardware device ID.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-OmaUri-Begin -->
@@ -2417,7 +2417,7 @@ The interior node for linked enrollment.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Enroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Enroll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Enroll-OmaUri-Begin -->
@@ -2457,7 +2457,7 @@ This is an execution node and will trigger a silent MMP-C enrollment, using the
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-EnrollStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-EnrollStatus-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-EnrollStatus-OmaUri-Begin -->
@@ -2512,7 +2512,7 @@ Returns the current enrollment or un-enrollment status of the linked enrollment.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-LastError-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-LastError-OmaUri-Begin -->
@@ -2551,7 +2551,7 @@ return the last error for enroll/unenroll.
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Priority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Priority-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Priority-OmaUri-Begin -->
@@ -2599,7 +2599,7 @@ Optional. Allowed value is 0 or 1. 0 means the main enrollment has authority for
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Unenroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.2193] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.2193] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.2193] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.918] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Unenroll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-LinkedEnrollment-Unenroll-OmaUri-Begin -->
@@ -2639,7 +2639,7 @@ This is an execution node and will trigger a silent MMP-C unenroll, there is no
 <!-- Device-Provider-{ProviderID}-ManagementServerAddressList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Provider-{ProviderID}-ManagementServerAddressList-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ManagementServerAddressList-OmaUri-Begin -->
@@ -2693,7 +2693,7 @@ The list of management server URLs in the format `<URL1>` `<URL2>` `<URL3>`, and
 <!-- Device-Provider-{ProviderID}-ManagementServerToUpgradeTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Provider-{ProviderID}-ManagementServerToUpgradeTo-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ManagementServerToUpgradeTo-OmaUri-Begin -->
@@ -2732,7 +2732,7 @@ Specify the Discovery server URL of the MDM server to upgrade to for a MAM enrol
 <!-- Device-Provider-{ProviderID}-ManagementServiceAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-ManagementServiceAddress-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-ManagementServiceAddress-OmaUri-Begin -->
@@ -2774,7 +2774,7 @@ The character string that contains the device management server address. It can
 <!-- Device-Provider-{ProviderID}-MaxSyncApplicationVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-MaxSyncApplicationVersion-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-MaxSyncApplicationVersion-OmaUri-Begin -->
@@ -2813,7 +2813,7 @@ Used by the client to indicate the latest DM session version that it supports.
 <!-- Device-Provider-{ProviderID}-MultipleSession-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-MultipleSession-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-MultipleSession-OmaUri-Begin -->
@@ -2853,7 +2853,7 @@ Used by the client to indicate the latest DM session version that it supports.
 <!-- Device-Provider-{ProviderID}-MultipleSession-IntervalForScheduledRetriesForUserSession-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-MultipleSession-IntervalForScheduledRetriesForUserSession-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-MultipleSession-IntervalForScheduledRetriesForUserSession-OmaUri-Begin -->
@@ -2894,7 +2894,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumAllowedConcurrentUserSessionAtUserLogonSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumAllowedConcurrentUserSessionAtUserLogonSync-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumAllowedConcurrentUserSessionAtUserLogonSync-OmaUri-Begin -->
@@ -2935,7 +2935,7 @@ Optional. Maximum number of concurrent user sync sessions at User Login. Default
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumAllowedConcurrentUserSessionForBackgroundSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumAllowedConcurrentUserSessionForBackgroundSync-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumAllowedConcurrentUserSessionForBackgroundSync-OmaUri-Begin -->
@@ -2976,7 +2976,7 @@ Optional. Maximum number of concurrent user sync sessions in background. Default
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumberOfScheduledRetriesForUserSession-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumberOfScheduledRetriesForUserSession-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-MultipleSession-NumberOfScheduledRetriesForUserSession-OmaUri-Begin -->
@@ -3017,7 +3017,7 @@ The number of times the DM client should retry connecting to the server when the
 <!-- Device-Provider-{ProviderID}-NumberOfDaysAfterLostContactToUnenroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Provider-{ProviderID}-NumberOfDaysAfterLostContactToUnenroll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-NumberOfDaysAfterLostContactToUnenroll-OmaUri-Begin -->
@@ -3056,7 +3056,7 @@ Number of days after last successful sync to unenroll.
 <!-- Device-Provider-{ProviderID}-Poll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-OmaUri-Begin -->
@@ -3095,7 +3095,7 @@ Polling schedules must utilize the DMClient CSP. The Registry paths previously a
 <!-- Device-Provider-{ProviderID}-Poll-AllUsersPollOnFirstLogin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-AllUsersPollOnFirstLogin-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-AllUsersPollOnFirstLogin-OmaUri-Begin -->
@@ -3144,7 +3144,7 @@ Boolean value that allows the IT admin to require the device to start a manageme
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForFirstSetOfRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForFirstSetOfRetries-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForFirstSetOfRetries-OmaUri-Begin -->
@@ -3183,7 +3183,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForRemainingScheduledRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForRemainingScheduledRetries-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForRemainingScheduledRetries-OmaUri-Begin -->
@@ -3222,7 +3222,7 @@ The waiting time (in minutes) for the initial set of retries as specified by the
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForSecondSetOfRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForSecondSetOfRetries-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-IntervalForSecondSetOfRetries-OmaUri-Begin -->
@@ -3261,7 +3261,7 @@ The waiting time (in minutes) for the second set of retries as specified by the
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfFirstRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfFirstRetries-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfFirstRetries-OmaUri-Begin -->
@@ -3300,7 +3300,7 @@ The number of times the DM client should retry to connect to the server when the
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfRemainingScheduledRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfRemainingScheduledRetries-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfRemainingScheduledRetries-OmaUri-Begin -->
@@ -3339,7 +3339,7 @@ The number of times the DM client should retry connecting to the server when the
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfSecondRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfSecondRetries-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-NumberOfSecondRetries-OmaUri-Begin -->
@@ -3378,7 +3378,7 @@ The number of times the DM client should retry a second round of connecting to t
 <!-- Device-Provider-{ProviderID}-Poll-PollOnLogin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Poll-PollOnLogin-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Poll-PollOnLogin-OmaUri-Begin -->
@@ -3427,7 +3427,7 @@ Boolean value that allows the IT admin to require the device to start a manageme
 <!-- Device-Provider-{ProviderID}-PublisherDeviceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-PublisherDeviceID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-PublisherDeviceID-OmaUri-Begin -->
@@ -3466,7 +3466,7 @@ The PublisherDeviceID is a device-unique ID created based on the enterprise Publ
 <!-- Device-Provider-{ProviderID}-Push-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Push-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Push-OmaUri-Begin -->
@@ -3505,7 +3505,7 @@ Not configurable during WAP Provisioning XML. If removed, DM sessions triggered
 <!-- Device-Provider-{ProviderID}-Push-ChannelURI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Push-ChannelURI-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Push-ChannelURI-OmaUri-Begin -->
@@ -3544,7 +3544,7 @@ A string that contains the channel that the WNS client has negotiated for the OM
 <!-- Device-Provider-{ProviderID}-Push-PFN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Push-PFN-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Push-PFN-OmaUri-Begin -->
@@ -3583,7 +3583,7 @@ A string provided by the Windows 10 ecosystem for an MDM solution. Used to regis
 <!-- Device-Provider-{ProviderID}-Push-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Push-Status-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Push-Status-OmaUri-Begin -->
@@ -3622,7 +3622,7 @@ An integer that maps to a known error state or condition on the system. Valid va
 <!-- Device-Provider-{ProviderID}-Recovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-OmaUri-Begin -->
@@ -3661,7 +3661,7 @@ Parent node for Recovery nodes.
 <!-- Device-Provider-{ProviderID}-Recovery-AllowRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-AllowRecovery-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-AllowRecovery-OmaUri-Begin -->
@@ -3710,7 +3710,7 @@ This node determines whether or not the client will automatically initiate a MDM
 <!-- Device-Provider-{ProviderID}-Recovery-InitiateRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-InitiateRecovery-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-InitiateRecovery-OmaUri-Begin -->
@@ -3759,7 +3759,7 @@ This node initiates a recovery action. The server can specify prerequisites befo
 <!-- Device-Provider-{ProviderID}-Recovery-RecoveryStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Provider-{ProviderID}-Recovery-RecoveryStatus-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Recovery-RecoveryStatus-OmaUri-Begin -->
@@ -3799,7 +3799,7 @@ This node tracks the status of a Recovery request from the InitiateRecovery node
 <!-- Device-Provider-{ProviderID}-RequireMessageSigning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-RequireMessageSigning-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-RequireMessageSigning-OmaUri-Begin -->
@@ -3848,7 +3848,7 @@ Primarily used for SSL bridging mode where firewalls and proxies are deployed an
 <!-- Device-Provider-{ProviderID}-SignedEntDMID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-SignedEntDMID-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-SignedEntDMID-OmaUri-Begin -->
@@ -3887,7 +3887,7 @@ Character string that contains the device ID. This node and the nodes CertRenewT
 <!-- Device-Provider-{ProviderID}-SyncApplicationVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-SyncApplicationVersion-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-SyncApplicationVersion-OmaUri-Begin -->
@@ -3930,7 +3930,7 @@ Used by the management server to set the DM session version that the server and
 <!-- Device-Provider-{ProviderID}-Unenroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-Unenroll-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-Unenroll-OmaUri-Begin -->
@@ -3990,7 +3990,7 @@ The following SyncML shows how to remotely unenroll the device. This command sho
 <!-- Device-Provider-{ProviderID}-UPN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Provider-{ProviderID}-UPN-Applicability-End -->
 
 <!-- Device-Provider-{ProviderID}-UPN-OmaUri-Begin -->
@@ -4029,7 +4029,7 @@ Allows the management server to update the User Principal Name (UPN) of the enro
 <!-- Device-Unenroll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Unenroll-Applicability-End -->
 
 <!-- Device-Unenroll-OmaUri-Begin -->
@@ -4068,7 +4068,7 @@ The node accepts unenrollment requests by way of the OMA DM Exec command and cal
 <!-- Device-UpdateManagementServiceAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-UpdateManagementServiceAddress-Applicability-End -->
 
 <!-- Device-UpdateManagementServiceAddress-OmaUri-Begin -->
@@ -4108,7 +4108,7 @@ For provisioning packages only. Specifies the list of servers (semicolon delimit
 <!-- User-Provider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Provider-Applicability-End -->
 
 <!-- User-Provider-OmaUri-Begin -->
@@ -4147,7 +4147,7 @@ The root node for all settings that belong to a single management server.
 <!-- User-Provider-{ProviderID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-Provider-{ProviderID}-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-OmaUri-Begin -->
@@ -4187,7 +4187,7 @@ This node contains the URI-encoded value of the bootstrapped device management a
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-OmaUri-Begin -->
@@ -4225,7 +4225,7 @@ This node contains the URI-encoded value of the bootstrapped device management a
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-AllowCollectLogsButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-AllowCollectLogsButton-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-AllowCollectLogsButton-OmaUri-Begin -->
@@ -4274,7 +4274,7 @@ This node decides whether or not the MDM progress page displays the Collect Logs
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-CustomErrorText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-CustomErrorText-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-CustomErrorText-OmaUri-Begin -->
@@ -4313,7 +4313,7 @@ This node allows the MDM to set custom error text, detailing what the user needs
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedModernAppPackages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedModernAppPackages-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedModernAppPackages-OmaUri-Begin -->
@@ -4353,7 +4353,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedMSIAppPackages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedMSIAppPackages-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedMSIAppPackages-OmaUri-Begin -->
@@ -4393,7 +4393,7 @@ This node contains a list of LocURIs that refer to App Packages the ISV expects
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedNetworkProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedNetworkProfiles-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedNetworkProfiles-OmaUri-Begin -->
@@ -4433,7 +4433,7 @@ This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profil
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedPFXCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedPFXCerts-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedPFXCerts-OmaUri-Begin -->
@@ -4473,7 +4473,7 @@ This node contains a list of LocURIs that refer to certs the ISV expects to prov
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedPolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedPolicies-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedPolicies-OmaUri-Begin -->
@@ -4513,7 +4513,7 @@ This node contains a list of LocURIs that refer to Policies the ISV expects to p
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedSCEPCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedSCEPCerts-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ExpectedSCEPCerts-OmaUri-Begin -->
@@ -4553,7 +4553,7 @@ This node contains a list of LocURIs that refer to SCEP certs the ISV expects to
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-IsSyncDone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-IsSyncDone-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-IsSyncDone-OmaUri-Begin -->
@@ -4601,7 +4601,7 @@ This node, when doing a get, tells the server if the "First Syncs" are done and
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ServerHasFinishedProvisioning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ServerHasFinishedProvisioning-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-ServerHasFinishedProvisioning-OmaUri-Begin -->
@@ -4649,7 +4649,7 @@ This node is set by the server to inform the UX that the server has finished pro
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-WasDeviceSuccessfullyProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-WasDeviceSuccessfullyProvisioned-Applicability-End -->
 
 <!-- User-Provider-{ProviderID}-FirstSyncStatus-WasDeviceSuccessfullyProvisioned-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 4de7f3bf11..8940dcd7f9 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -484,7 +484,7 @@ The following XML file contains the device description framework (DDF) for the D
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index bf39a0e3fd..d4eb392f33 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -24,7 +24,7 @@ The table below shows the applicability of Windows:
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 
-Windows 10 or Windows 11 allows you to manage devices differently depending on location, network, or time.  Added in Windows 10, version 1703, the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
+Windows 10 or Windows 11 allows you to manage devices differently depending on location, network, or time.  Added in Windows 10, version 1703, the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country/region to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
 
 This CSP was added in Windows 10, version 1703.
 
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 9b4bb74c16..926d63ac80 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -145,7 +145,7 @@ EAP XML must be updated with relevant information for your environment. This tas
 - For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
 - For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
 
-For information about EAP settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
+For information about EAP settings, see [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access).
 
 For information about generating an EAP XML, see the EAP configuration article.
 
@@ -297,7 +297,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio
 1. Continue following the procedure in the EAP configuration article from step 9 to get an EAP TLS profile with appropriate filtering.
 
 > [!NOTE]
-> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article.
+> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access) article.
 
 ## Related topics
 
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index ddb612ea0c..c2b25eca83 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the EMAIL2 CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -72,7 +72,7 @@ The following list shows the EMAIL2 configuration service provider nodes:
 <!-- User-{Account GUID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-Applicability-End -->
 
 <!-- User-{Account GUID}-OmaUri-Begin -->
@@ -119,7 +119,7 @@ The braces {} around the GUID are required in the EMAIL2 configuration service p
 <!-- User-{Account GUID}-ACCOUNTICON-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-ACCOUNTICON-Applicability-End -->
 
 <!-- User-{Account GUID}-ACCOUNTICON-OmaUri-Begin -->
@@ -158,7 +158,7 @@ The location of the icon associated with the account. The account icon can be us
 <!-- User-{Account GUID}-ACCOUNTTYPE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-ACCOUNTTYPE-Applicability-End -->
 
 <!-- User-{Account GUID}-ACCOUNTTYPE-OmaUri-Begin -->
@@ -206,7 +206,7 @@ Specifies the type of account. Valid values are: Email - normal email, VVM - vis
 <!-- User-{Account GUID}-AUTHNAME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-AUTHNAME-Applicability-End -->
 
 <!-- User-{Account GUID}-AUTHNAME-OmaUri-Begin -->
@@ -245,7 +245,7 @@ Character string that specifies the name used to authorize the user to a specifi
 <!-- User-{Account GUID}-AUTHREQUIRED-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-AUTHREQUIRED-Applicability-End -->
 
 <!-- User-{Account GUID}-AUTHREQUIRED-OmaUri-Begin -->
@@ -299,7 +299,7 @@ Character string that specifies whether the outgoing server requires authenticat
 <!-- User-{Account GUID}-AUTHSECRET-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-AUTHSECRET-Applicability-End -->
 
 <!-- User-{Account GUID}-AUTHSECRET-OmaUri-Begin -->
@@ -338,7 +338,7 @@ Character string that specifies the user's password. The same password is used f
 <!-- User-{Account GUID}-CALENDARSERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CALENDARSERVER-Applicability-End -->
 
 <!-- User-{Account GUID}-CALENDARSERVER-OmaUri-Begin -->
@@ -377,7 +377,7 @@ Server for calendar sync if it's different from the email server.
 <!-- User-{Account GUID}-CALENDARSERVERREQUIRESSL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CALENDARSERVERREQUIRESSL-Applicability-End -->
 
 <!-- User-{Account GUID}-CALENDARSERVERREQUIRESSL-OmaUri-Begin -->
@@ -416,7 +416,7 @@ Indicates if the connection to the calendar server requires SSL.
 <!-- User-{Account GUID}-CALENDARSYNCSCHEDULE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CALENDARSYNCSCHEDULE-Applicability-End -->
 
 <!-- User-{Account GUID}-CALENDARSYNCSCHEDULE-OmaUri-Begin -->
@@ -455,7 +455,7 @@ Sets the schedule for syncing calendar items.
 <!-- User-{Account GUID}-CELLULARONLY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CELLULARONLY-Applicability-End -->
 
 <!-- User-{Account GUID}-CELLULARONLY-OmaUri-Begin -->
@@ -494,7 +494,7 @@ If this flag is set, the account only uses the cellular network and not Wi-Fi.
 <!-- User-{Account GUID}-CONTACTSSERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CONTACTSSERVER-Applicability-End -->
 
 <!-- User-{Account GUID}-CONTACTSSERVER-OmaUri-Begin -->
@@ -533,7 +533,7 @@ Server for contact sync if it's different from the email server.
 <!-- User-{Account GUID}-CONTACTSSERVERREQUIRESSL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CONTACTSSERVERREQUIRESSL-Applicability-End -->
 
 <!-- User-{Account GUID}-CONTACTSSERVERREQUIRESSL-OmaUri-Begin -->
@@ -572,7 +572,7 @@ Indicates if the connection to the contact server requires SSL.
 <!-- User-{Account GUID}-CONTACTSSYNCSCHEDULE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-CONTACTSSYNCSCHEDULE-Applicability-End -->
 
 <!-- User-{Account GUID}-CONTACTSSYNCSCHEDULE-OmaUri-Begin -->
@@ -611,7 +611,7 @@ Sets the schedule for syncing contact items.
 <!-- User-{Account GUID}-DOMAIN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-DOMAIN-Applicability-End -->
 
 <!-- User-{Account GUID}-DOMAIN-OmaUri-Begin -->
@@ -650,7 +650,7 @@ Character string that specifies the incoming server credentials domain. Limited
 <!-- User-{Account GUID}-DWNDAY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-DWNDAY-Applicability-End -->
 
 <!-- User-{Account GUID}-DWNDAY-OmaUri-Begin -->
@@ -701,7 +701,7 @@ Character string that specifies how many days' worth of email should be download
 <!-- User-{Account GUID}-INSERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-INSERVER-Applicability-End -->
 
 <!-- User-{Account GUID}-INSERVER-OmaUri-Begin -->
@@ -740,7 +740,7 @@ Character string that specifies how many days' worth of email should be download
 <!-- User-{Account GUID}-KEEPMAX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-KEEPMAX-Applicability-End -->
 
 <!-- User-{Account GUID}-KEEPMAX-OmaUri-Begin -->
@@ -792,7 +792,7 @@ Specifies the maximum size for a message attachment. Attachments beyond this siz
 <!-- User-{Account GUID}-LINGER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-LINGER-Applicability-End -->
 
 <!-- User-{Account GUID}-LINGER-OmaUri-Begin -->
@@ -833,7 +833,7 @@ Character string that specifies the length of time between email send/receive up
 <!-- User-{Account GUID}-NAME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-NAME-Applicability-End -->
 
 <!-- User-{Account GUID}-NAME-OmaUri-Begin -->
@@ -872,7 +872,7 @@ Character string that specifies the name of the sender displayed on a sent email
 <!-- User-{Account GUID}-OUTSERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-OUTSERVER-Applicability-End -->
 
 <!-- User-{Account GUID}-OUTSERVER-OmaUri-Begin -->
@@ -911,7 +911,7 @@ Character string that specifies the name of the messaging service's outgoing ema
 <!-- User-{Account GUID}-REPLYADDR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-REPLYADDR-Applicability-End -->
 
 <!-- User-{Account GUID}-REPLYADDR-OmaUri-Begin -->
@@ -950,7 +950,7 @@ Character string that specifies the reply email address of the user (usually the
 <!-- User-{Account GUID}-RETRIEVE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-RETRIEVE-Applicability-End -->
 
 <!-- User-{Account GUID}-RETRIEVE-OmaUri-Begin -->
@@ -990,7 +990,7 @@ Specifies the maximum size in bytes for messages retrieved from the incoming ema
 <!-- User-{Account GUID}-SERVERDELETEACTION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SERVERDELETEACTION-Applicability-End -->
 
 <!-- User-{Account GUID}-SERVERDELETEACTION-OmaUri-Begin -->
@@ -1038,7 +1038,7 @@ Character string that specifies how message is deleted on server. The default ac
 <!-- User-{Account GUID}-SERVICENAME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SERVICENAME-Applicability-End -->
 
 <!-- User-{Account GUID}-SERVICENAME-OmaUri-Begin -->
@@ -1079,7 +1079,7 @@ Character string that specifies the name of the email service to create or edit
 <!-- User-{Account GUID}-SERVICETYPE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SERVICETYPE-Applicability-End -->
 
 <!-- User-{Account GUID}-SERVICETYPE-OmaUri-Begin -->
@@ -1120,7 +1120,7 @@ Character string that specifies the type of email service to create or edit (for
 <!-- User-{Account GUID}-SMTPALTAUTHNAME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SMTPALTAUTHNAME-Applicability-End -->
 
 <!-- User-{Account GUID}-SMTPALTAUTHNAME-OmaUri-Begin -->
@@ -1159,7 +1159,7 @@ Character string that specifies the display name associated with the user's alte
 <!-- User-{Account GUID}-SMTPALTDOMAIN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SMTPALTDOMAIN-Applicability-End -->
 
 <!-- User-{Account GUID}-SMTPALTDOMAIN-OmaUri-Begin -->
@@ -1198,7 +1198,7 @@ Character string that specifies the domain name for the user's alternative SMTP
 <!-- User-{Account GUID}-SMTPALTENABLED-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SMTPALTENABLED-Applicability-End -->
 
 <!-- User-{Account GUID}-SMTPALTENABLED-OmaUri-Begin -->
@@ -1246,7 +1246,7 @@ Character string that specifies if the user's alternate SMTP account is enabled.
 <!-- User-{Account GUID}-SMTPALTPASSWORD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SMTPALTPASSWORD-Applicability-End -->
 
 <!-- User-{Account GUID}-SMTPALTPASSWORD-OmaUri-Begin -->
@@ -1285,7 +1285,7 @@ Character string that specifies the password for the user's alternate SMTP accou
 <!-- User-{Account GUID}-SYNCINGCONTENTTYPES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-SYNCINGCONTENTTYPES-Applicability-End -->
 
 <!-- User-{Account GUID}-SYNCINGCONTENTTYPES-OmaUri-Begin -->
@@ -1344,7 +1344,7 @@ Specifies a bitmask for which content types are supported for syncing (eg: Mail,
 <!-- User-{Account GUID}-TAGPROPS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-TAGPROPS-Applicability-End -->
 
 <!-- User-{Account GUID}-TAGPROPS-OmaUri-Begin -->
@@ -1383,7 +1383,7 @@ Specifies that stated parameter element name attributes is nonstandard tag prope
 <!-- User-{Account GUID}-TAGPROPS-8128000B-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-TAGPROPS-8128000B-Applicability-End -->
 
 <!-- User-{Account GUID}-TAGPROPS-8128000B-OmaUri-Begin -->
@@ -1431,7 +1431,7 @@ Character string that specifies if the incoming email server requires SSL.
 <!-- User-{Account GUID}-TAGPROPS-812C000B-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- User-{Account GUID}-TAGPROPS-812C000B-Applicability-End -->
 
 <!-- User-{Account GUID}-TAGPROPS-812C000B-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 20e168d936..fd201ec09e 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
       <MSFT:Deprecated />
     </DFProperties>
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index b3c89c489f..02e11e7496 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the EnterpriseDesktopAppManagement CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -62,7 +62,7 @@ The following list shows the EnterpriseDesktopAppManagement configuration servic
 <!-- Device-MSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-Applicability-End -->
 
 <!-- Device-MSI-OmaUri-Begin -->
@@ -101,7 +101,7 @@ Product Type is MSI.
 <!-- Device-MSI-{ProductID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-OmaUri-Begin -->
@@ -142,7 +142,7 @@ The MSI product code for the application.
 <!-- Device-MSI-{ProductID}-DownloadInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-DownloadInstall-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-DownloadInstall-OmaUri-Begin -->
@@ -194,7 +194,7 @@ For more information, see [DownloadInstall XSD Schema](#downloadinstall-xsd-sche
 <!-- Device-MSI-{ProductID}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-InstallDate-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-InstallDate-OmaUri-Begin -->
@@ -233,7 +233,7 @@ Installation date of the application.
 <!-- Device-MSI-{ProductID}-InstallPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-InstallPath-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-InstallPath-OmaUri-Begin -->
@@ -272,7 +272,7 @@ Installation path of the application.
 <!-- Device-MSI-{ProductID}-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-LastError-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-LastError-OmaUri-Begin -->
@@ -311,7 +311,7 @@ The last error code during the application installation process. This is typical
 <!-- Device-MSI-{ProductID}-LastErrorDesc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-LastErrorDesc-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-LastErrorDesc-OmaUri-Begin -->
@@ -350,7 +350,7 @@ Contains the last error code description. The LastErrorDesc value is looked up f
 <!-- Device-MSI-{ProductID}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-Name-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-Name-OmaUri-Begin -->
@@ -389,7 +389,7 @@ Name of the application.
 <!-- Device-MSI-{ProductID}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-Publisher-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-Publisher-OmaUri-Begin -->
@@ -428,7 +428,7 @@ Publisher of application.
 <!-- Device-MSI-{ProductID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-Status-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-Status-OmaUri-Begin -->
@@ -467,7 +467,7 @@ Status of the application. Valid values: 10-Initialized, 20-Download In Progress
 <!-- Device-MSI-{ProductID}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MSI-{ProductID}-Version-Applicability-End -->
 
 <!-- Device-MSI-{ProductID}-Version-OmaUri-Begin -->
@@ -506,7 +506,7 @@ MSI Product Version.
 <!-- Device-MSI-UpgradeCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-MSI-UpgradeCode-Applicability-End -->
 
 <!-- Device-MSI-UpgradeCode-OmaUri-Begin -->
@@ -545,7 +545,7 @@ MSI Product Version.
 <!-- Device-MSI-UpgradeCode-{Guid}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-MSI-UpgradeCode-{Guid}-Applicability-End -->
 
 <!-- Device-MSI-UpgradeCode-{Guid}-OmaUri-Begin -->
@@ -585,7 +585,7 @@ A gateway (or device management server) uses this method to detect matching upgr
 <!-- User-MSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-Applicability-End -->
 
 <!-- User-MSI-OmaUri-Begin -->
@@ -624,7 +624,7 @@ Product Type is MSI.
 <!-- User-MSI-{ProductID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-OmaUri-Begin -->
@@ -665,7 +665,7 @@ The MSI product code for the application.
 <!-- User-MSI-{ProductID}-DownloadInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-DownloadInstall-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-DownloadInstall-OmaUri-Begin -->
@@ -717,7 +717,7 @@ For more information, see [DownloadInstall XSD Schema](#downloadinstall-xsd-sche
 <!-- User-MSI-{ProductID}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-InstallDate-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-InstallDate-OmaUri-Begin -->
@@ -756,7 +756,7 @@ Installation date of the application.
 <!-- User-MSI-{ProductID}-InstallPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-InstallPath-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-InstallPath-OmaUri-Begin -->
@@ -795,7 +795,7 @@ Installation path of the application.
 <!-- User-MSI-{ProductID}-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-LastError-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-LastError-OmaUri-Begin -->
@@ -834,7 +834,7 @@ The last error code during the application installation process. This is typical
 <!-- User-MSI-{ProductID}-LastErrorDesc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-LastErrorDesc-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-LastErrorDesc-OmaUri-Begin -->
@@ -873,7 +873,7 @@ Contains the last error code description. The LastErrorDesc value is looked up f
 <!-- User-MSI-{ProductID}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-Name-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-Name-OmaUri-Begin -->
@@ -912,7 +912,7 @@ Name of the application.
 <!-- User-MSI-{ProductID}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-Publisher-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-Publisher-OmaUri-Begin -->
@@ -951,7 +951,7 @@ Publisher of application.
 <!-- User-MSI-{ProductID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-Status-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-Status-OmaUri-Begin -->
@@ -990,7 +990,7 @@ Status of the application. Valid values: 10-Initialized, 20-Download In Progress
 <!-- User-MSI-{ProductID}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-MSI-{ProductID}-Version-Applicability-End -->
 
 <!-- User-MSI-{ProductID}-Version-OmaUri-Begin -->
@@ -1029,7 +1029,7 @@ MSI Product Version.
 <!-- User-MSI-UpgradeCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-MSI-UpgradeCode-Applicability-End -->
 
 <!-- User-MSI-UpgradeCode-OmaUri-Begin -->
@@ -1068,7 +1068,7 @@ MSI Product Version.
 <!-- User-MSI-UpgradeCode-{Guid}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-MSI-UpgradeCode-{Guid}-Applicability-End -->
 
 <!-- User-MSI-UpgradeCode-{Guid}-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index 788f6427ae..b20f68bf7f 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/27/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -407,7 +407,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index c1f8d41e72..4d1e964bfc 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the EnterpriseModernAppManagement CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -259,7 +259,7 @@ The following list shows the EnterpriseModernAppManagement configuration service
 <!-- Device-AppInstallation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-Applicability-End -->
 
 <!-- Device-AppInstallation-OmaUri-Begin -->
@@ -299,7 +299,7 @@ This is a required node.
 <!-- Device-AppInstallation-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-OmaUri-Begin -->
@@ -363,7 +363,7 @@ Here's an example for uninstalling an app:
 <!-- Device-AppInstallation-{PackageFamilyName}-HostedInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-HostedInstall-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-HostedInstall-OmaUri-Begin -->
@@ -414,7 +414,7 @@ This is a required node. The following list shows the supported deployment optio
 <!-- Device-AppInstallation-{PackageFamilyName}-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-LastError-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-LastError-OmaUri-Begin -->
@@ -455,7 +455,7 @@ Last error relating to the app installation.
 <!-- Device-AppInstallation-{PackageFamilyName}-LastErrorDesc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-LastErrorDesc-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-LastErrorDesc-OmaUri-Begin -->
@@ -496,7 +496,7 @@ Description of last error relating to the app installation.
 <!-- Device-AppInstallation-{PackageFamilyName}-ProgressStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-ProgressStatus-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-ProgressStatus-OmaUri-Begin -->
@@ -537,7 +537,7 @@ An integer that indicates the progress of the app installation. For https locati
 <!-- Device-AppInstallation-{PackageFamilyName}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-Status-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-Status-OmaUri-Begin -->
@@ -578,7 +578,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0)
 <!-- Device-AppInstallation-{PackageFamilyName}-StoreInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppInstallation-{PackageFamilyName}-StoreInstall-Applicability-End -->
 
 <!-- Device-AppInstallation-{PackageFamilyName}-StoreInstall-OmaUri-Begin -->
@@ -617,7 +617,7 @@ Command to perform an install of an app and a license from the Microsoft Store.
 <!-- Device-AppLicenses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-Applicability-End -->
 
 <!-- Device-AppLicenses-OmaUri-Begin -->
@@ -656,7 +656,7 @@ Used to manage licenses for app scenarios.
 <!-- Device-AppLicenses-StoreLicenses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-OmaUri-Begin -->
@@ -696,7 +696,7 @@ This is a required node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-OmaUri-Begin -->
@@ -737,7 +737,7 @@ This is an optional node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-OmaUri-Begin -->
@@ -777,7 +777,7 @@ This is a required node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-OmaUri-Begin -->
@@ -817,7 +817,7 @@ This is a required node.
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-OmaUri-Begin -->
@@ -856,7 +856,7 @@ Category of license that's used to classify various license sources. Valid value
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseUsage-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-LicenseUsage-OmaUri-Begin -->
@@ -895,7 +895,7 @@ Indicates the allowed usage for the license. Valid values: Unknown - usage is un
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Applicability-End -->
 
 <!-- Device-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-OmaUri-Begin -->
@@ -934,7 +934,7 @@ Identifier for the entity that requested the license, such as the client who acq
 <!-- Device-AppManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-Applicability-End -->
 
 <!-- Device-AppManagement-OmaUri-Begin -->
@@ -974,7 +974,7 @@ This is a required node.
 <!-- Device-AppManagement-AppInventoryQuery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppInventoryQuery-Applicability-End -->
 
 <!-- Device-AppManagement-AppInventoryQuery-OmaUri-Begin -->
@@ -1058,7 +1058,7 @@ The following example sets the inventory query for the package names and checks
 <!-- Device-AppManagement-AppInventoryResults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppInventoryResults-Applicability-End -->
 
 <!-- Device-AppManagement-AppInventoryResults-OmaUri-Begin -->
@@ -1112,7 +1112,7 @@ Here's an example of AppInventoryResults operation.
 <!-- Device-AppManagement-AppStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-OmaUri-Begin -->
@@ -1151,7 +1151,7 @@ This is a required node. Used for managing apps from the Microsoft Store.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-OmaUri-Begin -->
@@ -1213,7 +1213,7 @@ Here's an example for uninstalling an app:
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-OmaUri-Begin -->
@@ -1253,7 +1253,7 @@ Full name of the package installed.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-OmaUri-Begin -->
@@ -1294,7 +1294,7 @@ Architecture of installed package. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-OmaUri-Begin -->
@@ -1334,7 +1334,7 @@ This is a required node.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-OmaUri-Begin -->
@@ -1375,7 +1375,7 @@ Install location of the app on the device. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsBundle-OmaUri-Begin -->
@@ -1414,7 +1414,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-OmaUri-Begin -->
@@ -1455,7 +1455,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-OmaUri-Begin -->
@@ -1494,7 +1494,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-OmaUri-Begin -->
@@ -1534,7 +1534,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Name-OmaUri-Begin -->
@@ -1573,7 +1573,7 @@ Name of the app. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-OmaUri-Begin -->
@@ -1614,7 +1614,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Publisher-OmaUri-Begin -->
@@ -1653,7 +1653,7 @@ Publisher name of the app. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-OmaUri-Begin -->
@@ -1696,7 +1696,7 @@ This is a required node.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-OmaUri-Begin -->
@@ -1737,7 +1737,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-OmaUri-Begin -->
@@ -1782,7 +1782,7 @@ This is a required node. Possible values:
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Version-OmaUri-Begin -->
@@ -1821,7 +1821,7 @@ Version of the app. Value type is string.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-OmaUri-Begin -->
@@ -1870,7 +1870,7 @@ This is a required node.
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-OmaUri-Begin -->
@@ -1926,7 +1926,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-{PackageFamilyName}-NonRemovable-OmaUri-Begin -->
@@ -2038,7 +2038,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev
 <!-- Device-AppManagement-AppStore-ReleaseManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-OmaUri-Begin -->
@@ -2079,7 +2079,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-OmaUri-Begin -->
@@ -2119,7 +2119,7 @@ Identifier for the app or set of apps. If there is only one app, it's the Packag
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-OmaUri-Begin -->
@@ -2158,7 +2158,7 @@ Specifies the app channel ID.
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-OmaUri-Begin -->
@@ -2197,7 +2197,7 @@ Interior node used to specify the effective app release to use when multiple use
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-OmaUri-Begin -->
@@ -2236,7 +2236,7 @@ Returns the last user channel ID on the device.
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-OmaUri-Begin -->
@@ -2275,7 +2275,7 @@ Returns the last user release ID on the device.
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-End -->
 
 <!-- Device-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-OmaUri-Begin -->
@@ -2314,7 +2314,7 @@ The IT admin can specify a release ID to indicate a specific release that they w
 <!-- Device-AppManagement-LastScanError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-LastScanError-Applicability-End -->
 
 <!-- Device-AppManagement-LastScanError-OmaUri-Begin -->
@@ -2354,7 +2354,7 @@ This is a required node.
 <!-- Device-AppManagement-nonStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-OmaUri-Begin -->
@@ -2393,7 +2393,7 @@ Used to manage enterprise apps or developer apps that weren't acquired from the
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-OmaUri-Begin -->
@@ -2455,7 +2455,7 @@ Here's an example for uninstalling an app:
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-OmaUri-Begin -->
@@ -2495,7 +2495,7 @@ Full name of the package installed.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-OmaUri-Begin -->
@@ -2536,7 +2536,7 @@ Architecture of installed package. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-OmaUri-Begin -->
@@ -2576,7 +2576,7 @@ This is a required node.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-OmaUri-Begin -->
@@ -2617,7 +2617,7 @@ Install location of the app on the device. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsBundle-OmaUri-Begin -->
@@ -2656,7 +2656,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-OmaUri-Begin -->
@@ -2697,7 +2697,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-OmaUri-Begin -->
@@ -2736,7 +2736,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-OmaUri-Begin -->
@@ -2776,7 +2776,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Name-OmaUri-Begin -->
@@ -2815,7 +2815,7 @@ Name of the app. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-OmaUri-Begin -->
@@ -2856,7 +2856,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Publisher-OmaUri-Begin -->
@@ -2895,7 +2895,7 @@ Publisher name of the app. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-OmaUri-Begin -->
@@ -2938,7 +2938,7 @@ This is a required node.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-OmaUri-Begin -->
@@ -2979,7 +2979,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-OmaUri-Begin -->
@@ -3024,7 +3024,7 @@ This is a required node. Possible values:
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Version-OmaUri-Begin -->
@@ -3063,7 +3063,7 @@ Version of the app. Value type is string.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-OmaUri-Begin -->
@@ -3112,7 +3112,7 @@ This is a required node.
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-OmaUri-Begin -->
@@ -3168,7 +3168,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-{PackageFamilyName}-NonRemovable-OmaUri-Begin -->
@@ -3280,7 +3280,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev
 <!-- Device-AppManagement-nonStore-ReleaseManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-OmaUri-Begin -->
@@ -3319,7 +3319,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-OmaUri-Begin -->
@@ -3359,7 +3359,7 @@ Identifier for the app or set of apps. If there is only one app, it's the Packag
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-OmaUri-Begin -->
@@ -3398,7 +3398,7 @@ Specifies the app channel ID.
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-OmaUri-Begin -->
@@ -3437,7 +3437,7 @@ Interior node used to specify the effective app release to use when multiple use
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-OmaUri-Begin -->
@@ -3476,7 +3476,7 @@ Returns the last user channel ID on the device.
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-OmaUri-Begin -->
@@ -3515,7 +3515,7 @@ Returns the last user release ID on the device.
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-End -->
 
 <!-- Device-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-OmaUri-Begin -->
@@ -3554,7 +3554,7 @@ The IT admin can specify a release ID to indicate a specific release that they w
 <!-- Device-AppManagement-ResetPackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-ResetPackage-Applicability-End -->
 
 <!-- Device-AppManagement-ResetPackage-OmaUri-Begin -->
@@ -3593,7 +3593,7 @@ Used to restore the Windows app to its initial configuration.
 <!-- Device-AppManagement-System-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-Applicability-End -->
 
 <!-- Device-AppManagement-System-OmaUri-Begin -->
@@ -3632,7 +3632,7 @@ Reports apps installed as part of the operating system.
 <!-- Device-AppManagement-System-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-OmaUri-Begin -->
@@ -3674,7 +3674,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-OmaUri-Begin -->
@@ -3714,7 +3714,7 @@ Full name of the package installed.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-OmaUri-Begin -->
@@ -3755,7 +3755,7 @@ Architecture of installed package. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-OmaUri-Begin -->
@@ -3795,7 +3795,7 @@ This is a required node.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-OmaUri-Begin -->
@@ -3836,7 +3836,7 @@ Install location of the app on the device. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsBundle-OmaUri-Begin -->
@@ -3875,7 +3875,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-OmaUri-Begin -->
@@ -3916,7 +3916,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsProvisioned-OmaUri-Begin -->
@@ -3955,7 +3955,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-OmaUri-Begin -->
@@ -3995,7 +3995,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Name-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Name-OmaUri-Begin -->
@@ -4034,7 +4034,7 @@ Name of the app. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-OmaUri-Begin -->
@@ -4075,7 +4075,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Publisher-OmaUri-Begin -->
@@ -4114,7 +4114,7 @@ Publisher name of the app. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-OmaUri-Begin -->
@@ -4157,7 +4157,7 @@ This is a required node.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-OmaUri-Begin -->
@@ -4198,7 +4198,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-OmaUri-Begin -->
@@ -4243,7 +4243,7 @@ This is a required node.
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Version-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Version-OmaUri-Begin -->
@@ -4282,7 +4282,7 @@ Version of the app. Value type is string.
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-OmaUri-Begin -->
@@ -4321,7 +4321,7 @@ AppUpdateSettings nodes to support the auto-update and auto-repair feature for a
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoRepair-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoRepair-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoRepair-OmaUri-Begin -->
@@ -4360,7 +4360,7 @@ AutoRepair node to support auto-repair feature for a specific package.
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoRepair-PackageSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoRepair-PackageSource-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoRepair-PackageSource-OmaUri-Begin -->
@@ -4400,7 +4400,7 @@ PackageSource node that points the update location for a specific package.
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-OmaUri-Begin -->
@@ -4439,7 +4439,7 @@ AutoUpdateSettings nodes to support the auto-updates for a specific package.
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-AutomaticBackgroundTask-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-AutomaticBackgroundTask-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-AutomaticBackgroundTask-OmaUri-Begin -->
@@ -4488,7 +4488,7 @@ Specifies whether AutomaticBackgroundTask is enabled/disabled for a specific pac
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-Disable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-Disable-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-Disable-OmaUri-Begin -->
@@ -4537,7 +4537,7 @@ Specifies whether the auto-update settings is enabled/disabled for a specific pa
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-ForceUpdateFromAnyVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-ForceUpdateFromAnyVersion-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-ForceUpdateFromAnyVersion-OmaUri-Begin -->
@@ -4586,7 +4586,7 @@ Specifies whether the auto-update setting ForceUpdateFromAnyVersion is enabled/d
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-HoursBetweenUpdateChecks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-HoursBetweenUpdateChecks-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-HoursBetweenUpdateChecks-OmaUri-Begin -->
@@ -4627,7 +4627,7 @@ Specifies HoursBetweenUpdateChecks for a specific package.
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-OnLaunchUpdateCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-OnLaunchUpdateCheck-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-OnLaunchUpdateCheck-OmaUri-Begin -->
@@ -4676,7 +4676,7 @@ Specifies whether OnLaunchUpdateCheck is enabled/disabled for a specific package
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-PackageSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-PackageSource-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-PackageSource-OmaUri-Begin -->
@@ -4716,7 +4716,7 @@ PackageSource node that points the update location for a specific package.
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-ShowPrompt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-ShowPrompt-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-ShowPrompt-OmaUri-Begin -->
@@ -4765,7 +4765,7 @@ Specifies whether the auto-update setting ShowPrompt is enabled/disabled for a s
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-UpdateBlocksActivation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-UpdateBlocksActivation-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-AppUpdateSettings-AutoUpdateSettings-UpdateBlocksActivation-OmaUri-Begin -->
@@ -4814,7 +4814,7 @@ Specifies whether the auto-update setting UpdateBlocksActivation is enabled/disa
 <!-- Device-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-DoNotUpdate-OmaUri-Begin -->
@@ -4863,7 +4863,7 @@ This is a required node.
 <!-- Device-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-OmaUri-Begin -->
@@ -4919,7 +4919,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-Applicability-End -->
 
 <!-- Device-AppManagement-System-{PackageFamilyName}-NonRemovable-OmaUri-Begin -->
@@ -5031,7 +5031,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev
 <!-- Device-AppManagement-System-ReleaseManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-OmaUri-Begin -->
@@ -5070,7 +5070,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-OmaUri-Begin -->
@@ -5110,7 +5110,7 @@ Identifier for the app or set of apps. If there is only one app, it's the Packag
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ChannelId-OmaUri-Begin -->
@@ -5149,7 +5149,7 @@ Specifies the app channel ID.
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-OmaUri-Begin -->
@@ -5188,7 +5188,7 @@ Interior node used to specify the effective app release to use when multiple use
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-OmaUri-Begin -->
@@ -5227,7 +5227,7 @@ Returns the last user channel ID on the device.
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-OmaUri-Begin -->
@@ -5266,7 +5266,7 @@ Returns the last user release ID on the device.
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-End -->
 
 <!-- Device-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-OmaUri-Begin -->
@@ -5305,7 +5305,7 @@ The IT admin can specify a release ID to indicate a specific release that they w
 <!-- Device-AppManagement-UpdateScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-AppManagement-UpdateScan-Applicability-End -->
 
 <!-- Device-AppManagement-UpdateScan-OmaUri-Begin -->
@@ -5345,7 +5345,7 @@ This is a required node.
 <!-- User-AppInstallation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-Applicability-End -->
 
 <!-- User-AppInstallation-OmaUri-Begin -->
@@ -5384,7 +5384,7 @@ Used to perform app installation.
 <!-- User-AppInstallation-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-OmaUri-Begin -->
@@ -5446,7 +5446,7 @@ Here's an example for uninstalling an app:
 <!-- User-AppInstallation-{PackageFamilyName}-HostedInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-HostedInstall-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-HostedInstall-OmaUri-Begin -->
@@ -5497,7 +5497,7 @@ This is a required node. The following list shows the supported deployment optio
 <!-- User-AppInstallation-{PackageFamilyName}-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-LastError-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-LastError-OmaUri-Begin -->
@@ -5538,7 +5538,7 @@ Last error relating to the app installation.
 <!-- User-AppInstallation-{PackageFamilyName}-LastErrorDesc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-LastErrorDesc-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-LastErrorDesc-OmaUri-Begin -->
@@ -5579,7 +5579,7 @@ Description of last error relating to the app installation.
 <!-- User-AppInstallation-{PackageFamilyName}-ProgressStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-ProgressStatus-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-ProgressStatus-OmaUri-Begin -->
@@ -5620,7 +5620,7 @@ An integer that indicates the progress of the app installation. For https locati
 <!-- User-AppInstallation-{PackageFamilyName}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-Status-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-Status-OmaUri-Begin -->
@@ -5661,7 +5661,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0)
 <!-- User-AppInstallation-{PackageFamilyName}-StoreInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppInstallation-{PackageFamilyName}-StoreInstall-Applicability-End -->
 
 <!-- User-AppInstallation-{PackageFamilyName}-StoreInstall-OmaUri-Begin -->
@@ -5700,7 +5700,7 @@ Command to perform an install of an app and a license from the Microsoft Store.
 <!-- User-AppLicenses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-Applicability-End -->
 
 <!-- User-AppLicenses-OmaUri-Begin -->
@@ -5739,7 +5739,7 @@ Used to manage licenses for app scenarios.
 <!-- User-AppLicenses-StoreLicenses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-OmaUri-Begin -->
@@ -5778,7 +5778,7 @@ Used to manage licenses for store apps.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-OmaUri-Begin -->
@@ -5819,7 +5819,7 @@ This is an optional node.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-AddLicense-OmaUri-Begin -->
@@ -5859,7 +5859,7 @@ This is a required node.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-GetLicenseFromStore-OmaUri-Begin -->
@@ -5899,7 +5899,7 @@ This is a required node.
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseCategory-OmaUri-Begin -->
@@ -5938,7 +5938,7 @@ Category of license that's used to classify various license sources. Valid value
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseUsage-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-LicenseUsage-OmaUri-Begin -->
@@ -5977,7 +5977,7 @@ Indicates the allowed usage for the license. Valid values: Unknown - usage is un
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-Applicability-End -->
 
 <!-- User-AppLicenses-StoreLicenses-{LicenseID}-RequesterID-OmaUri-Begin -->
@@ -6016,7 +6016,7 @@ Identifier for the entity that requested the license, such as the client who acq
 <!-- User-AppManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-Applicability-End -->
 
 <!-- User-AppManagement-OmaUri-Begin -->
@@ -6055,7 +6055,7 @@ Used for inventory and app management (post-install).
 <!-- User-AppManagement-AppInventoryQuery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppInventoryQuery-Applicability-End -->
 
 <!-- User-AppManagement-AppInventoryQuery-OmaUri-Begin -->
@@ -6137,7 +6137,7 @@ The following example sets the inventory query for the package names and checks
 <!-- User-AppManagement-AppInventoryResults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppInventoryResults-Applicability-End -->
 
 <!-- User-AppManagement-AppInventoryResults-OmaUri-Begin -->
@@ -6191,7 +6191,7 @@ Here's an example of AppInventoryResults operation.
 <!-- User-AppManagement-AppStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-OmaUri-Begin -->
@@ -6230,7 +6230,7 @@ This is a required node. Used for managing apps from the Microsoft Store.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-OmaUri-Begin -->
@@ -6292,7 +6292,7 @@ Here's an example for uninstalling an app:
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-OmaUri-Begin -->
@@ -6332,7 +6332,7 @@ Full name of the package installed.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Architecture-OmaUri-Begin -->
@@ -6373,7 +6373,7 @@ Architecture of installed package. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallDate-OmaUri-Begin -->
@@ -6413,7 +6413,7 @@ This is a required node.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-OmaUri-Begin -->
@@ -6454,7 +6454,7 @@ Install location of the app on the device. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsBundle-OmaUri-Begin -->
@@ -6493,7 +6493,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsFramework-OmaUri-Begin -->
@@ -6534,7 +6534,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-OmaUri-Begin -->
@@ -6573,7 +6573,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-IsStub-OmaUri-Begin -->
@@ -6613,7 +6613,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Name-OmaUri-Begin -->
@@ -6652,7 +6652,7 @@ Name of the app. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-OmaUri-Begin -->
@@ -6693,7 +6693,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Publisher-OmaUri-Begin -->
@@ -6732,7 +6732,7 @@ Publisher name of the app. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-OmaUri-Begin -->
@@ -6775,7 +6775,7 @@ This is a required node.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-ResourceID-OmaUri-Begin -->
@@ -6816,7 +6816,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Users-OmaUri-Begin -->
@@ -6861,7 +6861,7 @@ This is a required node. Possible values:
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-{PackageFullName}-Version-OmaUri-Begin -->
@@ -6900,7 +6900,7 @@ Version of the app. Value type is string.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-OmaUri-Begin -->
@@ -6941,7 +6941,7 @@ Interior node for all managed app setting values.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-OmaUri-Begin -->
@@ -7015,7 +7015,7 @@ This setting only works for apps that support the feature and it's only supporte
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-DoNotUpdate-OmaUri-Begin -->
@@ -7064,7 +7064,7 @@ This is a required node.
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-OmaUri-Begin -->
@@ -7120,7 +7120,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 <!-- User-AppManagement-AppStore-ReleaseManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-OmaUri-Begin -->
@@ -7161,7 +7161,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-OmaUri-Begin -->
@@ -7201,7 +7201,7 @@ Identifier for the app or set of apps. If there is only one app, it's the Packag
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-OmaUri-Begin -->
@@ -7240,7 +7240,7 @@ Specifies the app channel ID.
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-OmaUri-Begin -->
@@ -7279,7 +7279,7 @@ Interior node used to specify the effective app release to use when multiple use
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-OmaUri-Begin -->
@@ -7318,7 +7318,7 @@ Returns the last user channel ID on the device.
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-OmaUri-Begin -->
@@ -7357,7 +7357,7 @@ Returns the last user release ID on the device.
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-End -->
 
 <!-- User-AppManagement-AppStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-OmaUri-Begin -->
@@ -7396,7 +7396,7 @@ The IT admin can specify a release ID to indicate a specific release that they w
 <!-- User-AppManagement-LastScanError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-LastScanError-Applicability-End -->
 
 <!-- User-AppManagement-LastScanError-OmaUri-Begin -->
@@ -7436,7 +7436,7 @@ This is a required node.
 <!-- User-AppManagement-nonStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-OmaUri-Begin -->
@@ -7475,7 +7475,7 @@ Used to manage enterprise apps or developer apps that weren't acquired from the
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-OmaUri-Begin -->
@@ -7533,7 +7533,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-OmaUri-Begin -->
@@ -7573,7 +7573,7 @@ Full name of the package installed.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Architecture-OmaUri-Begin -->
@@ -7614,7 +7614,7 @@ Architecture of installed package. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallDate-OmaUri-Begin -->
@@ -7654,7 +7654,7 @@ This is a required node.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-InstallLocation-OmaUri-Begin -->
@@ -7695,7 +7695,7 @@ Install location of the app on the device. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsBundle-OmaUri-Begin -->
@@ -7734,7 +7734,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsFramework-OmaUri-Begin -->
@@ -7775,7 +7775,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsProvisioned-OmaUri-Begin -->
@@ -7814,7 +7814,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-IsStub-OmaUri-Begin -->
@@ -7856,7 +7856,7 @@ Value type is int.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Name-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Name-OmaUri-Begin -->
@@ -7895,7 +7895,7 @@ Name of the app. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-PackageStatus-OmaUri-Begin -->
@@ -7936,7 +7936,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Publisher-OmaUri-Begin -->
@@ -7975,7 +7975,7 @@ Publisher name of the app. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-OmaUri-Begin -->
@@ -8018,7 +8018,7 @@ This is a required node.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-ResourceID-OmaUri-Begin -->
@@ -8059,7 +8059,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Users-OmaUri-Begin -->
@@ -8104,7 +8104,7 @@ Requried.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Version-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-{PackageFullName}-Version-OmaUri-Begin -->
@@ -8143,7 +8143,7 @@ Version of the app. Value type is string.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-OmaUri-Begin -->
@@ -8183,7 +8183,7 @@ This node is only supported in the user context.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-OmaUri-Begin -->
@@ -8255,7 +8255,7 @@ The following example gets all managed app settings for a specific app.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-DoNotUpdate-OmaUri-Begin -->
@@ -8304,7 +8304,7 @@ This is a required node.
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-OmaUri-Begin -->
@@ -8360,7 +8360,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 <!-- User-AppManagement-nonStore-ReleaseManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-OmaUri-Begin -->
@@ -8399,7 +8399,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-OmaUri-Begin -->
@@ -8439,7 +8439,7 @@ Identifier for the app or set of apps. If there is only one app, it's the Packag
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ChannelId-OmaUri-Begin -->
@@ -8478,7 +8478,7 @@ Specifies the app channel ID.
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-OmaUri-Begin -->
@@ -8517,7 +8517,7 @@ Interior node used to specify the effective app release to use when multiple use
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-OmaUri-Begin -->
@@ -8556,7 +8556,7 @@ Returns the last user channel ID on the device.
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-OmaUri-Begin -->
@@ -8595,7 +8595,7 @@ Returns the last user release ID on the device.
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-End -->
 
 <!-- User-AppManagement-nonStore-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-OmaUri-Begin -->
@@ -8634,7 +8634,7 @@ The IT admin can specify a release ID to indicate a specific release that they w
 <!-- User-AppManagement-RemovePackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-AppManagement-RemovePackage-Applicability-End -->
 
 <!-- User-AppManagement-RemovePackage-OmaUri-Begin -->
@@ -8699,7 +8699,7 @@ The following example removes a package for all users:
 <!-- User-AppManagement-ResetPackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-AppManagement-ResetPackage-Applicability-End -->
 
 <!-- User-AppManagement-ResetPackage-OmaUri-Begin -->
@@ -8738,7 +8738,7 @@ Used to restore the Windows app to its initial configuration.
 <!-- User-AppManagement-System-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-Applicability-End -->
 
 <!-- User-AppManagement-System-OmaUri-Begin -->
@@ -8777,7 +8777,7 @@ Reports apps installed as part of the operating system.
 <!-- User-AppManagement-System-{PackageFamilyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-OmaUri-Begin -->
@@ -8837,7 +8837,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-OmaUri-Begin -->
@@ -8877,7 +8877,7 @@ Full name of the package installed.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Architecture-OmaUri-Begin -->
@@ -8918,7 +8918,7 @@ Architecture of installed package. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallDate-OmaUri-Begin -->
@@ -8958,7 +8958,7 @@ This is a required node.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-InstallLocation-OmaUri-Begin -->
@@ -8999,7 +8999,7 @@ Install location of the app on the device. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsBundle-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsBundle-OmaUri-Begin -->
@@ -9038,7 +9038,7 @@ The value is 1 if the package is an app bundle and 0 (zero) for all other cases.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsFramework-OmaUri-Begin -->
@@ -9079,7 +9079,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsProvisioned-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsProvisioned-OmaUri-Begin -->
@@ -9118,7 +9118,7 @@ The value is 0 or 1 that indicates if the app is provisioned on the device. The
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-IsStub-OmaUri-Begin -->
@@ -9158,7 +9158,7 @@ The value is 1 if the package is a stub package and 0 (zero) for all other cases
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Name-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Name-OmaUri-Begin -->
@@ -9197,7 +9197,7 @@ Name of the app. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-PackageStatus-OmaUri-Begin -->
@@ -9238,7 +9238,7 @@ Provides information about the status of the package. Value type is int. Valid v
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Publisher-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Publisher-OmaUri-Begin -->
@@ -9277,7 +9277,7 @@ Publisher name of the app. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-RequiresReinstall-OmaUri-Begin -->
@@ -9320,7 +9320,7 @@ This is a required node.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-ResourceID-OmaUri-Begin -->
@@ -9361,7 +9361,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Users-OmaUri-Begin -->
@@ -9406,7 +9406,7 @@ This is a required node.
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Version-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-{PackageFullName}-Version-OmaUri-Begin -->
@@ -9445,7 +9445,7 @@ Version of the app. Value type is string.
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-OmaUri-Begin -->
@@ -9485,7 +9485,7 @@ This node is only supported in the user context.
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-AppSettingPolicy-{SettingValue}-OmaUri-Begin -->
@@ -9559,7 +9559,7 @@ This setting only works for apps that support the feature and it's only supporte
 <!-- User-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-DoNotUpdate-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-DoNotUpdate-OmaUri-Begin -->
@@ -9608,7 +9608,7 @@ This is a required node.
 <!-- User-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-Applicability-End -->
 
 <!-- User-AppManagement-System-{PackageFamilyName}-MaintainProcessorArchitectureOnUpdate-OmaUri-Begin -->
@@ -9664,7 +9664,7 @@ Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (M
 <!-- User-AppManagement-System-ReleaseManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-OmaUri-Begin -->
@@ -9703,7 +9703,7 @@ Interior node for the managing updates through the Microsoft Store. These settin
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-OmaUri-Begin -->
@@ -9743,7 +9743,7 @@ Identifier for the app or set of apps. If there is only one app, it's the Packag
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ChannelId-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ChannelId-OmaUri-Begin -->
@@ -9782,7 +9782,7 @@ Specifies the app channel ID.
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-OmaUri-Begin -->
@@ -9821,7 +9821,7 @@ Interior node used to specify the effective app release to use when multiple use
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ChannelId-OmaUri-Begin -->
@@ -9860,7 +9860,7 @@ Returns the last user channel ID on the device.
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-EffectiveRelease-ReleaseManagementId-OmaUri-Begin -->
@@ -9899,7 +9899,7 @@ Returns the last user release ID on the device.
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-Applicability-End -->
 
 <!-- User-AppManagement-System-ReleaseManagement-{ReleaseManagementKey}-ReleaseManagementId-OmaUri-Begin -->
@@ -9938,7 +9938,7 @@ The IT admin can specify a release ID to indicate a specific release that they w
 <!-- User-AppManagement-UpdateScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-AppManagement-UpdateScan-Applicability-End -->
 
 <!-- User-AppManagement-UpdateScan-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 2e9e5509b9..9067ae0893 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/24/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -2594,7 +2594,7 @@ The following XML file contains the device description framework (DDF) for the E
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index f8230b10e8..3933d2fb17 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the eUICCs CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -57,7 +57,7 @@ The following list shows the eUICCs configuration service provider nodes:
 <!-- Device-{eUICC}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Applicability-End -->
 
 <!-- Device-{eUICC}-OmaUri-Begin -->
@@ -97,7 +97,7 @@ Represents information associated with an eUICC. There is one subtree for each k
 <!-- Device-{eUICC}-Actions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Actions-Applicability-End -->
 
 <!-- Device-{eUICC}-Actions-OmaUri-Begin -->
@@ -108,7 +108,7 @@ Represents information associated with an eUICC. There is one subtree for each k
 
 <!-- Device-{eUICC}-Actions-Description-Begin -->
 <!-- Description-Source-DDF -->
-Actions that can be performed on the eUICC as a whole (when it's active).
+Actions that can be performed on the eUICC as a whole.
 <!-- Device-{eUICC}-Actions-Description-End -->
 
 <!-- Device-{eUICC}-Actions-Editable-Begin -->
@@ -136,7 +136,7 @@ Actions that can be performed on the eUICC as a whole (when it's active).
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Applicability-End -->
 
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-OmaUri-Begin -->
@@ -147,7 +147,7 @@ Actions that can be performed on the eUICC as a whole (when it's active).
 
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Description-Begin -->
 <!-- Description-Source-DDF -->
-An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.
+This triggers an eUICC Memory Reset, which erases all the eSIM profiles in the eUICC.
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Description-End -->
 
 <!-- Device-{eUICC}-Actions-ResetToFactoryState-Editable-Begin -->
@@ -175,7 +175,7 @@ An EXECUTE on this node triggers the LPA to perform an eUICC Memory Reset.
 <!-- Device-{eUICC}-Actions-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Actions-Status-Applicability-End -->
 
 <!-- Device-{eUICC}-Actions-Status-OmaUri-Begin -->
@@ -215,7 +215,7 @@ Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE
 <!-- Device-{eUICC}-DownloadServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{eUICC}-DownloadServers-Applicability-End -->
 
 <!-- Device-{eUICC}-DownloadServers-OmaUri-Begin -->
@@ -226,7 +226,7 @@ Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE
 
 <!-- Device-{eUICC}-DownloadServers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Represents default SM-DP+ discovery requests.
+Represents servers used for bulk provisioning and eSIM discovery.
 <!-- Device-{eUICC}-DownloadServers-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-Editable-Begin -->
@@ -254,7 +254,7 @@ Represents default SM-DP+ discovery requests.
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Applicability-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-OmaUri-Begin -->
@@ -265,7 +265,7 @@ Represents default SM-DP+ discovery requests.
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Description-Begin -->
 <!-- Description-Source-DDF -->
-Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.
+Node representing a bulk download/discovery server. The node name is the fully qualified domain name of the server that will be used. Creation of this subtree triggers a discovery request.
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-Editable-Begin -->
@@ -294,7 +294,7 @@ Node representing the discovery operation for a server name. The node name is th
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-AutoEnable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-AutoEnable-Applicability-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-AutoEnable-OmaUri-Begin -->
@@ -342,7 +342,7 @@ Indicates whether the discovered profile must be enabled automatically after ins
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Applicability-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-OmaUri-Begin -->
@@ -353,7 +353,7 @@ Indicates whether the discovered profile must be enabled automatically after ins
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Description-Begin -->
 <!-- Description-Source-DDF -->
-Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.
+Current state of the discovery operation for this server (Requested = 1, Executing = 2, Completed = 3, Failed = 4).
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-DiscoveryState-Editable-Begin -->
@@ -382,7 +382,7 @@ Current state of the discovery operation for the parent ServerName (Requested =
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Applicability-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-OmaUri-Begin -->
@@ -393,7 +393,7 @@ Current state of the discovery operation for the parent ServerName (Requested =
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the server is a discovery server. Optional, default value is false.
+Indicates whether the server is a discovery server or if it's used for bulk download. A discovery server is used every time a user requests a profile discovery operation. Optional, default value is false.
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Description-End -->
 
 <!-- Device-{eUICC}-DownloadServers-{ServerName}-IsDiscoveryServer-Editable-Begin -->
@@ -431,7 +431,7 @@ Indicates whether the server is a discovery server. Optional, default value is f
 <!-- Device-{eUICC}-Identifier-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Identifier-Applicability-End -->
 
 <!-- Device-{eUICC}-Identifier-OmaUri-Begin -->
@@ -442,7 +442,7 @@ Indicates whether the server is a discovery server. Optional, default value is f
 
 <!-- Device-{eUICC}-Identifier-Description-Begin -->
 <!-- Description-Source-DDF -->
-The EID.
+The unique eUICC identifier (EID).
 <!-- Device-{eUICC}-Identifier-Description-End -->
 
 <!-- Device-{eUICC}-Identifier-Editable-Begin -->
@@ -471,7 +471,7 @@ Identifies an eUICC in an implementation-specific manner, for example, this iden
 <!-- Device-{eUICC}-IsActive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-IsActive-Applicability-End -->
 
 <!-- Device-{eUICC}-IsActive-OmaUri-Begin -->
@@ -510,7 +510,7 @@ Indicates whether this eUICC is physically present and active. Updated only by t
 <!-- Device-{eUICC}-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Policies-Applicability-End -->
 
 <!-- Device-{eUICC}-Policies-OmaUri-Begin -->
@@ -549,7 +549,7 @@ Device policies associated with the eUICC as a whole (not per-profile).
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Applicability-End -->
 
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-OmaUri-Begin -->
@@ -560,7 +560,7 @@ Device policies associated with the eUICC as a whole (not per-profile).
 
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Description-Begin -->
 <!-- Description-Source-DDF -->
-Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.
+Determines whether or not the user can make changes to the eSIM through the user interface.
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Description-End -->
 
 <!-- Device-{eUICC}-Policies-LocalUIEnabled-Editable-Begin -->
@@ -598,7 +598,7 @@ Determines whether the local user interface of the LUI is available (true if ava
 <!-- Device-{eUICC}-PPR1Allowed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-PPR1Allowed-Applicability-End -->
 
 <!-- Device-{eUICC}-PPR1Allowed-OmaUri-Begin -->
@@ -609,7 +609,7 @@ Determines whether the local user interface of the LUI is available (true if ava
 
 <!-- Device-{eUICC}-PPR1Allowed-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed.
+Indicates whether the download of a profile with Profile Policy Rule 1 (PPR1) is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 isn't allowed.
 <!-- Device-{eUICC}-PPR1Allowed-Description-End -->
 
 <!-- Device-{eUICC}-PPR1Allowed-Editable-Begin -->
@@ -637,7 +637,7 @@ Indicates whether the download of a profile with PPR1 is allowed. If the eUICC h
 <!-- Device-{eUICC}-PPR1AlreadySet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-PPR1AlreadySet-Applicability-End -->
 
 <!-- Device-{eUICC}-PPR1AlreadySet-OmaUri-Begin -->
@@ -648,7 +648,7 @@ Indicates whether the download of a profile with PPR1 is allowed. If the eUICC h
 
 <!-- Device-{eUICC}-PPR1AlreadySet-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether the eUICC has already a profile with PPR1.
+Indicates whether the eUICC has already a profile with Profile Policy Rule 1 (PPR1).
 <!-- Device-{eUICC}-PPR1AlreadySet-Description-End -->
 
 <!-- Device-{eUICC}-PPR1AlreadySet-Editable-Begin -->
@@ -676,7 +676,7 @@ Indicates whether the eUICC has already a profile with PPR1.
 <!-- Device-{eUICC}-Profiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-OmaUri-Begin -->
@@ -687,7 +687,7 @@ Indicates whether the eUICC has already a profile with PPR1.
 
 <!-- Device-{eUICC}-Profiles-Description-Begin -->
 <!-- Description-Source-DDF -->
-Represents all enterprise-owned profiles.
+Represents all enterprise-owned eSIM profiles.
 <!-- Device-{eUICC}-Profiles-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-Editable-Begin -->
@@ -715,7 +715,7 @@ Represents all enterprise-owned profiles.
 <!-- Device-{eUICC}-Profiles-{ICCID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-OmaUri-Begin -->
@@ -726,7 +726,7 @@ Represents all enterprise-owned profiles.
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-Description-Begin -->
 <!-- Description-Source-DDF -->
-Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
+Node representing an enterprise-owned eSIM profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
 <!-- Device-{eUICC}-Profiles-{ICCID}-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-Editable-Begin -->
@@ -755,7 +755,7 @@ Node representing an enterprise-owned eUICC profile. The node name is the ICCID
 <!-- Device-{eUICC}-Profiles-{ICCID}-ErrorDetail-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-ErrorDetail-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-ErrorDetail-OmaUri-Begin -->
@@ -795,7 +795,7 @@ Detailed error if the profile download and install procedure failed (None = 0, C
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-OmaUri-Begin -->
@@ -806,7 +806,7 @@ Detailed error if the profile download and install procedure failed (None = 0, C
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Description-Begin -->
 <!-- Description-Source-DDF -->
-Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.
+Indicates whether this eSIM profile is enabled. Can be set by both the MDM and the CSP.
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-IsEnabled-Editable-Begin -->
@@ -843,7 +843,7 @@ Indicates whether this profile is enabled. Can be set by the MDM when the ICCID
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-OmaUri-Begin -->
@@ -854,7 +854,7 @@ Indicates whether this profile is enabled. Can be set by the MDM when the ICCID
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Description-Begin -->
 <!-- Description-Source-DDF -->
-Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
+Matching ID (activation code token) for eSIM profile download. Must be set by the MDM when the ICCID subtree is created.
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-MatchingID-Editable-Begin -->
@@ -883,7 +883,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-OmaUri-Begin -->
@@ -894,7 +894,7 @@ Matching ID (activation code token) for profile download. Must be set by the MDM
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Description-Begin -->
 <!-- Description-Source-DDF -->
-This profile policy rule indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise).
+Profile Policy Rule 1 (PPR1) indicates whether disabling of this profile isn't allowed (true if not allowed, false otherwise).
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR1Set-Editable-Begin -->
@@ -922,7 +922,7 @@ This profile policy rule indicates whether disabling of this profile isn't allow
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-OmaUri-Begin -->
@@ -933,7 +933,7 @@ This profile policy rule indicates whether disabling of this profile isn't allow
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Description-Begin -->
 <!-- Description-Source-DDF -->
-This profile policy rule indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise).
+Profile Policy Rule 2 (PPR2) indicates whether deletion of this profile isn't allowed (true if not allowed, false otherwise).
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-PPR2Set-Editable-Begin -->
@@ -961,7 +961,7 @@ This profile policy rule indicates whether deletion of this profile isn't allowe
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-OmaUri-Begin -->
@@ -972,7 +972,7 @@ This profile policy rule indicates whether deletion of this profile isn't allowe
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Description-Begin -->
 <!-- Description-Source-DDF -->
-Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
+Fully qualified domain name of the server that can download this eSIM profile. Must be set by the MDM when the ICCID subtree is created.
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-ServerName-Editable-Begin -->
@@ -1000,7 +1000,7 @@ Fully qualified domain name of the SM-DP+ that can download this profile. Must b
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Applicability-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-OmaUri-Begin -->
@@ -1011,7 +1011,7 @@ Fully qualified domain name of the SM-DP+ that can download this profile. Must b
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Description-Begin -->
 <!-- Description-Source-DDF -->
-Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.
+Current state of the eSIM profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4).
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Description-End -->
 
 <!-- Device-{eUICC}-Profiles-{ICCID}-State-Editable-Begin -->
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index 7e78256e0b..5a070577f7 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -50,7 +50,7 @@ The following XML file contains the device description framework (DDF) for the e
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -84,7 +84,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>The EID.</Description>
+          <Description>The unique eUICC identifier (EID).</Description>
           <DFFormat>
             <chr />
           </DFFormat>
@@ -129,7 +129,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed.</Description>
+          <Description>Indicates whether the download of a profile with Profile Policy Rule 1 (PPR1) is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed.</Description>
           <DFFormat>
             <bool />
           </DFFormat>
@@ -150,7 +150,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Indicates whether the eUICC has already a profile with PPR1.</Description>
+          <Description>Indicates whether the eUICC has already a profile with Profile Policy Rule 1 (PPR1).</Description>
           <DFFormat>
             <bool />
           </DFFormat>
@@ -171,7 +171,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Represents default SM-DP+ discovery requests.</Description>
+          <Description>Represents servers used for bulk provisioning and eSIM discovery.</Description>
           <DFFormat>
             <node />
           </DFFormat>
@@ -199,7 +199,7 @@ The following XML file contains the device description framework (DDF) for the e
               <Get />
               <Replace />
             </AccessType>
-            <Description>Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request.</Description>
+            <Description>Node representing a bulk download/discovery server. The node name is the fully qualified domain name of the server that will be used. Creation of this subtree triggers a discovery request.</Description>
             <DFFormat>
               <node />
             </DFFormat>
@@ -224,7 +224,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
               </AccessType>
               <DefaultValue>1</DefaultValue>
-              <Description>Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA.</Description>
+              <Description>Current state of the discovery operation for this server (Requested = 1, Executing = 2, Completed = 3, Failed = 4).</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -281,7 +281,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Replace />
               </AccessType>
               <DefaultValue>false</DefaultValue>
-              <Description>Indicates whether the server is a discovery server. Optional, default value is false.</Description>
+              <Description>Indicates whether the server is a discovery server or if it is used for bulk download. A discovery server is used every time a user requests a profile discovery operation. Optional, default value is false.</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -318,7 +318,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Represents all enterprise-owned profiles.</Description>
+          <Description>Represents all enterprise-owned eSIM profiles.</Description>
           <DFFormat>
             <node />
           </DFFormat>
@@ -342,7 +342,7 @@ The following XML file contains the device description framework (DDF) for the e
               <Get />
               <Replace />
             </AccessType>
-            <Description>Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
+            <Description>Node representing an enterprise-owned eSIM profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
             <DFFormat>
               <node />
             </DFFormat>
@@ -368,7 +368,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.</Description>
+              <Description>Fully qualified domain name of the server that can download this eSIM profile. Must be set by the MDM when the ICCID subtree is created.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -396,7 +396,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
+              <Description>Matching ID (activation code token) for eSIM profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
               <DFFormat>
                 <chr />
               </DFFormat>
@@ -424,7 +424,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
               </AccessType>
               <DefaultValue>1</DefaultValue>
-              <Description>Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.</Description>
+              <Description>Current state of the eSIM profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4).</Description>
               <DFFormat>
                 <int />
               </DFFormat>
@@ -447,7 +447,7 @@ The following XML file contains the device description framework (DDF) for the e
                 <Get />
                 <Replace />
               </AccessType>
-              <Description>Indicates whether this profile is enabled. Can be set by the MDM when the ICCID subtree is created. Can also be queried and updated by the CSP.</Description>
+              <Description>Indicates whether this eSIM profile is enabled. Can be set by both the MDM and the CSP.</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -482,7 +482,7 @@ The following XML file contains the device description framework (DDF) for the e
               <AccessType>
                 <Get />
               </AccessType>
-              <Description>This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
+              <Description>Profile Policy Rule 1 (PPR1) indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise).</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -503,7 +503,7 @@ The following XML file contains the device description framework (DDF) for the e
               <AccessType>
                 <Get />
               </AccessType>
-              <Description>This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
+              <Description>Profile Policy Rule 2 (PPR2) indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise).</Description>
               <DFFormat>
                 <bool />
               </DFFormat>
@@ -570,7 +570,7 @@ The following XML file contains the device description framework (DDF) for the e
               <Replace />
             </AccessType>
             <DefaultValue>true</DefaultValue>
-            <Description>Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.</Description>
+            <Description>Determines whether or not the user can make changes to the eSIM through the user interface.</Description>
             <DFFormat>
               <bool />
             </DFFormat>
@@ -602,7 +602,7 @@ The following XML file contains the device description framework (DDF) for the e
           <AccessType>
             <Get />
           </AccessType>
-          <Description>Actions that can be performed on the eUICC as a whole (when it is active).</Description>
+          <Description>Actions that can be performed on the eUICC as a whole.</Description>
           <DFFormat>
             <node />
           </DFFormat>
@@ -622,7 +622,7 @@ The following XML file contains the device description framework (DDF) for the e
             <AccessType>
               <Exec />
             </AccessType>
-            <Description>An EXECUTE on this node triggers the  LPA to perform an eUICC Memory Reset.</Description>
+            <Description>This triggers an eUICC Memory Reset, which erases all the eSIM profiles in the eUICC.</Description>
             <DFFormat>
               <chr />
             </DFFormat>
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index c89f214241..3f61327719 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Firewall CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/15/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,8 @@ ms.topic: reference
 <!-- Firewall-Begin -->
 # Firewall CSP
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- Firewall-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.
@@ -178,7 +180,7 @@ The following list shows the Firewall configuration service provider nodes:
 <!-- Device-MdmStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Applicability-End -->
 
 <!-- Device-MdmStore-OmaUri-Begin -->
@@ -217,7 +219,7 @@ Interior node.
 <!-- Device-MdmStore-DomainProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-OmaUri-Begin -->
@@ -255,7 +257,7 @@ Interior node.
 <!-- Device-MdmStore-DomainProfile-AllowLocalIpsecPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-AllowLocalIpsecPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-AllowLocalIpsecPolicyMerge-OmaUri-Begin -->
@@ -305,7 +307,7 @@ This value is an on/off switch. If this value is false, connection security rule
 <!-- Device-MdmStore-DomainProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-AllowLocalPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@@ -355,7 +357,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f
 <!-- Device-MdmStore-DomainProfile-AuthAppsAllowUserPrefMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-AuthAppsAllowUserPrefMerge-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-AuthAppsAllowUserPrefMerge-OmaUri-Begin -->
@@ -405,7 +407,7 @@ This value is used as an on/off switch. If this value is false, authorized appli
 <!-- Device-MdmStore-DomainProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-DefaultInboundAction-OmaUri-Begin -->
@@ -455,7 +457,7 @@ This value is the action that the firewall does by default (and evaluates at the
 <!-- Device-MdmStore-DomainProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-DefaultOutboundAction-OmaUri-Begin -->
@@ -528,7 +530,7 @@ This value is the action that the firewall does by default (and evaluates at the
 <!-- Device-MdmStore-DomainProfile-DisableInboundNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-DisableInboundNotifications-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-DisableInboundNotifications-OmaUri-Begin -->
@@ -578,7 +580,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display
 <!-- Device-MdmStore-DomainProfile-DisableStealthMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-DisableStealthMode-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-DisableStealthMode-OmaUri-Begin -->
@@ -628,7 +630,7 @@ This value is an on/off switch. When this option is false, the server operates i
 <!-- Device-MdmStore-DomainProfile-DisableStealthModeIpsecSecuredPacketExemption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-DisableStealthModeIpsecSecuredPacketExemption-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-DisableStealthModeIpsecSecuredPacketExemption-OmaUri-Begin -->
@@ -678,7 +680,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is
 <!-- Device-MdmStore-DomainProfile-DisableUnicastResponsesToMulticastBroadcast-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-DisableUnicastResponsesToMulticastBroadcast-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-DisableUnicastResponsesToMulticastBroadcast-OmaUri-Begin -->
@@ -728,7 +730,7 @@ This value is used as an on/off switch. If it's true, unicast responses to multi
 <!-- Device-MdmStore-DomainProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-EnableFirewall-OmaUri-Begin -->
@@ -777,7 +779,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 <!-- Device-MdmStore-DomainProfile-EnableLogDroppedPackets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-DomainProfile-EnableLogDroppedPackets-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-EnableLogDroppedPackets-OmaUri-Begin -->
@@ -827,7 +829,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a
 <!-- Device-MdmStore-DomainProfile-EnableLogIgnoredRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-DomainProfile-EnableLogIgnoredRules-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-EnableLogIgnoredRules-OmaUri-Begin -->
@@ -877,7 +879,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl
 <!-- Device-MdmStore-DomainProfile-EnableLogSuccessConnections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-DomainProfile-EnableLogSuccessConnections-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-EnableLogSuccessConnections-OmaUri-Begin -->
@@ -927,7 +929,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a
 <!-- Device-MdmStore-DomainProfile-GlobalPortsAllowUserPrefMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-GlobalPortsAllowUserPrefMerge-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-GlobalPortsAllowUserPrefMerge-OmaUri-Begin -->
@@ -977,7 +979,7 @@ This value is used as an on/off switch. If this value is false, global port fire
 <!-- Device-MdmStore-DomainProfile-LogFilePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-DomainProfile-LogFilePath-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-LogFilePath-OmaUri-Begin -->
@@ -1018,7 +1020,7 @@ This value is a string that represents a file path to the log where the firewall
 <!-- Device-MdmStore-DomainProfile-LogMaxFileSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-DomainProfile-LogMaxFileSize-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-LogMaxFileSize-OmaUri-Begin -->
@@ -1060,7 +1062,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe
 <!-- Device-MdmStore-DomainProfile-Shielded-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-DomainProfile-Shielded-Applicability-End -->
 
 <!-- Device-MdmStore-DomainProfile-Shielded-OmaUri-Begin -->
@@ -1110,7 +1112,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i
 <!-- Device-MdmStore-DynamicKeywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-OmaUri-Begin -->
@@ -1148,7 +1150,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i
 <!-- Device-MdmStore-DynamicKeywords-Addresses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-OmaUri-Begin -->
@@ -1187,7 +1189,7 @@ A list of dynamic keyword addresses for use within firewall rules. Dynamic keywo
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-OmaUri-Begin -->
@@ -1229,7 +1231,7 @@ A unique GUID string identifier for this dynamic keyword address.
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Addresses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Addresses-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Addresses-OmaUri-Begin -->
@@ -1280,7 +1282,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-AutoResolve-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-AutoResolve-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-AutoResolve-OmaUri-Begin -->
@@ -1329,7 +1331,7 @@ If this flag is set to TRUE, then the 'keyword' field of this object is expected
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Keyword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Keyword-Applicability-End -->
 
 <!-- Device-MdmStore-DynamicKeywords-Addresses-{Id}-Keyword-OmaUri-Begin -->
@@ -1368,7 +1370,7 @@ A String representing keyword. If the AutoResolve value is true, this should be
 <!-- Device-MdmStore-FirewallRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-OmaUri-Begin -->
@@ -1407,7 +1409,7 @@ A list of rules controlling traffic through the Windows Firewall. Each Rule ID i
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-OmaUri-Begin -->
@@ -1449,7 +1451,7 @@ Unique alpha numeric identifier for the rule. The rule name mustn't include a fo
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Action-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Action-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Action-OmaUri-Begin -->
@@ -1488,7 +1490,7 @@ Specifies the action for the rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Action-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Action-Type-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Action-Type-OmaUri-Begin -->
@@ -1540,7 +1542,7 @@ Specifies the action the rule enforces:
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-OmaUri-Begin -->
@@ -1589,7 +1591,7 @@ ServiceName.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-FilePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-FilePath-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-FilePath-OmaUri-Begin -->
@@ -1628,7 +1630,7 @@ FilePath - This App/Id value represents the full file path of the app. For examp
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-Fqbn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-Fqbn-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-Fqbn-OmaUri-Begin -->
@@ -1667,7 +1669,7 @@ Fully Qualified Binary Name.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-PackageFamilyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-PackageFamilyName-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-PackageFamilyName-OmaUri-Begin -->
@@ -1706,7 +1708,7 @@ PackageFamilyName - This App/Id value represents the PackageFamilyName of the ap
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-ServiceName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-ServiceName-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-App-ServiceName-OmaUri-Begin -->
@@ -1745,7 +1747,7 @@ This is a service name, and is used in cases when a service, not an application,
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Description-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Description-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Description-OmaUri-Begin -->
@@ -1784,7 +1786,7 @@ Specifies the description of the rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Direction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Direction-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Direction-OmaUri-Begin -->
@@ -1839,7 +1841,7 @@ If not specified the default is OUT.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-EdgeTraversal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-EdgeTraversal-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-EdgeTraversal-OmaUri-Begin -->
@@ -1891,7 +1893,7 @@ New rules have the EdgeTraversal property disabled by default.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Enabled-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Enabled-OmaUri-Begin -->
@@ -1941,7 +1943,7 @@ If not specified - a new rule is disabled by default.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-IcmpTypesAndCodes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-IcmpTypesAndCodes-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-IcmpTypesAndCodes-OmaUri-Begin -->
@@ -1988,7 +1990,7 @@ If not specified, the default is All.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-InterfaceTypes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-InterfaceTypes-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-InterfaceTypes-OmaUri-Begin -->
@@ -2042,7 +2044,7 @@ If more than one interface type is specified, the strings must be separated by a
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalAddressRanges-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalAddressRanges-OmaUri-Begin -->
@@ -2094,7 +2096,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalPortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalPortRanges-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalPortRanges-OmaUri-Begin -->
@@ -2136,7 +2138,7 @@ When setting this field in a firewall rule, the protocol field must also be set,
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalUserAuthorizedList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalUserAuthorizedList-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-LocalUserAuthorizedList-OmaUri-Begin -->
@@ -2178,7 +2180,7 @@ This is a string in Security Descriptor Definition Language (SDDL) format\.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Name-OmaUri-Begin -->
@@ -2217,7 +2219,7 @@ Specifies the friendly name of the firewall rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 22H2 [10.0.19045.2913] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1880] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1635] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.2913] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1880] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1635] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-OmaUri-Begin -->
@@ -2257,7 +2259,7 @@ Specifies one WDAC tag. This is a string that can contain any alphanumeric chara
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Profiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Profiles-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Profiles-OmaUri-Begin -->
@@ -2308,7 +2310,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Protocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Protocol-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Protocol-OmaUri-Begin -->
@@ -2348,7 +2350,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressDynamicKeywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1706] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1706] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1706] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressDynamicKeywords-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressDynamicKeywords-OmaUri-Begin -->
@@ -2388,7 +2390,7 @@ Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying th
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressRanges-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemoteAddressRanges-OmaUri-Begin -->
@@ -2448,7 +2450,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemotePortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemotePortRanges-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-RemotePortRanges-OmaUri-Begin -->
@@ -2490,7 +2492,7 @@ When setting this field in a firewall rule, the protocol field must also be set,
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Status-Applicability-End -->
 
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-Status-OmaUri-Begin -->
@@ -2529,7 +2531,7 @@ Provides information about the specific version of the rule in deployment for mo
 <!-- Device-MdmStore-Global-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-Applicability-End -->
 
 <!-- Device-MdmStore-Global-OmaUri-Begin -->
@@ -2567,7 +2569,7 @@ Provides information about the specific version of the rule in deployment for mo
 <!-- Device-MdmStore-Global-BinaryVersionSupported-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-BinaryVersionSupported-Applicability-End -->
 
 <!-- Device-MdmStore-Global-BinaryVersionSupported-OmaUri-Begin -->
@@ -2606,7 +2608,7 @@ This value contains the binary version of the structures and data types that are
 <!-- Device-MdmStore-Global-CRLcheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-CRLcheck-Applicability-End -->
 
 <!-- Device-MdmStore-Global-CRLcheck-OmaUri-Begin -->
@@ -2655,7 +2657,7 @@ This value specifies how certificate revocation list (CRL) verification is enfor
 <!-- Device-MdmStore-Global-CurrentProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-CurrentProfiles-Applicability-End -->
 
 <!-- Device-MdmStore-Global-CurrentProfiles-OmaUri-Begin -->
@@ -2694,7 +2696,7 @@ Value that contains a bitmask of the current enforced profiles that are maintain
 <!-- Device-MdmStore-Global-DisableStatefulFtp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-DisableStatefulFtp-Applicability-End -->
 
 <!-- Device-MdmStore-Global-DisableStatefulFtp-OmaUri-Begin -->
@@ -2743,7 +2745,7 @@ This value is an on/off switch. If off, the firewall performs stateful File Tran
 <!-- Device-MdmStore-Global-EnablePacketQueue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-EnablePacketQueue-Applicability-End -->
 
 <!-- Device-MdmStore-Global-EnablePacketQueue-OmaUri-Begin -->
@@ -2793,7 +2795,7 @@ This value specifies how scaling for the software on the receive side is enabled
 <!-- Device-MdmStore-Global-IPsecExempt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-IPsecExempt-Applicability-End -->
 
 <!-- Device-MdmStore-Global-IPsecExempt-OmaUri-Begin -->
@@ -2845,7 +2847,7 @@ This value configures IPsec exceptions and MUST be a combination of the valid fl
 <!-- Device-MdmStore-Global-OpportunisticallyMatchAuthSetPerKM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-OpportunisticallyMatchAuthSetPerKM-Applicability-End -->
 
 <!-- Device-MdmStore-Global-OpportunisticallyMatchAuthSetPerKM-OmaUri-Begin -->
@@ -2893,7 +2895,7 @@ This value is used as an on/off switch. When this option is false, keying module
 <!-- Device-MdmStore-Global-PolicyVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-PolicyVersion-Applicability-End -->
 
 <!-- Device-MdmStore-Global-PolicyVersion-OmaUri-Begin -->
@@ -2932,7 +2934,7 @@ This value contains the policy version of the policy store being managed. This v
 <!-- Device-MdmStore-Global-PolicyVersionSupported-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-PolicyVersionSupported-Applicability-End -->
 
 <!-- Device-MdmStore-Global-PolicyVersionSupported-OmaUri-Begin -->
@@ -2971,7 +2973,7 @@ Value that contains the maximum policy version that the server host can accept.
 <!-- Device-MdmStore-Global-PresharedKeyEncoding-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-PresharedKeyEncoding-Applicability-End -->
 
 <!-- Device-MdmStore-Global-PresharedKeyEncoding-OmaUri-Begin -->
@@ -3020,7 +3022,7 @@ Specifies the preshared key encoding that's used. MUST be a valid value from the
 <!-- Device-MdmStore-Global-SaIdleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-Global-SaIdleTime-Applicability-End -->
 
 <!-- Device-MdmStore-Global-SaIdleTime-OmaUri-Begin -->
@@ -3061,7 +3063,7 @@ This value configures the security association idle time, in seconds. Security a
 <!-- Device-MdmStore-HyperVFirewallRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-OmaUri-Begin -->
@@ -3100,7 +3102,7 @@ A list of rules controlling traffic through the Windows Firewall for Hyper-V con
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-OmaUri-Begin -->
@@ -3142,7 +3144,7 @@ Unique alpha numeric identifier for the rule. The rule name mustn't include a fo
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Action-OmaUri-Begin -->
@@ -3194,7 +3196,7 @@ Specifies the action the rule enforces:
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Direction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Direction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Direction-OmaUri-Begin -->
@@ -3249,7 +3251,7 @@ If not specified the default is OUT.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Enabled-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Enabled-OmaUri-Begin -->
@@ -3299,7 +3301,7 @@ If not specified - a new rule is disabled by default.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalAddressRanges-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalAddressRanges-OmaUri-Begin -->
@@ -3351,7 +3353,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalPortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalPortRanges-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-LocalPortRanges-OmaUri-Begin -->
@@ -3391,7 +3393,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Name-OmaUri-Begin -->
@@ -3430,7 +3432,7 @@ Specifies the friendly name of the Hyper-V Firewall rule.
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Priority-OmaUri-Begin -->
@@ -3470,7 +3472,7 @@ This value represents the order of rule enforcement. A lower priority rule is ev
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Profiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Profiles-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Profiles-OmaUri-Begin -->
@@ -3520,7 +3522,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Protocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Protocol-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Protocol-OmaUri-Begin -->
@@ -3560,7 +3562,7 @@ Specifies the profiles to which the rule belongs: Domain, Private, Public. See [
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-RemoteAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-RemoteAddressRanges-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-RemoteAddressRanges-OmaUri-Begin -->
@@ -3610,7 +3612,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-RemotePortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-RemotePortRanges-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-RemotePortRanges-OmaUri-Begin -->
@@ -3650,7 +3652,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320. If not specified the
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Status-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Status-OmaUri-Begin -->
@@ -3689,7 +3691,7 @@ Provides information about the specific version of the rule in deployment for mo
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-VMCreatorId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-VMCreatorId-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-VMCreatorId-OmaUri-Begin -->
@@ -3729,7 +3731,7 @@ This field specifies the VM Creator ID that this rule is applicable to. A NULL G
 <!-- Device-MdmStore-HyperVVMSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVVMSettings-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-OmaUri-Begin -->
@@ -3768,7 +3770,7 @@ Settings for the Windows Firewall for Hyper-V containers. Each setting applies o
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-OmaUri-Begin -->
@@ -3810,7 +3812,7 @@ VM Creator ID that these settings apply to. Valid format is a GUID.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-OmaUri-Begin -->
@@ -3859,7 +3861,7 @@ This value is used as an on/off switch. If this value is true, applicable host f
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultInboundAction-OmaUri-Begin -->
@@ -3909,7 +3911,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DefaultOutboundAction-OmaUri-Begin -->
@@ -3959,7 +3961,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-OmaUri-Begin -->
@@ -3997,7 +3999,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@@ -4047,7 +4049,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-OmaUri-Begin -->
@@ -4097,7 +4099,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-OmaUri-Begin -->
@@ -4147,7 +4149,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-OmaUri-Begin -->
@@ -4196,7 +4198,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableFirewall-OmaUri-Begin -->
@@ -4245,7 +4247,7 @@ This value is an on/off switch for the Hyper-V Firewall. This value controls the
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableLoopback-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableLoopback-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-EnableLoopback-OmaUri-Begin -->
@@ -4294,7 +4296,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-OmaUri-Begin -->
@@ -4332,7 +4334,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@@ -4382,7 +4384,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-OmaUri-Begin -->
@@ -4432,7 +4434,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-OmaUri-Begin -->
@@ -4482,7 +4484,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-OmaUri-Begin -->
@@ -4531,7 +4533,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-OmaUri-Begin -->
@@ -4569,7 +4571,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@@ -4619,7 +4621,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-OmaUri-Begin -->
@@ -4669,7 +4671,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-OmaUri-Begin -->
@@ -4719,7 +4721,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25398] |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-OmaUri-Begin -->
@@ -4768,7 +4770,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-PrivateProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-OmaUri-Begin -->
@@ -4806,7 +4808,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-PrivateProfile-AllowLocalIpsecPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-AllowLocalIpsecPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-AllowLocalIpsecPolicyMerge-OmaUri-Begin -->
@@ -4856,7 +4858,7 @@ This value is an on/off switch. If this value is false, connection security rule
 <!-- Device-MdmStore-PrivateProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-AllowLocalPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@@ -4906,7 +4908,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f
 <!-- Device-MdmStore-PrivateProfile-AuthAppsAllowUserPrefMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-AuthAppsAllowUserPrefMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-AuthAppsAllowUserPrefMerge-OmaUri-Begin -->
@@ -4956,7 +4958,7 @@ This value is used as an on/off switch. If this value is false, authorized appli
 <!-- Device-MdmStore-PrivateProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-DefaultInboundAction-OmaUri-Begin -->
@@ -5006,7 +5008,7 @@ This value is the action that the firewall does by default (and evaluates at the
 <!-- Device-MdmStore-PrivateProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-DefaultOutboundAction-OmaUri-Begin -->
@@ -5079,7 +5081,7 @@ This value is the action that the firewall does by default (and evaluates at the
 <!-- Device-MdmStore-PrivateProfile-DisableInboundNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-DisableInboundNotifications-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-DisableInboundNotifications-OmaUri-Begin -->
@@ -5129,7 +5131,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display
 <!-- Device-MdmStore-PrivateProfile-DisableStealthMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-DisableStealthMode-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-DisableStealthMode-OmaUri-Begin -->
@@ -5179,7 +5181,7 @@ This value is an on/off switch. When this option is false, the server operates i
 <!-- Device-MdmStore-PrivateProfile-DisableStealthModeIpsecSecuredPacketExemption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-DisableStealthModeIpsecSecuredPacketExemption-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-DisableStealthModeIpsecSecuredPacketExemption-OmaUri-Begin -->
@@ -5229,7 +5231,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is
 <!-- Device-MdmStore-PrivateProfile-DisableUnicastResponsesToMulticastBroadcast-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-DisableUnicastResponsesToMulticastBroadcast-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-DisableUnicastResponsesToMulticastBroadcast-OmaUri-Begin -->
@@ -5279,7 +5281,7 @@ This value is used as an on/off switch. If it's true, unicast responses to multi
 <!-- Device-MdmStore-PrivateProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-EnableFirewall-OmaUri-Begin -->
@@ -5328,7 +5330,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 <!-- Device-MdmStore-PrivateProfile-EnableLogDroppedPackets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PrivateProfile-EnableLogDroppedPackets-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-EnableLogDroppedPackets-OmaUri-Begin -->
@@ -5378,7 +5380,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a
 <!-- Device-MdmStore-PrivateProfile-EnableLogIgnoredRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PrivateProfile-EnableLogIgnoredRules-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-EnableLogIgnoredRules-OmaUri-Begin -->
@@ -5428,7 +5430,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl
 <!-- Device-MdmStore-PrivateProfile-EnableLogSuccessConnections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PrivateProfile-EnableLogSuccessConnections-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-EnableLogSuccessConnections-OmaUri-Begin -->
@@ -5478,7 +5480,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a
 <!-- Device-MdmStore-PrivateProfile-GlobalPortsAllowUserPrefMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-GlobalPortsAllowUserPrefMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-GlobalPortsAllowUserPrefMerge-OmaUri-Begin -->
@@ -5528,7 +5530,7 @@ This value is used as an on/off switch. If this value is false, global port fire
 <!-- Device-MdmStore-PrivateProfile-LogFilePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PrivateProfile-LogFilePath-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-LogFilePath-OmaUri-Begin -->
@@ -5569,7 +5571,7 @@ This value is a string that represents a file path to the log where the firewall
 <!-- Device-MdmStore-PrivateProfile-LogMaxFileSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PrivateProfile-LogMaxFileSize-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-LogMaxFileSize-OmaUri-Begin -->
@@ -5611,7 +5613,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe
 <!-- Device-MdmStore-PrivateProfile-Shielded-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PrivateProfile-Shielded-Applicability-End -->
 
 <!-- Device-MdmStore-PrivateProfile-Shielded-OmaUri-Begin -->
@@ -5661,7 +5663,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i
 <!-- Device-MdmStore-PublicProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-OmaUri-Begin -->
@@ -5699,7 +5701,7 @@ This value is used as an on/off switch. If this value is on and EnableFirewall i
 <!-- Device-MdmStore-PublicProfile-AllowLocalIpsecPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-AllowLocalIpsecPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-AllowLocalIpsecPolicyMerge-OmaUri-Begin -->
@@ -5749,7 +5751,7 @@ This value is an on/off switch. If this value is false, connection security rule
 <!-- Device-MdmStore-PublicProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-AllowLocalPolicyMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@@ -5799,7 +5801,7 @@ This value is used as an on/off switch. If this value is false, firewall rules f
 <!-- Device-MdmStore-PublicProfile-AuthAppsAllowUserPrefMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-AuthAppsAllowUserPrefMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-AuthAppsAllowUserPrefMerge-OmaUri-Begin -->
@@ -5849,7 +5851,7 @@ This value is used as an on/off switch. If this value is false, authorized appli
 <!-- Device-MdmStore-PublicProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-DefaultInboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-DefaultInboundAction-OmaUri-Begin -->
@@ -5899,7 +5901,7 @@ This value is the action that the firewall does by default (and evaluates at the
 <!-- Device-MdmStore-PublicProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-DefaultOutboundAction-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-DefaultOutboundAction-OmaUri-Begin -->
@@ -5972,7 +5974,7 @@ This value is the action that the firewall does by default (and evaluates at the
 <!-- Device-MdmStore-PublicProfile-DisableInboundNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-DisableInboundNotifications-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-DisableInboundNotifications-OmaUri-Begin -->
@@ -6022,7 +6024,7 @@ This value is an on/off switch. If this value is false, the firewall MAY display
 <!-- Device-MdmStore-PublicProfile-DisableStealthMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-DisableStealthMode-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-DisableStealthMode-OmaUri-Begin -->
@@ -6072,7 +6074,7 @@ This value is an on/off switch. When this option is false, the server operates i
 <!-- Device-MdmStore-PublicProfile-DisableStealthModeIpsecSecuredPacketExemption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-DisableStealthModeIpsecSecuredPacketExemption-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-DisableStealthModeIpsecSecuredPacketExemption-OmaUri-Begin -->
@@ -6122,7 +6124,7 @@ This value is an on/off switch. This option is ignored if DisableStealthMode is
 <!-- Device-MdmStore-PublicProfile-DisableUnicastResponsesToMulticastBroadcast-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-DisableUnicastResponsesToMulticastBroadcast-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-DisableUnicastResponsesToMulticastBroadcast-OmaUri-Begin -->
@@ -6172,7 +6174,7 @@ This value is used as an on/off switch. If it's true, unicast responses to multi
 <!-- Device-MdmStore-PublicProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-EnableFirewall-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-EnableFirewall-OmaUri-Begin -->
@@ -6221,7 +6223,7 @@ This value is an on/off switch for the firewall and advanced security enforcemen
 <!-- Device-MdmStore-PublicProfile-EnableLogDroppedPackets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PublicProfile-EnableLogDroppedPackets-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-EnableLogDroppedPackets-OmaUri-Begin -->
@@ -6271,7 +6273,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a
 <!-- Device-MdmStore-PublicProfile-EnableLogIgnoredRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PublicProfile-EnableLogIgnoredRules-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-EnableLogIgnoredRules-OmaUri-Begin -->
@@ -6321,7 +6323,7 @@ This value is used as an on/off switch. The server MAY use this value in an impl
 <!-- Device-MdmStore-PublicProfile-EnableLogSuccessConnections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PublicProfile-EnableLogSuccessConnections-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-EnableLogSuccessConnections-OmaUri-Begin -->
@@ -6371,7 +6373,7 @@ This value is used as an on/off switch. If this value is on, the firewall logs a
 <!-- Device-MdmStore-PublicProfile-GlobalPortsAllowUserPrefMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-GlobalPortsAllowUserPrefMerge-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-GlobalPortsAllowUserPrefMerge-OmaUri-Begin -->
@@ -6421,7 +6423,7 @@ This value is used as an on/off switch. If this value is false, global port fire
 <!-- Device-MdmStore-PublicProfile-LogFilePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PublicProfile-LogFilePath-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-LogFilePath-OmaUri-Begin -->
@@ -6462,7 +6464,7 @@ This value is a string that represents a file path to the log where the firewall
 <!-- Device-MdmStore-PublicProfile-LogMaxFileSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-MdmStore-PublicProfile-LogMaxFileSize-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-LogMaxFileSize-OmaUri-Begin -->
@@ -6504,7 +6506,7 @@ This value specifies the size, in kilobytes, of the log file where dropped packe
 <!-- Device-MdmStore-PublicProfile-Shielded-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MdmStore-PublicProfile-Shielded-Applicability-End -->
 
 <!-- Device-MdmStore-PublicProfile-Shielded-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 6fd0b6982d..8a398f09ae 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the F
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -2815,6 +2815,10 @@ The following XML file contains the device description framework (DDF) for the F
           <DFType>
             <DDFName />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.0</MSFT:CspVersion>
+          </MSFT:Applicability>
         </DFProperties>
         <Node>
           <NodeName>
@@ -3025,6 +3029,10 @@ The following XML file contains the device description framework (DDF) for the F
               <DFType>
                 <MIME />
               </DFType>
+              <MSFT:Applicability>
+                <MSFT:OsBuildVersion>10.0.25398</MSFT:OsBuildVersion>
+                <MSFT:CspVersion>1.0</MSFT:CspVersion>
+              </MSFT:Applicability>
               <MSFT:AllowedValues ValueType="ENUM">
                 <MSFT:Enum>
                   <MSFT:Value>false</MSFT:Value>
@@ -3055,6 +3063,10 @@ The following XML file contains the device description framework (DDF) for the F
               <DFType>
                 <DDFName />
               </DFType>
+              <MSFT:Applicability>
+                <MSFT:OsBuildVersion>10.0.25398</MSFT:OsBuildVersion>
+                <MSFT:CspVersion>1.0</MSFT:CspVersion>
+              </MSFT:Applicability>
             </DFProperties>
             <Node>
               <NodeName>EnableFirewall</NodeName>
@@ -3244,6 +3256,10 @@ The following XML file contains the device description framework (DDF) for the F
               <DFType>
                 <DDFName />
               </DFType>
+              <MSFT:Applicability>
+                <MSFT:OsBuildVersion>10.0.25398</MSFT:OsBuildVersion>
+                <MSFT:CspVersion>1.0</MSFT:CspVersion>
+              </MSFT:Applicability>
             </DFProperties>
             <Node>
               <NodeName>EnableFirewall</NodeName>
@@ -3433,6 +3449,10 @@ The following XML file contains the device description framework (DDF) for the F
               <DFType>
                 <DDFName />
               </DFType>
+              <MSFT:Applicability>
+                <MSFT:OsBuildVersion>10.0.25398</MSFT:OsBuildVersion>
+                <MSFT:CspVersion>1.0</MSFT:CspVersion>
+              </MSFT:Applicability>
             </DFProperties>
             <Node>
               <NodeName>EnableFirewall</NodeName>
@@ -4424,6 +4444,10 @@ This is a string in Security Descriptor Definition Language (SDDL) format..</Des
           <DFType>
             <DDFName />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.0</MSFT:CspVersion>
+          </MSFT:Applicability>
         </DFProperties>
         <Node>
           <NodeName>
@@ -4808,6 +4832,10 @@ If not specified - a new rule is disabled by default.</Description>
               <DFType>
                 <MIME />
               </DFType>
+              <MSFT:Applicability>
+                <MSFT:OsBuildVersion>10.0.25398</MSFT:OsBuildVersion>
+                <MSFT:CspVersion>1.0</MSFT:CspVersion>
+              </MSFT:Applicability>
               <MSFT:AllowedValues ValueType="Flag">
                 <MSFT:Enum>
                   <MSFT:Value>0x1</MSFT:Value>
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index ff69e90877..1c9ad0123e 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the HealthAttestation CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -55,7 +55,7 @@ The following list shows the HealthAttestation configuration service provider no
 <!-- Device-AttestStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-AttestStatus-Applicability-End -->
 
 <!-- Device-AttestStatus-OmaUri-Begin -->
@@ -122,7 +122,7 @@ The status is always cleared prior to making the attest service call.
 <!-- Device-Certificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Certificate-Applicability-End -->
 
 <!-- Device-Certificate-OmaUri-Begin -->
@@ -162,7 +162,7 @@ Value type is a base64 string.
 <!-- Device-CorrelationID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CorrelationID-Applicability-End -->
 
 <!-- Device-CorrelationID-OmaUri-Begin -->
@@ -201,7 +201,7 @@ Identifies a unique device health attestation session. CorrelationId is used to
 <!-- Device-CurrentProtocolVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-CurrentProtocolVersion-Applicability-End -->
 
 <!-- Device-CurrentProtocolVersion-OmaUri-Begin -->
@@ -240,7 +240,7 @@ Provides the current protocol version that the client is using to communicate wi
 <!-- Device-ForceRetrieve-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-ForceRetrieve-Applicability-End -->
 
 <!-- Device-ForceRetrieve-OmaUri-Begin -->
@@ -289,7 +289,7 @@ Instructs the client to initiate a new request to DHA-Service, and get a new DHA
 <!-- Device-GetAttestReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-GetAttestReport-Applicability-End -->
 
 <!-- Device-GetAttestReport-OmaUri-Begin -->
@@ -357,7 +357,7 @@ The report is stored in a registry key in the respective MDM enrollment store.
 <!-- Device-GetServiceCorrelationIDs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-GetServiceCorrelationIDs-Applicability-End -->
 
 <!-- Device-GetServiceCorrelationIDs-OmaUri-Begin -->
@@ -426,7 +426,7 @@ If there's more than one correlation ID, they're separated by ";" in the string.
 <!-- Device-HASEndpoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-HASEndpoint-Applicability-End -->
 
 <!-- Device-HASEndpoint-OmaUri-Begin -->
@@ -466,7 +466,7 @@ Identifies the fully qualified domain name (FQDN) of the DHA-Service that's assi
 <!-- Device-MaxSupportedProtocolVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-MaxSupportedProtocolVersion-Applicability-End -->
 
 <!-- Device-MaxSupportedProtocolVersion-OmaUri-Begin -->
@@ -505,7 +505,7 @@ Returns the maximum protocol version that this client can support.
 <!-- Device-Nonce-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Nonce-Applicability-End -->
 
 <!-- Device-Nonce-OmaUri-Begin -->
@@ -545,7 +545,7 @@ Enables MDMs to protect the device health attestation communications from man-in
 <!-- Device-PreferredMaxProtocolVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-PreferredMaxProtocolVersion-Applicability-End -->
 
 <!-- Device-PreferredMaxProtocolVersion-OmaUri-Begin -->
@@ -585,7 +585,7 @@ Provides the maximum preferred protocol version that the client is configured to
 <!-- Device-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Status-Applicability-End -->
 
 <!-- Device-Status-OmaUri-Begin -->
@@ -624,7 +624,7 @@ Provides the current status of the device health request. For the complete list
 <!-- Device-TpmReadyStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-TpmReadyStatus-Applicability-End -->
 
 <!-- Device-TpmReadyStatus-OmaUri-Begin -->
@@ -663,7 +663,7 @@ Returns a bitmask of information describing the state of TPM. It indicates wheth
 <!-- Device-TriggerAttestation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-TriggerAttestation-Applicability-End -->
 
 <!-- Device-TriggerAttestation-OmaUri-Begin -->
@@ -750,7 +750,7 @@ If the attestation process is launched successfully, this node will return code
 <!-- Device-VerifyHealth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-VerifyHealth-Applicability-End -->
 
 <!-- Device-VerifyHealth-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 3870db4bb5..7207f7cd68 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/27/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the H
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/images/csp-contribute-link.png b/windows/client-management/mdm/images/csp-contribute-link.png
new file mode 100644
index 0000000000..878a8a5330
Binary files /dev/null and b/windows/client-management/mdm/images/csp-contribute-link.png differ
diff --git a/windows/client-management/mdm/images/csp-feedback-flow.svg b/windows/client-management/mdm/images/csp-feedback-flow.svg
new file mode 100644
index 0000000000..3bd42a7d00
--- /dev/null
+++ b/windows/client-management/mdm/images/csp-feedback-flow.svg
@@ -0,0 +1 @@
+<svg aria-roledescription="flowchart-v2" role="graphics-document document" viewBox="-8 -8 1060.65625 374.421875" style="max-width: 100%;" xmlns="http://www.w3.org/2000/svg" width="100%" id="graph-div" height="100%" xmlns:xlink="http://www.w3.org/1999/xlink"><style>@import url("https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css");'</style><style>#graph-div{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;fill:#333;}#graph-div .error-icon{fill:#552222;}#graph-div .error-text{fill:#552222;stroke:#552222;}#graph-div .edge-thickness-normal{stroke-width:2px;}#graph-div .edge-thickness-thick{stroke-width:3.5px;}#graph-div .edge-pattern-solid{stroke-dasharray:0;}#graph-div .edge-pattern-dashed{stroke-dasharray:3;}#graph-div .edge-pattern-dotted{stroke-dasharray:2;}#graph-div .marker{fill:lightgrey;stroke:lightgrey;}#graph-div .marker.cross{stroke:lightgrey;}#graph-div svg{font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:16px;}#graph-div .label{font-family:"trebuchet ms",verdana,arial,sans-serif;color:#333;}#graph-div .cluster-label text{fill:#333;}#graph-div .cluster-label span,#graph-div p{color:#333;}#graph-div .label text,#graph-div span,#graph-div p{fill:#333;color:#333;}#graph-div .node rect,#graph-div .node circle,#graph-div .node ellipse,#graph-div .node polygon,#graph-div .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#graph-div .flowchart-label text{text-anchor:middle;}#graph-div .node .label{text-align:center;}#graph-div .node.clickable{cursor:pointer;}#graph-div .arrowheadPath{fill:lightgrey;}#graph-div .edgePath .path{stroke:lightgrey;stroke-width:2.0px;}#graph-div .flowchart-link{stroke:lightgrey;fill:none;}#graph-div .edgeLabel{background-color:#e8e8e8;text-align:center;}#graph-div .edgeLabel rect{opacity:0.5;background-color:#e8e8e8;fill:#e8e8e8;}#graph-div .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#graph-div .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#graph-div .cluster text{fill:#333;}#graph-div .cluster span,#graph-div p{color:#333;}#graph-div div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:"trebuchet ms",verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#graph-div .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#graph-div :root{--mermaid-font-family:"trebuchet ms",verdana,arial,sans-serif;}</style><g><marker orient="auto" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="5" refX="10" viewBox="0 0 10 10" class="marker flowchart" id="flowchart-pointEnd"><path style="stroke-width: 1; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 0 0 L 10 5 L 0 10 z"></path></marker><marker orient="auto" markerHeight="12" markerWidth="12" markerUnits="userSpaceOnUse" refY="5" refX="0" viewBox="0 0 10 10" class="marker flowchart" id="flowchart-pointStart"><path style="stroke-width: 1; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 0 5 L 10 10 L 10 0 z"></path></marker><marker orient="auto" markerHeight="11" markerWidth="11" markerUnits="userSpaceOnUse" refY="5" refX="11" viewBox="0 0 10 10" class="marker flowchart" id="flowchart-circleEnd"><circle style="stroke-width: 1; stroke-dasharray: 1, 0;" class="arrowMarkerPath" r="5" cy="5" cx="5"></circle></marker><marker orient="auto" markerHeight="11" markerWidth="11" markerUnits="userSpaceOnUse" refY="5" refX="-1" viewBox="0 0 10 10" class="marker flowchart" id="flowchart-circleStart"><circle style="stroke-width: 1; stroke-dasharray: 1, 0;" class="arrowMarkerPath" r="5" cy="5" cx="5"></circle></marker><marker orient="auto" markerHeight="11" markerWidth="11" markerUnits="userSpaceOnUse" refY="5.2" refX="12" viewBox="0 0 11 11" class="marker cross flowchart" id="flowchart-crossEnd"><path style="stroke-width: 2; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 1,1 l 9,9 M 10,1 l -9,9"></path></marker><marker orient="auto" markerHeight="11" markerWidth="11" markerUnits="userSpaceOnUse" refY="5.2" refX="-1" viewBox="0 0 11 11" class="marker cross flowchart" id="flowchart-crossStart"><path style="stroke-width: 2; stroke-dasharray: 1, 0;" class="arrowMarkerPath" d="M 1,1 l 9,9 M 10,1 l -9,9"></path></marker><g class="root"><g class="clusters"></g><g class="edgePaths"><path marker-end="url(#flowchart-pointEnd)" style="fill:none;" class="edge-thickness-normal edge-pattern-solid flowchart-link LS-F LE-DDF" id="L-F-DDF-0" d="M147.32022471910113,79.30078125L158.42310393258427,75.05078125C169.52598314606743,70.80078125,191.7317415730337,62.30078125,207.00128745318352,58.05078125C222.27083333333334,53.80078125,230.60416666666666,53.80078125,234.77083333333334,53.80078125L238.9375,53.80078125"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;" class="edge-thickness-normal edge-pattern-solid flowchart-link LS-F LE-ADMX" id="L-F-ADMX-0" d="M112.97835289898838,118.30078125L129.80487741582365,136.52669270833334C146.63140193265892,154.75260416666666,180.28445096632947,191.20442708333334,202.0745171498314,209.43033854166666C223.86458333333334,227.65625,233.79166666666666,227.65625,238.75520833333334,227.65625L243.71875,227.65625"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;" class="edge-thickness-normal edge-pattern-solid flowchart-link LS-DDF LE-Intune" id="L-DDF-Intune-0" d="M378.390625,46.43995650773196L382.5572916666667,46.000093964776624C386.7239583333333,45.5602314218213,395.0572916666667,44.68050633591065,403.390625,44.240643792955325C411.7239583333333,43.80078125,420.0572916666667,43.80078125,424.2239583333333,43.80078125L428.390625,43.80078125"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;stroke-width:2px;stroke-dasharray:3;" class="edge-thickness-normal edge-pattern-dotted flowchart-link LS-DDF LE-AUTO" id="L-DDF-AUTO-0" d="M350.17345505617976,73.30078125L359.0429833801498,77.46744791666667C367.9125117041199,81.63411458333333,385.65156835205994,89.96744791666667,405.4495385786559,98.44129327808143C425.2475088052519,106.91513863949616,447.1043926105038,115.52949602899234,458.0328345131297,119.83667472374043L468.9612764157557,124.14385341848852"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;stroke-width:2px;stroke-dasharray:3;" class="edge-thickness-normal edge-pattern-dotted flowchart-link LS-ADMX LE-AUTO" id="L-ADMX-AUTO-0" d="M373.609375,227.65625L378.5729166666667,227.65625C383.5364583333333,227.65625,393.4635416666667,227.65625,413.1772633340814,216.84700520833334C432.8909850014961,206.03776041666666,462.39134500299224,184.41927083333334,477.1415250037403,173.61002604166666L491.89170500448836,162.80078125"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;stroke-width:2px;stroke-dasharray:3;" class="edge-thickness-normal edge-pattern-dotted flowchart-link LS-AUTO LE-CSP" id="L-AUTO-CSP-0" d="M576.9140625,143.30078125L586.0794270833334,143.21744791666666C595.2447916666666,143.13411458333334,613.5755208333334,142.96744791666666,626.9075520833334,142.88411458333334C640.2395833333334,142.80078125,648.5729166666666,142.80078125,652.7395833333334,142.80078125L656.90625,142.80078125"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;" class="edge-thickness-normal edge-pattern-solid flowchart-link LS-CSP LE-A" id="L-CSP-A-0" d="M777.3750471494202,123.30078125L789.3568101245169,116.94986979166667C801.3385730996134,110.59895833333333,825.3020990498068,97.89713541666667,841.4505286915701,91.54622395833333C857.5989583333334,85.1953125,865.9322916666666,85.1953125,870.0989583333334,85.1953125L874.265625,85.1953125"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;" class="edge-thickness-normal edge-pattern-solid flowchart-link LS-CSP LE-B" id="L-CSP-B-0" d="M761.341475202284,162.30078125L775.99550016857,176.068359375C790.649525134856,189.8359375,819.957575067428,217.37109375,842.3117239937724,234.24820084178432C864.6658729201168,251.12530793356868,880.0661208402338,257.3443658671373,887.7662448002922,260.45389483392165L895.4663687603506,263.56342380070595"></path><path marker-end="url(#flowchart-pointEnd)" style="fill:none;" class="edge-thickness-normal edge-pattern-solid flowchart-link LS-LEARN LE-B" id="L-LEARN-B-0" d="M169.9375,299.90625L177.27083333333334,299.8229166666667C184.60416666666666,299.7395833333333,199.27083333333334,299.5729166666667,222.39192708333334,299.4895833333333C245.51302083333334,299.40625,277.0885416666667,299.40625,308.6640625,299.40625C340.2395833333333,299.40625,371.8151041666667,299.40625,406.6458333333333,299.40625C441.4765625,299.40625,479.5625,299.40625,517.6484375,299.40625C555.734375,299.40625,593.8203125,299.40625,630.9765625,299.40625C668.1328125,299.40625,704.359375,299.40625,740.5859375,299.40625C776.8125,299.40625,813.0390625,299.40625,838.0626975402333,298.7791494788019C863.0863325804668,298.1520489576039,876.9070401609337,296.8978479152077,883.817393951167,296.2707473940097L890.7277477414003,295.6436468728116"></path></g><g class="edgeLabels"><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g><g class="edgeLabel"><g transform="translate(0, 0)" class="label"><foreignObject height="0" width="0"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="edgeLabel"></span></div></foreignObject></g></g></g><g class="nodes"><g transform="translate(94.46875, 98.30078125)" id="flowchart-F-24362" class="node default default flowchart-label"><polygon style="" transform="translate(-58.015625,19.5)" class="label-container" points="-19.5,0 116.03125,0 116.03125,-39 -19.5,-39 0,-19.5"></polygon><g transform="translate(-50.515625, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="101.03125"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">Feedback Hub</span></div></foreignObject></g></g><g transform="translate(308.6640625, 53.80078125)" id="flowchart-DDF-24363" class="node default default flowchart-label"><rect height="39" width="139.453125" y="-19.5" x="-69.7265625" ry="0" rx="0" style="" class="basic label-container"></rect><g transform="translate(-62.2265625, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="124.453125"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">DDF v2 Definition</span></div></foreignObject></g></g><g transform="translate(308.6640625, 227.65625)" id="flowchart-ADMX-24365" class="node default default flowchart-label"><rect height="39" width="129.890625" y="-19.5" x="-64.9453125" ry="0" rx="0" style="" class="basic label-container"></rect><g transform="translate(-57.4453125, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="114.890625"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">ADMX Definition</span></div></foreignObject></g></g><g transform="translate(517.6484375, 43.80078125)" id="flowchart-Intune-24367" class="node default default flowchart-label"><rect height="39" width="178.515625" y="-19.5" x="-89.2578125" ry="5" rx="5" style="" class="basic label-container"></rect><g transform="translate(-81.7578125, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="163.515625"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">Intune settings catalog</span></div></foreignObject></g></g><g transform="translate(517.6484375, 142.80078125)" id="flowchart-AUTO-24369" class="node default default flowchart-label"><polygon style="" transform="translate(-58.765625,19.5)" class="label-container" points="9.75,0 107.78125,0 117.53125,-19.5 107.78125,-39 9.75,-39 0,-19.5"></polygon><g transform="translate(-41.515625, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="83.03125"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">Automation</span></div></foreignObject></g></g><g transform="translate(740.5859375, 142.80078125)" id="flowchart-CSP-24373" class="node default default flowchart-label"><rect height="39" width="167.359375" y="-19.5" x="-83.6796875" ry="5" rx="5" style="" class="basic label-container"></rect><g transform="translate(-76.1796875, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="152.359375"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">CSP reference article</span></div></foreignObject></g></g><g transform="translate(959.4609375, 85.1953125)" id="flowchart-A-24375" class="node default default flowchart-label"><circle height="39" width="170.390625" r="85.1953125" ry="0" rx="0" style=""></circle><g transform="translate(-77.6953125, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="155.390625"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">Non Editable Sections</span></div></foreignObject></g></g><g transform="translate(959.4609375, 289.40625)" id="flowchart-B-24377" class="node default default flowchart-label"><circle height="39" width="138.03125" r="69.015625" ry="0" rx="0" style=""></circle><g transform="translate(-61.515625, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="123.03125"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">Editable Sections</span></div></foreignObject></g></g><g transform="translate(94.46875, 299.40625)" id="flowchart-LEARN-24378" class="node default default flowchart-label"><polygon style="" transform="translate(-74.96875,19.5)" class="label-container" points="-19.5,0 149.9375,0 149.9375,-39 -19.5,-39 0,-19.5"></polygon><g transform="translate(-67.46875, -12)" style="" class="label"><rect></rect><foreignObject height="24" width="134.9375"><div style="display: inline-block; white-space: nowrap;" xmlns="http://www.w3.org/1999/xhtml"><span class="nodeLabel">Learn Contribution</span></div></foreignObject></g></g></g></g></g></svg>
\ No newline at end of file
diff --git a/windows/client-management/mdm/images/csp-footer.png b/windows/client-management/mdm/images/csp-footer.png
new file mode 100644
index 0000000000..96f052dd8e
Binary files /dev/null and b/windows/client-management/mdm/images/csp-footer.png differ
diff --git a/windows/client-management/mdm/images/csp-header.png b/windows/client-management/mdm/images/csp-header.png
new file mode 100644
index 0000000000..f2bfd8d284
Binary files /dev/null and b/windows/client-management/mdm/images/csp-header.png differ
diff --git a/windows/client-management/mdm/images/csp-policy.png b/windows/client-management/mdm/images/csp-policy.png
new file mode 100644
index 0000000000..8ed5ebfe8f
Binary files /dev/null and b/windows/client-management/mdm/images/csp-policy.png differ
diff --git a/windows/client-management/mdm/index.yml b/windows/client-management/mdm/index.yml
index 094b2b87da..c05832ef83 100644
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@@ -12,7 +12,6 @@ metadata:
   ms.collection:
     - highpri
     - tier1
-  ms.custom: intro-hub-or-landing
   author: vinaypamnani-msft
   ms.author: vinpa
   manager: aaroncz
diff --git a/windows/client-management/mdm/language-pack-management-ddf-file.md b/windows/client-management/mdm/language-pack-management-ddf-file.md
index 398f64ec81..5c5c679379 100644
--- a/windows/client-management/mdm/language-pack-management-ddf-file.md
+++ b/windows/client-management/mdm/language-pack-management-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the L
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
index 21eb2d1b73..fe053e7544 100644
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,8 @@ ms.topic: reference
 <!-- LAPS-Begin -->
 # LAPS CSP
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- LAPS-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings).
@@ -54,7 +56,7 @@ The following list shows the LAPS configuration service provider nodes:
 <!-- Device-Actions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Actions-Applicability-End -->
 
 <!-- Device-Actions-OmaUri-Begin -->
@@ -93,7 +95,7 @@ Defines the parent interior node for all action-related settings in the LAPS CSP
 <!-- Device-Actions-ResetPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Actions-ResetPassword-Applicability-End -->
 
 <!-- Device-Actions-ResetPassword-OmaUri-Begin -->
@@ -133,7 +135,7 @@ This action invokes an immediate reset of the local administrator account passwo
 <!-- Device-Actions-ResetPasswordStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Actions-ResetPasswordStatus-Applicability-End -->
 
 <!-- Device-Actions-ResetPasswordStatus-OmaUri-Begin -->
@@ -178,7 +180,7 @@ The value returned is an HRESULT code:
 <!-- Device-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-Applicability-End -->
 
 <!-- Device-Policies-OmaUri-Begin -->
@@ -218,7 +220,7 @@ Root node for LAPS policies.
 <!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-End -->
 
 <!-- Device-Policies-ADEncryptedPasswordHistorySize-OmaUri-Begin -->
@@ -268,7 +270,7 @@ This setting has a maximum allowed value of 12 passwords.
 <!-- Device-Policies-AdministratorAccountName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-AdministratorAccountName-Applicability-End -->
 
 <!-- Device-Policies-AdministratorAccountName-OmaUri-Begin -->
@@ -313,7 +315,7 @@ Note if a custom managed local administrator account name is specified in this s
 <!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-End -->
 
 <!-- Device-Policies-ADPasswordEncryptionEnabled-OmaUri-Begin -->
@@ -375,7 +377,7 @@ If not specified, this setting defaults to True.
 <!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-End -->
 
 <!-- Device-Policies-ADPasswordEncryptionPrincipal-OmaUri-Begin -->
@@ -431,7 +433,7 @@ If the specified user or group account is invalid the device will fallback to us
 <!-- Device-Policies-BackupDirectory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-BackupDirectory-Applicability-End -->
 
 <!-- Device-Policies-BackupDirectory-OmaUri-Begin -->
@@ -489,7 +491,7 @@ If not specified, this setting will default to 0.
 <!-- Device-Policies-PasswordAgeDays-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-PasswordAgeDays-Applicability-End -->
 
 <!-- Device-Policies-PasswordAgeDays-OmaUri-Begin -->
@@ -537,7 +539,7 @@ This setting has a maximum allowed value of 365 days.
 <!-- Device-Policies-PasswordComplexity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-PasswordComplexity-Applicability-End -->
 
 <!-- Device-Policies-PasswordComplexity-OmaUri-Begin -->
@@ -599,7 +601,7 @@ If not specified, this setting will default to 4.
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-End -->
 
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-OmaUri-Begin -->
@@ -655,7 +657,7 @@ If not specified, this setting defaults to True.
 <!-- Device-Policies-PasswordLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-PasswordLength-Applicability-End -->
 
 <!-- Device-Policies-PasswordLength-OmaUri-Begin -->
@@ -702,7 +704,7 @@ This setting has a maximum allowed value of 64 characters.
 <!-- Device-Policies-PostAuthenticationActions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-PostAuthenticationActions-Applicability-End -->
 
 <!-- Device-Policies-PostAuthenticationActions-OmaUri-Begin -->
@@ -759,7 +761,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
 <!-- Device-Policies-PostAuthenticationResetDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
 <!-- Device-Policies-PostAuthenticationResetDelay-Applicability-End -->
 
 <!-- Device-Policies-PostAuthenticationResetDelay-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index c545e91306..57294de0a0 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the NetworkProxy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following list shows the NetworkProxy configuration service provider nodes:
 <!-- Device-AutoDetect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-AutoDetect-Applicability-End -->
 
 <!-- Device-AutoDetect-OmaUri-Begin -->
@@ -96,7 +96,7 @@ Automatically detect settings. If enabled, the system tries to find the path to
 <!-- Device-ProxyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-ProxyServer-Applicability-End -->
 
 <!-- Device-ProxyServer-OmaUri-Begin -->
@@ -135,7 +135,7 @@ Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same
 <!-- Device-ProxyServer-Exceptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-ProxyServer-Exceptions-Applicability-End -->
 
 <!-- Device-ProxyServer-Exceptions-OmaUri-Begin -->
@@ -175,7 +175,7 @@ Addresses that shouldn't use the proxy server. The system won't use the proxy se
 <!-- Device-ProxyServer-ProxyAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-ProxyServer-ProxyAddress-Applicability-End -->
 
 <!-- Device-ProxyServer-ProxyAddress-OmaUri-Begin -->
@@ -214,7 +214,7 @@ Address to the proxy server. Specify an address in the format `<server>`[":"`<po
 <!-- Device-ProxyServer-UseProxyForLocalAddresses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-ProxyServer-UseProxyForLocalAddresses-Applicability-End -->
 
 <!-- Device-ProxyServer-UseProxyForLocalAddresses-OmaUri-Begin -->
@@ -263,7 +263,7 @@ Specifies whether the proxy server should be used for local (intranet) addresses
 <!-- Device-ProxySettingsPerUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-ProxySettingsPerUser-Applicability-End -->
 
 <!-- Device-ProxySettingsPerUser-OmaUri-Begin -->
@@ -314,7 +314,7 @@ When set to 0, it enables proxy configuration as global, machine wide.
 <!-- Device-SetupScriptUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-SetupScriptUrl-Applicability-End -->
 
 <!-- Device-SetupScriptUrl-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index 06042fcea6..72d1c7936d 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index 03fc13cf06..591e23f3dc 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the NetworkQoSPolicy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -60,7 +60,7 @@ The following list shows the NetworkQoSPolicy configuration service provider nod
 <!-- Device-{Name}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-Applicability-End -->
 
 <!-- Device-{Name}-OmaUri-Begin -->
@@ -100,7 +100,7 @@ The value of this node should be a policy name.
 <!-- Device-{Name}-AppPathNameMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-AppPathNameMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-AppPathNameMatchCondition-OmaUri-Begin -->
@@ -139,7 +139,7 @@ Specifies the name of an application to be used to match the network traffic, su
 <!-- Device-{Name}-DestinationPortMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-DestinationPortMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-DestinationPortMatchCondition-OmaUri-Begin -->
@@ -178,7 +178,7 @@ Specifies a single port or a range of ports to be used to match the network traf
 <!-- Device-{Name}-DSCPAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-DSCPAction-Applicability-End -->
 
 <!-- Device-{Name}-DSCPAction-OmaUri-Begin -->
@@ -218,7 +218,7 @@ The differentiated services code point (DSCP) value to apply to matching network
 <!-- Device-{Name}-IPProtocolMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-IPProtocolMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-IPProtocolMatchCondition-OmaUri-Begin -->
@@ -258,7 +258,7 @@ Specifies the IP protocol used to match the network traffic. Valid values are 0:
 <!-- Device-{Name}-PriorityValue8021Action-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-PriorityValue8021Action-Applicability-End -->
 
 <!-- Device-{Name}-PriorityValue8021Action-OmaUri-Begin -->
@@ -298,7 +298,7 @@ The IEEE 802.1p value to apply to matching network traffice. Valid values are 0-
 <!-- Device-{Name}-SourcePortMatchCondition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-{Name}-SourcePortMatchCondition-Applicability-End -->
 
 <!-- Device-{Name}-SourcePortMatchCondition-OmaUri-Begin -->
@@ -337,7 +337,7 @@ Specifies a single port or a range of ports to be used to match the network traf
 <!-- Device-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-Version-Applicability-End -->
 
 <!-- Device-Version-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index c2846f500d..170cfe0fae 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.19042</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index 0d63aaf864..dea68d13f0 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the NodeCache CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -62,7 +62,7 @@ The following list shows the NodeCache configuration service provider nodes:
 <!-- Device-{ProviderID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-Applicability-End -->
 
 <!-- Device-{ProviderID}-OmaUri-Begin -->
@@ -102,7 +102,7 @@ Group settings per DM server. Each group of settings is distinguished by the ser
 <!-- Device-{ProviderID}-CacheVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-CacheVersion-Applicability-End -->
 
 <!-- Device-{ProviderID}-CacheVersion-OmaUri-Begin -->
@@ -141,7 +141,7 @@ Character string representing the cache version set by the server.
 <!-- Device-{ProviderID}-ChangedNodes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-ChangedNodes-Applicability-End -->
 
 <!-- Device-{ProviderID}-ChangedNodes-OmaUri-Begin -->
@@ -180,7 +180,7 @@ List of nodes whose values don't match their expected values as specified in /No
 <!-- Device-{ProviderID}-ChangedNodesData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-{ProviderID}-ChangedNodesData-Applicability-End -->
 
 <!-- Device-{ProviderID}-ChangedNodesData-OmaUri-Begin -->
@@ -219,7 +219,7 @@ XML containing nodes whose values don't match their expected values as specified
 <!-- Device-{ProviderID}-Nodes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-Nodes-Applicability-End -->
 
 <!-- Device-{ProviderID}-Nodes-OmaUri-Begin -->
@@ -258,7 +258,7 @@ Root node for cached nodes.
 <!-- Device-{ProviderID}-Nodes-{NodeID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-Nodes-{NodeID}-Applicability-End -->
 
 <!-- Device-{ProviderID}-Nodes-{NodeID}-OmaUri-Begin -->
@@ -298,7 +298,7 @@ Information about each cached node is stored under NodeID as specified by the se
 <!-- Device-{ProviderID}-Nodes-{NodeID}-AutoSetExpectedValue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-{ProviderID}-Nodes-{NodeID}-AutoSetExpectedValue-Applicability-End -->
 
 <!-- Device-{ProviderID}-Nodes-{NodeID}-AutoSetExpectedValue-OmaUri-Begin -->
@@ -337,7 +337,7 @@ This will automatically set the value on the device to match the node's actual v
 <!-- Device-{ProviderID}-Nodes-{NodeID}-ExpectedValue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-Nodes-{NodeID}-ExpectedValue-Applicability-End -->
 
 <!-- Device-{ProviderID}-Nodes-{NodeID}-ExpectedValue-OmaUri-Begin -->
@@ -395,7 +395,7 @@ Here's an example for setting the ExpectedValue to nonexistent.
 <!-- Device-{ProviderID}-Nodes-{NodeID}-NodeURI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProviderID}-Nodes-{NodeID}-NodeURI-Applicability-End -->
 
 <!-- Device-{ProviderID}-Nodes-{NodeID}-NodeURI-OmaUri-Begin -->
@@ -434,7 +434,7 @@ This node's value is a complete OMA DM node URI. It can specify either an interi
 <!-- User-{ProviderID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-Applicability-End -->
 
 <!-- User-{ProviderID}-OmaUri-Begin -->
@@ -474,7 +474,7 @@ Group settings per DM server. Each group of settings is distinguished by the ser
 <!-- User-{ProviderID}-CacheVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-CacheVersion-Applicability-End -->
 
 <!-- User-{ProviderID}-CacheVersion-OmaUri-Begin -->
@@ -513,7 +513,7 @@ Character string representing the cache version set by the server.
 <!-- User-{ProviderID}-ChangedNodes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-ChangedNodes-Applicability-End -->
 
 <!-- User-{ProviderID}-ChangedNodes-OmaUri-Begin -->
@@ -552,7 +552,7 @@ List of nodes whose values don't match their expected values as specified in /No
 <!-- User-{ProviderID}-ChangedNodesData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-ChangedNodesData-Applicability-End -->
 
 <!-- User-{ProviderID}-ChangedNodesData-OmaUri-Begin -->
@@ -591,7 +591,7 @@ XML containing nodes whose values don't match their expected values as specified
 <!-- User-{ProviderID}-Nodes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-Nodes-Applicability-End -->
 
 <!-- User-{ProviderID}-Nodes-OmaUri-Begin -->
@@ -630,7 +630,7 @@ Root node for cached nodes.
 <!-- User-{ProviderID}-Nodes-{NodeID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-Nodes-{NodeID}-Applicability-End -->
 
 <!-- User-{ProviderID}-Nodes-{NodeID}-OmaUri-Begin -->
@@ -670,7 +670,7 @@ Information about each cached node is stored under NodeID as specified by the se
 <!-- User-{ProviderID}-Nodes-{NodeID}-AutoSetExpectedValue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-Nodes-{NodeID}-AutoSetExpectedValue-Applicability-End -->
 
 <!-- User-{ProviderID}-Nodes-{NodeID}-AutoSetExpectedValue-OmaUri-Begin -->
@@ -709,7 +709,7 @@ This will automatically set the value on the device to match the node's actual v
 <!-- User-{ProviderID}-Nodes-{NodeID}-ExpectedValue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-Nodes-{NodeID}-ExpectedValue-Applicability-End -->
 
 <!-- User-{ProviderID}-Nodes-{NodeID}-ExpectedValue-OmaUri-Begin -->
@@ -767,7 +767,7 @@ Here's an example for setting the ExpectedValue to nonexistent.
 <!-- User-{ProviderID}-Nodes-{NodeID}-NodeURI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{ProviderID}-Nodes-{NodeID}-NodeURI-Applicability-End -->
 
 <!-- User-{ProviderID}-Nodes-{NodeID}-NodeURI-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index 9b143a00d7..e2d509178e 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.1</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -301,7 +301,7 @@ The following XML file contains the device description framework (DDF) for the N
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index 887ab52ddd..a5fd7fb004 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Office CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following list shows the Office configuration service provider nodes:
 <!-- Device-Installation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Installation-Applicability-End -->
 
 <!-- Device-Installation-OmaUri-Begin -->
@@ -85,7 +85,7 @@ Installation options for the office CSP.
 <!-- Device-Installation-{id}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Installation-{id}-Applicability-End -->
 
 <!-- Device-Installation-{id}-OmaUri-Begin -->
@@ -125,7 +125,7 @@ A unique identifier which represents the installation instance id.
 <!-- Device-Installation-{id}-FinalStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Installation-{id}-FinalStatus-Applicability-End -->
 
 <!-- Device-Installation-{id}-FinalStatus-OmaUri-Begin -->
@@ -168,7 +168,7 @@ Final Office 365 installation status.
 <!-- Device-Installation-{id}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Installation-{id}-Install-Applicability-End -->
 
 <!-- Device-Installation-{id}-Install-OmaUri-Begin -->
@@ -207,7 +207,7 @@ The install action will install office given the configuration in the data. The
 <!-- Device-Installation-{id}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Installation-{id}-Status-Applicability-End -->
 
 <!-- Device-Installation-{id}-Status-OmaUri-Begin -->
@@ -246,7 +246,7 @@ The installation status of the CSP.
 <!-- Device-Installation-CurrentStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Installation-CurrentStatus-Applicability-End -->
 
 <!-- Device-Installation-CurrentStatus-OmaUri-Begin -->
@@ -285,7 +285,7 @@ The current Office 365 installation status on the machine.
 <!-- User-Installation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-Installation-Applicability-End -->
 
 <!-- User-Installation-OmaUri-Begin -->
@@ -324,7 +324,7 @@ Installation options for the office CSP.
 <!-- User-Installation-{id}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-Installation-{id}-Applicability-End -->
 
 <!-- User-Installation-{id}-OmaUri-Begin -->
@@ -364,7 +364,7 @@ A unique identifier which represents the installation instance id.
 <!-- User-Installation-{id}-FinalStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- User-Installation-{id}-FinalStatus-Applicability-End -->
 
 <!-- User-Installation-{id}-FinalStatus-OmaUri-Begin -->
@@ -403,7 +403,7 @@ Final Office 365 installation status.
 <!-- User-Installation-{id}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-Installation-{id}-Install-Applicability-End -->
 
 <!-- User-Installation-{id}-Install-OmaUri-Begin -->
@@ -442,7 +442,7 @@ The install action will install office given the configuration in the data. The
 <!-- User-Installation-{id}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-Installation-{id}-Status-Applicability-End -->
 
 <!-- User-Installation-{id}-Status-OmaUri-Begin -->
@@ -481,7 +481,7 @@ The installation status of the CSP.
 <!-- User-Installation-CurrentStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-Installation-CurrentStatus-Applicability-End -->
 
 <!-- User-Installation-CurrentStatus-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index 85276e8c25..e3301499dc 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the O
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -218,7 +218,7 @@ The following XML file contains the device description framework (DDF) for the O
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index a325b44c94..d5c2ebe843 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -34,6 +34,7 @@ The following list shows the PassportForWork configuration service provider node
     - [Policies](#devicetenantidpolicies)
       - [DisablePostLogonProvisioning](#devicetenantidpoliciesdisablepostlogonprovisioning)
       - [EnablePinRecovery](#devicetenantidpoliciesenablepinrecovery)
+      - [EnableWindowsHelloProvisioningForSecurityKeys](#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
       - [ExcludeSecurityDevices](#devicetenantidpoliciesexcludesecuritydevices)
         - [TPM12](#devicetenantidpoliciesexcludesecuritydevicestpm12)
       - [PINComplexity](#devicetenantidpoliciespincomplexity)
@@ -89,7 +90,7 @@ The following list shows the PassportForWork configuration service provider node
 <!-- Device-{TenantId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Applicability-End -->
 
 <!-- Device-{TenantId}-OmaUri-Begin -->
@@ -130,7 +131,7 @@ To get the GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module
 <!-- Device-{TenantId}-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-OmaUri-Begin -->
@@ -169,7 +170,7 @@ Root node for policies.
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-OmaUri-Begin -->
@@ -218,7 +219,7 @@ Don't start Windows Hello provisioning after sign-in.
 <!-- Device-{TenantId}-Policies-EnablePinRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-{TenantId}-Policies-EnablePinRecovery-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-EnablePinRecovery-OmaUri-Begin -->
@@ -265,13 +266,62 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows
 
 <!-- Device-{TenantId}-Policies-EnablePinRecovery-End -->
 
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Begin -->
+#### Device/{TenantId}/Policies/EnableWindowsHelloProvisioningForSecurityKeys
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Applicability-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/EnableWindowsHelloProvisioningForSecurityKeys
+```
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-OmaUri-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enable Windows Hello provisioning if users sign-in to their devices with FIDO2 security keys.
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Description-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Editable-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | False |
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-DFProperties-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disabled. |
+| true | Enabled. |
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-AllowedValues-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-Examples-End -->
+
+<!-- Device-{TenantId}-Policies-EnableWindowsHelloProvisioningForSecurityKeys-End -->
+
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-Begin -->
 #### Device/{TenantId}/Policies/ExcludeSecurityDevices
 
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-OmaUri-Begin -->
@@ -312,7 +362,7 @@ Root node for excluded security devices.
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-TPM12-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-TPM12-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-ExcludeSecurityDevices-TPM12-OmaUri-Begin -->
@@ -365,7 +415,7 @@ Some Trusted Platform Modules (TPMs) are only compliant with the older 1.2 revis
 <!-- Device-{TenantId}-Policies-PINComplexity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-OmaUri-Begin -->
@@ -404,7 +454,7 @@ Root node for PIN policies.
 <!-- Device-{TenantId}-Policies-PINComplexity-Digits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-Digits-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-Digits-OmaUri-Begin -->
@@ -460,7 +510,7 @@ If you don't configure this policy setting, Windows Hello for Business requires
 <!-- Device-{TenantId}-Policies-PINComplexity-Expiration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-Expiration-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-Expiration-OmaUri-Begin -->
@@ -501,7 +551,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730
 <!-- Device-{TenantId}-Policies-PINComplexity-History-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-History-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-History-OmaUri-Begin -->
@@ -542,7 +592,7 @@ This policy specifies the number of past PINs that can be stored in the history
 <!-- Device-{TenantId}-Policies-PINComplexity-LowercaseLetters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-LowercaseLetters-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-LowercaseLetters-OmaUri-Begin -->
@@ -598,7 +648,7 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a
 <!-- Device-{TenantId}-Policies-PINComplexity-MaximumPINLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-MaximumPINLength-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-MaximumPINLength-OmaUri-Begin -->
@@ -646,7 +696,7 @@ Maximum PIN length configures the maximum number of characters allowed for the P
 <!-- Device-{TenantId}-Policies-PINComplexity-MinimumPINLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-MinimumPINLength-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-MinimumPINLength-OmaUri-Begin -->
@@ -694,7 +744,7 @@ Minimum PIN length configures the minimum number of characters required for the
 <!-- Device-{TenantId}-Policies-PINComplexity-SpecialCharacters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-SpecialCharacters-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-SpecialCharacters-OmaUri-Begin -->
@@ -750,7 +800,7 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a
 <!-- Device-{TenantId}-Policies-PINComplexity-UppercaseLetters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-PINComplexity-UppercaseLetters-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-PINComplexity-UppercaseLetters-OmaUri-Begin -->
@@ -806,7 +856,7 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a
 <!-- Device-{TenantId}-Policies-Remote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-Remote-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-Remote-OmaUri-Begin -->
@@ -845,7 +895,7 @@ Root node for phone sign-in policies.
 <!-- Device-{TenantId}-Policies-Remote-UseRemotePassport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-Remote-UseRemotePassport-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-Remote-UseRemotePassport-OmaUri-Begin -->
@@ -902,7 +952,7 @@ Default value is false.
 <!-- Device-{TenantId}-Policies-RequireSecurityDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-RequireSecurityDevice-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-RequireSecurityDevice-OmaUri-Begin -->
@@ -955,7 +1005,7 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw
 <!-- Device-{TenantId}-Policies-UseCertificateForOnPremAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-UseCertificateForOnPremAuth-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-UseCertificateForOnPremAuth-OmaUri-Begin -->
@@ -1008,7 +1058,7 @@ Windows Hello for Business can use certificates to authenticate to on-premise re
 <!-- Device-{TenantId}-Policies-UseCloudTrustForOnPremAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 21H2 [10.0.19044.1566] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 21H2 [10.0.19044.1566] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-{TenantId}-Policies-UseCloudTrustForOnPremAuth-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-UseCloudTrustForOnPremAuth-OmaUri-Begin -->
@@ -1061,7 +1111,7 @@ Boolean value that enables Windows Hello for Business to use Azure AD Kerberos t
 <!-- Device-{TenantId}-Policies-UseHelloCertificatesAsSmartCardCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-{TenantId}-Policies-UseHelloCertificatesAsSmartCardCertificates-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-UseHelloCertificatesAsSmartCardCertificates-OmaUri-Begin -->
@@ -1115,7 +1165,7 @@ Windows requires a user to lock and unlock their session after changing this set
 <!-- Device-{TenantId}-Policies-UsePassportForWork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{TenantId}-Policies-UsePassportForWork-Applicability-End -->
 
 <!-- Device-{TenantId}-Policies-UsePassportForWork-OmaUri-Begin -->
@@ -1168,7 +1218,7 @@ Windows Hello for Business is an alternative method for signing into Windows usi
 <!-- Device-Biometrics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Biometrics-Applicability-End -->
 
 <!-- Device-Biometrics-OmaUri-Begin -->
@@ -1207,7 +1257,7 @@ Root node for biometrics policies.
 <!-- Device-Biometrics-EnableESSwithSupportedPeripherals-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Biometrics-EnableESSwithSupportedPeripherals-Applicability-End -->
 
 <!-- Device-Biometrics-EnableESSwithSupportedPeripherals-OmaUri-Begin -->
@@ -1265,7 +1315,7 @@ Enhanced Sign-in Security (ESS) isolates both biometric template data and matchi
 <!-- Device-Biometrics-FacialFeaturesUseEnhancedAntiSpoofing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Biometrics-FacialFeaturesUseEnhancedAntiSpoofing-Applicability-End -->
 
 <!-- Device-Biometrics-FacialFeaturesUseEnhancedAntiSpoofing-OmaUri-Begin -->
@@ -1322,7 +1372,7 @@ Note that enhanced anti-spoofing for Windows Hello face authentication isn't req
 <!-- Device-Biometrics-UseBiometrics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Biometrics-UseBiometrics-Applicability-End -->
 
 <!-- Device-Biometrics-UseBiometrics-OmaUri-Begin -->
@@ -1380,7 +1430,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face
 <!-- Device-DeviceUnlock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceUnlock-Applicability-End -->
 
 <!-- Device-DeviceUnlock-OmaUri-Begin -->
@@ -1419,7 +1469,7 @@ Device Unlock.
 <!-- Device-DeviceUnlock-GroupA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceUnlock-GroupA-Applicability-End -->
 
 <!-- Device-DeviceUnlock-GroupA-OmaUri-Begin -->
@@ -1459,7 +1509,7 @@ Contains a list of providers by GUID that are to be considered for the first ste
 <!-- Device-DeviceUnlock-GroupB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceUnlock-GroupB-Applicability-End -->
 
 <!-- Device-DeviceUnlock-GroupB-OmaUri-Begin -->
@@ -1499,7 +1549,7 @@ Contains a list of providers by GUID that are to be considered for the second st
 <!-- Device-DeviceUnlock-Plugins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DeviceUnlock-Plugins-Applicability-End -->
 
 <!-- Device-DeviceUnlock-Plugins-OmaUri-Begin -->
@@ -1538,7 +1588,7 @@ List of plugins that the passive provider monitors to detect user presence.
 <!-- Device-DynamicLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DynamicLock-Applicability-End -->
 
 <!-- Device-DynamicLock-OmaUri-Begin -->
@@ -1577,7 +1627,7 @@ Dynamic Lock.
 <!-- Device-DynamicLock-DynamicLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DynamicLock-DynamicLock-Applicability-End -->
 
 <!-- Device-DynamicLock-DynamicLock-OmaUri-Begin -->
@@ -1626,7 +1676,7 @@ Enables/Disables Dynamic Lock.
 <!-- Device-DynamicLock-Plugins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-DynamicLock-Plugins-Applicability-End -->
 
 <!-- Device-DynamicLock-Plugins-OmaUri-Begin -->
@@ -1665,7 +1715,7 @@ List of plugins that the passive provider monitors to detect user absence.
 <!-- Device-SecurityKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-SecurityKey-Applicability-End -->
 
 <!-- Device-SecurityKey-OmaUri-Begin -->
@@ -1704,7 +1754,7 @@ Security Key.
 <!-- Device-SecurityKey-UseSecurityKeyForSignin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- Device-SecurityKey-UseSecurityKeyForSignin-Applicability-End -->
 
 <!-- Device-SecurityKey-UseSecurityKeyForSignin-OmaUri-Begin -->
@@ -1757,7 +1807,7 @@ Enables users to sign in to their device with a [FIDO2 security key](/azure/acti
 <!-- Device-UseBiometrics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-UseBiometrics-Applicability-End -->
 
 <!-- Device-UseBiometrics-OmaUri-Begin -->
@@ -1815,7 +1865,7 @@ Windows Hello for Business enables users to use biometric gestures, such as face
 <!-- User-{TenantId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Applicability-End -->
 
 <!-- User-{TenantId}-OmaUri-Begin -->
@@ -1856,7 +1906,7 @@ To get the GUID, use the PowerShell cmdlet [Get-AzureAccount](/powershell/module
 <!-- User-{TenantId}-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-OmaUri-Begin -->
@@ -1895,7 +1945,7 @@ Root node for policies.
 <!-- User-{TenantId}-Policies-EnablePinRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- User-{TenantId}-Policies-EnablePinRecovery-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-EnablePinRecovery-OmaUri-Begin -->
@@ -1948,7 +1998,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows
 <!-- User-{TenantId}-Policies-PINComplexity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-OmaUri-Begin -->
@@ -1987,7 +2037,7 @@ Root node for PIN policies.
 <!-- User-{TenantId}-Policies-PINComplexity-Digits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-Digits-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-Digits-OmaUri-Begin -->
@@ -2043,7 +2093,7 @@ If you don't configure this policy setting, Windows Hello for Business requires
 <!-- User-{TenantId}-Policies-PINComplexity-Expiration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-Expiration-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-Expiration-OmaUri-Begin -->
@@ -2084,7 +2134,7 @@ This policy specifies when the PIN expires (in days). Valid values are 0 to 730
 <!-- User-{TenantId}-Policies-PINComplexity-History-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-History-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-History-OmaUri-Begin -->
@@ -2125,7 +2175,7 @@ This policy specifies the number of past PINs that can be stored in the history
 <!-- User-{TenantId}-Policies-PINComplexity-LowercaseLetters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-LowercaseLetters-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-LowercaseLetters-OmaUri-Begin -->
@@ -2181,7 +2231,7 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a
 <!-- User-{TenantId}-Policies-PINComplexity-MaximumPINLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-MaximumPINLength-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-MaximumPINLength-OmaUri-Begin -->
@@ -2229,7 +2279,7 @@ Maximum PIN length configures the maximum number of characters allowed for the P
 <!-- User-{TenantId}-Policies-PINComplexity-MinimumPINLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-MinimumPINLength-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-MinimumPINLength-OmaUri-Begin -->
@@ -2277,7 +2327,7 @@ Minimum PIN length configures the minimum number of characters required for the
 <!-- User-{TenantId}-Policies-PINComplexity-SpecialCharacters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-SpecialCharacters-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-SpecialCharacters-OmaUri-Begin -->
@@ -2333,7 +2383,7 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a
 <!-- User-{TenantId}-Policies-PINComplexity-UppercaseLetters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-PINComplexity-UppercaseLetters-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-PINComplexity-UppercaseLetters-OmaUri-Begin -->
@@ -2389,7 +2439,7 @@ If you don't configure this policy setting, Windows Hello for Business doesn't a
 <!-- User-{TenantId}-Policies-RequireSecurityDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-RequireSecurityDevice-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-RequireSecurityDevice-OmaUri-Begin -->
@@ -2442,7 +2492,7 @@ A Trusted Platform Module (TPM) provides additional security benefits over softw
 <!-- User-{TenantId}-Policies-UsePassportForWork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{TenantId}-Policies-UsePassportForWork-Applicability-End -->
 
 <!-- User-{TenantId}-Policies-UsePassportForWork-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index 28991ea21c..8a2ac551bc 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 08/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -572,7 +572,7 @@ If you do not configure this policy setting, Windows Hello for Business requires
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -814,6 +814,45 @@ If you disable or do not configure this policy setting, the PIN recovery secret
             </MSFT:AllowedValues>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>EnableWindowsHelloProvisioningForSecurityKeys</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>False</DefaultValue>
+            <Description>Enable Windows Hello provisioning if users sign-in to their devices with FIDO2 security keys.</Description>
+            <DFFormat>
+              <bool />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME />
+            </DFType>
+            <MSFT:Applicability>
+              <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+              <MSFT:CspVersion>1.6</MSFT:CspVersion>
+            </MSFT:Applicability>
+            <MSFT:AllowedValues ValueType="ENUM">
+              <MSFT:Enum>
+                <MSFT:Value>false</MSFT:Value>
+                <MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
+              </MSFT:Enum>
+              <MSFT:Enum>
+                <MSFT:Value>true</MSFT:Value>
+                <MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
+              </MSFT:Enum>
+            </MSFT:AllowedValues>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>DisablePostLogonProvisioning</NodeName>
           <DFProperties>
diff --git a/windows/client-management/mdm/personaldataencryption-csp.md b/windows/client-management/mdm/personaldataencryption-csp.md
index ad6900a0f4..6c8eb48c1b 100644
--- a/windows/client-management/mdm/personaldataencryption-csp.md
+++ b/windows/client-management/mdm/personaldataencryption-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the PDE CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -36,7 +36,7 @@ The following list shows the PDE configuration service provider nodes:
 <!-- User-EnablePersonalDataEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- User-EnablePersonalDataEncryption-Applicability-End -->
 
 <!-- User-EnablePersonalDataEncryption-OmaUri-Begin -->
@@ -85,7 +85,7 @@ The [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.u
 <!-- User-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- User-Status-Applicability-End -->
 
 <!-- User-Status-OmaUri-Begin -->
@@ -127,7 +127,7 @@ Reports the current status of Personal Data Encryption (PDE) for the user.
 <!-- User-Status-PersonalDataEncryptionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- User-Status-PersonalDataEncryptionStatus-Applicability-End -->
 
 <!-- User-Status-PersonalDataEncryptionStatus-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/personaldataencryption-ddf-file.md b/windows/client-management/mdm/personaldataencryption-ddf-file.md
index 1d5d233812..b2f9432892 100644
--- a/windows/client-management/mdm/personaldataencryption-ddf-file.md
+++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0xAB;0xAC;0xB4;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index 13569098fc..5e4eb9b6d2 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Personalization CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -40,7 +40,7 @@ The following list shows the Personalization configuration service provider node
 <!-- Device-DesktopImageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-DesktopImageStatus-Applicability-End -->
 
 <!-- Device-DesktopImageStatus-OmaUri-Begin -->
@@ -79,7 +79,7 @@ This represents the status of the DesktopImage. 1 - Successfully downloaded or c
 <!-- Device-DesktopImageUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-DesktopImageUrl-Applicability-End -->
 
 <!-- Device-DesktopImageUrl-OmaUri-Begin -->
@@ -118,7 +118,7 @@ A http or https Url to a jpg, jpeg or png image that needs to be downloaded and
 <!-- Device-LockScreenImageStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-LockScreenImageStatus-Applicability-End -->
 
 <!-- Device-LockScreenImageStatus-OmaUri-Begin -->
@@ -157,7 +157,7 @@ This represents the status of the LockScreenImage. 1 - Successfully downloaded o
 <!-- Device-LockScreenImageUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-LockScreenImageUrl-Applicability-End -->
 
 <!-- Device-LockScreenImageUrl-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index b2d5a5ded4..a57ddb1e63 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 404381b85a..d949612f72 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -64,8 +64,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 
 ## ADMX_AppXRuntime
 
-- [AppxRuntimeBlockFileElevation](policy-csp-admx-appxruntime.md)
-- [AppxRuntimeBlockProtocolElevation](policy-csp-admx-appxruntime.md)
 - [AppxRuntimeBlockFileElevation](policy-csp-admx-appxruntime.md)
 - [AppxRuntimeBlockProtocolElevation](policy-csp-admx-appxruntime.md)
 - [AppxRuntimeBlockHostedAppAccessWinRT](policy-csp-admx-appxruntime.md)
@@ -141,7 +139,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [CPL_Personalization_PersonalColors](policy-csp-admx-controlpaneldisplay.md)
 - [CPL_Personalization_ForceDefaultLockScreen](policy-csp-admx-controlpaneldisplay.md)
 - [CPL_Personalization_StartBackground](policy-csp-admx-controlpaneldisplay.md)
-- [CPL_Personalization_SetTheme](policy-csp-admx-controlpaneldisplay.md)
 - [CPL_Personalization_NoChangingLockScreen](policy-csp-admx-controlpaneldisplay.md)
 - [CPL_Personalization_NoChangingStartMenuBackground](policy-csp-admx-controlpaneldisplay.md)
 
@@ -221,7 +218,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [NoRecycleBinIcon](policy-csp-admx-desktop.md)
 - [NoDesktopCleanupWizard](policy-csp-admx-desktop.md)
 - [NoWindowMinimizingShortcuts](policy-csp-admx-desktop.md)
-- [NoDesktop](policy-csp-admx-desktop.md)
 
 ## ADMX_DeviceCompat
 
@@ -542,7 +538,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [DisableAOACProcessing](policy-csp-admx-grouppolicy.md)
 - [DisableLGPOProcessing](policy-csp-admx-grouppolicy.md)
 - [RSoPLogging](policy-csp-admx-grouppolicy.md)
-- [ProcessMitigationOptions](policy-csp-admx-grouppolicy.md)
 - [FontMitigation](policy-csp-admx-grouppolicy.md)
 
 ## ADMX_Help
@@ -1163,10 +1158,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 
 ## ADMX_PowerShellExecutionPolicy
 
-- [EnableUpdateHelpDefaultSourcePath](policy-csp-admx-powershellexecutionpolicy.md)
-- [EnableModuleLogging](policy-csp-admx-powershellexecutionpolicy.md)
-- [EnableTranscripting](policy-csp-admx-powershellexecutionpolicy.md)
-- [EnableScripts](policy-csp-admx-powershellexecutionpolicy.md)
 - [EnableUpdateHelpDefaultSourcePath](policy-csp-admx-powershellexecutionpolicy.md)
 - [EnableModuleLogging](policy-csp-admx-powershellexecutionpolicy.md)
 - [EnableTranscripting](policy-csp-admx-powershellexecutionpolicy.md)
@@ -1339,7 +1330,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [Run_Logon_Script_Sync_2](policy-csp-admx-scripts.md)
 - [Run_Startup_Script_Sync](policy-csp-admx-scripts.md)
 - [Run_Computer_PS_Scripts_First](policy-csp-admx-scripts.md)
-- [Run_User_PS_Scripts_First](policy-csp-admx-scripts.md)
 - [MaxGPOScriptWaitPolicy](policy-csp-admx-scripts.md)
 
 ## ADMX_sdiageng
@@ -1509,14 +1499,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [NoAutoTrayNotify](policy-csp-admx-startmenu.md)
 - [Intellimenus](policy-csp-admx-startmenu.md)
 - [NoInstrumentation](policy-csp-admx-startmenu.md)
-- [StartPinAppsWhenInstalled](policy-csp-admx-startmenu.md)
-- [NoSetTaskbar](policy-csp-admx-startmenu.md)
-- [NoChangeStartMenu](policy-csp-admx-startmenu.md)
-- [NoUninstallFromStart](policy-csp-admx-startmenu.md)
-- [NoTrayContextMenu](policy-csp-admx-startmenu.md)
-- [NoMoreProgramsList](policy-csp-admx-startmenu.md)
 - [HidePowerOptions](policy-csp-admx-startmenu.md)
-- [NoRun](policy-csp-admx-startmenu.md)
 
 ## ADMX_SystemRestore
 
@@ -1590,8 +1573,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [NoSystraySystemPromotion](policy-csp-admx-taskbar.md)
 - [NoBalloonFeatureAdvertisements](policy-csp-admx-taskbar.md)
 - [TaskbarNoThumbnail](policy-csp-admx-taskbar.md)
-- [DisableNotificationCenter](policy-csp-admx-taskbar.md)
-- [TaskbarNoPinnedList](policy-csp-admx-taskbar.md)
 
 ## ADMX_tcpip
 
@@ -1849,132 +1830,13 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [Travel](policy-csp-admx-userexperiencevirtualization.md)
 - [Video](policy-csp-admx-userexperiencevirtualization.md)
 - [Weather](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013AccessBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016AccessBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [Calculator](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013CommonBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016CommonBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013ExcelBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016ExcelBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013InfoPathBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [InternetExplorer10](policy-csp-admx-userexperiencevirtualization.md)
-- [InternetExplorer11](policy-csp-admx-userexperiencevirtualization.md)
-- [InternetExplorer8](policy-csp-admx-userexperiencevirtualization.md)
-- [InternetExplorer9](policy-csp-admx-userexperiencevirtualization.md)
-- [InternetExplorerCommon](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013LyncBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016LyncBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Access](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Access](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Access](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Excel](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Excel](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Excel](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010InfoPath](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013InfoPath](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Lync](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Lync](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Lync](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Common](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Common](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013UploadCenter](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Common](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016UploadCenter](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Access2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Access2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Common2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Common2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Excel2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Excel2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365InfoPath2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Lync2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Lync2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365OneNote2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365OneNote2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Outlook2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Outlook2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365PowerPoint2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365PowerPoint2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Project2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Project2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Publisher2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Publisher2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365SharePointDesigner2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Visio2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Visio2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Word2013](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice365Word2016](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013OneDriveForBusiness](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016OneDriveForBusiness](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010OneNote](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013OneNote](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016OneNote](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Outlook](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Outlook](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Outlook](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010PowerPoint](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013PowerPoint](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016PowerPoint](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Project](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Project](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Project](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Publisher](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Publisher](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Publisher](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010SharePointDesigner](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013SharePointDesigner](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010SharePointWorkspace](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Visio](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Visio](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Visio](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2010Word](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013Word](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016Word](policy-csp-admx-userexperiencevirtualization.md)
-- [Notepad](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013OneNoteBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016OneNoteBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013OutlookBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016OutlookBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013PowerPointBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016PowerPointBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013ProjectBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016ProjectBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013PublisherBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016PublisherBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013SharePointDesignerBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013VisioBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016VisioBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2013WordBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [MicrosoftOffice2016WordBackup](policy-csp-admx-userexperiencevirtualization.md)
-- [Wordpad](policy-csp-admx-userexperiencevirtualization.md)
-- [ConfigureSyncMethod](policy-csp-admx-userexperiencevirtualization.md)
 - [ContactITDescription](policy-csp-admx-userexperiencevirtualization.md)
 - [ContactITUrl](policy-csp-admx-userexperiencevirtualization.md)
-- [DisableWin8Sync](policy-csp-admx-userexperiencevirtualization.md)
 - [EnableUEV](policy-csp-admx-userexperiencevirtualization.md)
 - [FirstUseNotificationEnabled](policy-csp-admx-userexperiencevirtualization.md)
-- [SyncProviderPingEnabled](policy-csp-admx-userexperiencevirtualization.md)
-- [MaxPackageSizeInBytes](policy-csp-admx-userexperiencevirtualization.md)
-- [SettingsStoragePath](policy-csp-admx-userexperiencevirtualization.md)
 - [SettingsTemplateCatalogPath](policy-csp-admx-userexperiencevirtualization.md)
-- [SyncOverMeteredNetwork](policy-csp-admx-userexperiencevirtualization.md)
-- [SyncOverMeteredNetworkWhenRoaming](policy-csp-admx-userexperiencevirtualization.md)
 - [SyncUnlistedWindows8Apps](policy-csp-admx-userexperiencevirtualization.md)
-- [RepositoryTimeout](policy-csp-admx-userexperiencevirtualization.md)
-- [DisableWindowsOSSettings](policy-csp-admx-userexperiencevirtualization.md)
 - [TrayIconEnabled](policy-csp-admx-userexperiencevirtualization.md)
-- [SyncEnabled](policy-csp-admx-userexperiencevirtualization.md)
-- [ConfigureVdi](policy-csp-admx-userexperiencevirtualization.md)
-- [Finance](policy-csp-admx-userexperiencevirtualization.md)
-- [Games](policy-csp-admx-userexperiencevirtualization.md)
-- [Maps](policy-csp-admx-userexperiencevirtualization.md)
-- [Music](policy-csp-admx-userexperiencevirtualization.md)
-- [News](policy-csp-admx-userexperiencevirtualization.md)
-- [Reader](policy-csp-admx-userexperiencevirtualization.md)
-- [Sports](policy-csp-admx-userexperiencevirtualization.md)
-- [Travel](policy-csp-admx-userexperiencevirtualization.md)
-- [Video](policy-csp-admx-userexperiencevirtualization.md)
-- [Weather](policy-csp-admx-userexperiencevirtualization.md)
 
 ## ADMX_UserProfiles
 
@@ -2089,35 +1951,11 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [IZ_Policy_OpenSearchPreview_Trusted](policy-csp-admx-windowsexplorer.md)
 - [EnableShellShortcutIconRemotePath](policy-csp-admx-windowsexplorer.md)
 - [EnableSmartScreen](policy-csp-admx-windowsexplorer.md)
-- [DisableBindDirectlyToPropertySetStorage](policy-csp-admx-windowsexplorer.md)
 - [NoNewAppAlert](policy-csp-admx-windowsexplorer.md)
-- [DefaultLibrariesLocation](policy-csp-admx-windowsexplorer.md)
 - [ShowHibernateOption](policy-csp-admx-windowsexplorer.md)
 - [ShowSleepOption](policy-csp-admx-windowsexplorer.md)
-- [ExplorerRibbonStartsMinimized](policy-csp-admx-windowsexplorer.md)
-- [NoStrCmpLogical](policy-csp-admx-windowsexplorer.md)
 - [ShellProtocolProtectedModeTitle_2](policy-csp-admx-windowsexplorer.md)
 - [CheckSameSourceAndTargetForFRAndDFS](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_Internet](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_Internet](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_Intranet](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_Intranet](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_LocalMachine](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_LocalMachine](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_InternetLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_InternetLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_IntranetLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_IntranetLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_LocalMachineLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_LocalMachineLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_RestrictedLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_RestrictedLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_TrustedLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_TrustedLockdown](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_Restricted](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_Restricted](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchQuery_Trusted](policy-csp-admx-windowsexplorer.md)
-- [IZ_Policy_OpenSearchPreview_Trusted](policy-csp-admx-windowsexplorer.md)
 
 ## ADMX_WindowsMediaDRM
 
@@ -2174,7 +2012,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [LogonHoursPolicyDescription](policy-csp-admx-winlogon.md)
 - [SoftwareSASGeneration](policy-csp-admx-winlogon.md)
 - [DisplayLastLogonInfoDescription](policy-csp-admx-winlogon.md)
-- [ReportCachedLogonPolicyDescription](policy-csp-admx-winlogon.md)
 
 ## ADMX_Winsrv
 
@@ -2204,7 +2041,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [NoQuietHours](policy-csp-admx-wpn.md)
 - [NoToastNotification](policy-csp-admx-wpn.md)
 - [NoLockScreenToastNotification](policy-csp-admx-wpn.md)
-- [NoToastNotification](policy-csp-admx-wpn.md)
 
 ## AppRuntime
 
@@ -2249,9 +2085,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 
 ## Autoplay
 
-- [DisallowAutoplayForNonVolumeDevices](policy-csp-autoplay.md)
-- [SetDefaultAutoRunBehavior](policy-csp-autoplay.md)
-- [TurnOffAutoPlay](policy-csp-autoplay.md)
 - [DisallowAutoplayForNonVolumeDevices](policy-csp-autoplay.md)
 - [SetDefaultAutoRunBehavior](policy-csp-autoplay.md)
 - [TurnOffAutoPlay](policy-csp-autoplay.md)
@@ -2279,7 +2112,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 
 ## CredentialsUI
 
-- [DisablePasswordReveal](policy-csp-credentialsui.md)
 - [DisablePasswordReveal](policy-csp-credentialsui.md)
 - [EnumerateAdministrators](policy-csp-credentialsui.md)
 
@@ -2350,6 +2182,11 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [TurnOffDataExecutionPreventionForExplorer](policy-csp-fileexplorer.md)
 - [TurnOffHeapTerminationOnCorruption](policy-csp-fileexplorer.md)
 
+## FileSystem
+
+- [EnableDevDrive](policy-csp-filesystem.md)
+- [DevDriveAttachPolicy](policy-csp-filesystem.md)
+
 ## InternetExplorer
 
 - [AddSearchProvider](policy-csp-internetexplorer.md)
@@ -2608,264 +2445,11 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [LockedDownIntranetJavaPermissions](policy-csp-internetexplorer.md)
 - [RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](policy-csp-internetexplorer.md)
 - [DisableHTMLApplication](policy-csp-internetexplorer.md)
-- [AddSearchProvider](policy-csp-internetexplorer.md)
-- [DisableSecondaryHomePageChange](policy-csp-internetexplorer.md)
 - [DisableUpdateCheck](policy-csp-internetexplorer.md)
-- [DisableProxyChange](policy-csp-internetexplorer.md)
-- [DisableSearchProviderChange](policy-csp-internetexplorer.md)
-- [DisableCustomerExperienceImprovementProgramParticipation](policy-csp-internetexplorer.md)
-- [AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md)
-- [AllowSuggestedSites](policy-csp-internetexplorer.md)
-- [DisableCompatView](policy-csp-internetexplorer.md)
-- [DisableFeedsBackgroundSync](policy-csp-internetexplorer.md)
-- [DisableFirstRunWizard](policy-csp-internetexplorer.md)
-- [DisableFlipAheadFeature](policy-csp-internetexplorer.md)
-- [DisableGeolocation](policy-csp-internetexplorer.md)
-- [DisableWebAddressAutoComplete](policy-csp-internetexplorer.md)
-- [NewTabDefaultPage](policy-csp-internetexplorer.md)
-- [PreventManagingSmartScreenFilter](policy-csp-internetexplorer.md)
-- [SearchProviderList](policy-csp-internetexplorer.md)
 - [DoNotAllowUsersToAddSites](policy-csp-internetexplorer.md)
 - [DoNotAllowUsersToChangePolicies](policy-csp-internetexplorer.md)
-- [AllowActiveXFiltering](policy-csp-internetexplorer.md)
-- [AllowEnterpriseModeSiteList](policy-csp-internetexplorer.md)
-- [SendSitesNotInEnterpriseSiteListToEdge](policy-csp-internetexplorer.md)
-- [ConfigureEdgeRedirectChannel](policy-csp-internetexplorer.md)
-- [KeepIntranetSitesInInternetExplorer](policy-csp-internetexplorer.md)
-- [AllowSaveTargetAsInIEMode](policy-csp-internetexplorer.md)
-- [DisableInternetExplorerApp](policy-csp-internetexplorer.md)
-- [EnableExtendedIEModeHotkeys](policy-csp-internetexplorer.md)
-- [ResetZoomForDialogInIEMode](policy-csp-internetexplorer.md)
-- [EnableGlobalWindowListInIEMode](policy-csp-internetexplorer.md)
-- [JScriptReplacement](policy-csp-internetexplorer.md)
-- [AllowInternetExplorerStandardsMode](policy-csp-internetexplorer.md)
-- [AllowInternetExplorer7PolicyList](policy-csp-internetexplorer.md)
-- [DisableEncryptionSupport](policy-csp-internetexplorer.md)
-- [AllowEnhancedProtectedMode](policy-csp-internetexplorer.md)
-- [AllowInternetZoneTemplate](policy-csp-internetexplorer.md)
-- [IncludeAllLocalSites](policy-csp-internetexplorer.md)
-- [IncludeAllNetworkPaths](policy-csp-internetexplorer.md)
-- [AllowIntranetZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowLocalMachineZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowLockedDownInternetZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowLockedDownIntranetZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowLockedDownLocalMachineZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowLockedDownRestrictedSitesZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowsLockedDownTrustedSitesZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowsRestrictedSitesZoneTemplate](policy-csp-internetexplorer.md)
-- [AllowSiteToZoneAssignmentList](policy-csp-internetexplorer.md)
-- [AllowTrustedSitesZoneTemplate](policy-csp-internetexplorer.md)
-- [InternetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowAccessToDataSources](policy-csp-internetexplorer.md)
-- [InternetZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowFontDownloads](policy-csp-internetexplorer.md)
-- [InternetZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowScriptlets](policy-csp-internetexplorer.md)
-- [InternetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](policy-csp-internetexplorer.md)
-- [InternetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [IntranetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [LocalMachineZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [IntranetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [LocalMachineZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneNavigateWindowsAndFrames](policy-csp-internetexplorer.md)
-- [InternetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](policy-csp-internetexplorer.md)
-- [InternetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowSmartScreenIE](policy-csp-internetexplorer.md)
-- [InternetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowUserDataPersistence](policy-csp-internetexplorer.md)
-- [InternetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [IntranetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [LockedDownIntranetZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [LocalMachineZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneAllowLessPrivilegedSites](policy-csp-internetexplorer.md)
-- [AllowAddOnList](policy-csp-internetexplorer.md)
-- [DoNotBlockOutdatedActiveXControls](policy-csp-internetexplorer.md)
-- [DoNotBlockOutdatedActiveXControlsOnSpecificDomains](policy-csp-internetexplorer.md)
-- [DisableEnclosureDownloading](policy-csp-internetexplorer.md)
-- [DisableBypassOfSmartScreenWarnings](policy-csp-internetexplorer.md)
-- [DisableBypassOfSmartScreenWarningsAboutUncommonFiles](policy-csp-internetexplorer.md)
-- [AllowOneWordEntry](policy-csp-internetexplorer.md)
-- [AllowEnterpriseModeFromToolsMenu](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowActiveScripting](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowBinaryAndScriptBehaviors](policy-csp-internetexplorer.md)
-- [InternetZoneAllowCopyPasteViaScript](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowCopyPasteViaScript](policy-csp-internetexplorer.md)
-- [AllowDeletingBrowsingHistoryOnExit](policy-csp-internetexplorer.md)
-- [InternetZoneAllowDragAndDropCopyAndPasteFiles](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](policy-csp-internetexplorer.md)
 - [AllowFallbackToSSL3](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowFileDownloads](policy-csp-internetexplorer.md)
-- [InternetZoneAllowLoadingOfXAMLFiles](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowLoadingOfXAMLFiles](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowMETAREFRESH](policy-csp-internetexplorer.md)
-- [InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](policy-csp-internetexplorer.md)
-- [InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](policy-csp-internetexplorer.md)
-- [InternetZoneAllowScriptInitiatedWindows](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowScriptInitiatedWindows](policy-csp-internetexplorer.md)
-- [AllowSoftwareWhenSignatureIsInvalid](policy-csp-internetexplorer.md)
-- [InternetZoneAllowUpdatesToStatusBarViaScript](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](policy-csp-internetexplorer.md)
-- [CheckServerCertificateRevocation](policy-csp-internetexplorer.md)
-- [CheckSignaturesOnDownloadedPrograms](policy-csp-internetexplorer.md)
-- [DisableConfiguringHistory](policy-csp-internetexplorer.md)
-- [DoNotAllowActiveXControlsInProtectedMode](policy-csp-internetexplorer.md)
-- [InternetZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md)
-- [IntranetZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md)
-- [LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneDownloadSignedActiveXControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneDownloadSignedActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneDownloadUnsignedActiveXControls](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneDownloadUnsignedActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](policy-csp-internetexplorer.md)
-- [InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](policy-csp-internetexplorer.md)
-- [InternetZoneEnableMIMESniffing](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneEnableMIMESniffing](policy-csp-internetexplorer.md)
-- [InternetZoneIncludeLocalPathWhenUploadingFilesToServer](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](policy-csp-internetexplorer.md)
-- [ConsistentMimeHandlingInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [MimeSniffingSafetyFeatureInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [MKProtocolSecurityRestrictionInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [NotificationBarInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [ProtectionFromZoneElevationInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [RestrictActiveXInstallInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [RestrictFileDownloadInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](policy-csp-internetexplorer.md)
-- [InternetZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [IntranetZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [LocalMachineZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [LockedDownInternetZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [LockedDownLocalMachineZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [LockedDownRestrictedSitesZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [LockedDownTrustedSitesZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [TrustedSitesZoneJavaPermissions](policy-csp-internetexplorer.md)
-- [InternetZoneLaunchingApplicationsAndFilesInIFRAME](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](policy-csp-internetexplorer.md)
-- [InternetZoneLogonOptions](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneLogonOptions](policy-csp-internetexplorer.md)
-- [DisableDeletingUserVisitedWebsites](policy-csp-internetexplorer.md)
-- [DisableIgnoringCertificateErrors](policy-csp-internetexplorer.md)
-- [PreventPerUserInstallationOfActiveXControls](policy-csp-internetexplorer.md)
-- [RemoveRunThisTimeButtonForOutdatedActiveXControls](policy-csp-internetexplorer.md)
-- [InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneRunActiveXControlsAndPlugins](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneScriptingOfJavaApplets](policy-csp-internetexplorer.md)
 - [SecurityZonesUseOnlyMachineSettings](policy-csp-internetexplorer.md)
-- [InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles](policy-csp-internetexplorer.md)
-- [SpecifyUseOfActiveXInstallerService](policy-csp-internetexplorer.md)
-- [DisableCrashDetection](policy-csp-internetexplorer.md)
-- [DisableInPrivateBrowsing](policy-csp-internetexplorer.md)
-- [DisableSecuritySettingsCheck](policy-csp-internetexplorer.md)
-- [DisableProcessesInEnhancedProtectedMode](policy-csp-internetexplorer.md)
-- [AllowCertificateAddressMismatchWarning](policy-csp-internetexplorer.md)
-- [InternetZoneEnableCrossSiteScriptingFilter](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneEnableCrossSiteScriptingFilter](policy-csp-internetexplorer.md)
-- [InternetZoneEnableProtectedMode](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneTurnOnProtectedMode](policy-csp-internetexplorer.md)
-- [InternetZoneUsePopupBlocker](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneUsePopupBlocker](policy-csp-internetexplorer.md)
-- [InternetZoneAllowVBScriptToRunInInternetExplorer](policy-csp-internetexplorer.md)
-- [LockedDownIntranetJavaPermissions](policy-csp-internetexplorer.md)
-- [RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer](policy-csp-internetexplorer.md)
-- [DisableHTMLApplication](policy-csp-internetexplorer.md)
 
 ## Kerberos
 
@@ -3024,7 +2608,6 @@ This article lists the ADMX-backed policies in Policy CSP.
 
 ## WindowsPowerShell
 
-- [TurnOnPowerShellScriptBlockLogging](policy-csp-windowspowershell.md)
 - [TurnOnPowerShellScriptBlockLogging](policy-csp-windowspowershell.md)
 
 ## Related articles
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index f9aa11914a..5f25eb4ff5 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -40,8 +40,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [AllowDeveloperUnlock](policy-csp-applicationmanagement.md)
 - [AllowGameDVR](policy-csp-applicationmanagement.md)
 - [AllowSharedUserAppData](policy-csp-applicationmanagement.md)
-- [RequirePrivateStoreOnly](policy-csp-applicationmanagement.md)
-- [MSIAlwaysInstallWithElevatedPrivileges](policy-csp-applicationmanagement.md)
 - [MSIAllowUserControlOverInstall](policy-csp-applicationmanagement.md)
 - [RestrictAppDataToSystemVolume](policy-csp-applicationmanagement.md)
 - [RestrictAppToSystemVolume](policy-csp-applicationmanagement.md)
@@ -125,59 +123,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 
 ## Browser
 
-- [AllowAddressBarDropdown](policy-csp-browser.md)
-- [AllowAutofill](policy-csp-browser.md)
-- [AllowCookies](policy-csp-browser.md)
-- [AllowDeveloperTools](policy-csp-browser.md)
-- [AllowDoNotTrack](policy-csp-browser.md)
-- [AllowExtensions](policy-csp-browser.md)
-- [AllowFlash](policy-csp-browser.md)
-- [AllowFlashClickToRun](policy-csp-browser.md)
-- [AllowFullScreenMode](policy-csp-browser.md)
-- [AllowInPrivate](policy-csp-browser.md)
-- [AllowMicrosoftCompatibilityList](policy-csp-browser.md)
-- [ConfigureTelemetryForMicrosoft365Analytics](policy-csp-browser.md)
-- [AllowPasswordManager](policy-csp-browser.md)
-- [AllowPopups](policy-csp-browser.md)
-- [AllowPrinting](policy-csp-browser.md)
-- [AllowSavingHistory](policy-csp-browser.md)
-- [AllowSearchEngineCustomization](policy-csp-browser.md)
-- [AllowSearchSuggestionsinAddressBar](policy-csp-browser.md)
-- [AllowSideloadingOfExtensions](policy-csp-browser.md)
-- [AllowSmartScreen](policy-csp-browser.md)
-- [AllowWebContentOnNewTabPage](policy-csp-browser.md)
-- [AlwaysEnableBooksLibrary](policy-csp-browser.md)
-- [ClearBrowsingDataOnExit](policy-csp-browser.md)
-- [ConfigureAdditionalSearchEngines](policy-csp-browser.md)
-- [ConfigureFavoritesBar](policy-csp-browser.md)
-- [ConfigureHomeButton](policy-csp-browser.md)
-- [ConfigureOpenMicrosoftEdgeWith](policy-csp-browser.md)
-- [DisableLockdownOfStartPages](policy-csp-browser.md)
-- [EnableExtendedBooksTelemetry](policy-csp-browser.md)
-- [AllowTabPreloading](policy-csp-browser.md)
-- [AllowPrelaunch](policy-csp-browser.md)
-- [EnterpriseModeSiteList](policy-csp-browser.md)
-- [PreventTurningOffRequiredExtensions](policy-csp-browser.md)
-- [HomePages](policy-csp-browser.md)
-- [LockdownFavorites](policy-csp-browser.md)
-- [ConfigureKioskMode](policy-csp-browser.md)
-- [ConfigureKioskResetAfterIdleTimeout](policy-csp-browser.md)
-- [PreventAccessToAboutFlagsInMicrosoftEdge](policy-csp-browser.md)
-- [PreventFirstRunPage](policy-csp-browser.md)
-- [PreventCertErrorOverrides](policy-csp-browser.md)
-- [PreventSmartScreenPromptOverride](policy-csp-browser.md)
-- [PreventSmartScreenPromptOverrideForFiles](policy-csp-browser.md)
-- [PreventLiveTileDataCollection](policy-csp-browser.md)
-- [PreventUsingLocalHostIPAddressForWebRTC](policy-csp-browser.md)
-- [ProvisionFavorites](policy-csp-browser.md)
-- [SendIntranetTraffictoInternetExplorer](policy-csp-browser.md)
-- [SetDefaultSearchEngine](policy-csp-browser.md)
-- [SetHomeButtonURL](policy-csp-browser.md)
-- [SetNewTabPageURL](policy-csp-browser.md)
-- [ShowMessageWhenOpeningSitesInInternetExplorer](policy-csp-browser.md)
-- [SyncFavoritesBetweenIEAndMicrosoftEdge](policy-csp-browser.md)
-- [UnlockHomeButton](policy-csp-browser.md)
-- [UseSharedFolderForBooks](policy-csp-browser.md)
 - [AllowAddressBarDropdown](policy-csp-browser.md)
 - [AllowAutofill](policy-csp-browser.md)
 - [AllowCookies](policy-csp-browser.md)
@@ -252,6 +197,8 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 ## Cryptography
 
 - [AllowFipsAlgorithmPolicy](policy-csp-cryptography.md)
+- [TLSCipherSuites](policy-csp-cryptography.md)
+- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md)
 
 ## Defender
 
@@ -347,7 +294,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [EnablePerProcessDpi](policy-csp-display.md)
 - [TurnOnGdiDPIScalingForApps](policy-csp-display.md)
 - [TurnOffGdiDPIScalingForApps](policy-csp-display.md)
-- [EnablePerProcessDpi](policy-csp-display.md)
 - [EnablePerProcessDpiForApps](policy-csp-display.md)
 - [DisablePerProcessDpiForApps](policy-csp-display.md)
 
@@ -362,6 +308,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 
 ## Experience
 
+- [AllowScreenRecorder](policy-csp-experience.md)
 - [AllowSpotlightCollection](policy-csp-experience.md)
 - [AllowThirdPartySuggestionsInWindowsSpotlight](policy-csp-experience.md)
 - [AllowWindowsSpotlight](policy-csp-experience.md)
@@ -517,6 +464,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [DisallowNotificationMirroring](policy-csp-notifications.md)
 - [DisallowTileNotification](policy-csp-notifications.md)
 - [EnableExpandedToastNotifications](policy-csp-notifications.md)
+- [DisableAccountNotifications](policy-csp-notifications.md)
 - [DisallowCloudNotification](policy-csp-notifications.md)
 - [WnsEndpoint](policy-csp-notifications.md)
 
@@ -628,7 +576,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [PublishUserActivities](policy-csp-privacy.md)
 - [UploadUserActivities](policy-csp-privacy.md)
 - [AllowCrossDeviceClipboard](policy-csp-privacy.md)
-- [DisablePrivacyExperience](policy-csp-privacy.md)
 - [LetAppsActivateWithVoice](policy-csp-privacy.md)
 - [LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md)
 
@@ -662,7 +609,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 
 - [ConfigureTaskbarCalendar](policy-csp-settings.md)
 - [PageVisibilityList](policy-csp-settings.md)
-- [PageVisibilityList](policy-csp-settings.md)
 - [AllowOnlineTips](policy-csp-settings.md)
 
 ## SmartScreen
@@ -688,19 +634,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [HideRecommendedSection](policy-csp-start.md)
 - [HideRecommendedPersonalizedSites](policy-csp-start.md)
 - [HideTaskViewButton](policy-csp-start.md)
+- [HideCopilotButton](policy-csp-start.md)
 - [DisableControlCenter](policy-csp-start.md)
-- [ForceStartSize](policy-csp-start.md)
-- [DisableContextMenus](policy-csp-start.md)
-- [ShowOrHideMostUsedApps](policy-csp-start.md)
-- [HideFrequentlyUsedApps](policy-csp-start.md)
-- [HideRecentlyAddedApps](policy-csp-start.md)
-- [StartLayout](policy-csp-start.md)
-- [ConfigureStartPins](policy-csp-start.md)
-- [HideRecommendedSection](policy-csp-start.md)
-- [HideRecommendedPersonalizedSites](policy-csp-start.md)
 - [SimplifyQuickSettings](policy-csp-start.md)
 - [DisableEditingQuickSettings](policy-csp-start.md)
-- [HideTaskViewButton](policy-csp-start.md)
 
 ## Storage
 
@@ -719,7 +656,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [AllowBuildPreview](policy-csp-system.md)
 - [AllowFontProviders](policy-csp-system.md)
 - [AllowLocation](policy-csp-system.md)
-- [AllowTelemetry](policy-csp-system.md)
 - [TelemetryProxy](policy-csp-system.md)
 - [DisableOneDriveFileSync](policy-csp-system.md)
 - [AllowWUfBCloudProcessing](policy-csp-system.md)
@@ -765,7 +701,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [RestrictLanguagePacksAndFeaturesInstall](policy-csp-timelanguagesettings.md)
 - [BlockCleanupOfUnusedPreinstalledLangPacks](policy-csp-timelanguagesettings.md)
 - [MachineUILanguageOverwrite](policy-csp-timelanguagesettings.md)
-- [RestrictLanguagePacksAndFeaturesInstall](policy-csp-timelanguagesettings.md)
 
 ## Troubleshooting
 
@@ -840,6 +775,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [ConfigureDeadlineNoAutoReboot](policy-csp-update.md)
 - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md)
 - [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md)
+- [AllowOptionalContent](policy-csp-update.md)
 
 ## UserRights
 
@@ -901,6 +837,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [AllowAutoConnectToWiFiSenseHotspots](policy-csp-wifi.md)
 - [AllowInternetSharing](policy-csp-wifi.md)
 
+## WindowsAI
+
+- [TurnOffWindowsCopilot](policy-csp-windowsai.md)
+
 ## WindowsDefenderSecurityCenter
 
 - [CompanyName](policy-csp-windowsdefendersecuritycenter.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
deleted file mode 100644
index a538f58f8d..0000000000
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: Policies in Policy CSP supported by Windows 10 IoT Core
-description: Learn about the policies in Policy CSP supported by Windows 10 IoT Core.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.topic: reference
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/16/2019
----
-
-# Policies in Policy CSP supported by Windows 10 IoT Core
-
-- [Camera/AllowCamera](policy-csp-camera.md#allowcamera)
-- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#showappcellularaccessui)
-- [CredentialProviders/AllowPINLogon](policy-csp-credentialproviders.md#allowpinlogon)
-- [CredentialProviders/BlockPicturePassword](policy-csp-credentialproviders.md#blockpicturepassword)
-- [DataProtection/AllowDirectMemoryAccess](policy-csp-dataprotection.md#allowdirectmemoryaccess)
-- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#disableactivexversionlistautodownload)
-- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#disablecompatview)
-- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#disablegeolocation)
-- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#doabsolutemaxcachesize)
-- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#doallowvpnpeercaching)
-- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#docachehost)
-- [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#docachehostsource)
-- [DeliveryOptimization/DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#dodelaybackgrounddownloadfromhttp)
-- [DeliveryOptimization/DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#dodelayforegrounddownloadfromhttp)
-- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#dodelaycacheserverfallbackbackground)
-- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#dodelaycacheserverfallbackforeground)
-- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#dodownloadmode)
-- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#dogroupid)
-- [DeliveryOptimization/DOGroupIdSource](policy-csp-deliveryoptimization.md#dogroupidsource)
--  [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#domaxbackgrounddownloadbandwidth)
-- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#domaxcacheage)
-- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#domaxcachesize)
-- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md) (Deprecated)
-- [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#domaxforegrounddownloadbandwidth)
-- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md) (Deprecated)
-- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#dominbackgroundqos)
-- [DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#dominbatterypercentageallowedtoupload)
-- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#domindisksizeallowedtopeer)
-- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#dominfilesizetocache)
-- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#dominramallowedtopeer)
-- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#domodifycachedrive)
-- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#domonthlyuploaddatacap)
-- [DeliveryOptimization/DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#dopercentagemaxbackgroundbandwidth)
-- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md) (Deprecated)
-- [DeliveryOptimization/DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#dopercentagemaxforegroundbandwidth)
-- [DeliveryOptimization/DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#dorestrictpeerselectionby)
-- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#dosethourstolimitbackgrounddownloadbandwidth)
-- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#dosethourstolimitforegrounddownloadbandwidth)
-- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#allowdevicehealthmonitoring)
-- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#configdevicehealthmonitoringscope)
-- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#configdevicehealthmonitoringuploaddestination)
-- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#letappsactivatewithvoice)
-- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#letappsactivatewithvoiceabovelock)
-- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#configuredeadlineforfeatureupdates)
-- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#configuredeadlineforqualityupdates)
-- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#configuredeadlinegraceperiod)
-- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#configuredeadlinenoautoreboot)
-- [Wifi/AllowAutoConnectToWiFiSenseHotspots](policy-csp-wifi.md#allowautoconnecttowifisensehotspots)
-- [Wifi/AllowInternetSharing](policy-csp-wifi.md#allowinternetsharing)
-- [Wifi/AllowWiFi](policy-csp-wifi.md#allowwifi)
-- [Wifi/WLANScanMode](policy-csp-wifi.md#wlanscanmode)
-
-## Related topics
-
-[Policy CSP](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 4be961a69f..f0e33b1fda 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Windows 10 Team
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -73,6 +73,12 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 ## Cryptography
 
 - [AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#allowfipsalgorithmpolicy)
+- [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md#configureellipticcurvecryptography)
+- [ConfigureSystemCryptographyForceStrongKeyProtection](policy-csp-cryptography.md#configuresystemcryptographyforcestrongkeyprotection)
+- [OverrideMinimumEnabledDTLSVersionClient](policy-csp-cryptography.md#overrideminimumenableddtlsversionclient)
+- [OverrideMinimumEnabledDTLSVersionServer](policy-csp-cryptography.md#overrideminimumenableddtlsversionserver)
+- [OverrideMinimumEnabledTLSVersionClient](policy-csp-cryptography.md#overrideminimumenabledtlsversionclient)
+- [OverrideMinimumEnabledTLSVersionServer](policy-csp-cryptography.md#overrideminimumenabledtlsversionserver)
 - [TLSCipherSuites](policy-csp-cryptography.md#tlsciphersuites)
 
 ## Defender
@@ -257,6 +263,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 
 ## Start
 
+- [HideCopilotButton](policy-csp-start.md#hidecopilotbutton)
 - [HideRecommendedPersonalizedSites](policy-csp-start.md#hiderecommendedpersonalizedsites)
 - [StartLayout](policy-csp-start.md#startlayout)
 
@@ -313,6 +320,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 - [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md#allowautowindowsupdatedownloadovermeterednetwork)
 - [AllowMUUpdateService](policy-csp-update.md#allowmuupdateservice)
 - [AllowNonMicrosoftSignedUpdate](policy-csp-update.md#allownonmicrosoftsignedupdate)
+- [AllowOptionalContent](policy-csp-update.md#allowoptionalcontent)
 - [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
 - [AllowUpdateService](policy-csp-update.md#allowupdateservice)
 - [BranchReadinessLevel](policy-csp-update.md#branchreadinesslevel)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 47182cc12f..f7695f6a8a 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4,7 +4,7 @@ description: Learn more about the Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -80,7 +80,7 @@ The following list shows the Policy configuration service provider nodes:
 <!-- Device-Config-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Config-Applicability-End -->
 
 <!-- Device-Config-OmaUri-Begin -->
@@ -119,7 +119,7 @@ Node for grouping all policies configured by one source. The configuration sourc
 <!-- Device-Config-{AreaName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Config-{AreaName}-Applicability-End -->
 
 <!-- Device-Config-{AreaName}-OmaUri-Begin -->
@@ -159,7 +159,7 @@ The area group that can be configured by a single technology for a single provid
 <!-- Device-Config-{AreaName}-{PolicyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Config-{AreaName}-{PolicyName}-Applicability-End -->
 
 <!-- Device-Config-{AreaName}-{PolicyName}-OmaUri-Begin -->
@@ -207,7 +207,7 @@ The following list shows some tips to help you when configuring policies:
 <!-- Device-ConfigOperations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-ConfigOperations-Applicability-End -->
 
 <!-- Device-ConfigOperations-OmaUri-Begin -->
@@ -246,7 +246,7 @@ The root node for grouping different configuration operations.
 <!-- Device-ConfigOperations-ADMXInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-ConfigOperations-ADMXInstall-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-OmaUri-Begin -->
@@ -289,7 +289,7 @@ Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-OmaUri-Begin -->
@@ -329,7 +329,7 @@ Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX f
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-OmaUri-Begin -->
@@ -369,7 +369,7 @@ Setting Type of Win32 App. Policy Or Preference.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-{AdmxFileId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-{AdmxFileId}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-{SettingsType}-{AdmxFileId}-OmaUri-Begin -->
@@ -409,7 +409,7 @@ Unique ID of ADMX file.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-OmaUri-Begin -->
@@ -448,7 +448,7 @@ Properties of Win32 App ADMX Ingestion.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-OmaUri-Begin -->
@@ -488,7 +488,7 @@ Setting Type of Win32 App. Policy Or Preference.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-OmaUri-Begin -->
@@ -528,7 +528,7 @@ Unique ID of ADMX file.
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.1481] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1099] and later <br> ✅ Windows 10, version 1809 [10.0.17763.832] and later <br> ✅ Windows 10, version 1903 [10.0.18362.387] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-Applicability-End -->
 
 <!-- Device-ConfigOperations-ADMXInstall-{AppName}-Properties-{SettingsType}-{AdmxFileId}-Version-OmaUri-Begin -->
@@ -567,7 +567,7 @@ Version of ADMX file. This can be set by the server to keep a record of the vers
 <!-- Device-Result-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Result-Applicability-End -->
 
 <!-- Device-Result-OmaUri-Begin -->
@@ -606,7 +606,7 @@ Groups the evaluated policies from all providers that can be configured.
 <!-- Device-Result-{AreaName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Result-{AreaName}-Applicability-End -->
 
 <!-- Device-Result-{AreaName}-OmaUri-Begin -->
@@ -646,7 +646,7 @@ The area group that can be configured by a single technology independent of the
 <!-- Device-Result-{AreaName}-{PolicyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-Result-{AreaName}-{PolicyName}-Applicability-End -->
 
 <!-- Device-Result-{AreaName}-{PolicyName}-OmaUri-Begin -->
@@ -686,7 +686,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 <!-- User-Config-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- User-Config-Applicability-End -->
 
 <!-- User-Config-OmaUri-Begin -->
@@ -725,7 +725,7 @@ Node for grouping all policies configured by one source. The configuration sourc
 <!-- User-Config-{AreaName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- User-Config-{AreaName}-Applicability-End -->
 
 <!-- User-Config-{AreaName}-OmaUri-Begin -->
@@ -773,7 +773,7 @@ The following list shows some tips to help you when configuring policies:
 <!-- User-Config-{AreaName}-{PolicyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- User-Config-{AreaName}-{PolicyName}-Applicability-End -->
 
 <!-- User-Config-{AreaName}-{PolicyName}-OmaUri-Begin -->
@@ -813,7 +813,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 <!-- User-Result-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- User-Result-Applicability-End -->
 
 <!-- User-Result-OmaUri-Begin -->
@@ -852,7 +852,7 @@ Groups the evaluated policies from all providers that can be configured.
 <!-- User-Result-{AreaName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- User-Result-{AreaName}-Applicability-End -->
 
 <!-- User-Result-{AreaName}-OmaUri-Begin -->
@@ -892,7 +892,7 @@ The area group that can be configured by a single technology independent of the
 <!-- User-Result-{AreaName}-{PolicyName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- User-Result-{AreaName}-{PolicyName}-Applicability-End -->
 
 <!-- User-Result-{AreaName}-{PolicyName}-OmaUri-Begin -->
@@ -1118,6 +1118,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [ExploitGuard](policy-csp-exploitguard.md)
 - [FederatedAuthentication](policy-csp-federatedauthentication.md)
 - [FileExplorer](policy-csp-fileexplorer.md)
+- [FileSystem](policy-csp-filesystem.md)
 - [Games](policy-csp-games.md)
 - [Handwriting](policy-csp-handwriting.md)
 - [HumanPresence](policy-csp-humanpresence.md)
@@ -1175,6 +1176,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [VirtualizationBasedTechnology](policy-csp-virtualizationbasedtechnology.md)
 - [WebThreatDefense](policy-csp-webthreatdefense.md)
 - [Wifi](policy-csp-wifi.md)
+- [WindowsAI](policy-csp-windowsai.md)
 - [WindowsAutopilot](policy-csp-windowsautopilot.md)
 - [WindowsConnectionManager](policy-csp-windowsconnectionmanager.md)
 - [WindowsDefenderSecurityCenter](policy-csp-windowsdefendersecuritycenter.md)
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 06983bfbba..44d02d34ed 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -4,7 +4,7 @@ description: Learn more about the AboveLock Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -29,7 +29,7 @@ ms.topic: reference
 <!-- AllowActionCenterNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowActionCenterNotifications-Applicability-End -->
 
 <!-- AllowActionCenterNotifications-OmaUri-Begin -->
@@ -78,7 +78,7 @@ This policy is deprecated.
 <!-- AllowCortanaAboveLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowCortanaAboveLock-Applicability-End -->
 
 <!-- AllowCortanaAboveLock-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting determines whether or not the user can interact with Cortana
 <!-- AllowToasts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowToasts-Applicability-End -->
 
 <!-- AllowToasts-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index fb9305bfb2..58df4beaf2 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -4,7 +4,7 @@ description: Learn more about the Accounts Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAddingNonMicrosoftAccountsManually-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAddingNonMicrosoftAccountsManually-Applicability-End -->
 
 <!-- AllowAddingNonMicrosoftAccountsManually-OmaUri-Begin -->
@@ -78,7 +78,7 @@ Specifies whether user is allowed to add non-MSA email accounts. Most restricted
 <!-- AllowMicrosoftAccountConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowMicrosoftAccountConnection-Applicability-End -->
 
 <!-- AllowMicrosoftAccountConnection-OmaUri-Begin -->
@@ -127,7 +127,7 @@ Specifies whether the user is allowed to use an MSA account for non-email relate
 <!-- AllowMicrosoftAccountSignInAssistant-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowMicrosoftAccountSignInAssistant-Applicability-End -->
 
 <!-- AllowMicrosoftAccountSignInAssistant-OmaUri-Begin -->
@@ -182,7 +182,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant
 <!-- DomainNamesForEmailSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DomainNamesForEmailSync-Applicability-End -->
 
 <!-- DomainNamesForEmailSync-OmaUri-Begin -->
@@ -220,7 +220,7 @@ Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant
 <!-- RestrictToEnterpriseDeviceAuthenticationOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- RestrictToEnterpriseDeviceAuthenticationOnly-Applicability-End -->
 
 <!-- RestrictToEnterpriseDeviceAuthenticationOnly-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index f392d1166b..fce92f8dff 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -4,7 +4,7 @@ description: Learn more about the ActiveXControls Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ApprovedInstallationSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ApprovedInstallationSites-Applicability-End -->
 
 <!-- ApprovedInstallationSites-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index bfdb343427..0055dc812c 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ActiveXInstallService Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AxISURLZonePolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AxISURLZonePolicies-Applicability-End -->
 
 <!-- AxISURLZonePolicies-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 285f7a332a..10196c3390 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AddRemovePrograms Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DefaultCategory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DefaultCategory-Applicability-End -->
 
 <!-- DefaultCategory-OmaUri-Begin -->
@@ -93,7 +93,7 @@ You can use this setting to direct users to the programs they're most likely to
 <!-- NoAddFromCDorFloppy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddFromCDorFloppy-Applicability-End -->
 
 <!-- NoAddFromCDorFloppy-OmaUri-Begin -->
@@ -155,7 +155,7 @@ This setting doesn't prevent users from using other tools and methods to add or
 <!-- NoAddFromInternet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddFromInternet-Applicability-End -->
 
 <!-- NoAddFromInternet-OmaUri-Begin -->
@@ -217,7 +217,7 @@ This setting doesn't prevent users from using other tools and methods to connect
 <!-- NoAddFromNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddFromNetwork-Applicability-End -->
 
 <!-- NoAddFromNetwork-OmaUri-Begin -->
@@ -283,7 +283,7 @@ Published programs are those programs that the system administrator has explicit
 <!-- NoAddPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddPage-Applicability-End -->
 
 <!-- NoAddPage-OmaUri-Begin -->
@@ -344,7 +344,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoAddRemovePrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAddRemovePrograms-Applicability-End -->
 
 <!-- NoAddRemovePrograms-OmaUri-Begin -->
@@ -409,7 +409,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoChooseProgramsPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChooseProgramsPage-Applicability-End -->
 
 <!-- NoChooseProgramsPage-OmaUri-Begin -->
@@ -472,7 +472,7 @@ This setting doesn't prevent the Set Program Access and Defaults icon from appea
 <!-- NoRemovePage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRemovePage-Applicability-End -->
 
 <!-- NoRemovePage-OmaUri-Begin -->
@@ -533,7 +533,7 @@ This setting doesn't prevent users from using other tools and methods to delete
 <!-- NoServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoServices-Applicability-End -->
 
 <!-- NoServices-OmaUri-Begin -->
@@ -601,7 +601,7 @@ To remove "Set up services" and prevent the Windows Component Wizard from starti
 <!-- NoSupportInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSupportInfo-Applicability-End -->
 
 <!-- NoSupportInfo-OmaUri-Begin -->
@@ -663,7 +663,7 @@ If you disable this setting or don't configure it, the Support Info hyperlink ap
 <!-- NoWindowsSetupPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsSetupPage-Applicability-End -->
 
 <!-- NoWindowsSetupPage-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index 8a92c2eff6..a1bcc9f18b 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AdmPwd Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- POL_AdmPwd-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd-Applicability-End -->
 
 <!-- POL_AdmPwd-OmaUri-Begin -->
@@ -81,7 +81,7 @@ If you disable or not configure this setting, local administrator password is NO
 <!-- POL_AdmPwd_AdminName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd_AdminName-Applicability-End -->
 
 <!-- POL_AdmPwd_AdminName-OmaUri-Begin -->
@@ -134,7 +134,7 @@ When you disable or don't configure this setting, password expiration time may b
 <!-- POL_AdmPwd_DontAllowPwdExpirationBehindPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd_DontAllowPwdExpirationBehindPolicy-Applicability-End -->
 
 <!-- POL_AdmPwd_DontAllowPwdExpirationBehindPolicy-OmaUri-Begin -->
@@ -187,7 +187,7 @@ When you disable or don't configure this setting, password expiration time may b
 <!-- POL_AdmPwd_Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- POL_AdmPwd_Enabled-Applicability-End -->
 
 <!-- POL_AdmPwd_Enabled-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index d110cff6bc..7899515d31 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppCompat Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AppCompatPrevent16BitMach-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatPrevent16BitMach-Applicability-End -->
 
 <!-- AppCompatPrevent16BitMach-OmaUri-Begin -->
@@ -94,7 +94,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set
 <!-- AppCompatRemoveProgramCompatPropPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatRemoveProgramCompatPropPage-Applicability-End -->
 
 <!-- AppCompatRemoveProgramCompatPropPage-OmaUri-Begin -->
@@ -151,7 +151,7 @@ The compatibility property page displays a list of options that can be selected
 <!-- AppCompatTurnOffApplicationImpactTelemetry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffApplicationImpactTelemetry-Applicability-End -->
 
 <!-- AppCompatTurnOffApplicationImpactTelemetry-OmaUri-Begin -->
@@ -214,7 +214,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
 <!-- AppCompatTurnOffEngine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffEngine-Applicability-End -->
 
 <!-- AppCompatTurnOffEngine-OmaUri-Begin -->
@@ -280,7 +280,7 @@ This option is useful to server administrators who require faster performance an
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_1-Applicability-End -->
 
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_1-OmaUri-Begin -->
@@ -335,7 +335,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_2-Applicability-End -->
 
 <!-- AppCompatTurnOffProgramCompatibilityAssistant_2-OmaUri-Begin -->
@@ -399,7 +399,7 @@ The PCA monitors applications run by the user. When a potential compatibility is
 <!-- AppCompatTurnOffProgramInventory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffProgramInventory-Applicability-End -->
 
 <!-- AppCompatTurnOffProgramInventory-OmaUri-Begin -->
@@ -463,7 +463,7 @@ The Inventory Collector inventories applications, files, devices, and drivers on
 <!-- AppCompatTurnOffSwitchBack-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffSwitchBack-Applicability-End -->
 
 <!-- AppCompatTurnOffSwitchBack-OmaUri-Begin -->
@@ -528,7 +528,7 @@ Please reboot the system after changing the setting to ensure that your system a
 <!-- AppCompatTurnOffUserActionRecord-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppCompatTurnOffUserActionRecord-Applicability-End -->
 
 <!-- AppCompatTurnOffUserActionRecord-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 7471be691a..029e7784ba 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowDeploymentInSpecialProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDeploymentInSpecialProfiles-Applicability-End -->
 
 <!-- AllowDeploymentInSpecialProfiles-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index a2a5bd54c3..749ee6afce 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppXRuntime Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AppxRuntimeApplicationContentUriRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeApplicationContentUriRules-Applicability-End -->
 
 <!-- AppxRuntimeApplicationContentUriRules-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static
 <!-- AppxRuntimeBlockFileElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeBlockFileElevation-Applicability-End -->
 
 <!-- AppxRuntimeBlockFileElevation-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy setting lets you control whether Windows Store apps can open files u
 <!-- AppxRuntimeBlockHostedAppAccessWinRT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeBlockHostedAppAccessWinRT-Applicability-End -->
 
 <!-- AppxRuntimeBlockHostedAppAccessWinRT-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This policy shouldn't be enabled unless recommended by Microsoft as a security r
 <!-- AppxRuntimeBlockProtocolElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppxRuntimeBlockProtocolElevation-Applicability-End -->
 
 <!-- AppxRuntimeBlockProtocolElevation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 4e3c88f316..eed1a52c46 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AttachmentManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AM_EstimateFileHandlerRisk-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_EstimateFileHandlerRisk-Applicability-End -->
 
 <!-- AM_EstimateFileHandlerRisk-OmaUri-Begin -->
@@ -94,7 +94,7 @@ Using both the file handler and type data is the most restrictive option. Window
 <!-- AM_SetFileRiskLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetFileRiskLevel-Applicability-End -->
 
 <!-- AM_SetFileRiskLevel-OmaUri-Begin -->
@@ -160,7 +160,7 @@ Low Risk: If the attachment is in the list of low-risk file types, Windows won't
 <!-- AM_SetHighRiskInclusion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetHighRiskInclusion-Applicability-End -->
 
 <!-- AM_SetHighRiskInclusion-OmaUri-Begin -->
@@ -220,7 +220,7 @@ This policy setting allows you to configure the list of high-risk file types. If
 <!-- AM_SetLowRiskInclusion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetLowRiskInclusion-Applicability-End -->
 
 <!-- AM_SetLowRiskInclusion-OmaUri-Begin -->
@@ -280,7 +280,7 @@ This policy setting allows you to configure the list of low-risk file types. If
 <!-- AM_SetModRiskInclusion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AM_SetModRiskInclusion-Applicability-End -->
 
 <!-- AM_SetModRiskInclusion-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index c2c110b8ba..ff33c79687 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AuditSettings Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- IncludeCmdLine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IncludeCmdLine-Applicability-End -->
 
 <!-- IncludeCmdLine-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 6ca32a3a25..311e65ddc9 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Bits Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BITS_DisableBranchCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_DisableBranchCache-Applicability-End -->
 
 <!-- BITS_DisableBranchCache-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This setting affects whether the BITS client is allowed to use Windows Branch Ca
 <!-- BITS_DisablePeercachingClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_DisablePeercachingClient-Applicability-End -->
 
 <!-- BITS_DisablePeercachingClient-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi
 <!-- BITS_DisablePeercachingServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_DisablePeercachingServer-Applicability-End -->
 
 <!-- BITS_DisablePeercachingServer-OmaUri-Begin -->
@@ -214,7 +214,7 @@ This policy setting specifies whether the computer will act as a BITS peer cachi
 <!-- BITS_EnablePeercaching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_EnablePeercaching-Applicability-End -->
 
 <!-- BITS_EnablePeercaching-OmaUri-Begin -->
@@ -275,7 +275,7 @@ If BITS peer caching is enabled, BITS caches downloaded files and makes them ava
 <!-- BITS_MaxBandwidthServedForPeers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxBandwidthServedForPeers-Applicability-End -->
 
 <!-- BITS_MaxBandwidthServedForPeers-OmaUri-Begin -->
@@ -340,7 +340,7 @@ You can change the default behavior of BITS, and specify a fixed maximum bandwid
 <!-- BITS_MaxBandwidthV2_Maintenance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxBandwidthV2_Maintenance-Applicability-End -->
 
 <!-- BITS_MaxBandwidthV2_Maintenance-OmaUri-Begin -->
@@ -404,7 +404,7 @@ You can specify a limit to use for background jobs during a maintenance schedule
 <!-- BITS_MaxBandwidthV2_Work-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxBandwidthV2_Work-Applicability-End -->
 
 <!-- BITS_MaxBandwidthV2_Work-OmaUri-Begin -->
@@ -465,7 +465,7 @@ You can specify a limit to use for background jobs during a work schedule. For e
 <!-- BITS_MaxCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxCacheSize-Applicability-End -->
 
 <!-- BITS_MaxCacheSize-OmaUri-Begin -->
@@ -526,7 +526,7 @@ This policy setting limits the maximum amount of disk space that can be used for
 <!-- BITS_MaxContentAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxContentAge-Applicability-End -->
 
 <!-- BITS_MaxContentAge-OmaUri-Begin -->
@@ -587,7 +587,7 @@ This policy setting limits the maximum age of files in the Background Intelligen
 <!-- BITS_MaxDownloadTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxDownloadTime-Applicability-End -->
 
 <!-- BITS_MaxDownloadTime-OmaUri-Begin -->
@@ -649,7 +649,7 @@ By default BITS uses a maximum download time of 90 days (7,776,000 seconds).
 <!-- BITS_MaxFilesPerJob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxFilesPerJob-Applicability-End -->
 
 <!-- BITS_MaxFilesPerJob-OmaUri-Begin -->
@@ -710,7 +710,7 @@ This policy setting limits the number of files that a BITS job can contain. By d
 <!-- BITS_MaxJobsPerMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxJobsPerMachine-Applicability-End -->
 
 <!-- BITS_MaxJobsPerMachine-OmaUri-Begin -->
@@ -771,7 +771,7 @@ This policy setting limits the number of BITS jobs that can be created for all u
 <!-- BITS_MaxJobsPerUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxJobsPerUser-Applicability-End -->
 
 <!-- BITS_MaxJobsPerUser-OmaUri-Begin -->
@@ -832,7 +832,7 @@ This policy setting limits the number of BITS jobs that can be created by a user
 <!-- BITS_MaxRangesPerFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BITS_MaxRangesPerFile-Applicability-End -->
 
 <!-- BITS_MaxRangesPerFile-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index a36aa6c74c..f7e094a272 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CipherSuiteOrder Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SSLCipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SSLCipherSuiteOrder-Applicability-End -->
 
 <!-- SSLCipherSuiteOrder-OmaUri-Begin -->
@@ -88,7 +88,7 @@ Link for all the cipherSuites: <https://go.microsoft.com/fwlink/?LinkId=517265>
 <!-- SSLCurveOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SSLCurveOrder-Applicability-End -->
 
 <!-- SSLCurveOrder-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 7f3c480db6..a5997f9c3f 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_COM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AppMgmt_COM_SearchForCLSID_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppMgmt_COM_SearchForCLSID_1-Applicability-End -->
 
 <!-- AppMgmt_COM_SearchForCLSID_1-OmaUri-Begin -->
@@ -91,7 +91,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- AppMgmt_COM_SearchForCLSID_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AppMgmt_COM_SearchForCLSID_2-Applicability-End -->
 
 <!-- AppMgmt_COM_SearchForCLSID_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index d847bc2c59..488996e8fd 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanel Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisallowCpls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowCpls-Applicability-End -->
 
 <!-- DisallowCpls-OmaUri-Begin -->
@@ -98,7 +98,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
 <!-- ForceClassicControlPanel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceClassicControlPanel-Applicability-End -->
 
 <!-- ForceClassicControlPanel-OmaUri-Begin -->
@@ -162,7 +162,7 @@ This policy setting controls the default Control Panel view, whether by category
 <!-- NoControlPanel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoControlPanel-Applicability-End -->
 
 <!-- NoControlPanel-OmaUri-Begin -->
@@ -237,7 +237,7 @@ If users try to select a Control Panel item from the Properties item on a contex
 <!-- RestrictCpls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictCpls-Applicability-End -->
 
 <!-- RestrictCpls-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 1f95adc480..8b6ce4783f 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CPL_Display_Disable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Display_Disable-Applicability-End -->
 
 <!-- CPL_Display_Disable-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis
 <!-- CPL_Display_HideSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Display_HideSettings-Applicability-End -->
 
 <!-- CPL_Display_HideSettings-OmaUri-Begin -->
@@ -144,7 +144,7 @@ This setting prevents users from using Control Panel to add, configure, or chang
 <!-- CPL_Personalization_DisableColorSchemeChoice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_DisableColorSchemeChoice-Applicability-End -->
 
 <!-- CPL_Personalization_DisableColorSchemeChoice-OmaUri-Begin -->
@@ -205,7 +205,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting
 <!-- CPL_Personalization_DisableThemeChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_DisableThemeChange-Applicability-End -->
 
 <!-- CPL_Personalization_DisableThemeChange-OmaUri-Begin -->
@@ -267,7 +267,7 @@ This setting disables the theme gallery in the Personalization Control Panel.
 <!-- CPL_Personalization_DisableVisualStyle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_DisableVisualStyle-Applicability-End -->
 
 <!-- CPL_Personalization_DisableVisualStyle-OmaUri-Begin -->
@@ -326,7 +326,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap
 <!-- CPL_Personalization_EnableScreenSaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_EnableScreenSaver-Applicability-End -->
 
 <!-- CPL_Personalization_EnableScreenSaver-OmaUri-Begin -->
@@ -389,7 +389,7 @@ Also, see the "Prevent changing Screen Saver" setting.
 <!-- CPL_Personalization_ForceDefaultLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_ForceDefaultLockScreen-Applicability-End -->
 
 <!-- CPL_Personalization_ForceDefaultLockScreen-OmaUri-Begin -->
@@ -452,7 +452,7 @@ This can be used in conjunction with the "Prevent changing lock screen and logon
 <!-- CPL_Personalization_LockFontSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_LockFontSize-Applicability-End -->
 
 <!-- CPL_Personalization_LockFontSize-OmaUri-Begin -->
@@ -511,7 +511,7 @@ Prevents users from changing the size of the font in the windows and buttons dis
 <!-- CPL_Personalization_NoChangingLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoChangingLockScreen-Applicability-End -->
 
 <!-- CPL_Personalization_NoChangingLockScreen-OmaUri-Begin -->
@@ -570,7 +570,7 @@ If you enable this setting, the user won't be able to change their lock screen a
 <!-- CPL_Personalization_NoChangingStartMenuBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoChangingStartMenuBackground-Applicability-End -->
 
 <!-- CPL_Personalization_NoChangingStartMenuBackground-OmaUri-Begin -->
@@ -633,7 +633,7 @@ If the "Force a specific Start background" policy is also set on a supported ver
 <!-- CPL_Personalization_NoColorAppearanceUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoColorAppearanceUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoColorAppearanceUI-OmaUri-Begin -->
@@ -694,7 +694,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes
 <!-- CPL_Personalization_NoDesktopBackgroundUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoDesktopBackgroundUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoDesktopBackgroundUI-OmaUri-Begin -->
@@ -760,7 +760,7 @@ Also, see the "Allow only bitmapped wallpaper" setting.
 <!-- CPL_Personalization_NoDesktopIconsUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoDesktopIconsUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoDesktopIconsUI-OmaUri-Begin -->
@@ -821,7 +821,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t
 <!-- CPL_Personalization_NoLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoLockScreen-Applicability-End -->
 
 <!-- CPL_Personalization_NoLockScreen-OmaUri-Begin -->
@@ -880,7 +880,7 @@ This policy setting controls whether the lock screen appears for users.
 <!-- CPL_Personalization_NoMousePointersUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoMousePointersUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoMousePointersUI-OmaUri-Begin -->
@@ -939,7 +939,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha
 <!-- CPL_Personalization_NoScreenSaverUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoScreenSaverUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoScreenSaverUI-OmaUri-Begin -->
@@ -996,7 +996,7 @@ This setting prevents users from using Control Panel to add, configure, or chang
 <!-- CPL_Personalization_NoSoundSchemeUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_NoSoundSchemeUI-Applicability-End -->
 
 <!-- CPL_Personalization_NoSoundSchemeUI-OmaUri-Begin -->
@@ -1055,7 +1055,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by
 <!-- CPL_Personalization_PersonalColors-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_PersonalColors-Applicability-End -->
 
 <!-- CPL_Personalization_PersonalColors-OmaUri-Begin -->
@@ -1113,7 +1113,7 @@ If this setting is enabled, the background and accent colors of Windows will be
 <!-- CPL_Personalization_ScreenSaverIsSecure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_ScreenSaverIsSecure-Applicability-End -->
 
 <!-- CPL_Personalization_ScreenSaverIsSecure-OmaUri-Begin -->
@@ -1181,7 +1181,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen
 <!-- CPL_Personalization_ScreenSaverTimeOut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_ScreenSaverTimeOut-Applicability-End -->
 
 <!-- CPL_Personalization_ScreenSaverTimeOut-OmaUri-Begin -->
@@ -1249,7 +1249,7 @@ When not configured, whatever wait time is set on the client through the Screen
 <!-- CPL_Personalization_SetScreenSaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_SetScreenSaver-Applicability-End -->
 
 <!-- CPL_Personalization_SetScreenSaver-OmaUri-Begin -->
@@ -1314,7 +1314,7 @@ If the specified screen saver isn't installed on a computer to which this settin
 <!-- CPL_Personalization_SetTheme-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_SetTheme-Applicability-End -->
 
 <!-- CPL_Personalization_SetTheme-OmaUri-Begin -->
@@ -1376,7 +1376,7 @@ Specifies which theme file is applied to the computer the first time a user logs
 <!-- CPL_Personalization_SetVisualStyle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_SetVisualStyle-Applicability-End -->
 
 <!-- CPL_Personalization_SetVisualStyle-OmaUri-Begin -->
@@ -1445,7 +1445,7 @@ This can be a local computer visual style (aero.msstyles), or a file located on
 <!-- CPL_Personalization_StartBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CPL_Personalization_StartBackground-Applicability-End -->
 
 <!-- CPL_Personalization_StartBackground-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 30bfe07997..65be5aa708 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Cpls Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- UseDefaultTile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UseDefaultTile-Applicability-End -->
 
 <!-- UseDefaultTile-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 04915e32c2..099494bfad 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredentialProviders Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowDomainDelayLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDomainDelayLock-Applicability-End -->
 
 <!-- AllowDomainDelayLock-OmaUri-Begin -->
@@ -91,7 +91,7 @@ This policy setting allows you to control whether a user can change the time bef
 <!-- DefaultCredentialProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DefaultCredentialProvider-Applicability-End -->
 
 <!-- DefaultCredentialProvider-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This policy setting allows the administrator to assign a specified credential pr
 <!-- ExcludedCredentialProviders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExcludedCredentialProviders-Applicability-End -->
 
 <!-- ExcludedCredentialProviders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index 746fc85903..44ad3d65e5 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredSsp Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowDefaultCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDefaultCredentials-Applicability-End -->
 
 <!-- AllowDefaultCredentials-OmaUri-Begin -->
@@ -106,7 +106,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowDefCredentialsWhenNTLMOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDefCredentialsWhenNTLMOnly-Applicability-End -->
 
 <!-- AllowDefCredentialsWhenNTLMOnly-OmaUri-Begin -->
@@ -178,7 +178,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowEncryptionOracle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowEncryptionOracle-Applicability-End -->
 
 <!-- AllowEncryptionOracle-OmaUri-Begin -->
@@ -246,7 +246,7 @@ For more information about the vulnerability and servicing requirements for prot
 <!-- AllowFreshCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowFreshCredentials-Applicability-End -->
 
 <!-- AllowFreshCredentials-OmaUri-Begin -->
@@ -322,7 +322,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowFreshCredentialsWhenNTLMOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowFreshCredentialsWhenNTLMOnly-Applicability-End -->
 
 <!-- AllowFreshCredentialsWhenNTLMOnly-OmaUri-Begin -->
@@ -396,7 +396,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowSavedCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSavedCredentials-Applicability-End -->
 
 <!-- AllowSavedCredentials-OmaUri-Begin -->
@@ -470,7 +470,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- AllowSavedCredentialsWhenNTLMOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSavedCredentialsWhenNTLMOnly-Applicability-End -->
 
 <!-- AllowSavedCredentialsWhenNTLMOnly-OmaUri-Begin -->
@@ -544,7 +544,7 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- DenyDefaultCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyDefaultCredentials-Applicability-End -->
 
 <!-- DenyDefaultCredentials-OmaUri-Begin -->
@@ -616,7 +616,7 @@ This policy setting can be used in combination with the "Allow delegating defaul
 <!-- DenyFreshCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyFreshCredentials-Applicability-End -->
 
 <!-- DenyFreshCredentials-OmaUri-Begin -->
@@ -688,7 +688,7 @@ This policy setting can be used in combination with the "Allow delegating fresh
 <!-- DenySavedCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenySavedCredentials-Applicability-End -->
 
 <!-- DenySavedCredentials-OmaUri-Begin -->
@@ -760,7 +760,7 @@ This policy setting can be used in combination with the "Allow delegating saved
 <!-- RestrictedRemoteAdministration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictedRemoteAdministration-Applicability-End -->
 
 <!-- RestrictedRemoteAdministration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index 78a89322e1..b31b580c8b 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredUI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EnableSecureCredentialPrompting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableSecureCredentialPrompting-Applicability-End -->
 
 <!-- EnableSecureCredentialPrompting-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting requires the user to enter Microsoft Windows credentials usi
 <!-- NoLocalPasswordResetQuestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoLocalPasswordResetQuestions-Applicability-End -->
 
 <!-- NoLocalPasswordResetQuestions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 5ac2644ebe..54ad86715e 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CtrlAltDel Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableChangePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableChangePassword-Applicability-End -->
 
 <!-- DisableChangePassword-OmaUri-Begin -->
@@ -87,7 +87,7 @@ However, users are still able to change their password when prompted by the syst
 <!-- DisableLockComputer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLockComputer-Applicability-End -->
 
 <!-- DisableLockComputer-OmaUri-Begin -->
@@ -151,7 +151,7 @@ While locked, the desktop is hidden and the system can't be used. Only the user
 <!-- DisableTaskMgr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableTaskMgr-Applicability-End -->
 
 <!-- DisableTaskMgr-OmaUri-Begin -->
@@ -212,7 +212,7 @@ Task Manager (taskmgr.exe) lets users start and stop programs; monitor the perfo
 <!-- NoLogoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoLogoff-Applicability-End -->
 
 <!-- NoLogoff-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index d7d17584e5..e1194939bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DataCollection Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CommercialIdPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CommercialIdPolicy-Applicability-End -->
 
 <!-- CommercialIdPolicy-OmaUri-Begin -->
@@ -46,8 +46,8 @@ If you disable or don't configure this policy setting, then Microsoft won't be a
 
 <!-- CommercialIdPolicy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!IMPORTANT]
-> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> [!NOTE]
+> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Enable Windows diagnostic data processor configuration](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration).
 <!-- CommercialIdPolicy-Editable-End -->
 
 <!-- CommercialIdPolicy-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index 7e0c8df5bb..c85d5737b3 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DCOM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DCOMActivationSecurityCheckAllowLocalList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCOMActivationSecurityCheckAllowLocalList-Applicability-End -->
 
 <!-- DCOMActivationSecurityCheckAllowLocalList-OmaUri-Begin -->
@@ -90,7 +90,7 @@ Allows you to specify that local computer administrators can supplement the "Def
 <!-- DCOMActivationSecurityCheckExemptionList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCOMActivationSecurityCheckExemptionList-Applicability-End -->
 
 <!-- DCOMActivationSecurityCheckExemptionList-OmaUri-Begin -->
@@ -111,9 +111,8 @@ DCOM server appids added to this policy must be listed in curly-brace format. Fo
 
 - If you don't configure this policy setting, the appid exemption list defined by local computer administrators is used.
 
-Note:
-
-The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults.
+> [!NOTE]
+> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults.
 
 If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would've previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.
 
@@ -122,7 +121,8 @@ DCOM servers added to this exemption list are only exempted if their custom laun
 
 <!-- DCOMActivationSecurityCheckExemptionList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-**NOTE** This policy setting applies to all sites in Trusted zones.
+> [!NOTE]
+> This policy setting applies to all sites in Trusted zones.
 <!-- DCOMActivationSecurityCheckExemptionList-Editable-End -->
 
 <!-- DCOMActivationSecurityCheckExemptionList-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index e5cf956edd..0a0280c52c 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Desktop Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AD_EnableFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AD_EnableFilter-Applicability-End -->
 
 <!-- AD_EnableFilter-OmaUri-Begin -->
@@ -89,7 +89,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl
 <!-- AD_HideDirectoryFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AD_HideDirectoryFolder-Applicability-End -->
 
 <!-- AD_HideDirectoryFolder-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This setting is designed to let users search Active Directory but not tempt them
 <!-- AD_QueryLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AD_QueryLimit-Applicability-End -->
 
 <!-- AD_QueryLimit-OmaUri-Begin -->
@@ -212,7 +212,7 @@ This setting is designed to protect the network and the domain controller from t
 <!-- ForceActiveDesktopOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceActiveDesktopOn-Applicability-End -->
 
 <!-- ForceActiveDesktopOn-OmaUri-Begin -->
@@ -274,7 +274,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
 <!-- NoActiveDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoActiveDesktop-Applicability-End -->
 
 <!-- NoActiveDesktop-OmaUri-Begin -->
@@ -336,7 +336,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
 <!-- NoActiveDesktopChanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoActiveDesktopChanges-Applicability-End -->
 
 <!-- NoActiveDesktopChanges-OmaUri-Begin -->
@@ -393,7 +393,7 @@ This is a comprehensive setting that locks down the configuration you establish
 <!-- NoDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDesktop-Applicability-End -->
 
 <!-- NoDesktop-OmaUri-Begin -->
@@ -456,7 +456,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T
 <!-- NoDesktopCleanupWizard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDesktopCleanupWizard-Applicability-End -->
 
 <!-- NoDesktopCleanupWizard-OmaUri-Begin -->
@@ -518,7 +518,7 @@ Prevents users from using the Desktop Cleanup Wizard.
 <!-- NoInternetIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInternetIcon-Applicability-End -->
 
 <!-- NoInternetIcon-OmaUri-Begin -->
@@ -575,7 +575,7 @@ This setting doesn't prevent the user from starting Internet Explorer by using o
 <!-- NoMyComputerIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMyComputerIcon-Applicability-End -->
 
 <!-- NoMyComputerIcon-OmaUri-Begin -->
@@ -639,7 +639,7 @@ This setting hides Computer from the desktop and from the new Start menu. It als
 <!-- NoMyDocumentsIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMyDocumentsIcon-Applicability-End -->
 
 <!-- NoMyDocumentsIcon-OmaUri-Begin -->
@@ -703,7 +703,7 @@ This setting doesn't remove the My Documents icon from the Start menu. To do so,
 <!-- NoNetHood-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNetHood-Applicability-End -->
 
 <!-- NoNetHood-OmaUri-Begin -->
@@ -763,7 +763,7 @@ This setting only affects the desktop icon. It doesn't prevent users from connec
 <!-- NoPropertiesMyComputer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPropertiesMyComputer-Applicability-End -->
 
 <!-- NoPropertiesMyComputer-OmaUri-Begin -->
@@ -822,7 +822,7 @@ This setting hides Properties on the context menu for Computer.
 <!-- NoPropertiesMyDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPropertiesMyDocuments-Applicability-End -->
 
 <!-- NoPropertiesMyDocuments-OmaUri-Begin -->
@@ -887,7 +887,7 @@ Clicks the My Documents icon, and then presses ALT+ENTER.
 <!-- NoRecentDocsNetHood-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecentDocsNetHood-Applicability-End -->
 
 <!-- NoRecentDocsNetHood-OmaUri-Begin -->
@@ -946,7 +946,7 @@ Remote shared folders aren't added to Network Locations whenever you open a docu
 <!-- NoRecycleBinIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecycleBinIcon-Applicability-End -->
 
 <!-- NoRecycleBinIcon-OmaUri-Begin -->
@@ -1008,7 +1008,7 @@ This setting doesn't prevent the user from using other methods to gain access to
 <!-- NoRecycleBinProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecycleBinProperties-Applicability-End -->
 
 <!-- NoRecycleBinProperties-OmaUri-Begin -->
@@ -1067,7 +1067,7 @@ Removes the Properties option from the Recycle Bin context menu.
 <!-- NoSaveSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSaveSettings-Applicability-End -->
 
 <!-- NoSaveSettings-OmaUri-Begin -->
@@ -1124,7 +1124,7 @@ If you enable this setting, users can change the desktop, but some changes, such
 <!-- NoWindowMinimizingShortcuts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowMinimizingShortcuts-Applicability-End -->
 
 <!-- NoWindowMinimizingShortcuts-OmaUri-Begin -->
@@ -1183,7 +1183,7 @@ Prevents windows from being minimized or restored when the active window is shak
 <!-- sz_AdminComponents_Title-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_AdminComponents_Title-Applicability-End -->
 
 <!-- sz_AdminComponents_Title-OmaUri-Begin -->
@@ -1247,7 +1247,7 @@ You can also use this setting to delete particular Web-based items from users' d
 <!-- sz_ATC_DisableAdd-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableAdd-Applicability-End -->
 
 <!-- sz_ATC_DisableAdd-OmaUri-Begin -->
@@ -1306,7 +1306,7 @@ Also, see the "Disable all items" setting.
 <!-- sz_ATC_DisableClose-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableClose-Applicability-End -->
 
 <!-- sz_ATC_DisableClose-OmaUri-Begin -->
@@ -1368,7 +1368,7 @@ If you enable this setting, items added to the desktop can't be closed; they alw
 <!-- sz_ATC_DisableDel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableDel-Applicability-End -->
 
 <!-- sz_ATC_DisableDel-OmaUri-Begin -->
@@ -1429,7 +1429,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings.
 <!-- sz_ATC_DisableEdit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_DisableEdit-Applicability-End -->
 
 <!-- sz_ATC_DisableEdit-OmaUri-Begin -->
@@ -1486,7 +1486,7 @@ This setting disables the Properties button on the Web tab in Display in Control
 <!-- sz_ATC_NoComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_ATC_NoComponents-Applicability-End -->
 
 <!-- sz_ATC_NoComponents-OmaUri-Begin -->
@@ -1546,7 +1546,7 @@ This setting removes all Active Desktop items from the desktop. It also removes
 <!-- sz_DB_DragDropClose-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_DB_DragDropClose-Applicability-End -->
 
 <!-- sz_DB_DragDropClose-OmaUri-Begin -->
@@ -1611,7 +1611,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting.
 <!-- sz_DB_Moving-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_DB_Moving-Applicability-End -->
 
 <!-- sz_DB_Moving-OmaUri-Begin -->
@@ -1673,7 +1673,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool
 <!-- sz_DWP_NoHTMLPaper-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- sz_DWP_NoHTMLPaper-Applicability-End -->
 
 <!-- sz_DWP_NoHTMLPaper-OmaUri-Begin -->
@@ -1730,7 +1730,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User
 <!-- Wallpaper-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Wallpaper-Applicability-End -->
 
 <!-- Wallpaper-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index ca20f8c48b..bc8976cc58 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceCompat Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DeviceFlags-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceFlags-Applicability-End -->
 
 <!-- DeviceFlags-OmaUri-Begin -->
@@ -83,7 +83,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices.
 <!-- DriverShims-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverShims-Applicability-End -->
 
 <!-- DriverShims-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index b1348a061e..7afb0273de 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceGuard Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- ConfigCIPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigCIPolicy-Applicability-End -->
 
 <!-- ConfigCIPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 17c29621cf..c8e2319400 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceInstallation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DeviceInstall_AllowAdminInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_AllowAdminInstall-Applicability-End -->
 
 <!-- DeviceInstall_AllowAdminInstall-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting allows you to determine whether members of the Administrator
 <!-- DeviceInstall_DeniedPolicy_DetailText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_DeniedPolicy_DetailText-Applicability-End -->
 
 <!-- DeviceInstall_DeniedPolicy_DetailText-OmaUri-Begin -->
@@ -147,7 +147,7 @@ This policy setting allows you to display a custom message to users in a notific
 <!-- DeviceInstall_DeniedPolicy_SimpleText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_DeniedPolicy_SimpleText-Applicability-End -->
 
 <!-- DeviceInstall_DeniedPolicy_SimpleText-OmaUri-Begin -->
@@ -205,7 +205,7 @@ This policy setting allows you to display a custom message title in a notificati
 <!-- DeviceInstall_InstallTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_InstallTimeout-Applicability-End -->
 
 <!-- DeviceInstall_InstallTimeout-OmaUri-Begin -->
@@ -263,7 +263,7 @@ This policy setting allows you to configure the number of seconds Windows waits
 <!-- DeviceInstall_Policy_RebootTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_Policy_RebootTime-Applicability-End -->
 
 <!-- DeviceInstall_Policy_RebootTime-OmaUri-Begin -->
@@ -325,7 +325,7 @@ This policy setting establishes the amount of time (in seconds) that the system
 <!-- DeviceInstall_Removable_Deny-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_Removable_Deny-Applicability-End -->
 
 <!-- DeviceInstall_Removable_Deny-OmaUri-Begin -->
@@ -389,7 +389,7 @@ This policy setting allows you to prevent Windows from installing removable devi
 <!-- DeviceInstall_SystemRestore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_SystemRestore-Applicability-End -->
 
 <!-- DeviceInstall_SystemRestore-OmaUri-Begin -->
@@ -448,7 +448,7 @@ This policy setting allows you to prevent Windows from creating a system restore
 <!-- DriverInstall_Classes_AllowUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverInstall_Classes_AllowUser-Applicability-End -->
 
 <!-- DriverInstall_Classes_AllowUser-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index 031a59b0a8..b6fcaa1949 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DeviceSetup Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DeviceInstall_BalloonTips-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DeviceInstall_BalloonTips-Applicability-End -->
 
 <!-- DeviceInstall_BalloonTips-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows you to turn off "Found New Hardware" balloons during
 <!-- DriverSearchPlaces_SearchOrderConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverSearchPlaces_SearchOrderConfiguration-Applicability-End -->
 
 <!-- DriverSearchPlaces_SearchOrderConfiguration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index da7f64566e..bf9c77582b 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DFS Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DFSDiscoverDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DFSDiscoverDC-Applicability-End -->
 
 <!-- DFSDiscoverDC-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index dca7129486..1cbc73ac60 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DigitalLocker Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Digitalx_DiableApplication_TitleText_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Digitalx_DiableApplication_TitleText_1-Applicability-End -->
 
 <!-- Digitalx_DiableApplication_TitleText_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Digital Locker is a dedicated download manager associated with Windows Marketpla
 <!-- Digitalx_DiableApplication_TitleText_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Digitalx_DiableApplication_TitleText_2-Applicability-End -->
 
 <!-- Digitalx_DiableApplication_TitleText_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 8f7131923e..56edf435ca 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskDiagnostic Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DfdAlertPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DfdAlertPolicy-Applicability-End -->
 
 <!-- DfdAlertPolicy-OmaUri-Begin -->
@@ -93,7 +93,7 @@ This policy setting only takes effect if the Disk Diagnostic scenario policy set
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 8effe588c4..65b61b43e6 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskNVCache Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BootResumePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BootResumePolicy-Applicability-End -->
 
 <!-- BootResumePolicy-OmaUri-Begin -->
@@ -92,7 +92,7 @@ This policy setting turns off the boot and resume optimizations for the hybrid h
 <!-- CachePowerModePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CachePowerModePolicy-Applicability-End -->
 
 <!-- CachePowerModePolicy-OmaUri-Begin -->
@@ -156,7 +156,7 @@ This policy setting turns off power save mode on the hybrid hard disks in the sy
 <!-- FeatureOffPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FeatureOffPolicy-Applicability-End -->
 
 <!-- FeatureOffPolicy-OmaUri-Begin -->
@@ -220,7 +220,7 @@ This policy setting turns off all support for the non-volatile (NV) cache on all
 <!-- SolidStatePolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SolidStatePolicy-Applicability-End -->
 
 <!-- SolidStatePolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index d8e4b5055e..9e04e0f283 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DiskQuota Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DQ_Enable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_Enable-Applicability-End -->
 
 <!-- DQ_Enable-OmaUri-Begin -->
@@ -97,7 +97,7 @@ To prevent users from changing the setting while a setting is in effect, the sys
 <!-- DQ_Enforce-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_Enforce-Applicability-End -->
 
 <!-- DQ_Enforce-OmaUri-Begin -->
@@ -166,7 +166,7 @@ Enforcement is optional. When users reach an enforced disk quota limit, the syst
 <!-- DQ_Limit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_Limit-Applicability-End -->
 
 <!-- DQ_Limit-OmaUri-Begin -->
@@ -232,7 +232,7 @@ This policy setting is effective only when disk quota management is enabled on t
 <!-- DQ_LogEventOverLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_LogEventOverLimit-Applicability-End -->
 
 <!-- DQ_LogEventOverLimit-OmaUri-Begin -->
@@ -300,7 +300,7 @@ Also, this policy setting doesn't affect the Quota Entries window on the Quota t
 <!-- DQ_LogEventOverThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_LogEventOverThreshold-Applicability-End -->
 
 <!-- DQ_LogEventOverThreshold-OmaUri-Begin -->
@@ -366,7 +366,7 @@ This policy setting doesn't affect the Quota Entries window on the Quota tab. Ev
 <!-- DQ_RemovableMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DQ_RemovableMedia-Applicability-End -->
 
 <!-- DQ_RemovableMedia-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index 9029d36c4c..948283f347 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DistributedLinkTracking Area in Policy CS
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DLT_AllowDomainMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DLT_AllowDomainMode-Applicability-End -->
 
 <!-- DLT_AllowDomainMode-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index f6c0d4debc..2ba7d810ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DnsClient Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DNS_AllowFQDNNetBiosQueries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_AllowFQDNNetBiosQueries-Applicability-End -->
 
 <!-- DNS_AllowFQDNNetBiosQueries-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie
 <!-- DNS_AppendToMultiLabelName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_AppendToMultiLabelName-Applicability-End -->
 
 <!-- DNS_AppendToMultiLabelName-OmaUri-Begin -->
@@ -154,7 +154,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix
 <!-- DNS_Domain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_Domain-Applicability-End -->
 
 <!-- DNS_Domain-OmaUri-Begin -->
@@ -214,7 +214,7 @@ To use this policy setting, click Enabled, and then enter a string value represe
 <!-- DNS_DomainNameDevolutionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_DomainNameDevolutionLevel-Applicability-End -->
 
 <!-- DNS_DomainNameDevolutionLevel-OmaUri-Begin -->
@@ -291,7 +291,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
 <!-- DNS_IdnEncoding-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_IdnEncoding-Applicability-End -->
 
 <!-- DNS_IdnEncoding-OmaUri-Begin -->
@@ -350,7 +350,7 @@ Specifies whether the DNS client should convert internationalized domain names (
 <!-- DNS_IdnMapping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_IdnMapping-Applicability-End -->
 
 <!-- DNS_IdnMapping-OmaUri-Begin -->
@@ -409,7 +409,7 @@ Specifies whether the DNS client should convert internationalized domain names (
 <!-- DNS_NameServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_NameServer-Applicability-End -->
 
 <!-- DNS_NameServer-OmaUri-Begin -->
@@ -469,7 +469,7 @@ To use this policy setting, click Enabled, and then enter a space-delimited list
 <!-- DNS_PreferLocalResponsesOverLowerOrderDns-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_PreferLocalResponsesOverLowerOrderDns-Applicability-End -->
 
 <!-- DNS_PreferLocalResponsesOverLowerOrderDns-OmaUri-Begin -->
@@ -531,7 +531,7 @@ Specifies that responses from link local name resolution protocols received over
 <!-- DNS_PrimaryDnsSuffix-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_PrimaryDnsSuffix-Applicability-End -->
 
 <!-- DNS_PrimaryDnsSuffix-OmaUri-Begin -->
@@ -596,7 +596,7 @@ You can use this policy setting to prevent users, including local administrators
 <!-- DNS_RegisterAdapterName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegisterAdapterName-Applicability-End -->
 
 <!-- DNS_RegisterAdapterName-OmaUri-Begin -->
@@ -662,7 +662,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso
 <!-- DNS_RegisterReverseLookup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegisterReverseLookup-Applicability-End -->
 
 <!-- DNS_RegisterReverseLookup-OmaUri-Begin -->
@@ -730,7 +730,7 @@ Register only if A record registration succeeds: Computers will attempt to regis
 <!-- DNS_RegistrationEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationEnabled-Applicability-End -->
 
 <!-- DNS_RegistrationEnabled-OmaUri-Begin -->
@@ -789,7 +789,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic
 <!-- DNS_RegistrationOverwritesInConflict-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationOverwritesInConflict-Applicability-End -->
 
 <!-- DNS_RegistrationOverwritesInConflict-OmaUri-Begin -->
@@ -852,7 +852,7 @@ During dynamic update of resource records in a zone that doesn't use Secure Dyna
 <!-- DNS_RegistrationRefreshInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationRefreshInterval-Applicability-End -->
 
 <!-- DNS_RegistrationRefreshInterval-OmaUri-Begin -->
@@ -917,7 +917,7 @@ To specify the registration refresh interval, click Enabled and then enter a val
 <!-- DNS_RegistrationTtl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_RegistrationTtl-Applicability-End -->
 
 <!-- DNS_RegistrationTtl-OmaUri-Begin -->
@@ -977,7 +977,7 @@ To specify the TTL, click Enabled and then enter a value in seconds (for example
 <!-- DNS_SearchList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_SearchList-Applicability-End -->
 
 <!-- DNS_SearchList-OmaUri-Begin -->
@@ -1041,7 +1041,7 @@ To use this policy setting, click Enabled, and then enter a string value represe
 <!-- DNS_SmartMultiHomedNameResolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_SmartMultiHomedNameResolution-Applicability-End -->
 
 <!-- DNS_SmartMultiHomedNameResolution-OmaUri-Begin -->
@@ -1100,7 +1100,7 @@ Specifies that a multi-homed DNS client should optimize name resolution across n
 <!-- DNS_SmartProtocolReorder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_SmartProtocolReorder-Applicability-End -->
 
 <!-- DNS_SmartProtocolReorder-OmaUri-Begin -->
@@ -1162,7 +1162,7 @@ Specifies that the DNS client should prefer responses from link local name resol
 <!-- DNS_UpdateSecurityLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_UpdateSecurityLevel-Applicability-End -->
 
 <!-- DNS_UpdateSecurityLevel-OmaUri-Begin -->
@@ -1228,7 +1228,7 @@ Only secure - computers send only secure dynamic updates.
 <!-- DNS_UpdateTopLevelDomainZones-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_UpdateTopLevelDomainZones-Applicability-End -->
 
 <!-- DNS_UpdateTopLevelDomainZones-OmaUri-Begin -->
@@ -1289,7 +1289,7 @@ By default, a DNS client that's configured to perform dynamic DNS update will up
 <!-- DNS_UseDomainNameDevolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DNS_UseDomainNameDevolution-Applicability-End -->
 
 <!-- DNS_UseDomainNameDevolution-OmaUri-Begin -->
@@ -1366,7 +1366,7 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
 <!-- Turn_Off_Multicast-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Turn_Off_Multicast-Applicability-End -->
 
 <!-- Turn_Off_Multicast-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index e4a0ac56f6..22f1c4afd7 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DWM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DwmDefaultColorizationColor_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDefaultColorizationColor_1-Applicability-End -->
 
 <!-- DwmDefaultColorizationColor_1-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting controls the default color for window frames when the user d
 <!-- DwmDefaultColorizationColor_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDefaultColorizationColor_2-Applicability-End -->
 
 <!-- DwmDefaultColorizationColor_2-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This policy setting controls the default color for window frames when the user d
 <!-- DwmDisallowAnimations_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowAnimations_1-Applicability-End -->
 
 <!-- DwmDisallowAnimations_1-OmaUri-Begin -->
@@ -213,7 +213,7 @@ Changing this policy setting requires a logoff for it to be applied.
 <!-- DwmDisallowAnimations_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowAnimations_2-Applicability-End -->
 
 <!-- DwmDisallowAnimations_2-OmaUri-Begin -->
@@ -274,7 +274,7 @@ Changing this policy setting requires a logoff for it to be applied.
 <!-- DwmDisallowColorizationColorChanges_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowColorizationColorChanges_1-Applicability-End -->
 
 <!-- DwmDisallowColorizationColorChanges_1-OmaUri-Begin -->
@@ -336,7 +336,7 @@ This policy setting controls the ability to change the color of window frames.
 <!-- DwmDisallowColorizationColorChanges_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DwmDisallowColorizationColorChanges_2-Applicability-End -->
 
 <!-- DwmDisallowColorizationColorChanges_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index 41b87fc7cd..0008cdb700 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EAIME Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList-Applicability-End -->
 
 <!-- L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList-OmaUri-Begin -->
@@ -92,7 +92,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_RestrictCharacterCodeRangeOfConversion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_RestrictCharacterCodeRangeOfConversion-Applicability-End -->
 
 <!-- L_RestrictCharacterCodeRangeOfConversion-OmaUri-Begin -->
@@ -167,7 +167,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_TurnOffCustomDictionary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffCustomDictionary-Applicability-End -->
 
 <!-- L_TurnOffCustomDictionary-OmaUri-Begin -->
@@ -235,7 +235,7 @@ This policy setting is applied to Japanese Microsoft IME.
 <!-- L_TurnOffHistorybasedPredictiveInput-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffHistorybasedPredictiveInput-Applicability-End -->
 
 <!-- L_TurnOffHistorybasedPredictiveInput-OmaUri-Begin -->
@@ -299,7 +299,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_TurnOffInternetSearchIntegration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffInternetSearchIntegration-Applicability-End -->
 
 <!-- L_TurnOffInternetSearchIntegration-OmaUri-Begin -->
@@ -365,7 +365,7 @@ This policy setting applies to Japanese Microsoft IME.
 <!-- L_TurnOffOpenExtendedDictionary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffOpenExtendedDictionary-Applicability-End -->
 
 <!-- L_TurnOffOpenExtendedDictionary-OmaUri-Begin -->
@@ -428,7 +428,7 @@ This policy setting is applied to Japanese Microsoft IME.
 <!-- L_TurnOffSavingAutoTuningDataToFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOffSavingAutoTuningDataToFile-Applicability-End -->
 
 <!-- L_TurnOffSavingAutoTuningDataToFile-OmaUri-Begin -->
@@ -489,7 +489,7 @@ This policy setting applies to Japanese Microsoft IME only.
 <!-- L_TurnOnCloudCandidate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnCloudCandidate-Applicability-End -->
 
 <!-- L_TurnOnCloudCandidate-OmaUri-Begin -->
@@ -552,7 +552,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.
 <!-- L_TurnOnCloudCandidateCHS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnCloudCandidateCHS-Applicability-End -->
 
 <!-- L_TurnOnCloudCandidateCHS-OmaUri-Begin -->
@@ -615,7 +615,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
 <!-- L_TurnOnLexiconUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnLexiconUpdate-Applicability-End -->
 
 <!-- L_TurnOnLexiconUpdate-OmaUri-Begin -->
@@ -674,7 +674,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
 <!-- L_TurnOnLiveStickers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnLiveStickers-Applicability-End -->
 
 <!-- L_TurnOnLiveStickers-OmaUri-Begin -->
@@ -733,7 +733,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
 <!-- L_TurnOnMisconversionLoggingForMisconversionReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- L_TurnOnMisconversionLoggingForMisconversionReport-Applicability-End -->
 
 <!-- L_TurnOnMisconversionLoggingForMisconversionReport-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 92b42d9267..47de0a1e19 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EncryptFilesonMove Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- NoEncryptOnMove-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoEncryptOnMove-Applicability-End -->
 
 <!-- NoEncryptOnMove-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 8d775dd553..8f8c2edfae 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EnhancedStorage Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ApprovedEnStorDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApprovedEnStorDevices-Applicability-End -->
 
 <!-- ApprovedEnStorDevices-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows you to configure a list of Enhanced Storage devices b
 <!-- ApprovedSilos-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApprovedSilos-Applicability-End -->
 
 <!-- ApprovedSilos-OmaUri-Begin -->
@@ -146,7 +146,7 @@ This policy setting allows you to create a list of IEEE 1667 silos, compliant wi
 <!-- DisablePasswordAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePasswordAuthentication-Applicability-End -->
 
 <!-- DisablePasswordAuthentication-OmaUri-Begin -->
@@ -205,7 +205,7 @@ This policy setting configures whether or not a password can be used to unlock a
 <!-- DisallowLegacyDiskDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowLegacyDiskDevices-Applicability-End -->
 
 <!-- DisallowLegacyDiskDevices-OmaUri-Begin -->
@@ -264,7 +264,7 @@ This policy setting configures whether or not non-Enhanced Storage removable dev
 <!-- LockDeviceOnMachineLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockDeviceOnMachineLock-Applicability-End -->
 
 <!-- LockDeviceOnMachineLock-OmaUri-Begin -->
@@ -325,7 +325,7 @@ This policy setting is supported in Windows Server SKUs only.
 <!-- RootHubConnectedEnStorDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RootHubConnectedEnStorDevices-Applicability-End -->
 
 <!-- RootHubConnectedEnStorDevices-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index b0d3994734..9cff3290ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ErrorReporting Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PCH_AllOrNoneDef-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_AllOrNoneDef-Applicability-End -->
 
 <!-- PCH_AllOrNoneDef-OmaUri-Begin -->
@@ -92,7 +92,7 @@ For related information, see the Configure Error Reporting and Report Operating
 <!-- PCH_AllOrNoneEx-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_AllOrNoneEx-Applicability-End -->
 
 <!-- PCH_AllOrNoneEx-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This policy setting controls Windows Error Reporting behavior for errors in gene
 <!-- PCH_AllOrNoneInc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_AllOrNoneInc-Applicability-End -->
 
 <!-- PCH_AllOrNoneInc-OmaUri-Begin -->
@@ -218,7 +218,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab
 <!-- PCH_ConfigureReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_ConfigureReport-Applicability-End -->
 
 <!-- PCH_ConfigureReport-OmaUri-Begin -->
@@ -299,7 +299,7 @@ See related policy settings Display Error Notification (same folder as this poli
 <!-- PCH_ReportOperatingSystemFaults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_ReportOperatingSystemFaults-Applicability-End -->
 
 <!-- PCH_ReportOperatingSystemFaults-OmaUri-Begin -->
@@ -362,7 +362,7 @@ See also the Configure Error Reporting policy setting.
 <!-- WerArchive_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerArchive_1-Applicability-End -->
 
 <!-- WerArchive_1-OmaUri-Begin -->
@@ -421,7 +421,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive
 <!-- WerArchive_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerArchive_2-Applicability-End -->
 
 <!-- WerArchive_2-OmaUri-Begin -->
@@ -480,7 +480,7 @@ This policy setting controls the behavior of the Windows Error Reporting archive
 <!-- WerAutoApproveOSDumps_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerAutoApproveOSDumps_1-Applicability-End -->
 
 <!-- WerAutoApproveOSDumps_1-OmaUri-Begin -->
@@ -539,7 +539,7 @@ This policy setting controls whether memory dumps in support of OS-generated err
 <!-- WerAutoApproveOSDumps_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerAutoApproveOSDumps_2-Applicability-End -->
 
 <!-- WerAutoApproveOSDumps_2-OmaUri-Begin -->
@@ -598,7 +598,7 @@ This policy setting controls whether memory dumps in support of OS-generated err
 <!-- WerBypassDataThrottling_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassDataThrottling_1-Applicability-End -->
 
 <!-- WerBypassDataThrottling_1-OmaUri-Begin -->
@@ -657,7 +657,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit
 <!-- WerBypassDataThrottling_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassDataThrottling_2-Applicability-End -->
 
 <!-- WerBypassDataThrottling_2-OmaUri-Begin -->
@@ -716,7 +716,7 @@ This policy setting determines whether Windows Error Reporting (WER) sends addit
 <!-- WerBypassNetworkCostThrottling_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassNetworkCostThrottling_1-Applicability-End -->
 
 <!-- WerBypassNetworkCostThrottling_1-OmaUri-Begin -->
@@ -775,7 +775,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for
 <!-- WerBypassNetworkCostThrottling_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassNetworkCostThrottling_2-Applicability-End -->
 
 <!-- WerBypassNetworkCostThrottling_2-OmaUri-Begin -->
@@ -834,7 +834,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks for
 <!-- WerBypassPowerThrottling_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassPowerThrottling_1-Applicability-End -->
 
 <!-- WerBypassPowerThrottling_1-OmaUri-Begin -->
@@ -893,7 +893,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t
 <!-- WerBypassPowerThrottling_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerBypassPowerThrottling_2-Applicability-End -->
 
 <!-- WerBypassPowerThrottling_2-OmaUri-Begin -->
@@ -952,7 +952,7 @@ This policy setting determines whether Windows Error Reporting (WER) checks if t
 <!-- WerCER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerCER-Applicability-End -->
 
 <!-- WerCER-OmaUri-Begin -->
@@ -1010,7 +1010,7 @@ This policy setting specifies a corporate server to which Windows Error Reportin
 <!-- WerConsentCustomize_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerConsentCustomize_1-Applicability-End -->
 
 <!-- WerConsentCustomize_1-OmaUri-Begin -->
@@ -1078,7 +1078,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f
 <!-- WerConsentOverride_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerConsentOverride_1-Applicability-End -->
 
 <!-- WerConsentOverride_1-OmaUri-Begin -->
@@ -1137,7 +1137,7 @@ This policy setting determines the behavior of the Configure Default Consent set
 <!-- WerConsentOverride_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerConsentOverride_2-Applicability-End -->
 
 <!-- WerConsentOverride_2-OmaUri-Begin -->
@@ -1196,7 +1196,7 @@ This policy setting determines the behavior of the Configure Default Consent set
 <!-- WerDefaultConsent_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerDefaultConsent_1-Applicability-End -->
 
 <!-- WerDefaultConsent_1-OmaUri-Begin -->
@@ -1262,7 +1262,7 @@ This policy setting determines the default consent behavior of Windows Error Rep
 <!-- WerDefaultConsent_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerDefaultConsent_2-Applicability-End -->
 
 <!-- WerDefaultConsent_2-OmaUri-Begin -->
@@ -1328,7 +1328,7 @@ This policy setting determines the default consent behavior of Windows Error Rep
 <!-- WerDisable_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerDisable_1-Applicability-End -->
 
 <!-- WerDisable_1-OmaUri-Begin -->
@@ -1387,7 +1387,7 @@ This policy setting turns off Windows Error Reporting, so that reports aren't co
 <!-- WerExlusion_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerExlusion_1-Applicability-End -->
 
 <!-- WerExlusion_1-OmaUri-Begin -->
@@ -1447,7 +1447,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera
 <!-- WerExlusion_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerExlusion_2-Applicability-End -->
 
 <!-- WerExlusion_2-OmaUri-Begin -->
@@ -1507,7 +1507,7 @@ This policy setting limits Windows Error Reporting behavior for errors in genera
 <!-- WerNoLogging_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerNoLogging_1-Applicability-End -->
 
 <!-- WerNoLogging_1-OmaUri-Begin -->
@@ -1566,7 +1566,7 @@ This policy setting controls whether Windows Error Reporting saves its own event
 <!-- WerNoLogging_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerNoLogging_2-Applicability-End -->
 
 <!-- WerNoLogging_2-OmaUri-Begin -->
@@ -1625,7 +1625,7 @@ This policy setting controls whether Windows Error Reporting saves its own event
 <!-- WerNoSecondLevelData_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerNoSecondLevelData_1-Applicability-End -->
 
 <!-- WerNoSecondLevelData_1-OmaUri-Begin -->
@@ -1684,7 +1684,7 @@ This policy setting controls whether additional data in support of error reports
 <!-- WerQueue_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerQueue_1-Applicability-End -->
 
 <!-- WerQueue_1-OmaUri-Begin -->
@@ -1745,7 +1745,7 @@ The Maximum number of reports to queue setting determines how many reports can b
 <!-- WerQueue_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WerQueue_2-Applicability-End -->
 
 <!-- WerQueue_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index b510d5bbff..c795cc1b25 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventForwarding Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ForwarderResourceUsage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForwarderResourceUsage-Applicability-End -->
 
 <!-- ForwarderResourceUsage-OmaUri-Begin -->
@@ -88,7 +88,7 @@ This setting applies across all subscriptions for the forwarder (source computer
 <!-- SubscriptionManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SubscriptionManager-Applicability-End -->
 
 <!-- SubscriptionManager-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 95133de171..16a23bf7bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventLog Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Channel_Log_AutoBackup_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_1-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_AutoBackup_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_2-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_2-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_AutoBackup_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_3-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_3-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_AutoBackup_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_AutoBackup_4-Applicability-End -->
 
 <!-- Channel_Log_AutoBackup_4-OmaUri-Begin -->
@@ -272,7 +272,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_FileLogAccess_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_1-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_1-OmaUri-Begin -->
@@ -333,7 +333,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_2-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_2-OmaUri-Begin -->
@@ -394,7 +394,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_3-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_3-OmaUri-Begin -->
@@ -455,7 +455,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_4-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_4-OmaUri-Begin -->
@@ -516,7 +516,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_5-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_5-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_5-OmaUri-Begin -->
@@ -576,7 +576,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_6-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_6-OmaUri-Begin -->
@@ -636,7 +636,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_7-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_7-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_7-OmaUri-Begin -->
@@ -696,7 +696,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_FileLogAccess_8-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_FileLogAccess_8-Applicability-End -->
 
 <!-- Channel_Log_FileLogAccess_8-OmaUri-Begin -->
@@ -756,7 +756,7 @@ This policy setting specifies the security descriptor to use for the log using t
 <!-- Channel_Log_Retention_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_Retention_2-Applicability-End -->
 
 <!-- Channel_Log_Retention_2-OmaUri-Begin -->
@@ -818,7 +818,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_Retention_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_Retention_3-Applicability-End -->
 
 <!-- Channel_Log_Retention_3-OmaUri-Begin -->
@@ -880,7 +880,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_Log_Retention_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_Log_Retention_4-Applicability-End -->
 
 <!-- Channel_Log_Retention_4-OmaUri-Begin -->
@@ -942,7 +942,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- Channel_LogEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogEnabled-Applicability-End -->
 
 <!-- Channel_LogEnabled-OmaUri-Begin -->
@@ -1001,7 +1001,7 @@ If the policy setting is disabled, then no new events can be logged. Events can
 <!-- Channel_LogFilePath_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_1-Applicability-End -->
 
 <!-- Channel_LogFilePath_1-OmaUri-Begin -->
@@ -1059,7 +1059,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogFilePath_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_2-Applicability-End -->
 
 <!-- Channel_LogFilePath_2-OmaUri-Begin -->
@@ -1117,7 +1117,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogFilePath_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_3-Applicability-End -->
 
 <!-- Channel_LogFilePath_3-OmaUri-Begin -->
@@ -1175,7 +1175,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogFilePath_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogFilePath_4-Applicability-End -->
 
 <!-- Channel_LogFilePath_4-OmaUri-Begin -->
@@ -1233,7 +1233,7 @@ This policy setting controls the location of the log file. The location of the f
 <!-- Channel_LogMaxSize_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Channel_LogMaxSize_3-Applicability-End -->
 
 <!-- Channel_LogMaxSize_3-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 5e2a32c92c..4ab3bea921 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventLogging Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EnableProtectedEventLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableProtectedEventLogging-Applicability-End -->
 
 <!-- EnableProtectedEventLogging-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index 4152b2d2b5..5dbf8de29a 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_EventViewer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EventViewer_RedirectionProgram-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_RedirectionProgram-Applicability-End -->
 
 <!-- EventViewer_RedirectionProgram-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This is the program that will be invoked when the user clicks the events.asp lin
 <!-- EventViewer_RedirectionProgramCommandLineParameters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_RedirectionProgramCommandLineParameters-Applicability-End -->
 
 <!-- EventViewer_RedirectionProgramCommandLineParameters-OmaUri-Begin -->
@@ -136,7 +136,7 @@ This specifies the command line parameters that will be passed to the events.asp
 <!-- EventViewer_RedirectionURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_RedirectionURL-Applicability-End -->
 
 <!-- EventViewer_RedirectionURL-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index 6596872ac7..109d2ab3e4 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Explorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AdminInfoUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AdminInfoUrl-Applicability-End -->
 
 <!-- AdminInfoUrl-OmaUri-Begin -->
@@ -82,7 +82,7 @@ Sets the target of the More Information link that will be displayed when the use
 <!-- AlwaysShowClassicMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AlwaysShowClassicMenu-Applicability-End -->
 
 <!-- AlwaysShowClassicMenu-OmaUri-Begin -->
@@ -147,7 +147,7 @@ This policy setting configures File Explorer to always display the menu bar.
 <!-- DisableRoamedProfileInit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRoamedProfileInit-Applicability-End -->
 
 <!-- DisableRoamedProfileInit-OmaUri-Begin -->
@@ -204,7 +204,7 @@ If you enable this policy setting on a machine that doesn't contain all programs
 <!-- PreventItemCreationInUsersFilesFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventItemCreationInUsersFilesFolder-Applicability-End -->
 
 <!-- PreventItemCreationInUsersFilesFolder-OmaUri-Begin -->
@@ -266,7 +266,7 @@ This policy setting allows administrators to prevent users from adding new items
 <!-- TurnOffSPIAnimations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffSPIAnimations-Applicability-End -->
 
 <!-- TurnOffSPIAnimations-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 11eda286b9..0e9014753c 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ExternalBoot Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PortableOperatingSystem_Hibernate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PortableOperatingSystem_Hibernate-Applicability-End -->
 
 <!-- PortableOperatingSystem_Hibernate-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Specifies whether the PC can use the hibernation sleep state (S4) when started f
 <!-- PortableOperatingSystem_Launcher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PortableOperatingSystem_Launcher-Applicability-End -->
 
 <!-- PortableOperatingSystem_Launcher-OmaUri-Begin -->
@@ -148,7 +148,7 @@ This policy setting controls whether the PC will boot to Windows To Go if a USB
 <!-- PortableOperatingSystem_Sleep-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PortableOperatingSystem_Sleep-Applicability-End -->
 
 <!-- PortableOperatingSystem_Sleep-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 97a587ead0..df706d5574 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileRecovery Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index bf73c35e40..b4db9c6e31 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileRevocation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DelegatedPackageFamilyNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DelegatedPackageFamilyNames-Applicability-End -->
 
 <!-- DelegatedPackageFamilyNames-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index e0a97756bf..4ef165f51b 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileServerVSSProvider Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Pol_EncryptProtocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EncryptProtocol-Applicability-End -->
 
 <!-- Pol_EncryptProtocol-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 9e086acb53..46e9b64dae 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_FileSys Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableCompression-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCompression-Applicability-End -->
 
 <!-- DisableCompression-OmaUri-Begin -->
@@ -85,7 +85,7 @@ A reboot is required for this setting to take effect.
 <!-- DisableDeleteNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableDeleteNotification-Applicability-End -->
 
 <!-- DisableDeleteNotification-OmaUri-Begin -->
@@ -144,7 +144,7 @@ A value of 1 will disable delete notifications for all volumes.
 <!-- DisableEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableEncryption-Applicability-End -->
 
 <!-- DisableEncryption-OmaUri-Begin -->
@@ -201,7 +201,7 @@ A reboot is required for this setting to take effect.
 <!-- EnablePagefileEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnablePagefileEncryption-Applicability-End -->
 
 <!-- EnablePagefileEncryption-OmaUri-Begin -->
@@ -256,7 +256,7 @@ Encrypting the page file prevents malicious users from reading data that has bee
 <!-- LongPathsEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LongPathsEnabled-Applicability-End -->
 
 <!-- LongPathsEnabled-OmaUri-Begin -->
@@ -311,7 +311,7 @@ Enabling Win32 long paths will allow manifested win32 applications and Windows S
 <!-- ShortNameCreationSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShortNameCreationSettings-Applicability-End -->
 
 <!-- ShortNameCreationSettings-OmaUri-Begin -->
@@ -367,7 +367,7 @@ If you enable short names on all volumes then short names will always be generat
 <!-- SymlinkEvaluation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SymlinkEvaluation-Applicability-End -->
 
 <!-- SymlinkEvaluation-OmaUri-Begin -->
@@ -435,7 +435,7 @@ For further information please refer to the Windows Help section.
 <!-- TxfDeprecatedFunctionality-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TxfDeprecatedFunctionality-Applicability-End -->
 
 <!-- TxfDeprecatedFunctionality-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index 5bcd0b1a15..f899fc45c3 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_FolderRedirection Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableFRAdminPin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableFRAdminPin-Applicability-End -->
 
 <!-- DisableFRAdminPin-OmaUri-Begin -->
@@ -96,7 +96,7 @@ This policy setting allows you to control whether all redirected shell folders,
 <!-- DisableFRAdminPinByFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableFRAdminPinByFolder-Applicability-End -->
 
 <!-- DisableFRAdminPinByFolder-OmaUri-Begin -->
@@ -160,7 +160,7 @@ If you disable or don't configure this policy setting, all redirected shell fold
 <!-- FolderRedirectionEnableCacheRename-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FolderRedirectionEnableCacheRename-Applicability-End -->
 
 <!-- FolderRedirectionEnableCacheRename-OmaUri-Begin -->
@@ -219,7 +219,7 @@ This policy setting controls whether the contents of redirected folders is copie
 <!-- LocalizeXPRelativePaths_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocalizeXPRelativePaths_1-Applicability-End -->
 
 <!-- LocalizeXPRelativePaths_1-OmaUri-Begin -->
@@ -281,7 +281,7 @@ This policy setting allows the administrator to define whether Folder Redirectio
 <!-- LocalizeXPRelativePaths_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocalizeXPRelativePaths_2-Applicability-End -->
 
 <!-- LocalizeXPRelativePaths_2-OmaUri-Begin -->
@@ -343,7 +343,7 @@ This policy setting allows the administrator to define whether Folder Redirectio
 <!-- PrimaryComputer_FR_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrimaryComputer_FR_1-Applicability-End -->
 
 <!-- PrimaryComputer_FR_1-OmaUri-Begin -->
@@ -407,7 +407,7 @@ To designate a user's primary computers, an administrator must use management so
 <!-- PrimaryComputer_FR_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrimaryComputer_FR_2-Applicability-End -->
 
 <!-- PrimaryComputer_FR_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index c4904acf06..4879cfd377 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_FramePanes Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- NoPreviewPane-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPreviewPane-Applicability-End -->
 
 <!-- NoPreviewPane-OmaUri-Begin -->
@@ -91,7 +91,7 @@ If you disable, or don't configure this policy setting, the Details Pane is hidd
 <!-- NoReadingPane-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoReadingPane-Applicability-End -->
 
 <!-- NoReadingPane-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index 986c171695..0a21d317ee 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_fthsvc Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 07132d5d80..318b249de9 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Globalization Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BlockUserInputMethodsForSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockUserInputMethodsForSignIn-Applicability-End -->
 
 <!-- BlockUserInputMethodsForSignIn-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Note this doesn't affect the availability of user input methods on the lock scre
 <!-- CustomLocalesNoSelect_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomLocalesNoSelect_1-Applicability-End -->
 
 <!-- CustomLocalesNoSelect_1-OmaUri-Begin -->
@@ -160,7 +160,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
 <!-- CustomLocalesNoSelect_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomLocalesNoSelect_2-Applicability-End -->
 
 <!-- CustomLocalesNoSelect_2-OmaUri-Begin -->
@@ -231,7 +231,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
 <!-- HideAdminOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideAdminOptions-Applicability-End -->
 
 <!-- HideAdminOptions-OmaUri-Begin -->
@@ -295,7 +295,7 @@ This policy setting is used only to simplify the Regional Options control panel.
 <!-- HideCurrentLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideCurrentLocation-Applicability-End -->
 
 <!-- HideCurrentLocation-OmaUri-Begin -->
@@ -359,7 +359,7 @@ This policy setting is used only to simplify the Regional Options control panel.
 <!-- HideLanguageSelection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideLanguageSelection-Applicability-End -->
 
 <!-- HideLanguageSelection-OmaUri-Begin -->
@@ -423,7 +423,7 @@ This policy setting is used only to simplify the Regional Options control panel.
 <!-- HideLocaleSelectAndCustomize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideLocaleSelectAndCustomize-Applicability-End -->
 
 <!-- HideLocaleSelectAndCustomize-OmaUri-Begin -->
@@ -484,7 +484,7 @@ This policy setting is used only to simplify the Regional and Language Options c
 <!-- ImplicitDataCollectionOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ImplicitDataCollectionOff_1-Applicability-End -->
 
 <!-- ImplicitDataCollectionOff_1-OmaUri-Begin -->
@@ -559,7 +559,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol
 <!-- ImplicitDataCollectionOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ImplicitDataCollectionOff_2-Applicability-End -->
 
 <!-- ImplicitDataCollectionOff_2-OmaUri-Begin -->
@@ -634,7 +634,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol
 <!-- LocaleSystemRestrict-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocaleSystemRestrict-Applicability-End -->
 
 <!-- LocaleSystemRestrict-OmaUri-Begin -->
@@ -695,7 +695,7 @@ The locale list is specified using language names, separated by a semicolon (;).
 <!-- LocaleUserRestrict_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocaleUserRestrict_1-Applicability-End -->
 
 <!-- LocaleUserRestrict_1-OmaUri-Begin -->
@@ -764,7 +764,7 @@ The locale list is specified using language tags, separated by a semicolon (;).
 <!-- LocaleUserRestrict_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocaleUserRestrict_2-Applicability-End -->
 
 <!-- LocaleUserRestrict_2-OmaUri-Begin -->
@@ -833,7 +833,7 @@ The locale list is specified using language tags, separated by a semicolon (;).
 <!-- LockMachineUILanguage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockMachineUILanguage-Applicability-End -->
 
 <!-- LockMachineUILanguage-OmaUri-Begin -->
@@ -893,7 +893,7 @@ This is a policy setting for computers with more than one UI language installed.
 <!-- LockUserUILanguage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockUserUILanguage-Applicability-End -->
 
 <!-- LockUserUILanguage-OmaUri-Begin -->
@@ -955,7 +955,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200
 <!-- PreventGeoIdChange_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventGeoIdChange_1-Applicability-End -->
 
 <!-- PreventGeoIdChange_1-OmaUri-Begin -->
@@ -1022,7 +1022,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
 <!-- PreventGeoIdChange_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventGeoIdChange_2-Applicability-End -->
 
 <!-- PreventGeoIdChange_2-OmaUri-Begin -->
@@ -1089,7 +1089,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
 <!-- PreventUserOverrides_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventUserOverrides_1-Applicability-End -->
 
 <!-- PreventUserOverrides_1-OmaUri-Begin -->
@@ -1158,7 +1158,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
 <!-- PreventUserOverrides_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventUserOverrides_2-Applicability-End -->
 
 <!-- PreventUserOverrides_2-OmaUri-Begin -->
@@ -1227,7 +1227,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
 <!-- RestrictUILangSelect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictUILangSelect-Applicability-End -->
 
 <!-- RestrictUILangSelect-OmaUri-Begin -->
@@ -1287,7 +1287,7 @@ To enable this policy setting in Windows Vista, use the "Restricts the UI langua
 <!-- TurnOffAutocorrectMisspelledWords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffAutocorrectMisspelledWords-Applicability-End -->
 
 <!-- TurnOffAutocorrectMisspelledWords-OmaUri-Begin -->
@@ -1350,7 +1350,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- TurnOffHighlightMisspelledWords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffHighlightMisspelledWords-Applicability-End -->
 
 <!-- TurnOffHighlightMisspelledWords-OmaUri-Begin -->
@@ -1413,7 +1413,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- TurnOffInsertSpace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffInsertSpace-Applicability-End -->
 
 <!-- TurnOffInsertSpace-OmaUri-Begin -->
@@ -1476,7 +1476,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- TurnOffOfferTextPredictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffOfferTextPredictions-Applicability-End -->
 
 <!-- TurnOffOfferTextPredictions-OmaUri-Begin -->
@@ -1539,7 +1539,7 @@ Note that the availability and function of this setting is dependent on supporte
 <!-- Y2K-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Y2K-Applicability-End -->
 
 <!-- Y2K-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index e1d7e4f64b..b4e3c52267 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_GroupPolicy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowX-ForestPolicy-and-RUP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowX-ForestPolicy-and-RUP-Applicability-End -->
 
 <!-- AllowX-ForestPolicy-and-RUP-OmaUri-Begin -->
@@ -99,7 +99,7 @@ This policy setting affects all user accounts that interactively log on to a com
 <!-- CorpConnSyncWaitTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CorpConnSyncWaitTime-Applicability-End -->
 
 <!-- CorpConnSyncWaitTime-OmaUri-Begin -->
@@ -157,7 +157,7 @@ This policy setting specifies how long Group Policy should wait for workplace co
 <!-- CSE_AppMgmt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_AppMgmt-Applicability-End -->
 
 <!-- CSE_AppMgmt-OmaUri-Begin -->
@@ -223,7 +223,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_DiskQuota-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_DiskQuota-Applicability-End -->
 
 <!-- CSE_DiskQuota-OmaUri-Begin -->
@@ -291,7 +291,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_EFSRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_EFSRecovery-Applicability-End -->
 
 <!-- CSE_EFSRecovery-OmaUri-Begin -->
@@ -359,7 +359,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_FolderRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_FolderRedirection-Applicability-End -->
 
 <!-- CSE_FolderRedirection-OmaUri-Begin -->
@@ -425,7 +425,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_IEM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_IEM-Applicability-End -->
 
 <!-- CSE_IEM-OmaUri-Begin -->
@@ -493,7 +493,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_IPSecurity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_IPSecurity-Applicability-End -->
 
 <!-- CSE_IPSecurity-OmaUri-Begin -->
@@ -561,7 +561,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Registry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Registry-Applicability-End -->
 
 <!-- CSE_Registry-OmaUri-Begin -->
@@ -625,7 +625,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Scripts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Scripts-Applicability-End -->
 
 <!-- CSE_Scripts-OmaUri-Begin -->
@@ -691,7 +691,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Security-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Security-Applicability-End -->
 
 <!-- CSE_Security-OmaUri-Begin -->
@@ -757,7 +757,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Wired-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Wired-Applicability-End -->
 
 <!-- CSE_Wired-OmaUri-Begin -->
@@ -825,7 +825,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- CSE_Wireless-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CSE_Wireless-Applicability-End -->
 
 <!-- CSE_Wireless-OmaUri-Begin -->
@@ -893,7 +893,7 @@ The "Process even if the Group Policy objects haven't changed" option updates an
 <!-- DenyRsopToInteractiveUser_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyRsopToInteractiveUser_1-Applicability-End -->
 
 <!-- DenyRsopToInteractiveUser_1-OmaUri-Begin -->
@@ -965,7 +965,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu
 <!-- DenyRsopToInteractiveUser_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DenyRsopToInteractiveUser_2-Applicability-End -->
 
 <!-- DenyRsopToInteractiveUser_2-OmaUri-Begin -->
@@ -1037,7 +1037,7 @@ Also, see the "Turn off Resultant set of Policy logging" policy setting in Compu
 <!-- DisableAOACProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAOACProcessing-Applicability-End -->
 
 <!-- DisableAOACProcessing-OmaUri-Begin -->
@@ -1092,7 +1092,7 @@ This policy setting prevents the Group Policy Client Service from stopping when
 <!-- DisableAutoADMUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoADMUpdate-Applicability-End -->
 
 <!-- DisableAutoADMUpdate-OmaUri-Begin -->
@@ -1156,7 +1156,7 @@ Changing the status of this setting to Disabled will enforce the default behavio
 <!-- DisableBackgroundPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBackgroundPolicy-Applicability-End -->
 
 <!-- DisableBackgroundPolicy-OmaUri-Begin -->
@@ -1218,7 +1218,7 @@ This policy setting prevents Group Policy from being updated while the computer
 <!-- DisableLGPOProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLGPOProcessing-Applicability-End -->
 
 <!-- DisableLGPOProcessing-OmaUri-Begin -->
@@ -1282,7 +1282,7 @@ By default, the policy settings in Local GPOs are applied before any domain-base
 <!-- DisableUsersFromMachGP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableUsersFromMachGP-Applicability-End -->
 
 <!-- DisableUsersFromMachGP-OmaUri-Begin -->
@@ -1349,7 +1349,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t
 <!-- EnableCDP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableCDP-Applicability-End -->
 
 <!-- EnableCDP-OmaUri-Begin -->
@@ -1410,7 +1410,7 @@ This policy setting determines whether the Windows device is allowed to particip
 <!-- EnableLogonOptimization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableLogonOptimization-Applicability-End -->
 
 <!-- EnableLogonOptimization-OmaUri-Begin -->
@@ -1473,7 +1473,7 @@ The timeout value that's defined in this policy setting determines how long Grou
 <!-- EnableLogonOptimizationOnServerSKU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableLogonOptimizationOnServerSKU-Applicability-End -->
 
 <!-- EnableLogonOptimizationOnServerSKU-OmaUri-Begin -->
@@ -1536,7 +1536,7 @@ The timeout value that's defined in this policy setting determines how long Grou
 <!-- EnableMMX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableMMX-Applicability-End -->
 
 <!-- EnableMMX-OmaUri-Begin -->
@@ -1597,7 +1597,7 @@ This policy allows IT admins to turn off the ability to Link a Phone with a PC t
 <!-- EnforcePoliciesOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnforcePoliciesOnly-Applicability-End -->
 
 <!-- EnforcePoliciesOnly-OmaUri-Begin -->
@@ -1663,7 +1663,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f
 <!-- FontMitigation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FontMitigation-Applicability-End -->
 
 <!-- FontMitigation-OmaUri-Begin -->
@@ -1717,7 +1717,7 @@ This security feature provides a global setting to prevent programs from loading
 <!-- GPDCOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GPDCOptions-Applicability-End -->
 
 <!-- GPDCOptions-OmaUri-Begin -->
@@ -1784,7 +1784,7 @@ This policy setting determines which domain controller the Group Policy Object E
 <!-- GPTransferRate_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GPTransferRate_1-Applicability-End -->
 
 <!-- GPTransferRate_1-OmaUri-Begin -->
@@ -1853,7 +1853,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
 <!-- GPTransferRate_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GPTransferRate_2-Applicability-End -->
 
 <!-- GPTransferRate_2-OmaUri-Begin -->
@@ -1922,7 +1922,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
 <!-- GroupPolicyRefreshRate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GroupPolicyRefreshRate-Applicability-End -->
 
 <!-- GroupPolicyRefreshRate-OmaUri-Begin -->
@@ -1993,7 +1993,7 @@ This setting is only used when the "Turn off background refresh of Group Policy"
 <!-- GroupPolicyRefreshRateDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GroupPolicyRefreshRateDC-Applicability-End -->
 
 <!-- GroupPolicyRefreshRateDC-OmaUri-Begin -->
@@ -2058,7 +2058,7 @@ This setting also lets you specify how much the actual update interval varies. T
 <!-- GroupPolicyRefreshRateUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GroupPolicyRefreshRateUser-Applicability-End -->
 
 <!-- GroupPolicyRefreshRateUser-OmaUri-Begin -->
@@ -2131,7 +2131,7 @@ This setting also lets you specify how much the actual update interval varies. T
 <!-- LogonScriptDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LogonScriptDelay-Applicability-End -->
 
 <!-- LogonScriptDelay-OmaUri-Begin -->
@@ -2196,7 +2196,7 @@ By default, the Group Policy client waits five minutes before running logon scri
 <!-- NewGPODisplayName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NewGPODisplayName-Applicability-End -->
 
 <!-- NewGPODisplayName-OmaUri-Begin -->
@@ -2256,7 +2256,7 @@ If this setting is Disabled or Not Configured, the default display name of New G
 <!-- NewGPOLinksDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NewGPOLinksDisabled-Applicability-End -->
 
 <!-- NewGPOLinksDisabled-OmaUri-Begin -->
@@ -2315,7 +2315,7 @@ This policy setting allows you to create new Group Policy object links in the di
 <!-- OnlyUseLocalAdminFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- OnlyUseLocalAdminFiles-Applicability-End -->
 
 <!-- OnlyUseLocalAdminFiles-OmaUri-Begin -->
@@ -2391,7 +2391,7 @@ This leads to the following behavior:
 <!-- ProcessMitigationOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProcessMitigationOptions-Applicability-End -->
 
 <!-- ProcessMitigationOptions-OmaUri-Begin -->
@@ -2471,7 +2471,7 @@ Setting flags not specified here to any value other than ? results in undefined
 <!-- ResetDfsClientInfoDuringRefreshPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ResetDfsClientInfoDuringRefreshPolicy-Applicability-End -->
 
 <!-- ResetDfsClientInfoDuringRefreshPolicy-OmaUri-Begin -->
@@ -2526,7 +2526,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same
 <!-- RSoPLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RSoPLogging-Applicability-End -->
 
 <!-- RSoPLogging-OmaUri-Begin -->
@@ -2590,7 +2590,7 @@ RSoP logs information on Group Policy settings that have been applied to the cli
 <!-- SlowLinkDefaultForDirectAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SlowLinkDefaultForDirectAccess-Applicability-End -->
 
 <!-- SlowLinkDefaultForDirectAccess-OmaUri-Begin -->
@@ -2654,7 +2654,7 @@ When Group Policy detects the bandwidth speed of a Direct Access connection, the
 <!-- SlowlinkDefaultToAsync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SlowlinkDefaultToAsync-Applicability-End -->
 
 <!-- SlowlinkDefaultToAsync-OmaUri-Begin -->
@@ -2723,7 +2723,7 @@ Note There are two conditions that will cause Group Policy to be processed synch
 <!-- SyncWaitTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncWaitTime-Applicability-End -->
 
 <!-- SyncWaitTime-OmaUri-Begin -->
@@ -2781,7 +2781,7 @@ This policy setting specifies how long Group Policy should wait for network avai
 <!-- UserPolicyMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UserPolicyMode-Applicability-End -->
 
 <!-- UserPolicyMode-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index dabc23d834..3cc624b3ec 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Help Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableHHDEP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableHHDEP-Applicability-End -->
 
 <!-- DisableHHDEP-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Data Execution Prevention (DEP) is designed to block malicious code that takes a
 <!-- HelpQualifiedRootDir_Comp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HelpQualifiedRootDir_Comp-Applicability-End -->
 
 <!-- HelpQualifiedRootDir_Comp-OmaUri-Begin -->
@@ -161,7 +161,7 @@ For additional options, see the "Restrict these programs from being launched fro
 <!-- RestrictRunFromHelp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictRunFromHelp-Applicability-End -->
 
 <!-- RestrictRunFromHelp-OmaUri-Begin -->
@@ -225,7 +225,7 @@ This policy setting allows you to restrict programs from being run from online H
 <!-- RestrictRunFromHelp_Comp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictRunFromHelp_Comp-Applicability-End -->
 
 <!-- RestrictRunFromHelp_Comp-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index a0c5be299f..b207a1fdec 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_HelpAndSupport Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ActiveHelp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ActiveHelp-Applicability-End -->
 
 <!-- ActiveHelp-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting specifies whether active content links in trusted assistance
 <!-- HPExplicitFeedback-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HPExplicitFeedback-Applicability-End -->
 
 <!-- HPExplicitFeedback-OmaUri-Begin -->
@@ -148,7 +148,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
 <!-- HPImplicitFeedback-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HPImplicitFeedback-Applicability-End -->
 
 <!-- HPImplicitFeedback-OmaUri-Begin -->
@@ -207,7 +207,7 @@ This policy setting specifies whether users can participate in the Help Experien
 <!-- HPOnlineAssistance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HPOnlineAssistance-Applicability-End -->
 
 <!-- HPOnlineAssistance-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 639fa6323a..97c0f896dd 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_hotspotauth Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- HotspotAuth_Enable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HotspotAuth_Enable-Applicability-End -->
 
 <!-- HotspotAuth_Enable-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index d9bba74952..b75dbe301d 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ICM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CEIPEnable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CEIPEnable-Applicability-End -->
 
 <!-- CEIPEnable-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting turns off the Windows Customer Experience Improvement Progra
 <!-- CertMgr_DisableAutoRootUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertMgr_DisableAutoRootUpdates-Applicability-End -->
 
 <!-- CertMgr_DisableAutoRootUpdates-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Typically, a certificate is used when you use a secure website or when you send
 <!-- DisableHTTPPrinting_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableHTTPPrinting_1-Applicability-End -->
 
 <!-- DisableHTTPPrinting_1-OmaUri-Begin -->
@@ -216,7 +216,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi
 <!-- DisableWebPnPDownload_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWebPnPDownload_1-Applicability-End -->
 
 <!-- DisableWebPnPDownload_1-OmaUri-Begin -->
@@ -280,7 +280,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
 <!-- DriverSearchPlaces_DontSearchWindowsUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DriverSearchPlaces_DontSearchWindowsUpdate-Applicability-End -->
 
 <!-- DriverSearchPlaces_DontSearchWindowsUpdate-OmaUri-Begin -->
@@ -346,7 +346,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ
 <!-- EventViewer_DisableLinks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EventViewer_DisableLinks-Applicability-End -->
 
 <!-- EventViewer_DisableLinks-OmaUri-Begin -->
@@ -407,7 +407,7 @@ The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate t
 <!-- HSS_HeadlinesPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HSS_HeadlinesPolicy-Applicability-End -->
 
 <!-- HSS_HeadlinesPolicy-OmaUri-Begin -->
@@ -470,7 +470,7 @@ You might want to enable this policy setting for users who don't have Internet a
 <!-- HSS_KBSearchPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HSS_KBSearchPolicy-Applicability-End -->
 
 <!-- HSS_KBSearchPolicy-OmaUri-Begin -->
@@ -531,7 +531,7 @@ The Knowledge Base is an online source of technical support information and self
 <!-- InternetManagement_RestrictCommunication_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetManagement_RestrictCommunication_1-Applicability-End -->
 
 <!-- InternetManagement_RestrictCommunication_1-OmaUri-Begin -->
@@ -592,7 +592,7 @@ This policy setting specifies whether Windows can access the Internet to accompl
 <!-- InternetManagement_RestrictCommunication_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetManagement_RestrictCommunication_2-Applicability-End -->
 
 <!-- InternetManagement_RestrictCommunication_2-OmaUri-Begin -->
@@ -653,7 +653,7 @@ This policy setting specifies whether Windows can access the Internet to accompl
 <!-- NC_ExitOnISP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ExitOnISP-Applicability-End -->
 
 <!-- NC_ExitOnISP-OmaUri-Begin -->
@@ -712,7 +712,7 @@ This policy setting specifies whether the Internet Connection Wizard can connect
 <!-- NC_NoRegistration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_NoRegistration-Applicability-End -->
 
 <!-- NC_NoRegistration-OmaUri-Begin -->
@@ -773,7 +773,7 @@ Note that registration is optional and involves submitting some personal informa
 <!-- PCH_DoNotReport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_DoNotReport-Applicability-End -->
 
 <!-- PCH_DoNotReport-OmaUri-Begin -->
@@ -837,7 +837,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa
 <!-- RemoveWindowsUpdate_ICM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveWindowsUpdate_ICM-Applicability-End -->
 
 <!-- RemoveWindowsUpdate_ICM-OmaUri-Begin -->
@@ -899,7 +899,7 @@ This policy setting allows you to remove access to Windows Update.
 <!-- SearchCompanion_DisableFileUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SearchCompanion_DisableFileUpdates-Applicability-End -->
 
 <!-- SearchCompanion_DisableFileUpdates-OmaUri-Begin -->
@@ -963,7 +963,7 @@ When users search the local computer or the Internet, Search Companion occasiona
 <!-- ShellNoUseInternetOpenWith_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseInternetOpenWith_1-Applicability-End -->
 
 <!-- ShellNoUseInternetOpenWith_1-OmaUri-Begin -->
@@ -1024,7 +1024,7 @@ When a user opens a file that has an extension that isn't associated with any ap
 <!-- ShellNoUseInternetOpenWith_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseInternetOpenWith_2-Applicability-End -->
 
 <!-- ShellNoUseInternetOpenWith_2-OmaUri-Begin -->
@@ -1085,7 +1085,7 @@ When a user opens a file that has an extension that isn't associated with any ap
 <!-- ShellNoUseStoreOpenWith_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseStoreOpenWith_1-Applicability-End -->
 
 <!-- ShellNoUseStoreOpenWith_1-OmaUri-Begin -->
@@ -1146,7 +1146,7 @@ When a user opens a file type or protocol that isn't associated with any applica
 <!-- ShellNoUseStoreOpenWith_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellNoUseStoreOpenWith_2-Applicability-End -->
 
 <!-- ShellNoUseStoreOpenWith_2-OmaUri-Begin -->
@@ -1207,7 +1207,7 @@ When a user opens a file type or protocol that isn't associated with any applica
 <!-- ShellPreventWPWDownload_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellPreventWPWDownload_1-Applicability-End -->
 
 <!-- ShellPreventWPWDownload_1-OmaUri-Begin -->
@@ -1270,7 +1270,7 @@ See the documentation for the web publishing and online ordering wizards for mor
 <!-- ShellRemoveOrderPrints_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemoveOrderPrints_1-Applicability-End -->
 
 <!-- ShellRemoveOrderPrints_1-OmaUri-Begin -->
@@ -1331,7 +1331,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow
 <!-- ShellRemoveOrderPrints_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemoveOrderPrints_2-Applicability-End -->
 
 <!-- ShellRemoveOrderPrints_2-OmaUri-Begin -->
@@ -1392,7 +1392,7 @@ The Order Prints Online Wizard is used to download a list of providers and allow
 <!-- ShellRemovePublishToWeb_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemovePublishToWeb_1-Applicability-End -->
 
 <!-- ShellRemovePublishToWeb_1-OmaUri-Begin -->
@@ -1453,7 +1453,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user
 <!-- ShellRemovePublishToWeb_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellRemovePublishToWeb_2-Applicability-End -->
 
 <!-- ShellRemovePublishToWeb_2-OmaUri-Begin -->
@@ -1514,7 +1514,7 @@ The Web Publishing Wizard is used to download a list of providers and allow user
 <!-- WinMSG_NoInstrumentation_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WinMSG_NoInstrumentation_1-Applicability-End -->
 
 <!-- WinMSG_NoInstrumentation_1-OmaUri-Begin -->
@@ -1577,7 +1577,7 @@ With the Customer Experience Improvement program, users can allow Microsoft to c
 <!-- WinMSG_NoInstrumentation_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WinMSG_NoInstrumentation_2-Applicability-End -->
 
 <!-- WinMSG_NoInstrumentation_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index b886cd2b1a..5a1b4f8ae9 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_IIS Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PreventIISInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventIISInstall-Applicability-End -->
 
 <!-- PreventIISInstall-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index ab2b61dabd..2bb4a2a986 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_iSCSI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- iSCSIDiscovery_ConfigureiSNSServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_ConfigureiSNSServers-Applicability-End -->
 
 <!-- iSCSIDiscovery_ConfigureiSNSServers-OmaUri-Begin -->
@@ -83,7 +83,7 @@ If enabled then new iSNS servers may not be added and thus new targets discovere
 <!-- iSCSIDiscovery_ConfigureTargetPortals-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_ConfigureTargetPortals-Applicability-End -->
 
 <!-- iSCSIDiscovery_ConfigureTargetPortals-OmaUri-Begin -->
@@ -138,7 +138,7 @@ If enabled then new target portals may not be added and thus new targets discove
 <!-- iSCSIDiscovery_ConfigureTargets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_ConfigureTargets-Applicability-End -->
 
 <!-- iSCSIDiscovery_ConfigureTargets-OmaUri-Begin -->
@@ -193,7 +193,7 @@ If enabled then discovered targets may not be manually configured. If disabled t
 <!-- iSCSIDiscovery_NewStaticTargets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIDiscovery_NewStaticTargets-Applicability-End -->
 
 <!-- iSCSIDiscovery_NewStaticTargets-OmaUri-Begin -->
@@ -248,7 +248,7 @@ If enabled then new targets may not be manually configured by entering the targe
 <!-- iSCSIGeneral_ChangeIQNName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIGeneral_ChangeIQNName-Applicability-End -->
 
 <!-- iSCSIGeneral_ChangeIQNName-OmaUri-Begin -->
@@ -303,7 +303,7 @@ If enabled then don't allow the initiator iqn name to be changed. If disabled th
 <!-- iSCSIGeneral_RestrictAdditionalLogins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSIGeneral_RestrictAdditionalLogins-Applicability-End -->
 
 <!-- iSCSIGeneral_RestrictAdditionalLogins-OmaUri-Begin -->
@@ -358,7 +358,7 @@ If enabled then only those sessions that are established via a persistent login
 <!-- iSCSISecurity_ChangeCHAPSecret-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_ChangeCHAPSecret-Applicability-End -->
 
 <!-- iSCSISecurity_ChangeCHAPSecret-OmaUri-Begin -->
@@ -413,7 +413,7 @@ If enabled then don't allow the initiator CHAP secret to be changed. If disabled
 <!-- iSCSISecurity_RequireIPSec-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_RequireIPSec-Applicability-End -->
 
 <!-- iSCSISecurity_RequireIPSec-OmaUri-Begin -->
@@ -468,7 +468,7 @@ If enabled then only those connections that are configured for IPSec may be esta
 <!-- iSCSISecurity_RequireMutualCHAP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_RequireMutualCHAP-Applicability-End -->
 
 <!-- iSCSISecurity_RequireMutualCHAP-OmaUri-Begin -->
@@ -523,7 +523,7 @@ If enabled then only those sessions that are configured for mutual CHAP may be e
 <!-- iSCSISecurity_RequireOneWayCHAP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- iSCSISecurity_RequireOneWayCHAP-Applicability-End -->
 
 <!-- iSCSISecurity_RequireOneWayCHAP-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index e31c39dc28..c9bad00bc5 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_kdc Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CbacAndArmor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CbacAndArmor-Applicability-End -->
 
 <!-- CbacAndArmor-OmaUri-Begin -->
@@ -117,7 +117,7 @@ Impact on domain controller performance when this policy setting is enabled:
 <!-- emitlili-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- emitlili-Applicability-End -->
 
 <!-- emitlili-OmaUri-Begin -->
@@ -181,7 +181,7 @@ For Windows Logon to leverage this feature, the "Display information about previ
 <!-- ForestSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForestSearch-Applicability-End -->
 
 <!-- ForestSearch-OmaUri-Begin -->
@@ -242,7 +242,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
 <!-- PKINITFreshness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PKINITFreshness-Applicability-End -->
 
 <!-- PKINITFreshness-OmaUri-Begin -->
@@ -306,7 +306,7 @@ Required: PKInit Freshness Extension is required for successful authentication.
 <!-- RequestCompoundId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RequestCompoundId-Applicability-End -->
 
 <!-- RequestCompoundId-OmaUri-Begin -->
@@ -368,7 +368,7 @@ This policy setting allows you to configure a domain controller to request compo
 <!-- TicketSizeThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TicketSizeThreshold-Applicability-End -->
 
 <!-- TicketSizeThreshold-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 51dfef0089..267e0d30d2 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Kerberos Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AlwaysSendCompoundId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AlwaysSendCompoundId-Applicability-End -->
 
 <!-- AlwaysSendCompoundId-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting controls whether a device always sends a compound authentica
 <!-- DevicePKInitEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DevicePKInitEnabled-Applicability-End -->
 
 <!-- DevicePKInitEnabled-OmaUri-Begin -->
@@ -157,7 +157,7 @@ Force: Device will always authenticate using its certificate. If a DC can't be f
 <!-- HostToRealm-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HostToRealm-Applicability-End -->
 
 <!-- HostToRealm-OmaUri-Begin -->
@@ -218,7 +218,7 @@ This policy setting allows you to specify which DNS host names and which DNS suf
 <!-- KdcProxyDisableServerRevocationCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- KdcProxyDisableServerRevocationCheck-Applicability-End -->
 
 <!-- KdcProxyDisableServerRevocationCheck-OmaUri-Begin -->
@@ -280,7 +280,7 @@ This policy setting allows you to disable revocation check for the SSL certifica
 <!-- KdcProxyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- KdcProxyServer-Applicability-End -->
 
 <!-- KdcProxyServer-OmaUri-Begin -->
@@ -339,7 +339,7 @@ This policy setting configures the Kerberos client's mapping to KDC proxy server
 <!-- MitRealms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MitRealms-Applicability-End -->
 
 <!-- MitRealms-OmaUri-Begin -->
@@ -400,7 +400,7 @@ This policy setting configures the Kerberos client so that it can authenticate w
 <!-- ServerAcceptsCompound-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ServerAcceptsCompound-Applicability-End -->
 
 <!-- ServerAcceptsCompound-OmaUri-Begin -->
@@ -469,7 +469,7 @@ Always: Compound authentication is always provided for this computer account.
 <!-- StrictTarget-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StrictTarget-Applicability-End -->
 
 <!-- StrictTarget-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index b47f82b91f..8cdab26c32 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_LanmanServer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Pol_CipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CipherSuiteOrder-Applicability-End -->
 
 <!-- Pol_CipherSuiteOrder-OmaUri-Begin -->
@@ -107,7 +107,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 <!-- Pol_HashPublication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_HashPublication-Applicability-End -->
 
 <!-- Pol_HashPublication-OmaUri-Begin -->
@@ -179,7 +179,7 @@ In circumstances where this policy setting is enabled, you can also select the f
 <!-- Pol_HashSupportVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_HashSupportVersion-Applicability-End -->
 
 <!-- Pol_HashSupportVersion-OmaUri-Begin -->
@@ -255,7 +255,7 @@ Hash version supported:
 <!-- Pol_HonorCipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_HonorCipherSuiteOrder-Applicability-End -->
 
 <!-- Pol_HonorCipherSuiteOrder-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index f8be5837ce..474035a993 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_LanmanWorkstation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Pol_CipherSuiteOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CipherSuiteOrder-Applicability-End -->
 
 <!-- Pol_CipherSuiteOrder-OmaUri-Begin -->
@@ -108,7 +108,7 @@ AES_256 is not supported on Windows 10 version 20H2 and lower. If you enter only
 <!-- Pol_EnableHandleCachingForCAFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EnableHandleCachingForCAFiles-Applicability-End -->
 
 <!-- Pol_EnableHandleCachingForCAFiles-OmaUri-Begin -->
@@ -170,7 +170,7 @@ This policy setting determines the behavior of SMB handle caching for clients co
 <!-- Pol_EnableOfflineFilesforCAShares-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EnableOfflineFilesforCAShares-Applicability-End -->
 
 <!-- Pol_EnableOfflineFilesforCAShares-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 772b105ff4..10bfdf7962 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_LeakDiagnostic Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index e2a7738d53..dc36ab7519 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_LinkLayerTopologyDiscovery Area in Policy
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- LLTD_EnableLLTDIO-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LLTD_EnableLLTDIO-Applicability-End -->
 
 <!-- LLTD_EnableLLTDIO-OmaUri-Begin -->
@@ -89,7 +89,7 @@ LLTDIO allows a computer to discover the topology of a network it's connected to
 <!-- LLTD_EnableRspndr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LLTD_EnableRspndr-Applicability-End -->
 
 <!-- LLTD_EnableRspndr-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index de0cfbc611..c36607194b 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_LocationProviderAdm Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- DisableWindowsLocationProvider_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWindowsLocationProvider_1-Applicability-End -->
 
 <!-- DisableWindowsLocationProvider_1-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 398ad547da..cf357ba833 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Logon Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BlockUserFromShowingAccountDetailsOnSignin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockUserFromShowingAccountDetailsOnSignin-Applicability-End -->
 
 <!-- BlockUserFromShowingAccountDetailsOnSignin-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy prevents the user from showing account details (email address or use
 <!-- DisableAcrylicBackgroundOnLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAcrylicBackgroundOnLogon-Applicability-End -->
 
 <!-- DisableAcrylicBackgroundOnLogon-OmaUri-Begin -->
@@ -146,7 +146,7 @@ This policy setting disables the acrylic blur effect on logon background image.
 <!-- DisableExplorerRunLegacy_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunLegacy_1-Applicability-End -->
 
 <!-- DisableExplorerRunLegacy_1-OmaUri-Begin -->
@@ -214,7 +214,7 @@ Also, see the "Do not process the run once list" policy setting.
 <!-- DisableExplorerRunLegacy_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunLegacy_2-Applicability-End -->
 
 <!-- DisableExplorerRunLegacy_2-OmaUri-Begin -->
@@ -282,7 +282,7 @@ Also, see the "Do not process the run once list" policy setting.
 <!-- DisableExplorerRunOnceLegacy_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunOnceLegacy_1-Applicability-End -->
 
 <!-- DisableExplorerRunOnceLegacy_1-OmaUri-Begin -->
@@ -350,7 +350,7 @@ Also, see the "Do not process the legacy run list" policy setting.
 <!-- DisableExplorerRunOnceLegacy_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableExplorerRunOnceLegacy_2-Applicability-End -->
 
 <!-- DisableExplorerRunOnceLegacy_2-OmaUri-Begin -->
@@ -418,7 +418,7 @@ Also, see the "Do not process the legacy run list" policy setting.
 <!-- DisableStatusMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableStatusMessages-Applicability-End -->
 
 <!-- DisableStatusMessages-OmaUri-Begin -->
@@ -477,7 +477,7 @@ This policy setting suppresses system status messages.
 <!-- DontEnumerateConnectedUsers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DontEnumerateConnectedUsers-Applicability-End -->
 
 <!-- DontEnumerateConnectedUsers-OmaUri-Begin -->
@@ -536,7 +536,7 @@ This policy setting prevents connected users from being enumerated on domain-joi
 <!-- NoWelcomeTips_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWelcomeTips_1-Applicability-End -->
 
 <!-- NoWelcomeTips_1-OmaUri-Begin -->
@@ -605,7 +605,7 @@ This setting applies only to Windows 2000 Professional. It doesn't affect the "C
 <!-- NoWelcomeTips_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWelcomeTips_2-Applicability-End -->
 
 <!-- NoWelcomeTips_2-OmaUri-Begin -->
@@ -674,7 +674,7 @@ This setting applies only to Windows 2000 Professional. It doesn't affect the "C
 <!-- Run_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_1-Applicability-End -->
 
 <!-- Run_1-OmaUri-Begin -->
@@ -739,7 +739,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
 <!-- Run_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_2-Applicability-End -->
 
 <!-- Run_2-OmaUri-Begin -->
@@ -804,7 +804,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
 <!-- SyncForegroundPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncForegroundPolicy-Applicability-End -->
 
 <!-- SyncForegroundPolicy-OmaUri-Begin -->
@@ -882,7 +882,7 @@ Note
 <!-- UseOEMBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UseOEMBackground-Applicability-End -->
 
 <!-- UseOEMBackground-OmaUri-Begin -->
@@ -943,7 +943,7 @@ This policy setting may be used to make Windows give preference to a custom logo
 <!-- VerboseStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- VerboseStatus-Applicability-End -->
 
 <!-- VerboseStatus-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 461ddc2f70..f462eeaba0 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowFastServiceStartup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowFastServiceStartup-Applicability-End -->
 
 <!-- AllowFastServiceStartup-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting controls the load priority for the antimalware service. Incr
 <!-- DisableAntiSpywareDefender-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAntiSpywareDefender-Applicability-End -->
 
 <!-- DisableAntiSpywareDefender-OmaUri-Begin -->
@@ -152,7 +152,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 <!-- DisableAutoExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoExclusions-Applicability-End -->
 
 <!-- DisableAutoExclusions-OmaUri-Begin -->
@@ -219,7 +219,7 @@ Same as Disabled.
 <!-- DisableBlockAtFirstSeen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBlockAtFirstSeen-Applicability-End -->
 
 <!-- DisableBlockAtFirstSeen-OmaUri-Begin -->
@@ -290,7 +290,7 @@ Real-time Protection -> Don't enable the "Turn off real-time protection" policy
 <!-- DisableLocalAdminMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalAdminMerge-Applicability-End -->
 
 <!-- DisableLocalAdminMerge-OmaUri-Begin -->
@@ -349,7 +349,7 @@ This policy setting controls whether or not complex list settings configured by
 <!-- DisableRealtimeMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRealtimeMonitoring-Applicability-End -->
 
 <!-- DisableRealtimeMonitoring-OmaUri-Begin -->
@@ -412,7 +412,7 @@ Real-time protection consists of always-on scanning with file and process behavi
 <!-- DisableRoutinelyTakingAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRoutinelyTakingAction-Applicability-End -->
 
 <!-- DisableRoutinelyTakingAction-OmaUri-Begin -->
@@ -473,7 +473,7 @@ This policy setting allows you to configure whether Microsoft Defender Antivirus
 <!-- Exclusions_Extensions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Exclusions_Extensions-Applicability-End -->
 
 <!-- Exclusions_Extensions-OmaUri-Begin -->
@@ -530,7 +530,7 @@ This policy setting allows you specify a list of file types that should be exclu
 <!-- Exclusions_Paths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Exclusions_Paths-Applicability-End -->
 
 <!-- Exclusions_Paths-OmaUri-Begin -->
@@ -587,7 +587,7 @@ This policy setting allows you to disable scheduled and real-time scanning for f
 <!-- Exclusions_Processes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Exclusions_Processes-Applicability-End -->
 
 <!-- Exclusions_Processes-OmaUri-Begin -->
@@ -644,7 +644,7 @@ This policy setting allows you to disable real-time scanning for any file opened
 <!-- ExploitGuard_ASR_ASROnlyExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ASR_ASROnlyExclusions-Applicability-End -->
 
 <!-- ExploitGuard_ASR_ASROnlyExclusions-OmaUri-Begin -->
@@ -718,7 +718,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s
 <!-- ExploitGuard_ASR_Rules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ASR_Rules-Applicability-End -->
 
 <!-- ExploitGuard_ASR_Rules-OmaUri-Begin -->
@@ -819,7 +819,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur
 <!-- ExploitGuard_ControlledFolderAccess_AllowedApplications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ControlledFolderAccess_AllowedApplications-Applicability-End -->
 
 <!-- ExploitGuard_ControlledFolderAccess_AllowedApplications-OmaUri-Begin -->
@@ -894,7 +894,7 @@ Default system folders are automatically guarded, but you can add folders in the
 <!-- ExploitGuard_ControlledFolderAccess_ProtectedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExploitGuard_ControlledFolderAccess_ProtectedFolders-Applicability-End -->
 
 <!-- ExploitGuard_ControlledFolderAccess_ProtectedFolders-OmaUri-Begin -->
@@ -971,7 +971,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
 <!-- MpEngine_EnableFileHashComputation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MpEngine_EnableFileHashComputation-Applicability-End -->
 
 <!-- MpEngine_EnableFileHashComputation-OmaUri-Begin -->
@@ -1038,7 +1038,7 @@ Same as Disabled.
 <!-- Nis_Consumers_IPS_DisableSignatureRetirement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Nis_Consumers_IPS_DisableSignatureRetirement-Applicability-End -->
 
 <!-- Nis_Consumers_IPS_DisableSignatureRetirement-OmaUri-Begin -->
@@ -1097,7 +1097,7 @@ This policy setting allows you to configure definition retirement for network pr
 <!-- Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid-Applicability-End -->
 
 <!-- Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid-OmaUri-Begin -->
@@ -1152,7 +1152,7 @@ This policy setting defines additional definition sets to enable for network tra
 <!-- Nis_DisableProtocolRecognition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Nis_DisableProtocolRecognition-Applicability-End -->
 
 <!-- Nis_DisableProtocolRecognition-OmaUri-Begin -->
@@ -1211,7 +1211,7 @@ This policy setting allows you to configure protocol recognition for network pro
 <!-- ProxyBypass-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProxyBypass-Applicability-End -->
 
 <!-- ProxyBypass-OmaUri-Begin -->
@@ -1269,7 +1269,7 @@ This policy, if defined, will prevent antimalware from using the configured prox
 <!-- ProxyPacUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProxyPacUrl-Applicability-End -->
 
 <!-- ProxyPacUrl-OmaUri-Begin -->
@@ -1335,7 +1335,7 @@ This policy setting defines the URL of a proxy .pac file that should be used whe
 <!-- ProxyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProxyServer-Applicability-End -->
 
 <!-- ProxyServer-OmaUri-Begin -->
@@ -1401,7 +1401,7 @@ This policy setting allows you to configure the named proxy that should be used
 <!-- Quarantine_LocalSettingOverridePurgeItemsAfterDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Quarantine_LocalSettingOverridePurgeItemsAfterDelay-Applicability-End -->
 
 <!-- Quarantine_LocalSettingOverridePurgeItemsAfterDelay-OmaUri-Begin -->
@@ -1460,7 +1460,7 @@ This policy setting configures a local override for the configuration of the num
 <!-- Quarantine_PurgeItemsAfterDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Quarantine_PurgeItemsAfterDelay-Applicability-End -->
 
 <!-- Quarantine_PurgeItemsAfterDelay-OmaUri-Begin -->
@@ -1519,7 +1519,7 @@ This policy setting defines the number of days items should be kept in the Quara
 <!-- RandomizeScheduleTaskTimes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RandomizeScheduleTaskTimes-Applicability-End -->
 
 <!-- RandomizeScheduleTaskTimes-OmaUri-Begin -->
@@ -1578,7 +1578,7 @@ This policy setting allows you to configure the scheduled scan, and the schedule
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableBehaviorMonitoring-Applicability-End -->
 
 <!-- RealtimeProtection_DisableBehaviorMonitoring-OmaUri-Begin -->
@@ -1639,7 +1639,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- RealtimeProtection_DisableIOAVProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableIOAVProtection-Applicability-End -->
 
 <!-- RealtimeProtection_DisableIOAVProtection-OmaUri-Begin -->
@@ -1700,7 +1700,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- RealtimeProtection_DisableOnAccessProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableOnAccessProtection-Applicability-End -->
 
 <!-- RealtimeProtection_DisableOnAccessProtection-OmaUri-Begin -->
@@ -1761,7 +1761,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- RealtimeProtection_DisableRawWriteNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableRawWriteNotification-Applicability-End -->
 
 <!-- RealtimeProtection_DisableRawWriteNotification-OmaUri-Begin -->
@@ -1820,7 +1820,7 @@ This policy setting controls whether raw volume write notifications are sent to
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-Applicability-End -->
 
 <!-- RealtimeProtection_DisableScanOnRealtimeEnable-OmaUri-Begin -->
@@ -1881,7 +1881,7 @@ This policy setting allows you to configure process scanning when real-time prot
 <!-- RealtimeProtection_IOAVMaxSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_IOAVMaxSize-Applicability-End -->
 
 <!-- RealtimeProtection_IOAVMaxSize-OmaUri-Begin -->
@@ -1940,7 +1940,7 @@ This policy setting defines the maximum size (in kilobytes) of downloaded files
 <!-- RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring-OmaUri-Begin -->
@@ -1999,7 +1999,7 @@ This policy setting configures a local override for the configuration of behavio
 <!-- RealtimeProtection_LocalSettingOverrideDisableIOAVProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableIOAVProtection-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableIOAVProtection-OmaUri-Begin -->
@@ -2058,7 +2058,7 @@ This policy setting configures a local override for the configuration of scannin
 <!-- RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection-OmaUri-Begin -->
@@ -2117,7 +2117,7 @@ This policy setting configures a local override for the configuration of monitor
 <!-- RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring-OmaUri-Begin -->
@@ -2176,7 +2176,7 @@ This policy setting configures a local override for the configuration to turn on
 <!-- RealtimeProtection_LocalSettingOverrideRealtimeScanDirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RealtimeProtection_LocalSettingOverrideRealtimeScanDirection-Applicability-End -->
 
 <!-- RealtimeProtection_LocalSettingOverrideRealtimeScanDirection-OmaUri-Begin -->
@@ -2235,7 +2235,7 @@ This policy setting configures a local override for the configuration of monitor
 <!-- Remediation_LocalSettingOverrideScan_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Remediation_LocalSettingOverrideScan_ScheduleTime-Applicability-End -->
 
 <!-- Remediation_LocalSettingOverrideScan_ScheduleTime-OmaUri-Begin -->
@@ -2294,7 +2294,7 @@ This policy setting configures a local override for the configuration of the tim
 <!-- Remediation_Scan_ScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Remediation_Scan_ScheduleDay-Applicability-End -->
 
 <!-- Remediation_Scan_ScheduleDay-OmaUri-Begin -->
@@ -2357,7 +2357,7 @@ This setting can be configured with the following ordinal number values:
 <!-- Remediation_Scan_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Remediation_Scan_ScheduleTime-Applicability-End -->
 
 <!-- Remediation_Scan_ScheduleTime-OmaUri-Begin -->
@@ -2416,7 +2416,7 @@ This policy setting allows you to specify the time of day at which to perform a
 <!-- Reporting_AdditionalActionTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_AdditionalActionTimeout-Applicability-End -->
 
 <!-- Reporting_AdditionalActionTimeout-OmaUri-Begin -->
@@ -2471,7 +2471,7 @@ This policy setting configures the time in minutes before a detection in the "ad
 <!-- Reporting_CriticalFailureTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_CriticalFailureTimeout-Applicability-End -->
 
 <!-- Reporting_CriticalFailureTimeout-OmaUri-Begin -->
@@ -2526,7 +2526,7 @@ This policy setting configures the time in minutes before a detection in the "cr
 <!-- Reporting_DisableEnhancedNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_DisableEnhancedNotifications-Applicability-End -->
 
 <!-- Reporting_DisableEnhancedNotifications-OmaUri-Begin -->
@@ -2587,7 +2587,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus enha
 <!-- Reporting_DisablegenericrePorts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_DisablegenericrePorts-Applicability-End -->
 
 <!-- Reporting_DisablegenericrePorts-OmaUri-Begin -->
@@ -2646,7 +2646,7 @@ This policy setting allows you to configure whether or not Watson events are sen
 <!-- Reporting_NonCriticalTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_NonCriticalTimeout-Applicability-End -->
 
 <!-- Reporting_NonCriticalTimeout-OmaUri-Begin -->
@@ -2701,7 +2701,7 @@ This policy setting configures the time in minutes before a detection in the "no
 <!-- Reporting_RecentlyCleanedTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_RecentlyCleanedTimeout-Applicability-End -->
 
 <!-- Reporting_RecentlyCleanedTimeout-OmaUri-Begin -->
@@ -2756,7 +2756,7 @@ This policy setting configures the time in minutes before a detection in the "co
 <!-- Reporting_WppTracingComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_WppTracingComponents-Applicability-End -->
 
 <!-- Reporting_WppTracingComponents-OmaUri-Begin -->
@@ -2811,7 +2811,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing
 <!-- Reporting_WppTracingLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reporting_WppTracingLevel-Applicability-End -->
 
 <!-- Reporting_WppTracingLevel-OmaUri-Begin -->
@@ -2873,7 +2873,7 @@ Tracing levels are defined as:
 <!-- Scan_AllowPause-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_AllowPause-Applicability-End -->
 
 <!-- Scan_AllowPause-OmaUri-Begin -->
@@ -2932,7 +2932,7 @@ This policy setting allows you to manage whether or not end users can pause a sc
 <!-- Scan_ArchiveMaxDepth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ArchiveMaxDepth-Applicability-End -->
 
 <!-- Scan_ArchiveMaxDepth-OmaUri-Begin -->
@@ -2991,7 +2991,7 @@ This policy setting allows you to configure the maximum directory depth level in
 <!-- Scan_ArchiveMaxSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ArchiveMaxSize-Applicability-End -->
 
 <!-- Scan_ArchiveMaxSize-OmaUri-Begin -->
@@ -3050,7 +3050,7 @@ This policy setting allows you to configure the maximum size of archive files su
 <!-- Scan_DisableArchiveScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableArchiveScanning-Applicability-End -->
 
 <!-- Scan_DisableArchiveScanning-OmaUri-Begin -->
@@ -3111,7 +3111,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- Scan_DisableEmailScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableEmailScanning-Applicability-End -->
 
 <!-- Scan_DisableEmailScanning-OmaUri-Begin -->
@@ -3170,7 +3170,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin
 <!-- Scan_DisableHeuristics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableHeuristics-Applicability-End -->
 
 <!-- Scan_DisableHeuristics-OmaUri-Begin -->
@@ -3229,7 +3229,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisablePackedExeScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisablePackedExeScanning-Applicability-End -->
 
 <!-- Scan_DisablePackedExeScanning-OmaUri-Begin -->
@@ -3239,7 +3239,12 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisablePackedExeScanning-OmaUri-End -->
 
 <!-- Scan_DisablePackedExeScanning-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to configure scanning for packed executables. It's recommended that this type of scanning remain enabled.
+
+- If you enable or don't configure this setting, packed executables will be scanned.
+
+- If you disable this setting, packed executables won't be scanned.
 <!-- Scan_DisablePackedExeScanning-Description-End -->
 
 <!-- Scan_DisablePackedExeScanning-Editable-Begin -->
@@ -3256,7 +3261,6 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisablePackedExeScanning-DFProperties-End -->
 
 <!-- Scan_DisablePackedExeScanning-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 
 **ADMX mapping**:
@@ -3264,6 +3268,11 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 | Name | Value |
 |:--|:--|
 | Name | Scan_DisablePackedExeScanning |
+| Friendly Name | Scan packed executables |
+| Location | Computer Configuration |
+| Path | Windows Components > Microsoft Defender Antivirus > Scan |
+| Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
+| Registry Value Name | DisablePackedExeScanning |
 | ADMX File Name | WindowsDefender.admx |
 <!-- Scan_DisablePackedExeScanning-AdmxBacked-End -->
 
@@ -3279,7 +3288,7 @@ This policy setting allows you to configure heuristics. Suspicious detections wi
 <!-- Scan_DisableRemovableDriveScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableRemovableDriveScanning-Applicability-End -->
 
 <!-- Scan_DisableRemovableDriveScanning-OmaUri-Begin -->
@@ -3338,7 +3347,7 @@ This policy setting allows you to manage whether or not to scan for malicious so
 <!-- Scan_DisableReparsePointScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableReparsePointScanning-Applicability-End -->
 
 <!-- Scan_DisableReparsePointScanning-OmaUri-Begin -->
@@ -3397,7 +3406,7 @@ This policy setting allows you to configure reparse point scanning. If you allow
 <!-- Scan_DisableRestorePoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableRestorePoint-Applicability-End -->
 
 <!-- Scan_DisableRestorePoint-OmaUri-Begin -->
@@ -3456,7 +3465,7 @@ This policy setting allows you to create a system restore point on the computer
 <!-- Scan_DisableScanningMappedNetworkDrivesForFullScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableScanningMappedNetworkDrivesForFullScan-Applicability-End -->
 
 <!-- Scan_DisableScanningMappedNetworkDrivesForFullScan-OmaUri-Begin -->
@@ -3515,7 +3524,7 @@ This policy setting allows you to configure scanning mapped network drives.
 <!-- Scan_DisableScanningNetworkFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_DisableScanningNetworkFiles-Applicability-End -->
 
 <!-- Scan_DisableScanningNetworkFiles-OmaUri-Begin -->
@@ -3574,7 +3583,7 @@ This policy setting allows you to configure scanning for network files. It's rec
 <!-- Scan_LocalSettingOverrideAvgCPULoadFactor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideAvgCPULoadFactor-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideAvgCPULoadFactor-OmaUri-Begin -->
@@ -3633,7 +3642,7 @@ This policy setting configures a local override for the configuration of maximum
 <!-- Scan_LocalSettingOverrideScanParameters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScanParameters-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScanParameters-OmaUri-Begin -->
@@ -3692,7 +3701,7 @@ This policy setting configures a local override for the configuration of the sca
 <!-- Scan_LocalSettingOverrideScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScheduleDay-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScheduleDay-OmaUri-Begin -->
@@ -3751,7 +3760,7 @@ This policy setting configures a local override for the configuration of schedul
 <!-- Scan_LocalSettingOverrideScheduleQuickScantime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScheduleQuickScantime-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScheduleQuickScantime-OmaUri-Begin -->
@@ -3810,7 +3819,7 @@ This policy setting configures a local override for the configuration of schedul
 <!-- Scan_LocalSettingOverrideScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LocalSettingOverrideScheduleTime-Applicability-End -->
 
 <!-- Scan_LocalSettingOverrideScheduleTime-OmaUri-Begin -->
@@ -3869,7 +3878,7 @@ This policy setting configures a local override for the configuration of schedul
 <!-- Scan_LowCpuPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_LowCpuPriority-Applicability-End -->
 
 <!-- Scan_LowCpuPriority-OmaUri-Begin -->
@@ -3928,7 +3937,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul
 <!-- Scan_MissedScheduledScanCountBeforeCatchup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_MissedScheduledScanCountBeforeCatchup-Applicability-End -->
 
 <!-- Scan_MissedScheduledScanCountBeforeCatchup-OmaUri-Begin -->
@@ -3987,7 +3996,7 @@ This policy setting allows you to define the number of consecutive scheduled sca
 <!-- Scan_PurgeItemsAfterDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_PurgeItemsAfterDelay-Applicability-End -->
 
 <!-- Scan_PurgeItemsAfterDelay-OmaUri-Begin -->
@@ -4046,7 +4055,7 @@ This policy setting defines the number of days items should be kept in the scan
 <!-- Scan_QuickScanInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_QuickScanInterval-Applicability-End -->
 
 <!-- Scan_QuickScanInterval-OmaUri-Begin -->
@@ -4105,7 +4114,7 @@ This policy setting allows you to specify an interval at which to perform a quic
 <!-- Scan_ScanOnlyIfIdle-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ScanOnlyIfIdle-Applicability-End -->
 
 <!-- Scan_ScanOnlyIfIdle-OmaUri-Begin -->
@@ -4164,7 +4173,7 @@ This policy setting allows you to configure scheduled scans to start only when y
 <!-- Scan_ScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ScheduleDay-Applicability-End -->
 
 <!-- Scan_ScheduleDay-OmaUri-Begin -->
@@ -4227,7 +4236,7 @@ This setting can be configured with the following ordinal number values:
 <!-- Scan_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Scan_ScheduleTime-Applicability-End -->
 
 <!-- Scan_ScheduleTime-OmaUri-Begin -->
@@ -4286,7 +4295,7 @@ This policy setting allows you to specify the time of day at which to perform a
 <!-- ServiceKeepAlive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ServiceKeepAlive-Applicability-End -->
 
 <!-- ServiceKeepAlive-OmaUri-Begin -->
@@ -4345,7 +4354,7 @@ This policy setting allows you to configure whether or not the antimalware servi
 <!-- SignatureUpdate_ASSignatureDue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ASSignatureDue-Applicability-End -->
 
 <!-- SignatureUpdate_ASSignatureDue-OmaUri-Begin -->
@@ -4404,7 +4413,7 @@ This policy setting allows you to define the number of days that must pass befor
 <!-- SignatureUpdate_AVSignatureDue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_AVSignatureDue-Applicability-End -->
 
 <!-- SignatureUpdate_AVSignatureDue-OmaUri-Begin -->
@@ -4463,7 +4472,7 @@ This policy setting allows you to define the number of days that must pass befor
 <!-- SignatureUpdate_DefinitionUpdateFileSharesSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DefinitionUpdateFileSharesSources-Applicability-End -->
 
 <!-- SignatureUpdate_DefinitionUpdateFileSharesSources-OmaUri-Begin -->
@@ -4521,7 +4530,7 @@ This policy setting allows you to configure UNC file share sources for downloadi
 <!-- SignatureUpdate_DisableScanOnUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DisableScanOnUpdate-Applicability-End -->
 
 <!-- SignatureUpdate_DisableScanOnUpdate-OmaUri-Begin -->
@@ -4580,7 +4589,7 @@ This policy setting allows you to configure the automatic scan which starts afte
 <!-- SignatureUpdate_DisableScheduledSignatureUpdateonBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DisableScheduledSignatureUpdateonBattery-Applicability-End -->
 
 <!-- SignatureUpdate_DisableScheduledSignatureUpdateonBattery-OmaUri-Begin -->
@@ -4639,7 +4648,7 @@ This policy setting allows you to configure security intelligence updates when t
 <!-- SignatureUpdate_DisableUpdateOnStartupWithoutEngine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_DisableUpdateOnStartupWithoutEngine-Applicability-End -->
 
 <!-- SignatureUpdate_DisableUpdateOnStartupWithoutEngine-OmaUri-Begin -->
@@ -4698,7 +4707,7 @@ This policy setting allows you to configure security intelligence updates on sta
 <!-- SignatureUpdate_FallbackOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_FallbackOrder-Applicability-End -->
 
 <!-- SignatureUpdate_FallbackOrder-OmaUri-Begin -->
@@ -4758,7 +4767,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }`
 <!-- SignatureUpdate_ForceUpdateFromMU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ForceUpdateFromMU-Applicability-End -->
 
 <!-- SignatureUpdate_ForceUpdateFromMU-OmaUri-Begin -->
@@ -4817,7 +4826,7 @@ This policy setting allows you to enable download of security intelligence updat
 <!-- SignatureUpdate_RealtimeSignatureDelivery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_RealtimeSignatureDelivery-Applicability-End -->
 
 <!-- SignatureUpdate_RealtimeSignatureDelivery-OmaUri-Begin -->
@@ -4876,7 +4885,7 @@ This policy setting allows you to enable real-time security intelligence updates
 <!-- SignatureUpdate_ScheduleDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ScheduleDay-Applicability-End -->
 
 <!-- SignatureUpdate_ScheduleDay-OmaUri-Begin -->
@@ -4940,7 +4949,7 @@ This setting can be configured with the following ordinal number values:
 <!-- SignatureUpdate_ScheduleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_ScheduleTime-Applicability-End -->
 
 <!-- SignatureUpdate_ScheduleTime-OmaUri-Begin -->
@@ -4999,7 +5008,7 @@ This policy setting allows you to specify the time of day at which to check for
 <!-- SignatureUpdate_SharedSignaturesLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_SharedSignaturesLocation-Applicability-End -->
 
 <!-- SignatureUpdate_SharedSignaturesLocation-OmaUri-Begin -->
@@ -5055,7 +5064,7 @@ If you disable or don't configure this setting, security intelligence will be re
 <!-- SignatureUpdate_SignatureDisableNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_SignatureDisableNotification-Applicability-End -->
 
 <!-- SignatureUpdate_SignatureDisableNotification-OmaUri-Begin -->
@@ -5114,7 +5123,7 @@ This policy setting allows you to configure the antimalware service to receive n
 <!-- SignatureUpdate_SignatureUpdateCatchupInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_SignatureUpdateCatchupInterval-Applicability-End -->
 
 <!-- SignatureUpdate_SignatureUpdateCatchupInterval-OmaUri-Begin -->
@@ -5173,7 +5182,7 @@ This policy setting allows you to define the number of days after which a catch-
 <!-- SignatureUpdate_UpdateOnStartup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SignatureUpdate_UpdateOnStartup-Applicability-End -->
 
 <!-- SignatureUpdate_UpdateOnStartup-OmaUri-Begin -->
@@ -5232,7 +5241,7 @@ This policy setting allows you to manage whether a check for new virus and spywa
 <!-- Spynet_LocalSettingOverrideSpynetReporting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Spynet_LocalSettingOverrideSpynetReporting-Applicability-End -->
 
 <!-- Spynet_LocalSettingOverrideSpynetReporting-OmaUri-Begin -->
@@ -5291,7 +5300,7 @@ This policy setting configures a local override for the configuration to join Mi
 <!-- SpynetReporting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SpynetReporting-Applicability-End -->
 
 <!-- SpynetReporting-OmaUri-Begin -->
@@ -5363,7 +5372,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 <!-- Threats_ThreatIdDefaultAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Threats_ThreatIdDefaultAction-Applicability-End -->
 
 <!-- Threats_ThreatIdDefaultAction-OmaUri-Begin -->
@@ -5424,7 +5433,7 @@ Valid remediation action values are:
 <!-- UX_Configuration_CustomDefaultActionToastString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_CustomDefaultActionToastString-Applicability-End -->
 
 <!-- UX_Configuration_CustomDefaultActionToastString-OmaUri-Begin -->
@@ -5482,7 +5491,7 @@ This policy setting allows you to configure whether or not to display additional
 <!-- UX_Configuration_Notification_Suppress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_Notification_Suppress-Applicability-End -->
 
 <!-- UX_Configuration_Notification_Suppress-OmaUri-Begin -->
@@ -5543,7 +5552,7 @@ Use this policy setting to specify if you want Microsoft Defender Antivirus noti
 <!-- UX_Configuration_SuppressRebootNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_SuppressRebootNotification-Applicability-End -->
 
 <!-- UX_Configuration_SuppressRebootNotification-OmaUri-Begin -->
@@ -5602,7 +5611,7 @@ If you enable this setting AM UI won't show reboot notifications.
 <!-- UX_Configuration_UILockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UX_Configuration_UILockdown-Applicability-End -->
 
 <!-- UX_Configuration_UILockdown-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 82283dcdcc..33ef1a700b 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MMC Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- MMC_ActiveXControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveXControl-Applicability-End -->
 
 <!-- MMC_ActiveXControl-OmaUri-Begin -->
@@ -97,7 +97,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ExtendView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ExtendView-Applicability-End -->
 
 <!-- MMC_ExtendView-OmaUri-Begin -->
@@ -166,7 +166,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_LinkToWeb-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_LinkToWeb-Applicability-End -->
 
 <!-- MMC_LinkToWeb-OmaUri-Begin -->
@@ -235,7 +235,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Restrict_Author-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Restrict_Author-Applicability-End -->
 
 <!-- MMC_Restrict_Author-OmaUri-Begin -->
@@ -298,7 +298,7 @@ If you disable this setting or don't configure it, users can enter author mode a
 <!-- MMC_Restrict_To_Permitted_Snapins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Restrict_To_Permitted_Snapins-Applicability-End -->
 
 <!-- MMC_Restrict_To_Permitted_Snapins-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 37c2d9166e..d7e7143b0d 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MMCSnapins Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- MMC_ActiveDirDomTrusts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveDirDomTrusts-Applicability-End -->
 
 <!-- MMC_ActiveDirDomTrusts-OmaUri-Begin -->
@@ -99,7 +99,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ActiveDirSitesServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveDirSitesServices-Applicability-End -->
 
 <!-- MMC_ActiveDirSitesServices-OmaUri-Begin -->
@@ -170,7 +170,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ActiveDirUsersComp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ActiveDirUsersComp-Applicability-End -->
 
 <!-- MMC_ActiveDirUsersComp-OmaUri-Begin -->
@@ -241,7 +241,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMComputers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMComputers_1-Applicability-End -->
 
 <!-- MMC_ADMComputers_1-OmaUri-Begin -->
@@ -312,7 +312,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMComputers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMComputers_2-Applicability-End -->
 
 <!-- MMC_ADMComputers_2-OmaUri-Begin -->
@@ -383,7 +383,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMUsers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMUsers_1-Applicability-End -->
 
 <!-- MMC_ADMUsers_1-OmaUri-Begin -->
@@ -454,7 +454,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADMUsers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADMUsers_2-Applicability-End -->
 
 <!-- MMC_ADMUsers_2-OmaUri-Begin -->
@@ -525,7 +525,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ADSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ADSI-Applicability-End -->
 
 <!-- MMC_ADSI-OmaUri-Begin -->
@@ -596,7 +596,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_AppleTalkRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_AppleTalkRouting-Applicability-End -->
 
 <!-- MMC_AppleTalkRouting-OmaUri-Begin -->
@@ -667,7 +667,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_AuthMan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_AuthMan-Applicability-End -->
 
 <!-- MMC_AuthMan-OmaUri-Begin -->
@@ -738,7 +738,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_CertAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_CertAuth-Applicability-End -->
 
 <!-- MMC_CertAuth-OmaUri-Begin -->
@@ -809,7 +809,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_CertAuthPolSet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_CertAuthPolSet-Applicability-End -->
 
 <!-- MMC_CertAuthPolSet-OmaUri-Begin -->
@@ -880,7 +880,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Certs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Certs-Applicability-End -->
 
 <!-- MMC_Certs-OmaUri-Begin -->
@@ -951,7 +951,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_CertsTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_CertsTemplate-Applicability-End -->
 
 <!-- MMC_CertsTemplate-OmaUri-Begin -->
@@ -1022,7 +1022,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ComponentServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ComponentServices-Applicability-End -->
 
 <!-- MMC_ComponentServices-OmaUri-Begin -->
@@ -1093,7 +1093,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ComputerManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ComputerManagement-Applicability-End -->
 
 <!-- MMC_ComputerManagement-OmaUri-Begin -->
@@ -1164,7 +1164,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ConnectionSharingNAT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ConnectionSharingNAT-Applicability-End -->
 
 <!-- MMC_ConnectionSharingNAT-OmaUri-Begin -->
@@ -1235,7 +1235,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DCOMCFG-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DCOMCFG-Applicability-End -->
 
 <!-- MMC_DCOMCFG-OmaUri-Begin -->
@@ -1306,7 +1306,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DeviceManager_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DeviceManager_1-Applicability-End -->
 
 <!-- MMC_DeviceManager_1-OmaUri-Begin -->
@@ -1377,7 +1377,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DeviceManager_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DeviceManager_2-Applicability-End -->
 
 <!-- MMC_DeviceManager_2-OmaUri-Begin -->
@@ -1448,7 +1448,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DFS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DFS-Applicability-End -->
 
 <!-- MMC_DFS-OmaUri-Begin -->
@@ -1519,7 +1519,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DHCPRelayMgmt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DHCPRelayMgmt-Applicability-End -->
 
 <!-- MMC_DHCPRelayMgmt-OmaUri-Begin -->
@@ -1590,7 +1590,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DiskDefrag-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DiskDefrag-Applicability-End -->
 
 <!-- MMC_DiskDefrag-OmaUri-Begin -->
@@ -1661,7 +1661,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_DiskMgmt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_DiskMgmt-Applicability-End -->
 
 <!-- MMC_DiskMgmt-OmaUri-Begin -->
@@ -1732,7 +1732,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EnterprisePKI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EnterprisePKI-Applicability-End -->
 
 <!-- MMC_EnterprisePKI-OmaUri-Begin -->
@@ -1803,7 +1803,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_1-Applicability-End -->
 
 <!-- MMC_EventViewer_1-OmaUri-Begin -->
@@ -1874,7 +1874,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_2-Applicability-End -->
 
 <!-- MMC_EventViewer_2-OmaUri-Begin -->
@@ -1945,7 +1945,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_3-Applicability-End -->
 
 <!-- MMC_EventViewer_3-OmaUri-Begin -->
@@ -2016,7 +2016,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_EventViewer_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_EventViewer_4-Applicability-End -->
 
 <!-- MMC_EventViewer_4-OmaUri-Begin -->
@@ -2087,7 +2087,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FailoverClusters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FailoverClusters-Applicability-End -->
 
 <!-- MMC_FailoverClusters-OmaUri-Begin -->
@@ -2158,7 +2158,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FAXService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FAXService-Applicability-End -->
 
 <!-- MMC_FAXService-OmaUri-Begin -->
@@ -2229,7 +2229,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FolderRedirection_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FolderRedirection_1-Applicability-End -->
 
 <!-- MMC_FolderRedirection_1-OmaUri-Begin -->
@@ -2300,7 +2300,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FolderRedirection_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FolderRedirection_2-Applicability-End -->
 
 <!-- MMC_FolderRedirection_2-OmaUri-Begin -->
@@ -2371,7 +2371,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_FrontPageExt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_FrontPageExt-Applicability-End -->
 
 <!-- MMC_FrontPageExt-OmaUri-Begin -->
@@ -2442,7 +2442,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_GroupPolicyManagementSnapIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_GroupPolicyManagementSnapIn-Applicability-End -->
 
 <!-- MMC_GroupPolicyManagementSnapIn-OmaUri-Begin -->
@@ -2513,7 +2513,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_GroupPolicySnapIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_GroupPolicySnapIn-Applicability-End -->
 
 <!-- MMC_GroupPolicySnapIn-OmaUri-Begin -->
@@ -2584,7 +2584,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_GroupPolicyTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_GroupPolicyTab-Applicability-End -->
 
 <!-- MMC_GroupPolicyTab-OmaUri-Begin -->
@@ -2653,7 +2653,7 @@ When the Group Policy tab is inaccessible, it doesn't appear in the site, domain
 <!-- MMC_HRA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_HRA-Applicability-End -->
 
 <!-- MMC_HRA-OmaUri-Begin -->
@@ -2724,7 +2724,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IAS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IAS-Applicability-End -->
 
 <!-- MMC_IAS-OmaUri-Begin -->
@@ -2795,7 +2795,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IASLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IASLogging-Applicability-End -->
 
 <!-- MMC_IASLogging-OmaUri-Begin -->
@@ -2866,7 +2866,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IEMaintenance_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IEMaintenance_1-Applicability-End -->
 
 <!-- MMC_IEMaintenance_1-OmaUri-Begin -->
@@ -2937,7 +2937,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IEMaintenance_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IEMaintenance_2-Applicability-End -->
 
 <!-- MMC_IEMaintenance_2-OmaUri-Begin -->
@@ -3008,7 +3008,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IGMPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IGMPRouting-Applicability-End -->
 
 <!-- MMC_IGMPRouting-OmaUri-Begin -->
@@ -3079,7 +3079,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IIS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IIS-Applicability-End -->
 
 <!-- MMC_IIS-OmaUri-Begin -->
@@ -3150,7 +3150,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IndexingService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IndexingService-Applicability-End -->
 
 <!-- MMC_IndexingService-OmaUri-Begin -->
@@ -3221,7 +3221,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPRouting-Applicability-End -->
 
 <!-- MMC_IPRouting-OmaUri-Begin -->
@@ -3292,7 +3292,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IpSecManage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IpSecManage-Applicability-End -->
 
 <!-- MMC_IpSecManage-OmaUri-Begin -->
@@ -3363,7 +3363,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPSecManage_GP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPSecManage_GP-Applicability-End -->
 
 <!-- MMC_IPSecManage_GP-OmaUri-Begin -->
@@ -3434,7 +3434,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IpSecMonitor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IpSecMonitor-Applicability-End -->
 
 <!-- MMC_IpSecMonitor-OmaUri-Begin -->
@@ -3505,7 +3505,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPXRIPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPXRIPRouting-Applicability-End -->
 
 <!-- MMC_IPXRIPRouting-OmaUri-Begin -->
@@ -3576,7 +3576,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPXRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPXRouting-Applicability-End -->
 
 <!-- MMC_IPXRouting-OmaUri-Begin -->
@@ -3647,7 +3647,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_IPXSAPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_IPXSAPRouting-Applicability-End -->
 
 <!-- MMC_IPXSAPRouting-OmaUri-Begin -->
@@ -3718,7 +3718,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_LocalUsersGroups-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_LocalUsersGroups-Applicability-End -->
 
 <!-- MMC_LocalUsersGroups-OmaUri-Begin -->
@@ -3789,7 +3789,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_LogicalMappedDrives-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_LogicalMappedDrives-Applicability-End -->
 
 <!-- MMC_LogicalMappedDrives-OmaUri-Begin -->
@@ -3860,7 +3860,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_NapSnap-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_NapSnap-Applicability-End -->
 
 <!-- MMC_NapSnap-OmaUri-Begin -->
@@ -3931,7 +3931,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_NapSnap_GP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_NapSnap_GP-Applicability-End -->
 
 <!-- MMC_NapSnap_GP-OmaUri-Begin -->
@@ -4002,7 +4002,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Net_Framework-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Net_Framework-Applicability-End -->
 
 <!-- MMC_Net_Framework-OmaUri-Begin -->
@@ -4073,7 +4073,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_NPSUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_NPSUI-Applicability-End -->
 
 <!-- MMC_NPSUI-OmaUri-Begin -->
@@ -4144,7 +4144,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_OCSP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_OCSP-Applicability-End -->
 
 <!-- MMC_OCSP-OmaUri-Begin -->
@@ -4215,7 +4215,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_OSPFRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_OSPFRouting-Applicability-End -->
 
 <!-- MMC_OSPFRouting-OmaUri-Begin -->
@@ -4286,7 +4286,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_PerfLogsAlerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_PerfLogsAlerts-Applicability-End -->
 
 <!-- MMC_PerfLogsAlerts-OmaUri-Begin -->
@@ -4357,7 +4357,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_PublicKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_PublicKey-Applicability-End -->
 
 <!-- MMC_PublicKey-OmaUri-Begin -->
@@ -4428,7 +4428,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_QoSAdmission-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_QoSAdmission-Applicability-End -->
 
 <!-- MMC_QoSAdmission-OmaUri-Begin -->
@@ -4499,7 +4499,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RAS_DialinUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RAS_DialinUser-Applicability-End -->
 
 <!-- MMC_RAS_DialinUser-OmaUri-Begin -->
@@ -4570,7 +4570,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RemoteAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RemoteAccess-Applicability-End -->
 
 <!-- MMC_RemoteAccess-OmaUri-Begin -->
@@ -4641,7 +4641,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RemoteDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RemoteDesktop-Applicability-End -->
 
 <!-- MMC_RemoteDesktop-OmaUri-Begin -->
@@ -4712,7 +4712,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RemStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RemStore-Applicability-End -->
 
 <!-- MMC_RemStore-OmaUri-Begin -->
@@ -4783,7 +4783,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ResultantSetOfPolicySnapIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ResultantSetOfPolicySnapIn-Applicability-End -->
 
 <!-- MMC_ResultantSetOfPolicySnapIn-OmaUri-Begin -->
@@ -4854,7 +4854,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RIPRouting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RIPRouting-Applicability-End -->
 
 <!-- MMC_RIPRouting-OmaUri-Begin -->
@@ -4925,7 +4925,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RIS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RIS-Applicability-End -->
 
 <!-- MMC_RIS-OmaUri-Begin -->
@@ -4996,7 +4996,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Routing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Routing-Applicability-End -->
 
 <!-- MMC_Routing-OmaUri-Begin -->
@@ -5067,7 +5067,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RRA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RRA-Applicability-End -->
 
 <!-- MMC_RRA-OmaUri-Begin -->
@@ -5138,7 +5138,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_RSM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_RSM-Applicability-End -->
 
 <!-- MMC_RSM-OmaUri-Begin -->
@@ -5209,7 +5209,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SCA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SCA-Applicability-End -->
 
 <!-- MMC_SCA-OmaUri-Begin -->
@@ -5280,7 +5280,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsMachine_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsMachine_1-Applicability-End -->
 
 <!-- MMC_ScriptsMachine_1-OmaUri-Begin -->
@@ -5351,7 +5351,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsMachine_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsMachine_2-Applicability-End -->
 
 <!-- MMC_ScriptsMachine_2-OmaUri-Begin -->
@@ -5422,7 +5422,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsUser_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsUser_1-Applicability-End -->
 
 <!-- MMC_ScriptsUser_1-OmaUri-Begin -->
@@ -5493,7 +5493,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ScriptsUser_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ScriptsUser_2-Applicability-End -->
 
 <!-- MMC_ScriptsUser_2-OmaUri-Begin -->
@@ -5564,7 +5564,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SecuritySettings_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SecuritySettings_1-Applicability-End -->
 
 <!-- MMC_SecuritySettings_1-OmaUri-Begin -->
@@ -5635,7 +5635,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SecuritySettings_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SecuritySettings_2-Applicability-End -->
 
 <!-- MMC_SecuritySettings_2-OmaUri-Begin -->
@@ -5706,7 +5706,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SecurityTemplates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SecurityTemplates-Applicability-End -->
 
 <!-- MMC_SecurityTemplates-OmaUri-Begin -->
@@ -5777,7 +5777,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SendConsoleMessage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SendConsoleMessage-Applicability-End -->
 
 <!-- MMC_SendConsoleMessage-OmaUri-Begin -->
@@ -5848,7 +5848,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ServerManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ServerManager-Applicability-End -->
 
 <!-- MMC_ServerManager-OmaUri-Begin -->
@@ -5919,7 +5919,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_ServiceDependencies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_ServiceDependencies-Applicability-End -->
 
 <!-- MMC_ServiceDependencies-OmaUri-Begin -->
@@ -5990,7 +5990,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Services-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Services-Applicability-End -->
 
 <!-- MMC_Services-OmaUri-Begin -->
@@ -6061,7 +6061,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SharedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SharedFolders-Applicability-End -->
 
 <!-- MMC_SharedFolders-OmaUri-Begin -->
@@ -6132,7 +6132,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SharedFolders_Ext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SharedFolders_Ext-Applicability-End -->
 
 <!-- MMC_SharedFolders_Ext-OmaUri-Begin -->
@@ -6203,7 +6203,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SMTPProtocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SMTPProtocol-Applicability-End -->
 
 <!-- MMC_SMTPProtocol-OmaUri-Begin -->
@@ -6274,7 +6274,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SNMP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SNMP-Applicability-End -->
 
 <!-- MMC_SNMP-OmaUri-Begin -->
@@ -6345,7 +6345,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstalationComputers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstalationComputers_1-Applicability-End -->
 
 <!-- MMC_SoftwareInstalationComputers_1-OmaUri-Begin -->
@@ -6416,7 +6416,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstalationComputers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstalationComputers_2-Applicability-End -->
 
 <!-- MMC_SoftwareInstalationComputers_2-OmaUri-Begin -->
@@ -6487,7 +6487,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstallationUsers_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstallationUsers_1-Applicability-End -->
 
 <!-- MMC_SoftwareInstallationUsers_1-OmaUri-Begin -->
@@ -6558,7 +6558,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SoftwareInstallationUsers_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SoftwareInstallationUsers_2-Applicability-End -->
 
 <!-- MMC_SoftwareInstallationUsers_2-OmaUri-Begin -->
@@ -6629,7 +6629,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SysInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SysInfo-Applicability-End -->
 
 <!-- MMC_SysInfo-OmaUri-Begin -->
@@ -6700,7 +6700,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_SysProp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_SysProp-Applicability-End -->
 
 <!-- MMC_SysProp-OmaUri-Begin -->
@@ -6771,7 +6771,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_Telephony-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_Telephony-Applicability-End -->
 
 <!-- MMC_Telephony-OmaUri-Begin -->
@@ -6842,7 +6842,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_TerminalServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_TerminalServices-Applicability-End -->
 
 <!-- MMC_TerminalServices-OmaUri-Begin -->
@@ -6913,7 +6913,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_TPMManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_TPMManagement-Applicability-End -->
 
 <!-- MMC_TPMManagement-OmaUri-Begin -->
@@ -6984,7 +6984,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WindowsFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WindowsFirewall-Applicability-End -->
 
 <!-- MMC_WindowsFirewall-OmaUri-Begin -->
@@ -7055,7 +7055,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WindowsFirewall_GP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WindowsFirewall_GP-Applicability-End -->
 
 <!-- MMC_WindowsFirewall_GP-OmaUri-Begin -->
@@ -7126,7 +7126,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WiredNetworkPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WiredNetworkPolicy-Applicability-End -->
 
 <!-- MMC_WiredNetworkPolicy-OmaUri-Begin -->
@@ -7197,7 +7197,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WirelessMon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WirelessMon-Applicability-End -->
 
 <!-- MMC_WirelessMon-OmaUri-Begin -->
@@ -7268,7 +7268,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WirelessNetworkPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WirelessNetworkPolicy-Applicability-End -->
 
 <!-- MMC_WirelessNetworkPolicy-OmaUri-Begin -->
@@ -7339,7 +7339,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
 <!-- MMC_WMI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MMC_WMI-Applicability-End -->
 
 <!-- MMC_WMI-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 2ae1fe9ece..54c66c7309 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MobilePCMobilityCenter Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- MobilityCenterEnable_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MobilityCenterEnable_1-Applicability-End -->
 
 <!-- MobilityCenterEnable_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting turns off Windows Mobility Center.
 <!-- MobilityCenterEnable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MobilityCenterEnable_2-Applicability-End -->
 
 <!-- MobilityCenterEnable_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index 1ddbf7a393..bd007d95f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MobilePCPresentationSettings Area in Poli
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PresentationSettingsEnable_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PresentationSettingsEnable_1-Applicability-End -->
 
 <!-- PresentationSettingsEnable_1-OmaUri-Begin -->
@@ -92,7 +92,7 @@ This policy setting turns off Windows presentation settings.
 <!-- PresentationSettingsEnable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PresentationSettingsEnable_2-Applicability-End -->
 
 <!-- PresentationSettingsEnable_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index 2be7fd3549..334498bf41 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSAPolicy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- MicrosoftAccount_DisableUserAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftAccount_DisableUserAuth-Applicability-End -->
 
 <!-- MicrosoftAccount_DisableUserAuth-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index a422431082..34c9f09939 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_msched Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ActivationBoundaryPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ActivationBoundaryPolicy-Applicability-End -->
 
 <!-- ActivationBoundaryPolicy-OmaUri-Begin -->
@@ -88,7 +88,7 @@ The maintenance activation boundary is the daily schduled time at which Automati
 <!-- RandomDelayPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RandomDelayPolicy-Applicability-End -->
 
 <!-- RandomDelayPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 76b49c1861..61b9d77688 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSDT Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- MsdtSupportProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MsdtSupportProvider-Applicability-End -->
 
 <!-- MsdtSupportProvider-OmaUri-Begin -->
@@ -93,7 +93,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- MsdtToolDownloadPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MsdtToolDownloadPolicy-Applicability-End -->
 
 <!-- MsdtToolDownloadPolicy-OmaUri-Begin -->
@@ -166,7 +166,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index c8e0918d6f..d4bedbcaf2 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowLockdownBrowse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLockdownBrowse-Applicability-End -->
 
 <!-- AllowLockdownBrowse-OmaUri-Begin -->
@@ -91,7 +91,7 @@ This policy setting doesn't affect installations that run in the user's security
 <!-- AllowLockdownMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLockdownMedia-Applicability-End -->
 
 <!-- AllowLockdownMedia-OmaUri-Begin -->
@@ -154,7 +154,7 @@ Also, see the "Prevent removable media source for any install" policy setting.
 <!-- AllowLockdownPatch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLockdownPatch-Applicability-End -->
 
 <!-- AllowLockdownPatch-OmaUri-Begin -->
@@ -215,7 +215,7 @@ This policy setting doesn't affect installations that run in the user's security
 <!-- DisableAutomaticApplicationShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutomaticApplicationShutdown-Applicability-End -->
 
 <!-- DisableAutomaticApplicationShutdown-OmaUri-Begin -->
@@ -279,7 +279,7 @@ This policy setting controls Windows Installer's interaction with the Restart Ma
 <!-- DisableBrowse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBrowse-Applicability-End -->
 
 <!-- DisableBrowse-OmaUri-Begin -->
@@ -344,7 +344,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting.
 <!-- DisableFlyweightPatching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableFlyweightPatching-Applicability-End -->
 
 <!-- DisableFlyweightPatching-OmaUri-Begin -->
@@ -402,7 +402,7 @@ This policy setting controls the ability to turn off all patch optimizations.
 <!-- DisableLoggingFromPackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLoggingFromPackage-Applicability-End -->
 
 <!-- DisableLoggingFromPackage-OmaUri-Begin -->
@@ -464,7 +464,7 @@ This policy setting controls Windows Installer's processing of the MsiLogging pr
 <!-- DisableMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableMedia-Applicability-End -->
 
 <!-- DisableMedia-OmaUri-Begin -->
@@ -527,7 +527,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad
 <!-- DisableMSI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableMSI-Applicability-End -->
 
 <!-- DisableMSI-OmaUri-Begin -->
@@ -591,7 +591,7 @@ This policy setting affects Windows Installer only. It doesn't prevent users fro
 <!-- DisablePatch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePatch-Applicability-End -->
 
 <!-- DisablePatch-OmaUri-Begin -->
@@ -655,7 +655,7 @@ Also, see the "Enable user to patch elevated products" policy setting.
 <!-- DisableRollback_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRollback_1-Applicability-End -->
 
 <!-- DisableRollback_1-OmaUri-Begin -->
@@ -716,7 +716,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- DisableRollback_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRollback_2-Applicability-End -->
 
 <!-- DisableRollback_2-OmaUri-Begin -->
@@ -777,7 +777,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- DisableSharedComponent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSharedComponent-Applicability-End -->
 
 <!-- DisableSharedComponent-OmaUri-Begin -->
@@ -836,7 +836,7 @@ This policy setting controls the ability to turn off shared components.
 <!-- MSI_DisableLUAPatching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisableLUAPatching-Applicability-End -->
 
 <!-- MSI_DisableLUAPatching-OmaUri-Begin -->
@@ -897,7 +897,7 @@ Non-administrator updates provide a mechanism for the author of an application t
 <!-- MSI_DisablePatchUninstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisablePatchUninstall-Applicability-End -->
 
 <!-- MSI_DisablePatchUninstall-OmaUri-Begin -->
@@ -958,7 +958,7 @@ This policy setting should be used if you need to maintain a tight control over
 <!-- MSI_DisableSRCheckPoints-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisableSRCheckPoints-Applicability-End -->
 
 <!-- MSI_DisableSRCheckPoints-OmaUri-Begin -->
@@ -1017,7 +1017,7 @@ This policy setting prevents Windows Installer from creating a System Restore ch
 <!-- MSI_DisableUserInstalls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_DisableUserInstalls-Applicability-End -->
 
 <!-- MSI_DisableUserInstalls-OmaUri-Begin -->
@@ -1075,7 +1075,7 @@ This policy setting allows you to configure user installs. To configure this pol
 <!-- MSI_EnforceUpgradeComponentRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_EnforceUpgradeComponentRules-Applicability-End -->
 
 <!-- MSI_EnforceUpgradeComponentRules-OmaUri-Begin -->
@@ -1142,7 +1142,7 @@ The new feature must be added as a new leaf feature to an existing feature tree.
 <!-- MSI_MaxPatchCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSI_MaxPatchCacheSize-Applicability-End -->
 
 <!-- MSI_MaxPatchCacheSize-OmaUri-Begin -->
@@ -1206,7 +1206,7 @@ If you set the baseline cache to 100, the Windows Installer will use available f
 <!-- MsiDisableEmbeddedUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MsiDisableEmbeddedUI-Applicability-End -->
 
 <!-- MsiDisableEmbeddedUI-OmaUri-Begin -->
@@ -1265,7 +1265,7 @@ This policy setting controls the ability to prevent embedded UI.
 <!-- MSILogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MSILogging-Applicability-End -->
 
 <!-- MSILogging-OmaUri-Begin -->
@@ -1325,7 +1325,7 @@ If you disable or don't configure this policy setting, Windows Installer logs th
 <!-- SafeForScripting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SafeForScripting-Applicability-End -->
 
 <!-- SafeForScripting-OmaUri-Begin -->
@@ -1386,7 +1386,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist
 <!-- SearchOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SearchOrder-Applicability-End -->
 
 <!-- SearchOrder-OmaUri-Begin -->
@@ -1452,7 +1452,7 @@ To exclude a file source, omit or delete the letter representing that source typ
 <!-- TransformsSecure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TransformsSecure-Applicability-End -->
 
 <!-- TransformsSecure-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index e7fead69d7..90a1241020 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MsiFileRecovery Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
index 00f68b6aeb..c318f50ecd 100644
--- a/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
+++ b/windows/client-management/mdm/policy-csp-admx-mss-legacy.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_MSS-legacy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Pol_MSS_AutoAdminLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoAdminLogon-Applicability-End -->
 
 <!-- Pol_MSS_AutoAdminLogon-OmaUri-Begin -->
@@ -79,7 +79,7 @@ Enable Automatic Logon (not recommended).
 <!-- Pol_MSS_AutoReboot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoReboot-Applicability-End -->
 
 <!-- Pol_MSS_AutoReboot-OmaUri-Begin -->
@@ -130,7 +130,7 @@ Allow Windows to automatically restart after a system crash (recommended except
 <!-- Pol_MSS_AutoShareServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoShareServer-Applicability-End -->
 
 <!-- Pol_MSS_AutoShareServer-OmaUri-Begin -->
@@ -181,7 +181,7 @@ Enable administrative shares on servers (recommended except for highly secure en
 <!-- Pol_MSS_AutoShareWks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_AutoShareWks-Applicability-End -->
 
 <!-- Pol_MSS_AutoShareWks-OmaUri-Begin -->
@@ -232,7 +232,7 @@ Enable administrative shares on workstations (recommended except for highly secu
 <!-- Pol_MSS_DisableSavePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_DisableSavePassword-Applicability-End -->
 
 <!-- Pol_MSS_DisableSavePassword-OmaUri-Begin -->
@@ -283,7 +283,7 @@ Prevent the dial-up password from being saved (recommended).
 <!-- Pol_MSS_EnableDeadGWDetect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_EnableDeadGWDetect-Applicability-End -->
 
 <!-- Pol_MSS_EnableDeadGWDetect-OmaUri-Begin -->
@@ -334,7 +334,7 @@ Allow automatic detection of dead network gateways (could lead to DoS).
 <!-- Pol_MSS_HideFromBrowseList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_HideFromBrowseList-Applicability-End -->
 
 <!-- Pol_MSS_HideFromBrowseList-OmaUri-Begin -->
@@ -385,7 +385,7 @@ Hide Computer From the Browse List (not recommended except for highly secure env
 <!-- Pol_MSS_KeepAliveTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_KeepAliveTime-Applicability-End -->
 
 <!-- Pol_MSS_KeepAliveTime-OmaUri-Begin -->
@@ -436,7 +436,7 @@ Define how often keep-alive packets are sent in milliseconds.
 <!-- Pol_MSS_NoDefaultExempt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_NoDefaultExempt-Applicability-End -->
 
 <!-- Pol_MSS_NoDefaultExempt-OmaUri-Begin -->
@@ -487,7 +487,7 @@ Configure IPSec exemptions for various types of network traffic.
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-Applicability-End -->
 
 <!-- Pol_MSS_NtfsDisable8dot3NameCreation-OmaUri-Begin -->
@@ -538,7 +538,7 @@ Enable the computer to stop generating 8.3 style filenames.
 <!-- Pol_MSS_PerformRouterDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_PerformRouterDiscovery-Applicability-End -->
 
 <!-- Pol_MSS_PerformRouterDiscovery-OmaUri-Begin -->
@@ -589,7 +589,7 @@ Enable the computer to stop generating 8.3 style filenames.
 <!-- Pol_MSS_SafeDllSearchMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_SafeDllSearchMode-Applicability-End -->
 
 <!-- Pol_MSS_SafeDllSearchMode-OmaUri-Begin -->
@@ -640,7 +640,7 @@ Enable Safe DLL search mode (recommended).
 <!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_ScreenSaverGracePeriod-Applicability-End -->
 
 <!-- Pol_MSS_ScreenSaverGracePeriod-OmaUri-Begin -->
@@ -691,7 +691,7 @@ he time in seconds before the screen saver grace period expires (0 recommended).
 <!-- Pol_MSS_SynAttackProtect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_SynAttackProtect-Applicability-End -->
 
 <!-- Pol_MSS_SynAttackProtect-OmaUri-Begin -->
@@ -742,7 +742,7 @@ Syn attack protection level (protects against DoS).
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-Applicability-End -->
 
 <!-- Pol_MSS_TcpMaxConnectResponseRetransmissions-OmaUri-Begin -->
@@ -793,7 +793,7 @@ SYN-ACK retransmissions when a connection request is not acknowledged.
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxDataRetransmissions-Applicability-End -->
 
 <!-- Pol_MSS_TcpMaxDataRetransmissions-OmaUri-Begin -->
@@ -844,7 +844,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-Applicability-End -->
 
 <!-- Pol_MSS_TcpMaxDataRetransmissionsIPv6-OmaUri-Begin -->
@@ -895,7 +895,7 @@ Define how many times unacknowledged data is retransmitted (3 recommended, 5 is
 <!-- Pol_MSS_WarningLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MSS_WarningLevel-Applicability-End -->
 
 <!-- Pol_MSS_WarningLevel-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index b94826a3c0..35907c1d3b 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_nca Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CorporateResources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CorporateResources-Applicability-End -->
 
 <!-- CorporateResources-OmaUri-Begin -->
@@ -100,7 +100,7 @@ You must configure this setting to have complete NCA functionality.
 <!-- CustomCommands-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomCommands-Applicability-End -->
 
 <!-- CustomCommands-OmaUri-Begin -->
@@ -154,7 +154,7 @@ Specifies commands configured by the administrator for custom logging. These com
 <!-- DTEs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DTEs-Applicability-End -->
 
 <!-- DTEs-OmaUri-Begin -->
@@ -214,7 +214,7 @@ You must configure this setting to have complete NCA functionality.
 <!-- FriendlyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FriendlyName-Applicability-End -->
 
 <!-- FriendlyName-OmaUri-Begin -->
@@ -270,7 +270,7 @@ If this setting isn't configured, the string that appears for DirectAccess conne
 <!-- LocalNamesOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LocalNamesOn-Applicability-End -->
 
 <!-- LocalNamesOn-OmaUri-Begin -->
@@ -337,7 +337,7 @@ If this setting isn't configured, users don't have Connect or Disconnect options
 <!-- PassiveMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PassiveMode-Applicability-End -->
 
 <!-- PassiveMode-OmaUri-Begin -->
@@ -394,7 +394,7 @@ Set this to Disabled to keep NCA probing actively all the time. If this setting
 <!-- ShowUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowUI-Applicability-End -->
 
 <!-- ShowUI-OmaUri-Begin -->
@@ -453,7 +453,7 @@ If this setting isn't configured, the entry for DirectAccess connectivity appear
 <!-- SupportEmail-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SupportEmail-Applicability-End -->
 
 <!-- SupportEmail-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index ccb12eb3e6..f6b11c6d2b 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_NCSI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- NCSI_CorpDnsProbeContent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpDnsProbeContent-Applicability-End -->
 
 <!-- NCSI_CorpDnsProbeContent-OmaUri-Begin -->
@@ -84,7 +84,7 @@ This policy setting enables you to specify the expected address of the host name
 <!-- NCSI_CorpDnsProbeHost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpDnsProbeHost-Applicability-End -->
 
 <!-- NCSI_CorpDnsProbeHost-OmaUri-Begin -->
@@ -140,7 +140,7 @@ This policy setting enables you to specify the host name of a computer known to
 <!-- NCSI_CorpSitePrefixes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpSitePrefixes-Applicability-End -->
 
 <!-- NCSI_CorpSitePrefixes-OmaUri-Begin -->
@@ -196,7 +196,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi
 <!-- NCSI_CorpWebProbeUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_CorpWebProbeUrl-Applicability-End -->
 
 <!-- NCSI_CorpWebProbeUrl-OmaUri-Begin -->
@@ -252,7 +252,7 @@ This policy setting enables you to specify the URL of the corporate website, aga
 <!-- NCSI_DomainLocationDeterminationUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_DomainLocationDeterminationUrl-Applicability-End -->
 
 <!-- NCSI_DomainLocationDeterminationUrl-OmaUri-Begin -->
@@ -308,7 +308,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit
 <!-- NCSI_GlobalDns-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_GlobalDns-Applicability-End -->
 
 <!-- NCSI_GlobalDns-OmaUri-Begin -->
@@ -362,7 +362,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default
 <!-- NCSI_PassivePolling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NCSI_PassivePolling-Applicability-End -->
 
 <!-- NCSI_PassivePolling-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 13d24d1bfc..c9d7247cac 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Netlogon Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Netlogon_AddressLookupOnPingBehavior-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AddressLookupOnPingBehavior-Applicability-End -->
 
 <!-- Netlogon_AddressLookupOnPingBehavior-OmaUri-Begin -->
@@ -96,7 +96,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_AddressTypeReturned-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AddressTypeReturned-Applicability-End -->
 
 <!-- Netlogon_AddressTypeReturned-OmaUri-Begin -->
@@ -159,7 +159,7 @@ By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applica
 <!-- Netlogon_AllowDnsSuffixSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AllowDnsSuffixSearch-Applicability-End -->
 
 <!-- Netlogon_AllowDnsSuffixSearch-OmaUri-Begin -->
@@ -220,7 +220,7 @@ By default, when no setting is specified for this policy, the behavior is the sa
 <!-- Netlogon_AllowNT4Crypto-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AllowNT4Crypto-Applicability-End -->
 
 <!-- Netlogon_AllowNT4Crypto-OmaUri-Begin -->
@@ -283,7 +283,7 @@ By default, Net Logon won't allow the older cryptography algorithms to be used a
 <!-- Netlogon_AllowSingleLabelDnsDomain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AllowSingleLabelDnsDomain-Applicability-End -->
 
 <!-- Netlogon_AllowSingleLabelDnsDomain-OmaUri-Begin -->
@@ -346,7 +346,7 @@ By default, the behavior specified in the AllowDnsSuffixSearch is used. If the A
 <!-- Netlogon_AutoSiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AutoSiteCoverage-Applicability-End -->
 
 <!-- Netlogon_AutoSiteCoverage-OmaUri-Begin -->
@@ -407,7 +407,7 @@ This policy setting determines whether domain controllers (DC) will dynamically
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-Applicability-End -->
 
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-OmaUri-Begin -->
@@ -470,7 +470,7 @@ Note that this policy setting doesn't affect NetBIOS-based discovery for DC loca
 <!-- Netlogon_AvoidPdcOnWan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_AvoidPdcOnWan-Applicability-End -->
 
 <!-- Netlogon_AvoidPdcOnWan-OmaUri-Begin -->
@@ -533,7 +533,7 @@ Contacting the PDC emulator is useful in case the client's password was recently
 <!-- Netlogon_BackgroundRetryInitialPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundRetryInitialPeriod-Applicability-End -->
 
 <!-- Netlogon_BackgroundRetryInitialPeriod-OmaUri-Begin -->
@@ -596,7 +596,7 @@ If the value of this setting is less than the value specified in the NegativeCac
 <!-- Netlogon_BackgroundRetryMaximumPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundRetryMaximumPeriod-Applicability-End -->
 
 <!-- Netlogon_BackgroundRetryMaximumPeriod-OmaUri-Begin -->
@@ -661,7 +661,7 @@ If the value for this setting is too small and the DC isn't available, the frequ
 <!-- Netlogon_BackgroundRetryQuitTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundRetryQuitTime-Applicability-End -->
 
 <!-- Netlogon_BackgroundRetryQuitTime-OmaUri-Begin -->
@@ -720,7 +720,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
 <!-- Netlogon_BackgroundSuccessfulRefreshPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_BackgroundSuccessfulRefreshPeriod-Applicability-End -->
 
 <!-- Netlogon_BackgroundSuccessfulRefreshPeriod-OmaUri-Begin -->
@@ -774,7 +774,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th
 <!-- Netlogon_DebugFlag-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DebugFlag-Applicability-End -->
 
 <!-- Netlogon_DebugFlag-OmaUri-Begin -->
@@ -836,7 +836,7 @@ If you specify zero for this policy setting, the default behavior occurs as desc
 <!-- Netlogon_DnsAvoidRegisterRecords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsAvoidRegisterRecords-Applicability-End -->
 
 <!-- Netlogon_DnsAvoidRegisterRecords-OmaUri-Begin -->
@@ -920,7 +920,7 @@ This policy setting determines which DC Locator DNS records aren't registered by
 <!-- Netlogon_DnsRefreshInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsRefreshInterval-Applicability-End -->
 
 <!-- Netlogon_DnsRefreshInterval-OmaUri-Begin -->
@@ -983,7 +983,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_DnsSrvRecordUseLowerCaseHostNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsSrvRecordUseLowerCaseHostNames-Applicability-End -->
 
 <!-- Netlogon_DnsSrvRecordUseLowerCaseHostNames-OmaUri-Begin -->
@@ -1050,7 +1050,7 @@ More information is available at <https://aka.ms/lowercasehostnamesrvrecord>
 <!-- Netlogon_DnsTtl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_DnsTtl-Applicability-End -->
 
 <!-- Netlogon_DnsTtl-OmaUri-Begin -->
@@ -1108,7 +1108,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_ExpectedDialupDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_ExpectedDialupDelay-Applicability-End -->
 
 <!-- Netlogon_ExpectedDialupDelay-OmaUri-Begin -->
@@ -1166,7 +1166,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
 <!-- Netlogon_ForceRediscoveryInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_ForceRediscoveryInterval-Applicability-End -->
 
 <!-- Netlogon_ForceRediscoveryInterval-OmaUri-Begin -->
@@ -1228,7 +1228,7 @@ The Domain Controller Locator (DC Locator) service is used by clients to find do
 <!-- Netlogon_GcSiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_GcSiteCoverage-Applicability-End -->
 
 <!-- Netlogon_GcSiteCoverage-OmaUri-Begin -->
@@ -1288,7 +1288,7 @@ If you don't configure this policy setting, it isn't applied to any GCs, and GCs
 <!-- Netlogon_IgnoreIncomingMailslotMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_IgnoreIncomingMailslotMessages-Applicability-End -->
 
 <!-- Netlogon_IgnoreIncomingMailslotMessages-OmaUri-Begin -->
@@ -1352,7 +1352,7 @@ This policy setting is recommended to reduce the attack surface on a DC, and can
 <!-- Netlogon_LdapSrvPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_LdapSrvPriority-Applicability-End -->
 
 <!-- Netlogon_LdapSrvPriority-OmaUri-Begin -->
@@ -1412,7 +1412,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_LdapSrvWeight-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_LdapSrvWeight-Applicability-End -->
 
 <!-- Netlogon_LdapSrvWeight-OmaUri-Begin -->
@@ -1472,7 +1472,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_MaximumLogFileSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_MaximumLogFileSize-Applicability-End -->
 
 <!-- Netlogon_MaximumLogFileSize-OmaUri-Begin -->
@@ -1532,7 +1532,7 @@ By default, the maximum size of the log file is 20MB.
 <!-- Netlogon_NdncSiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NdncSiteCoverage-Applicability-End -->
 
 <!-- Netlogon_NdncSiteCoverage-OmaUri-Begin -->
@@ -1592,7 +1592,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_NegativeCachePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NegativeCachePeriod-Applicability-End -->
 
 <!-- Netlogon_NegativeCachePeriod-OmaUri-Begin -->
@@ -1651,7 +1651,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
 <!-- Netlogon_NetlogonShareCompatibilityMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NetlogonShareCompatibilityMode-Applicability-End -->
 
 <!-- Netlogon_NetlogonShareCompatibilityMode-OmaUri-Begin -->
@@ -1717,7 +1717,7 @@ By default, the Netlogon share will grant shared read access to files on the sha
 <!-- Netlogon_NonBackgroundSuccessfulRefreshPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_NonBackgroundSuccessfulRefreshPeriod-Applicability-End -->
 
 <!-- Netlogon_NonBackgroundSuccessfulRefreshPeriod-OmaUri-Begin -->
@@ -1773,7 +1773,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
 <!-- Netlogon_PingUrgencyMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_PingUrgencyMode-Applicability-End -->
 
 <!-- Netlogon_PingUrgencyMode-OmaUri-Begin -->
@@ -1839,7 +1839,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
 <!-- Netlogon_ScavengeInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_ScavengeInterval-Applicability-End -->
 
 <!-- Netlogon_ScavengeInterval-OmaUri-Begin -->
@@ -1903,7 +1903,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
 <!-- Netlogon_SiteCoverage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_SiteCoverage-Applicability-End -->
 
 <!-- Netlogon_SiteCoverage-OmaUri-Begin -->
@@ -1963,7 +1963,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
 <!-- Netlogon_SiteName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_SiteName-Applicability-End -->
 
 <!-- Netlogon_SiteName-OmaUri-Begin -->
@@ -2023,7 +2023,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
 <!-- Netlogon_SysvolShareCompatibilityMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_SysvolShareCompatibilityMode-Applicability-End -->
 
 <!-- Netlogon_SysvolShareCompatibilityMode-OmaUri-Begin -->
@@ -2089,7 +2089,7 @@ If you enable this policy setting, domain administrators should ensure that the
 <!-- Netlogon_TryNextClosestSite-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_TryNextClosestSite-Applicability-End -->
 
 <!-- Netlogon_TryNextClosestSite-OmaUri-Begin -->
@@ -2152,7 +2152,7 @@ The DC Locator service is used by clients to find domain controllers for their A
 <!-- Netlogon_UseDynamicDns-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Netlogon_UseDynamicDns-Applicability-End -->
 
 <!-- Netlogon_UseDynamicDns-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 8eb1fd9ec5..04f22cb3cf 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_NetworkConnections Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- NC_AddRemoveComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_AddRemoveComponents-Applicability-End -->
 
 <!-- NC_AddRemoveComponents-OmaUri-Begin -->
@@ -100,7 +100,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec
 <!-- NC_AdvancedSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_AdvancedSettings-Applicability-End -->
 
 <!-- NC_AdvancedSettings-OmaUri-Begin -->
@@ -167,7 +167,7 @@ The Advanced Settings item lets users view and change bindings and view and chan
 <!-- NC_AllowAdvancedTCPIPConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_AllowAdvancedTCPIPConfig-Applicability-End -->
 
 <!-- NC_AllowAdvancedTCPIPConfig-OmaUri-Begin -->
@@ -241,7 +241,7 @@ Determines whether users can configure advanced TCP/IP settings.
 <!-- NC_ChangeBindState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ChangeBindState-Applicability-End -->
 
 <!-- NC_ChangeBindState-OmaUri-Begin -->
@@ -309,7 +309,7 @@ Determines whether administrators can enable and disable the components used by
 <!-- NC_DeleteAllUserConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DeleteAllUserConnection-Applicability-End -->
 
 <!-- NC_DeleteAllUserConnection-OmaUri-Begin -->
@@ -384,7 +384,7 @@ To create an all-user remote access connection, on the Connection Availability p
 <!-- NC_DeleteConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DeleteConnection-Applicability-End -->
 
 <!-- NC_DeleteConnection-OmaUri-Begin -->
@@ -455,7 +455,7 @@ Determines whether users can delete remote access connections.
 <!-- NC_DialupPrefs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DialupPrefs-Applicability-End -->
 
 <!-- NC_DialupPrefs-OmaUri-Begin -->
@@ -519,7 +519,7 @@ The Remote Access Preferences item lets users create and change connections befo
 <!-- NC_DoNotShowLocalOnlyIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_DoNotShowLocalOnlyIcon-Applicability-End -->
 
 <!-- NC_DoNotShowLocalOnlyIcon-OmaUri-Begin -->
@@ -578,7 +578,7 @@ If you disable this setting or don't configure it, the "local access only" icon
 <!-- NC_EnableAdminProhibits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_EnableAdminProhibits-Applicability-End -->
 
 <!-- NC_EnableAdminProhibits-OmaUri-Begin -->
@@ -644,7 +644,7 @@ By default, Network Connections group settings in Windows XP Professional don't
 <!-- NC_ForceTunneling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ForceTunneling-Applicability-End -->
 
 <!-- NC_ForceTunneling-OmaUri-Begin -->
@@ -706,7 +706,7 @@ When a remote client computer connects to an internal network using DirectAccess
 <!-- NC_IpStateChecking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_IpStateChecking-Applicability-End -->
 
 <!-- NC_IpStateChecking-OmaUri-Begin -->
@@ -765,7 +765,7 @@ This policy setting allows you to manage whether notifications are shown to the
 <!-- NC_LanChangeProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_LanChangeProperties-Applicability-End -->
 
 <!-- NC_LanChangeProperties-OmaUri-Begin -->
@@ -843,7 +843,7 @@ The Local Area Connection Properties dialog box includes a list of the network c
 <!-- NC_LanConnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_LanConnect-Applicability-End -->
 
 <!-- NC_LanConnect-OmaUri-Begin -->
@@ -910,7 +910,7 @@ Determines whether users can enable/disable LAN connections.
 <!-- NC_LanProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_LanProperties-Applicability-End -->
 
 <!-- NC_LanProperties-OmaUri-Begin -->
@@ -982,7 +982,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 <!-- NC_NewConnectionWizard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_NewConnectionWizard-Applicability-End -->
 
 <!-- NC_NewConnectionWizard-OmaUri-Begin -->
@@ -1050,7 +1050,7 @@ Determines whether users can use the New Connection Wizard, which creates new ne
 <!-- NC_PersonalFirewallConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_PersonalFirewallConfig-Applicability-End -->
 
 <!-- NC_PersonalFirewallConfig-OmaUri-Begin -->
@@ -1119,7 +1119,7 @@ The Internet Connection Firewall is a stateful packet filter for home and small
 <!-- NC_RasAllUserProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasAllUserProperties-Applicability-End -->
 
 <!-- NC_RasAllUserProperties-OmaUri-Begin -->
@@ -1195,7 +1195,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 <!-- NC_RasChangeProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasChangeProperties-Applicability-End -->
 
 <!-- NC_RasChangeProperties-OmaUri-Begin -->
@@ -1270,7 +1270,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include
 <!-- NC_RasConnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasConnect-Applicability-End -->
 
 <!-- NC_RasConnect-OmaUri-Begin -->
@@ -1332,7 +1332,7 @@ Determines whether users can connect and disconnect remote access connections.
 <!-- NC_RasMyProperties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RasMyProperties-Applicability-End -->
 
 <!-- NC_RasMyProperties-OmaUri-Begin -->
@@ -1406,7 +1406,7 @@ This setting determines whether the Properties menu item is enabled, and thus, w
 <!-- NC_RenameAllUserRasConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameAllUserRasConnection-Applicability-End -->
 
 <!-- NC_RenameAllUserRasConnection-OmaUri-Begin -->
@@ -1478,7 +1478,7 @@ To create an all-user connection, on the Connection Availability page in the New
 <!-- NC_RenameConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameConnection-Applicability-End -->
 
 <!-- NC_RenameConnection-OmaUri-Begin -->
@@ -1548,7 +1548,7 @@ If this setting isn't configured, only Administrators and Network Configuration
 <!-- NC_RenameLanConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameLanConnection-Applicability-End -->
 
 <!-- NC_RenameLanConnection-OmaUri-Begin -->
@@ -1615,7 +1615,7 @@ Determines whether nonadministrators can rename a LAN connection.
 <!-- NC_RenameMyRasConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_RenameMyRasConnection-Applicability-End -->
 
 <!-- NC_RenameMyRasConnection-OmaUri-Begin -->
@@ -1682,7 +1682,7 @@ Private connections are those that are available only to one user. To create a p
 <!-- NC_ShowSharedAccessUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_ShowSharedAccessUI-Applicability-End -->
 
 <!-- NC_ShowSharedAccessUI-OmaUri-Begin -->
@@ -1757,7 +1757,7 @@ By default, ICS is disabled when you create a remote access connection, but admi
 <!-- NC_Statistics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_Statistics-Applicability-End -->
 
 <!-- NC_Statistics-OmaUri-Begin -->
@@ -1821,7 +1821,7 @@ Connection status is available from the connection status taskbar icon or from t
 <!-- NC_StdDomainUserSetLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NC_StdDomainUserSetLocation-Applicability-End -->
 
 <!-- NC_StdDomainUserSetLocation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index 56b4c9a621..d1e099f8ba 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_OfflineFiles Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Pol_AlwaysPinSubFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_AlwaysPinSubFolders-Applicability-End -->
 
 <!-- Pol_AlwaysPinSubFolders-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This setting automatically extends the "make available offline" setting to all n
 <!-- Pol_AssignedOfflineFiles_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_AssignedOfflineFiles_1-Applicability-End -->
 
 <!-- Pol_AssignedOfflineFiles_1-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This policy setting lists network files and folders that are always available fo
 <!-- Pol_AssignedOfflineFiles_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_AssignedOfflineFiles_2-Applicability-End -->
 
 <!-- Pol_AssignedOfflineFiles_2-OmaUri-Begin -->
@@ -215,7 +215,7 @@ This policy setting lists network files and folders that are always available fo
 <!-- Pol_BackgroundSyncSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_BackgroundSyncSettings-Applicability-End -->
 
 <!-- Pol_BackgroundSyncSettings-OmaUri-Begin -->
@@ -276,7 +276,7 @@ You can also configure Background Sync for network shares that are in user selec
 <!-- Pol_CacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CacheSize-Applicability-End -->
 
 <!-- Pol_CacheSize-OmaUri-Begin -->
@@ -346,7 +346,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
 <!-- Pol_CustomGoOfflineActions_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CustomGoOfflineActions_1-Applicability-End -->
 
 <!-- Pol_CustomGoOfflineActions_1-OmaUri-Begin -->
@@ -407,7 +407,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_CustomGoOfflineActions_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_CustomGoOfflineActions_2-Applicability-End -->
 
 <!-- Pol_CustomGoOfflineActions_2-OmaUri-Begin -->
@@ -468,7 +468,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_DefCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_DefCacheSize-Applicability-End -->
 
 <!-- Pol_DefCacheSize-OmaUri-Begin -->
@@ -537,7 +537,7 @@ This setting doesn't limit the disk space available for files that user's make a
 <!-- Pol_Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_Enabled-Applicability-End -->
 
 <!-- Pol_Enabled-OmaUri-Begin -->
@@ -601,7 +601,7 @@ This policy setting determines whether the Offline Files feature is enabled. Off
 <!-- Pol_EncryptOfflineFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EncryptOfflineFiles-Applicability-End -->
 
 <!-- Pol_EncryptOfflineFiles-OmaUri-Begin -->
@@ -669,7 +669,7 @@ This setting is applied at user logon. If this setting is changed after user log
 <!-- Pol_EventLoggingLevel_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EventLoggingLevel_1-Applicability-End -->
 
 <!-- Pol_EventLoggingLevel_1-OmaUri-Begin -->
@@ -738,7 +738,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 <!-- Pol_EventLoggingLevel_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_EventLoggingLevel_2-Applicability-End -->
 
 <!-- Pol_EventLoggingLevel_2-OmaUri-Begin -->
@@ -807,7 +807,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 <!-- Pol_ExclusionListSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ExclusionListSettings-Applicability-End -->
 
 <!-- Pol_ExclusionListSettings-OmaUri-Begin -->
@@ -865,7 +865,7 @@ This policy setting enables administrators to block certain file types from bein
 <!-- Pol_ExtExclusionList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ExtExclusionList-Applicability-End -->
 
 <!-- Pol_ExtExclusionList-OmaUri-Begin -->
@@ -928,7 +928,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
 <!-- Pol_GoOfflineAction_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_GoOfflineAction_1-Applicability-End -->
 
 <!-- Pol_GoOfflineAction_1-OmaUri-Begin -->
@@ -1001,7 +1001,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!-- Pol_GoOfflineAction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_GoOfflineAction_2-Applicability-End -->
 
 <!-- Pol_GoOfflineAction_2-OmaUri-Begin -->
@@ -1074,7 +1074,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!-- Pol_NoCacheViewer_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoCacheViewer_1-Applicability-End -->
 
 <!-- Pol_NoCacheViewer_1-OmaUri-Begin -->
@@ -1138,7 +1138,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoCacheViewer_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoCacheViewer_2-Applicability-End -->
 
 <!-- Pol_NoCacheViewer_2-OmaUri-Begin -->
@@ -1202,7 +1202,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoConfigCache_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoConfigCache_1-Applicability-End -->
 
 <!-- Pol_NoConfigCache_1-OmaUri-Begin -->
@@ -1266,7 +1266,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoConfigCache_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoConfigCache_2-Applicability-End -->
 
 <!-- Pol_NoConfigCache_2-OmaUri-Begin -->
@@ -1330,7 +1330,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoMakeAvailableOffline_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoMakeAvailableOffline_1-Applicability-End -->
 
 <!-- Pol_NoMakeAvailableOffline_1-OmaUri-Begin -->
@@ -1347,9 +1347,8 @@ This policy setting prevents users from making network files and folders availab
 
 - If you disable or don't configure this policy setting, users can manually specify files and folders that they want to make available offline.
 
-Note:
-
-This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.
+> [!NOTE]
+> This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.
 
 The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 <!-- Pol_NoMakeAvailableOffline_1-Description-End -->
@@ -1395,7 +1394,7 @@ The "Make Available Offline" command is called "Always available offline" on com
 <!-- Pol_NoMakeAvailableOffline_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoMakeAvailableOffline_2-Applicability-End -->
 
 <!-- Pol_NoMakeAvailableOffline_2-OmaUri-Begin -->
@@ -1412,9 +1411,8 @@ This policy setting prevents users from making network files and folders availab
 
 - If you disable or don't configure this policy setting, users can manually specify files and folders that they want to make available offline.
 
-Note:
-
-This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.
+> [!NOTE]
+> This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence.
 
 The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 <!-- Pol_NoMakeAvailableOffline_2-Description-End -->
@@ -1460,7 +1458,7 @@ The "Make Available Offline" command is called "Always available offline" on com
 <!-- Pol_NoPinFiles_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoPinFiles_1-Applicability-End -->
 
 <!-- Pol_NoPinFiles_1-OmaUri-Begin -->
@@ -1479,9 +1477,8 @@ This policy setting allows you to manage a list of files and folders for which y
 
 - If you don't configure this policy setting, the "Make Available Offline" command is available for all files and folders.
 
-Note:
-
-This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders.
+> [!NOTE]
+> This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders.
 
 The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 
@@ -1530,7 +1527,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this
 <!-- Pol_NoPinFiles_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoPinFiles_2-Applicability-End -->
 
 <!-- Pol_NoPinFiles_2-OmaUri-Begin -->
@@ -1549,9 +1546,8 @@ This policy setting allows you to manage a list of files and folders for which y
 
 - If you don't configure this policy setting, the "Make Available Offline" command is available for all files and folders.
 
-Note:
-
-This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders.
+> [!NOTE]
+> This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Available Offline" command is unavailable for all specified files and folders.
 
 The "Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
 
@@ -1600,7 +1596,7 @@ If the "Remove 'Make Available Offline' command" policy setting is enabled, this
 <!-- Pol_NoReminders_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoReminders_1-Applicability-End -->
 
 <!-- Pol_NoReminders_1-OmaUri-Begin -->
@@ -1670,7 +1666,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_NoReminders_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_NoReminders_2-Applicability-End -->
 
 <!-- Pol_NoReminders_2-OmaUri-Begin -->
@@ -1740,7 +1736,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_OnlineCachingSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_OnlineCachingSettings-Applicability-End -->
 
 <!-- Pol_OnlineCachingSettings-OmaUri-Begin -->
@@ -1802,7 +1798,7 @@ This policy setting is triggered by the configured round trip network latency va
 <!-- Pol_PurgeAtLogoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_PurgeAtLogoff-Applicability-End -->
 
 <!-- Pol_PurgeAtLogoff-OmaUri-Begin -->
@@ -1864,7 +1860,7 @@ If you disable this setting or don't configure it, automatically and manually ca
 <!-- Pol_QuickAdimPin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_QuickAdimPin-Applicability-End -->
 
 <!-- Pol_QuickAdimPin-OmaUri-Begin -->
@@ -1923,7 +1919,7 @@ This policy setting allows you to turn on economical application of administrati
 <!-- Pol_ReminderFreq_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderFreq_1-Applicability-End -->
 
 <!-- Pol_ReminderFreq_1-OmaUri-Begin -->
@@ -1986,7 +1982,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderFreq_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderFreq_2-Applicability-End -->
 
 <!-- Pol_ReminderFreq_2-OmaUri-Begin -->
@@ -2049,7 +2045,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderInitTimeout_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderInitTimeout_1-Applicability-End -->
 
 <!-- Pol_ReminderInitTimeout_1-OmaUri-Begin -->
@@ -2107,7 +2103,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderInitTimeout_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderInitTimeout_2-Applicability-End -->
 
 <!-- Pol_ReminderInitTimeout_2-OmaUri-Begin -->
@@ -2165,7 +2161,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderTimeout_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderTimeout_1-Applicability-End -->
 
 <!-- Pol_ReminderTimeout_1-OmaUri-Begin -->
@@ -2223,7 +2219,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_ReminderTimeout_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_ReminderTimeout_2-Applicability-End -->
 
 <!-- Pol_ReminderTimeout_2-OmaUri-Begin -->
@@ -2281,7 +2277,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SlowLinkSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SlowLinkSettings-Applicability-End -->
 
 <!-- Pol_SlowLinkSettings-OmaUri-Begin -->
@@ -2350,7 +2346,7 @@ In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep us
 <!-- Pol_SlowLinkSpeed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SlowLinkSpeed-Applicability-End -->
 
 <!-- Pol_SlowLinkSpeed-OmaUri-Begin -->
@@ -2413,7 +2409,7 @@ When a connection is considered slow, Offline Files automatically adjust its beh
 <!-- Pol_SyncAtLogoff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogoff_1-Applicability-End -->
 
 <!-- Pol_SyncAtLogoff_1-OmaUri-Begin -->
@@ -2481,7 +2477,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtLogoff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogoff_2-Applicability-End -->
 
 <!-- Pol_SyncAtLogoff_2-OmaUri-Begin -->
@@ -2549,7 +2545,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtLogon_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogon_1-Applicability-End -->
 
 <!-- Pol_SyncAtLogon_1-OmaUri-Begin -->
@@ -2617,7 +2613,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtLogon_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtLogon_2-Applicability-End -->
 
 <!-- Pol_SyncAtLogon_2-OmaUri-Begin -->
@@ -2685,7 +2681,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!-- Pol_SyncAtSuspend_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtSuspend_1-Applicability-End -->
 
 <!-- Pol_SyncAtSuspend_1-OmaUri-Begin -->
@@ -2746,7 +2742,7 @@ Determines whether offline files are synchonized before a computer is suspended.
 <!-- Pol_SyncAtSuspend_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncAtSuspend_2-Applicability-End -->
 
 <!-- Pol_SyncAtSuspend_2-OmaUri-Begin -->
@@ -2807,7 +2803,7 @@ Determines whether offline files are synchonized before a computer is suspended.
 <!-- Pol_SyncOnCostedNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_SyncOnCostedNetwork-Applicability-End -->
 
 <!-- Pol_SyncOnCostedNetwork-OmaUri-Begin -->
@@ -2866,7 +2862,7 @@ This policy setting determines whether offline files are synchronized in the bac
 <!-- Pol_WorkOfflineDisabled_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_WorkOfflineDisabled_1-Applicability-End -->
 
 <!-- Pol_WorkOfflineDisabled_1-OmaUri-Begin -->
@@ -2925,7 +2921,7 @@ This policy setting removes the "Work offline" command from Explorer, preventing
 <!-- Pol_WorkOfflineDisabled_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_WorkOfflineDisabled_2-Applicability-End -->
 
 <!-- Pol_WorkOfflineDisabled_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 8ab572b025..362d358dbb 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_pca Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DetectBlockedDriversPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectBlockedDriversPolicy-Applicability-End -->
 
 <!-- DetectBlockedDriversPolicy-OmaUri-Begin -->
@@ -82,7 +82,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectDeprecatedCOMComponentFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectDeprecatedCOMComponentFailuresPolicy-Applicability-End -->
 
 <!-- DetectDeprecatedCOMComponentFailuresPolicy-OmaUri-Begin -->
@@ -137,7 +137,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectDeprecatedComponentFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectDeprecatedComponentFailuresPolicy-Applicability-End -->
 
 <!-- DetectDeprecatedComponentFailuresPolicy-OmaUri-Begin -->
@@ -192,7 +192,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectInstallFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectInstallFailuresPolicy-Applicability-End -->
 
 <!-- DetectInstallFailuresPolicy-OmaUri-Begin -->
@@ -246,7 +246,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectUndetectedInstallersPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectUndetectedInstallersPolicy-Applicability-End -->
 
 <!-- DetectUndetectedInstallersPolicy-OmaUri-Begin -->
@@ -301,7 +301,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DetectUpdateFailuresPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DetectUpdateFailuresPolicy-Applicability-End -->
 
 <!-- DetectUpdateFailuresPolicy-OmaUri-Begin -->
@@ -356,7 +356,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
 <!-- DisablePcaUIPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePcaUIPolicy-Applicability-End -->
 
 <!-- DisablePcaUIPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index c7a0b84a44..d71f78c562 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_PeerToPeerCaching Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EnableWindowsBranchCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache-Applicability-End -->
 
 <!-- EnableWindowsBranchCache-OmaUri-Begin -->
@@ -101,7 +101,7 @@ Select one of the following:
 <!-- EnableWindowsBranchCache_Distributed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_Distributed-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_Distributed-OmaUri-Begin -->
@@ -170,7 +170,7 @@ Select one of the following:
 <!-- EnableWindowsBranchCache_Hosted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_Hosted-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_Hosted-OmaUri-Begin -->
@@ -244,7 +244,7 @@ Hosted cache clients must trust the server certificate that's issued to the host
 <!-- EnableWindowsBranchCache_HostedCacheDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_HostedCacheDiscovery-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_HostedCacheDiscovery-OmaUri-Begin -->
@@ -323,7 +323,7 @@ Select one of the following:
 <!-- EnableWindowsBranchCache_HostedMultipleServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_HostedMultipleServers-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_HostedMultipleServers-OmaUri-Begin -->
@@ -397,7 +397,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!-- EnableWindowsBranchCache_SMB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableWindowsBranchCache_SMB-Applicability-End -->
 
 <!-- EnableWindowsBranchCache_SMB-OmaUri-Begin -->
@@ -465,7 +465,7 @@ In circumstances where this policy setting is enabled, you can also select and c
 <!-- SetCachePercent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetCachePercent-Applicability-End -->
 
 <!-- SetCachePercent-OmaUri-Begin -->
@@ -539,7 +539,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!-- SetDataCacheEntryMaxAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetDataCacheEntryMaxAge-Applicability-End -->
 
 <!-- SetDataCacheEntryMaxAge-OmaUri-Begin -->
@@ -611,7 +611,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!-- SetDowngrading-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetDowngrading-Applicability-End -->
 
 <!-- SetDowngrading-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index 71da7af9ca..f6c7cd6556 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_PenTraining Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PenTrainingOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PenTrainingOff_1-Applicability-End -->
 
 <!-- PenTrainingOff_1-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Turns off Tablet PC Pen Training.
 <!-- PenTrainingOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PenTrainingOff_2-Applicability-End -->
 
 <!-- PenTrainingOff_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index b303966a84..4668a2c205 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_PerformanceDiagnostics Area in Policy CSP
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiScenarioExecutionPolicy_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_1-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_1-OmaUri-Begin -->
@@ -95,7 +95,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiScenarioExecutionPolicy_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_2-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_2-OmaUri-Begin -->
@@ -162,7 +162,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiScenarioExecutionPolicy_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_3-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_3-OmaUri-Begin -->
@@ -229,7 +229,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiScenarioExecutionPolicy_4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy_4-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy_4-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index 70d0eda39d..ca002f8ab0 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Power Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ACConnectivityInStandby_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ACConnectivityInStandby_2-Applicability-End -->
 
 <!-- ACConnectivityInStandby_2-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting allows you to control the network connectivity state in stan
 <!-- ACCriticalSleepTransitionsDisable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ACCriticalSleepTransitionsDisable_2-Applicability-End -->
 
 <!-- ACCriticalSleepTransitionsDisable_2-OmaUri-Begin -->
@@ -148,7 +148,7 @@ This policy setting allows you to turn on the ability for applications and servi
 <!-- ACStartMenuButtonAction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ACStartMenuButtonAction_2-Applicability-End -->
 
 <!-- ACStartMenuButtonAction_2-OmaUri-Begin -->
@@ -210,7 +210,7 @@ This policy setting specifies the action that Windows takes when a user presses
 <!-- AllowSystemPowerRequestAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemPowerRequestAC-Applicability-End -->
 
 <!-- AllowSystemPowerRequestAC-OmaUri-Begin -->
@@ -269,7 +269,7 @@ This policy setting allows applications and services to prevent automatic sleep.
 <!-- AllowSystemPowerRequestDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemPowerRequestDC-Applicability-End -->
 
 <!-- AllowSystemPowerRequestDC-OmaUri-Begin -->
@@ -328,7 +328,7 @@ This policy setting allows applications and services to prevent automatic sleep.
 <!-- AllowSystemSleepWithRemoteFilesOpenAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemSleepWithRemoteFilesOpenAC-Applicability-End -->
 
 <!-- AllowSystemSleepWithRemoteFilesOpenAC-OmaUri-Begin -->
@@ -387,7 +387,7 @@ This policy setting allows you to manage automatic sleep with open network files
 <!-- AllowSystemSleepWithRemoteFilesOpenDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSystemSleepWithRemoteFilesOpenDC-Applicability-End -->
 
 <!-- AllowSystemSleepWithRemoteFilesOpenDC-OmaUri-Begin -->
@@ -446,7 +446,7 @@ This policy setting allows you to manage automatic sleep with open network files
 <!-- CustomActiveSchemeOverride_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomActiveSchemeOverride_2-Applicability-End -->
 
 <!-- CustomActiveSchemeOverride_2-OmaUri-Begin -->
@@ -504,7 +504,7 @@ This policy setting specifies the active power plan from a specified power plan'
 <!-- DCBatteryDischargeAction0_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeAction0_2-Applicability-End -->
 
 <!-- DCBatteryDischargeAction0_2-OmaUri-Begin -->
@@ -567,7 +567,7 @@ This policy setting specifies the action that Windows takes when battery capacit
 <!-- DCBatteryDischargeAction1_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeAction1_2-Applicability-End -->
 
 <!-- DCBatteryDischargeAction1_2-OmaUri-Begin -->
@@ -630,7 +630,7 @@ This policy setting specifies the action that Windows takes when battery capacit
 <!-- DCBatteryDischargeLevel0_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeLevel0_2-Applicability-End -->
 
 <!-- DCBatteryDischargeLevel0_2-OmaUri-Begin -->
@@ -690,7 +690,7 @@ To set the action that's triggered, see the "Critical Battery Notification Actio
 <!-- DCBatteryDischargeLevel1_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeLevel1_2-Applicability-End -->
 
 <!-- DCBatteryDischargeLevel1_2-OmaUri-Begin -->
@@ -750,7 +750,7 @@ To set the action that's triggered, see the "Low Battery Notification Action" po
 <!-- DCBatteryDischargeLevel1UINotification_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCBatteryDischargeLevel1UINotification_2-Applicability-End -->
 
 <!-- DCBatteryDischargeLevel1UINotification_2-OmaUri-Begin -->
@@ -811,7 +811,7 @@ The notification will only be shown if the "Low Battery Notification Action" pol
 <!-- DCConnectivityInStandby_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCConnectivityInStandby_2-Applicability-End -->
 
 <!-- DCConnectivityInStandby_2-OmaUri-Begin -->
@@ -872,7 +872,7 @@ This policy setting allows you to control the network connectivity state in stan
 <!-- DCCriticalSleepTransitionsDisable_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCCriticalSleepTransitionsDisable_2-Applicability-End -->
 
 <!-- DCCriticalSleepTransitionsDisable_2-OmaUri-Begin -->
@@ -931,7 +931,7 @@ This policy setting allows you to turn on the ability for applications and servi
 <!-- DCStartMenuButtonAction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DCStartMenuButtonAction_2-Applicability-End -->
 
 <!-- DCStartMenuButtonAction_2-OmaUri-Begin -->
@@ -993,7 +993,7 @@ This policy setting specifies the action that Windows takes when a user presses
 <!-- DiskACPowerDownTimeOut_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DiskACPowerDownTimeOut_2-Applicability-End -->
 
 <!-- DiskACPowerDownTimeOut_2-OmaUri-Begin -->
@@ -1051,7 +1051,7 @@ This policy setting specifies the period of inactivity before Windows turns off
 <!-- DiskDCPowerDownTimeOut_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DiskDCPowerDownTimeOut_2-Applicability-End -->
 
 <!-- DiskDCPowerDownTimeOut_2-OmaUri-Begin -->
@@ -1109,7 +1109,7 @@ This policy setting specifies the period of inactivity before Windows turns off
 <!-- Dont_PowerOff_AfterShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Dont_PowerOff_AfterShutdown-Applicability-End -->
 
 <!-- Dont_PowerOff_AfterShutdown-OmaUri-Begin -->
@@ -1170,7 +1170,7 @@ This setting is only applicable when Windows shutdown is initiated by software p
 <!-- EnableDesktopSlideShowAC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableDesktopSlideShowAC-Applicability-End -->
 
 <!-- EnableDesktopSlideShowAC-OmaUri-Begin -->
@@ -1231,7 +1231,7 @@ This policy setting allows you to specify if Windows should enable the desktop b
 <!-- EnableDesktopSlideShowDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableDesktopSlideShowDC-Applicability-End -->
 
 <!-- EnableDesktopSlideShowDC-OmaUri-Begin -->
@@ -1292,7 +1292,7 @@ This policy setting allows you to specify if Windows should enable the desktop b
 <!-- InboxActiveSchemeOverride_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InboxActiveSchemeOverride_2-Applicability-End -->
 
 <!-- InboxActiveSchemeOverride_2-OmaUri-Begin -->
@@ -1350,7 +1350,7 @@ This policy setting specifies the active power plan from a list of default Windo
 <!-- PowerThrottlingTurnOff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PowerThrottlingTurnOff-Applicability-End -->
 
 <!-- PowerThrottlingTurnOff-OmaUri-Begin -->
@@ -1409,7 +1409,7 @@ This policy setting allows you to turn off Power Throttling.
 <!-- PW_PromptPasswordOnResume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PW_PromptPasswordOnResume-Applicability-End -->
 
 <!-- PW_PromptPasswordOnResume-OmaUri-Begin -->
@@ -1468,7 +1468,7 @@ This policy setting allows you to configure client computers to lock and prompt
 <!-- ReserveBatteryNotificationLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ReserveBatteryNotificationLevel-Applicability-End -->
 
 <!-- ReserveBatteryNotificationLevel-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index 1fe9516c0a..68f10aa963 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_PowerShellExecutionPolicy Area in Policy
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EnableModuleLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableModuleLogging-Applicability-End -->
 
 <!-- EnableModuleLogging-OmaUri-Begin -->
@@ -98,7 +98,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ
 <!-- EnableScripts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableScripts-Applicability-End -->
 
 <!-- EnableScripts-OmaUri-Begin -->
@@ -172,7 +172,7 @@ The "Allow all scripts" policy setting allows all scripts to run.
 <!-- EnableTranscripting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableTranscripting-Applicability-End -->
 
 <!-- EnableTranscripting-OmaUri-Begin -->
@@ -240,7 +240,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared
 <!-- EnableUpdateHelpDefaultSourcePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableUpdateHelpDefaultSourcePath-Applicability-End -->
 
 <!-- EnableUpdateHelpDefaultSourcePath-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 8d21b28178..12298c8668 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_PreviousVersions Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableBackupRestore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBackupRestore_1-Applicability-End -->
 
 <!-- DisableBackupRestore_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableBackupRestore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBackupRestore_2-Applicability-End -->
 
 <!-- DisableBackupRestore_2-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableLocalPage_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalPage_1-Applicability-End -->
 
 <!-- DisableLocalPage_1-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableLocalPage_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalPage_2-Applicability-End -->
 
 <!-- DisableLocalPage_2-OmaUri-Begin -->
@@ -272,7 +272,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableLocalRestore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalRestore_1-Applicability-End -->
 
 <!-- DisableLocalRestore_1-OmaUri-Begin -->
@@ -333,7 +333,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableLocalRestore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocalRestore_2-Applicability-End -->
 
 <!-- DisableLocalRestore_2-OmaUri-Begin -->
@@ -394,7 +394,7 @@ This policy setting lets you suppress the Restore button in the previous version
 <!-- DisableRemotePage_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemotePage_1-Applicability-End -->
 
 <!-- DisableRemotePage_1-OmaUri-Begin -->
@@ -455,7 +455,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableRemotePage_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemotePage_2-Applicability-End -->
 
 <!-- DisableRemotePage_2-OmaUri-Begin -->
@@ -516,7 +516,7 @@ This policy setting lets you hide the list of previous versions of files that ar
 <!-- DisableRemoteRestore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemoteRestore_1-Applicability-End -->
 
 <!-- DisableRemoteRestore_1-OmaUri-Begin -->
@@ -577,7 +577,7 @@ This setting lets you suppress the Restore button in the previous versions prope
 <!-- DisableRemoteRestore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRemoteRestore_2-Applicability-End -->
 
 <!-- DisableRemoteRestore_2-OmaUri-Begin -->
@@ -638,7 +638,7 @@ This setting lets you suppress the Restore button in the previous versions prope
 <!-- HideBackupEntries_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideBackupEntries_1-Applicability-End -->
 
 <!-- HideBackupEntries_1-OmaUri-Begin -->
@@ -699,7 +699,7 @@ This policy setting lets you hide entries in the list of previous versions of a
 <!-- HideBackupEntries_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideBackupEntries_2-Applicability-End -->
 
 <!-- HideBackupEntries_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index 8080b412ee..4e7b8d6bf5 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Printing Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowWebPrinting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowWebPrinting-Applicability-End -->
 
 <!-- AllowWebPrinting-OmaUri-Begin -->
@@ -94,7 +94,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in
 <!-- ApplicationDriverIsolation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApplicationDriverIsolation-Applicability-End -->
 
 <!-- ApplicationDriverIsolation-OmaUri-Begin -->
@@ -163,7 +163,7 @@ Note:
 <!-- CustomizedSupportUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomizedSupportUrl-Applicability-End -->
 
 <!-- CustomizedSupportUrl-OmaUri-Begin -->
@@ -228,7 +228,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt
 <!-- DomainPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DomainPrinters-Applicability-End -->
 
 <!-- DomainPrinters-OmaUri-Begin -->
@@ -304,7 +304,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
 <!-- DoNotInstallCompatibleDriverFromWindowsUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotInstallCompatibleDriverFromWindowsUpdate-Applicability-End -->
 
 <!-- DoNotInstallCompatibleDriverFromWindowsUpdate-OmaUri-Begin -->
@@ -367,7 +367,7 @@ By default, Windows Ultimate, Professional and Home SKUs will continue to search
 <!-- DownlevelBrowse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DownlevelBrowse-Applicability-End -->
 
 <!-- DownlevelBrowse-OmaUri-Begin -->
@@ -429,7 +429,7 @@ Allows users to use the Add Printer Wizard to search the network for shared prin
 <!-- EMFDespooling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EMFDespooling-Applicability-End -->
 
 <!-- EMFDespooling-OmaUri-Begin -->
@@ -501,7 +501,7 @@ If you don't enable this policy setting, the behavior is the same as disabling i
 <!-- ForceSoftwareRasterization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceSoftwareRasterization-Applicability-End -->
 
 <!-- ForceSoftwareRasterization-OmaUri-Begin -->
@@ -558,7 +558,7 @@ This setting may improve the performance of the XPS Rasterization Service or the
 <!-- IntranetPrintersUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IntranetPrintersUrl-Applicability-End -->
 
 <!-- IntranetPrintersUrl-OmaUri-Begin -->
@@ -620,7 +620,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ
 <!-- KMPrintersAreBlocked-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- KMPrintersAreBlocked-Applicability-End -->
 
 <!-- KMPrintersAreBlocked-OmaUri-Begin -->
@@ -684,7 +684,7 @@ Determines whether printers using kernel-mode drivers may be installed on the lo
 <!-- LegacyDefaultPrinterMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LegacyDefaultPrinterMode-Applicability-End -->
 
 <!-- LegacyDefaultPrinterMode-OmaUri-Begin -->
@@ -745,7 +745,7 @@ This preference allows you to change default printer management.
 <!-- MXDWUseLegacyOutputFormatMSXPS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MXDWUseLegacyOutputFormatMSXPS-Applicability-End -->
 
 <!-- MXDWUseLegacyOutputFormatMSXPS-OmaUri-Begin -->
@@ -804,7 +804,7 @@ Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default
 <!-- NoDeletePrinter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDeletePrinter-Applicability-End -->
 
 <!-- NoDeletePrinter-OmaUri-Begin -->
@@ -866,7 +866,7 @@ This setting doesn't prevent users from running other programs to delete a print
 <!-- NonDomainPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NonDomainPrinters-Applicability-End -->
 
 <!-- NonDomainPrinters-OmaUri-Begin -->
@@ -938,7 +938,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
 <!-- PackagePointAndPrintOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintOnly-Applicability-End -->
 
 <!-- PackagePointAndPrintOnly-OmaUri-Begin -->
@@ -997,7 +997,7 @@ This policy restricts clients computers to use package point and print only.
 <!-- PackagePointAndPrintOnly_Win7-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintOnly_Win7-Applicability-End -->
 
 <!-- PackagePointAndPrintOnly_Win7-OmaUri-Begin -->
@@ -1056,7 +1056,7 @@ This policy restricts clients computers to use package point and print only.
 <!-- PackagePointAndPrintServerList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintServerList-Applicability-End -->
 
 <!-- PackagePointAndPrintServerList-OmaUri-Begin -->
@@ -1119,7 +1119,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri
 <!-- PackagePointAndPrintServerList_Win7-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PackagePointAndPrintServerList_Win7-Applicability-End -->
 
 <!-- PackagePointAndPrintServerList_Win7-OmaUri-Begin -->
@@ -1182,7 +1182,7 @@ Windows Vista and later clients will attempt to make a non-package point and pri
 <!-- PhysicalLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PhysicalLocation-Applicability-End -->
 
 <!-- PhysicalLocation-OmaUri-Begin -->
@@ -1245,7 +1245,7 @@ Type the location of the user's computer. When users search for printers, the sy
 <!-- PhysicalLocationSupport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PhysicalLocationSupport-Applicability-End -->
 
 <!-- PhysicalLocationSupport-OmaUri-Begin -->
@@ -1306,7 +1306,7 @@ Use Location Tracking to design a location scheme for your enterprise and assign
 <!-- PrintDriverIsolationExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrintDriverIsolationExecutionPolicy-Applicability-End -->
 
 <!-- PrintDriverIsolationExecutionPolicy-OmaUri-Begin -->
@@ -1373,7 +1373,7 @@ Note:
 <!-- PrintDriverIsolationOverrideCompat-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrintDriverIsolationOverrideCompat-Applicability-End -->
 
 <!-- PrintDriverIsolationOverrideCompat-OmaUri-Begin -->
@@ -1440,7 +1440,7 @@ Note:
 <!-- PrinterDirectorySearchScope-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrinterDirectorySearchScope-Applicability-End -->
 
 <!-- PrinterDirectorySearchScope-OmaUri-Begin -->
@@ -1500,7 +1500,7 @@ This setting only provides a starting point for Active Directory searches for pr
 <!-- PrinterServerThread-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PrinterServerThread-Applicability-End -->
 
 <!-- PrinterServerThread-OmaUri-Begin -->
@@ -1566,7 +1566,7 @@ On domains with Active Directory, shared printer resources are available in Acti
 <!-- ShowJobTitleInEventLogs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowJobTitleInEventLogs-Applicability-End -->
 
 <!-- ShowJobTitleInEventLogs-OmaUri-Begin -->
@@ -1628,7 +1628,7 @@ This policy controls whether the print job name will be included in print event
 <!-- V4DriverDisallowPrinterExtension-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- V4DriverDisallowPrinterExtension-Applicability-End -->
 
 <!-- V4DriverDisallowPrinterExtension-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index f4e5a8d051..a30b68056b 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Printing2 Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AutoPublishing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoPublishing-Applicability-End -->
 
 <!-- AutoPublishing-OmaUri-Begin -->
@@ -92,7 +92,7 @@ The default behavior is to automatically publish shared printers in Active Direc
 <!-- ImmortalPrintQueue-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ImmortalPrintQueue-Applicability-End -->
 
 <!-- ImmortalPrintQueue-OmaUri-Begin -->
@@ -156,7 +156,7 @@ By default, the pruning service on the domain controller prunes printer objects
 <!-- PruneDownlevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruneDownlevel-Applicability-End -->
 
 <!-- PruneDownlevel-OmaUri-Begin -->
@@ -226,7 +226,7 @@ You can enable this setting to change the default behavior. To use this setting,
 <!-- PruningInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningInterval-Applicability-End -->
 
 <!-- PruningInterval-OmaUri-Begin -->
@@ -291,7 +291,7 @@ By default, the pruning service contacts computers every eight hours and allows
 <!-- PruningPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningPriority-Applicability-End -->
 
 <!-- PruningPriority-OmaUri-Begin -->
@@ -354,7 +354,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust
 <!-- PruningRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningRetries-Applicability-End -->
 
 <!-- PruningRetries-OmaUri-Begin -->
@@ -419,7 +419,7 @@ By default, the pruning service contacts computers every eight hours and allows
 <!-- PruningRetryLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PruningRetryLog-Applicability-End -->
 
 <!-- PruningRetryLog-OmaUri-Begin -->
@@ -486,7 +486,7 @@ The pruning service periodically contacts computers that have published printers
 <!-- RegisterSpoolerRemoteRpcEndPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RegisterSpoolerRemoteRpcEndPoint-Applicability-End -->
 
 <!-- RegisterSpoolerRemoteRpcEndPoint-OmaUri-Begin -->
@@ -547,7 +547,7 @@ The spooler must be restarted for changes to this policy to take effect.
 <!-- VerifyPublishedState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- VerifyPublishedState-Applicability-End -->
 
 <!-- VerifyPublishedState-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 3a614e7938..ce4953e2bd 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Programs Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- NoDefaultPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDefaultPrograms-Applicability-End -->
 
 <!-- NoDefaultPrograms-OmaUri-Begin -->
@@ -91,7 +91,7 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta
 <!-- NoGetPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoGetPrograms-Applicability-End -->
 
 <!-- NoGetPrograms-OmaUri-Begin -->
@@ -157,7 +157,7 @@ Published programs are those programs that the system administrator has explicit
 <!-- NoInstalledUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInstalledUpdates-Applicability-End -->
 
 <!-- NoInstalledUpdates-OmaUri-Begin -->
@@ -218,7 +218,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoProgramsAndFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoProgramsAndFeatures-Applicability-End -->
 
 <!-- NoProgramsAndFeatures-OmaUri-Begin -->
@@ -277,7 +277,7 @@ This setting doesn't prevent users from using other tools and methods to view or
 <!-- NoProgramsCPL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoProgramsCPL-Applicability-End -->
 
 <!-- NoProgramsCPL-OmaUri-Begin -->
@@ -340,7 +340,7 @@ This setting doesn't prevent users from using other tools and methods to install
 <!-- NoWindowsFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsFeatures-Applicability-End -->
 
 <!-- NoWindowsFeatures-OmaUri-Begin -->
@@ -399,7 +399,7 @@ This setting doesn't prevent users from using other tools and methods to configu
 <!-- NoWindowsMarketplace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsMarketplace-Applicability-End -->
 
 <!-- NoWindowsMarketplace-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index 60a5e62d91..f4c90fd2f1 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_PushToInstall Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisablePushToInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePushToInstall-Applicability-End -->
 
 <!-- DisablePushToInstall-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-qos.md b/windows/client-management/mdm/policy-csp-admx-qos.md
index f9bd414d52..88eb3a3e85 100644
--- a/windows/client-management/mdm/policy-csp-admx-qos.md
+++ b/windows/client-management/mdm/policy-csp-admx-qos.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_QOS Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- QosMaxOutstandingSends-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosMaxOutstandingSends-Applicability-End -->
 
 <!-- QosMaxOutstandingSends-OmaUri-Begin -->
@@ -91,7 +91,7 @@ Specifies the maximum number of outstanding packets permitted on the system. Whe
 <!-- QosNonBestEffortLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosNonBestEffortLimit-Applicability-End -->
 
 <!-- QosNonBestEffortLimit-OmaUri-Begin -->
@@ -154,7 +154,7 @@ By default, the Packet Scheduler limits the system to 80 percent of the bandwidt
 <!-- QosServiceTypeBestEffort_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeBestEffort_C-Applicability-End -->
 
 <!-- QosServiceTypeBestEffort_C-OmaUri-Begin -->
@@ -217,7 +217,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeBestEffort_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeBestEffort_NC-Applicability-End -->
 
 <!-- QosServiceTypeBestEffort_NC-OmaUri-Begin -->
@@ -280,7 +280,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeBestEffort_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeBestEffort_PV-Applicability-End -->
 
 <!-- QosServiceTypeBestEffort_PV-OmaUri-Begin -->
@@ -341,7 +341,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeControlledLoad_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeControlledLoad_C-Applicability-End -->
 
 <!-- QosServiceTypeControlledLoad_C-OmaUri-Begin -->
@@ -404,7 +404,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeControlledLoad_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeControlledLoad_NC-Applicability-End -->
 
 <!-- QosServiceTypeControlledLoad_NC-OmaUri-Begin -->
@@ -467,7 +467,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeControlledLoad_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeControlledLoad_PV-Applicability-End -->
 
 <!-- QosServiceTypeControlledLoad_PV-OmaUri-Begin -->
@@ -528,7 +528,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeGuaranteed_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeGuaranteed_C-Applicability-End -->
 
 <!-- QosServiceTypeGuaranteed_C-OmaUri-Begin -->
@@ -591,7 +591,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeGuaranteed_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeGuaranteed_NC-Applicability-End -->
 
 <!-- QosServiceTypeGuaranteed_NC-OmaUri-Begin -->
@@ -654,7 +654,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeGuaranteed_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeGuaranteed_PV-Applicability-End -->
 
 <!-- QosServiceTypeGuaranteed_PV-OmaUri-Begin -->
@@ -715,7 +715,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeNetworkControl_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNetworkControl_C-Applicability-End -->
 
 <!-- QosServiceTypeNetworkControl_C-OmaUri-Begin -->
@@ -778,7 +778,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeNetworkControl_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNetworkControl_NC-Applicability-End -->
 
 <!-- QosServiceTypeNetworkControl_NC-OmaUri-Begin -->
@@ -841,7 +841,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeNetworkControl_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNetworkControl_PV-Applicability-End -->
 
 <!-- QosServiceTypeNetworkControl_PV-OmaUri-Begin -->
@@ -902,7 +902,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosServiceTypeNonConforming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeNonConforming-Applicability-End -->
 
 <!-- QosServiceTypeNonConforming-OmaUri-Begin -->
@@ -963,7 +963,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets that don'
 <!-- QosServiceTypeQualitative_C-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeQualitative_C-Applicability-End -->
 
 <!-- QosServiceTypeQualitative_C-OmaUri-Begin -->
@@ -1026,7 +1026,7 @@ This setting applies only to packets that conform to the flow specification.
 <!-- QosServiceTypeQualitative_NC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeQualitative_NC-Applicability-End -->
 
 <!-- QosServiceTypeQualitative_NC-OmaUri-Begin -->
@@ -1089,7 +1089,7 @@ This setting applies only to packets that don't conform to the flow specificatio
 <!-- QosServiceTypeQualitative_PV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosServiceTypeQualitative_PV-Applicability-End -->
 
 <!-- QosServiceTypeQualitative_PV-OmaUri-Begin -->
@@ -1150,7 +1150,7 @@ Specifies an alternate link layer (Layer-2) priority value for packets with the
 <!-- QosTimerResolution-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QosTimerResolution-Applicability-End -->
 
 <!-- QosTimerResolution-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index eb513d6580..787f2686d2 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Radar Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index e08ad665f0..0c9e9c4c91 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Reliability Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EE_EnablePersistentTimeStamp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EE_EnablePersistentTimeStamp-Applicability-End -->
 
 <!-- EE_EnablePersistentTimeStamp-OmaUri-Begin -->
@@ -92,7 +92,7 @@ This policy setting allows the system to detect the time of unexpected shutdowns
 <!-- PCH_ReportShutdownEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PCH_ReportShutdownEvents-Applicability-End -->
 
 <!-- PCH_ReportShutdownEvents-OmaUri-Begin -->
@@ -155,7 +155,7 @@ Also see the "Configure Error Reporting" policy setting.
 <!-- ShutdownEventTrackerStateFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShutdownEventTrackerStateFile-Applicability-End -->
 
 <!-- ShutdownEventTrackerStateFile-OmaUri-Begin -->
@@ -221,7 +221,7 @@ The system state data file contains information about the basic system state as
 <!-- ShutdownReason-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShutdownReason-Applicability-End -->
 
 <!-- ShutdownReason-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 1c36430a8b..b3b804deb2 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_RemoteAssistance Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- RA_EncryptedTicketOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RA_EncryptedTicketOnly-Applicability-End -->
 
 <!-- RA_EncryptedTicketOnly-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting enables Remote Assistance invitations to be generated with i
 <!-- RA_Optimize_Bandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RA_Optimize_Bandwidth-Applicability-End -->
 
 <!-- RA_Optimize_Bandwidth-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index 9dd1fd7618..3184140eb7 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_RemovableStorage Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AccessRights_RebootTime_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AccessRights_RebootTime_1-Applicability-End -->
 
 <!-- AccessRights_RebootTime_1-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
 <!-- AccessRights_RebootTime_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AccessRights_RebootTime_2-Applicability-End -->
 
 <!-- AccessRights_RebootTime_2-OmaUri-Begin -->
@@ -152,7 +152,7 @@ This policy setting configures the amount of time (in seconds) that the operatin
 <!-- CDandDVD_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyExecute_Access_2-Applicability-End -->
 
 <!-- CDandDVD_DenyExecute_Access_2-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This policy setting denies execute access to the CD and DVD removable storage cl
 <!-- CDandDVD_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyRead_Access_1-Applicability-End -->
 
 <!-- CDandDVD_DenyRead_Access_1-OmaUri-Begin -->
@@ -270,7 +270,7 @@ This policy setting denies read access to the CD and DVD removable storage class
 <!-- CDandDVD_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyRead_Access_2-Applicability-End -->
 
 <!-- CDandDVD_DenyRead_Access_2-OmaUri-Begin -->
@@ -329,7 +329,7 @@ This policy setting denies read access to the CD and DVD removable storage class
 <!-- CDandDVD_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyWrite_Access_1-Applicability-End -->
 
 <!-- CDandDVD_DenyWrite_Access_1-OmaUri-Begin -->
@@ -388,7 +388,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
 <!-- CDandDVD_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CDandDVD_DenyWrite_Access_2-Applicability-End -->
 
 <!-- CDandDVD_DenyWrite_Access_2-OmaUri-Begin -->
@@ -447,7 +447,7 @@ This policy setting denies write access to the CD and DVD removable storage clas
 <!-- CustomClasses_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyRead_Access_1-Applicability-End -->
 
 <!-- CustomClasses_DenyRead_Access_1-OmaUri-Begin -->
@@ -506,7 +506,7 @@ This policy setting denies read access to custom removable storage classes.
 <!-- CustomClasses_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyRead_Access_2-Applicability-End -->
 
 <!-- CustomClasses_DenyRead_Access_2-OmaUri-Begin -->
@@ -565,7 +565,7 @@ This policy setting denies read access to custom removable storage classes.
 <!-- CustomClasses_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyWrite_Access_1-Applicability-End -->
 
 <!-- CustomClasses_DenyWrite_Access_1-OmaUri-Begin -->
@@ -624,7 +624,7 @@ This policy setting denies write access to custom removable storage classes.
 <!-- CustomClasses_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomClasses_DenyWrite_Access_2-Applicability-End -->
 
 <!-- CustomClasses_DenyWrite_Access_2-OmaUri-Begin -->
@@ -683,7 +683,7 @@ This policy setting denies write access to custom removable storage classes.
 <!-- FloppyDrives_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyExecute_Access_2-Applicability-End -->
 
 <!-- FloppyDrives_DenyExecute_Access_2-OmaUri-Begin -->
@@ -742,7 +742,7 @@ This policy setting denies execute access to the Floppy Drives removable storage
 <!-- FloppyDrives_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyRead_Access_1-Applicability-End -->
 
 <!-- FloppyDrives_DenyRead_Access_1-OmaUri-Begin -->
@@ -801,7 +801,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
 <!-- FloppyDrives_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyRead_Access_2-Applicability-End -->
 
 <!-- FloppyDrives_DenyRead_Access_2-OmaUri-Begin -->
@@ -860,7 +860,7 @@ This policy setting denies read access to the Floppy Drives removable storage cl
 <!-- FloppyDrives_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyWrite_Access_1-Applicability-End -->
 
 <!-- FloppyDrives_DenyWrite_Access_1-OmaUri-Begin -->
@@ -919,7 +919,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
 <!-- FloppyDrives_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FloppyDrives_DenyWrite_Access_2-Applicability-End -->
 
 <!-- FloppyDrives_DenyWrite_Access_2-OmaUri-Begin -->
@@ -978,7 +978,7 @@ This policy setting denies write access to the Floppy Drives removable storage c
 <!-- Removable_Remote_Allow_Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Removable_Remote_Allow_Access-Applicability-End -->
 
 <!-- Removable_Remote_Allow_Access-OmaUri-Begin -->
@@ -1037,7 +1037,7 @@ This policy setting grants normal users direct access to removable storage devic
 <!-- RemovableDisks_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyExecute_Access_2-Applicability-End -->
 
 <!-- RemovableDisks_DenyExecute_Access_2-OmaUri-Begin -->
@@ -1096,7 +1096,7 @@ This policy setting denies execute access to removable disks.
 <!-- RemovableDisks_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyRead_Access_1-Applicability-End -->
 
 <!-- RemovableDisks_DenyRead_Access_1-OmaUri-Begin -->
@@ -1155,7 +1155,7 @@ This policy setting denies read access to removable disks.
 <!-- RemovableDisks_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyRead_Access_2-Applicability-End -->
 
 <!-- RemovableDisks_DenyRead_Access_2-OmaUri-Begin -->
@@ -1214,7 +1214,7 @@ This policy setting denies read access to removable disks.
 <!-- RemovableDisks_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableDisks_DenyWrite_Access_1-Applicability-End -->
 
 <!-- RemovableDisks_DenyWrite_Access_1-OmaUri-Begin -->
@@ -1276,7 +1276,7 @@ This policy setting denies write access to removable disks.
 <!-- RemovableStorageClasses_DenyAll_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableStorageClasses_DenyAll_Access_1-Applicability-End -->
 
 <!-- RemovableStorageClasses_DenyAll_Access_1-OmaUri-Begin -->
@@ -1337,7 +1337,7 @@ This policy setting takes precedence over any individual removable storage polic
 <!-- RemovableStorageClasses_DenyAll_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemovableStorageClasses_DenyAll_Access_2-Applicability-End -->
 
 <!-- RemovableStorageClasses_DenyAll_Access_2-OmaUri-Begin -->
@@ -1398,7 +1398,7 @@ This policy setting takes precedence over any individual removable storage polic
 <!-- TapeDrives_DenyExecute_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyExecute_Access_2-Applicability-End -->
 
 <!-- TapeDrives_DenyExecute_Access_2-OmaUri-Begin -->
@@ -1457,7 +1457,7 @@ This policy setting denies execute access to the Tape Drive removable storage cl
 <!-- TapeDrives_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyRead_Access_1-Applicability-End -->
 
 <!-- TapeDrives_DenyRead_Access_1-OmaUri-Begin -->
@@ -1516,7 +1516,7 @@ This policy setting denies read access to the Tape Drive removable storage class
 <!-- TapeDrives_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyRead_Access_2-Applicability-End -->
 
 <!-- TapeDrives_DenyRead_Access_2-OmaUri-Begin -->
@@ -1575,7 +1575,7 @@ This policy setting denies read access to the Tape Drive removable storage class
 <!-- TapeDrives_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyWrite_Access_1-Applicability-End -->
 
 <!-- TapeDrives_DenyWrite_Access_1-OmaUri-Begin -->
@@ -1634,7 +1634,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
 <!-- TapeDrives_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TapeDrives_DenyWrite_Access_2-Applicability-End -->
 
 <!-- TapeDrives_DenyWrite_Access_2-OmaUri-Begin -->
@@ -1693,7 +1693,7 @@ This policy setting denies write access to the Tape Drive removable storage clas
 <!-- WPDDevices_DenyRead_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyRead_Access_1-Applicability-End -->
 
 <!-- WPDDevices_DenyRead_Access_1-OmaUri-Begin -->
@@ -1752,7 +1752,7 @@ This policy setting denies read access to removable disks, which may include med
 <!-- WPDDevices_DenyRead_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyRead_Access_2-Applicability-End -->
 
 <!-- WPDDevices_DenyRead_Access_2-OmaUri-Begin -->
@@ -1811,7 +1811,7 @@ This policy setting denies read access to removable disks, which may include med
 <!-- WPDDevices_DenyWrite_Access_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyWrite_Access_1-Applicability-End -->
 
 <!-- WPDDevices_DenyWrite_Access_1-OmaUri-Begin -->
@@ -1870,7 +1870,7 @@ This policy setting denies write access to removable disks, which may include me
 <!-- WPDDevices_DenyWrite_Access_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevices_DenyWrite_Access_2-Applicability-End -->
 
 <!-- WPDDevices_DenyWrite_Access_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 4edfda6b8f..7c8406a263 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_RPC Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- RpcExtendedErrorInformation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcExtendedErrorInformation-Applicability-End -->
 
 <!-- RpcExtendedErrorInformation-OmaUri-Begin -->
@@ -110,7 +110,7 @@ Extended error information includes the local time that the error occurred, the
 <!-- RpcIgnoreDelegationFailure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcIgnoreDelegationFailure-Applicability-End -->
 
 <!-- RpcIgnoreDelegationFailure-OmaUri-Begin -->
@@ -179,7 +179,7 @@ The constrained delegation model, introduced in Windows Server 2003, doesn't rep
 <!-- RpcMinimumHttpConnectionTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcMinimumHttpConnectionTimeout-Applicability-End -->
 
 <!-- RpcMinimumHttpConnectionTimeout-OmaUri-Begin -->
@@ -248,7 +248,7 @@ The minimum allowed value for this policy setting is 90 seconds. The maximum is
 <!-- RpcStateInformation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RpcStateInformation-Applicability-End -->
 
 <!-- RpcStateInformation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sam.md b/windows/client-management/mdm/policy-csp-admx-sam.md
index 8f947117a1..f50403b71b 100644
--- a/windows/client-management/mdm/policy-csp-admx-sam.md
+++ b/windows/client-management/mdm/policy-csp-admx-sam.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_sam Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SamNGCKeyROCAValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SamNGCKeyROCAValidation-Applicability-End -->
 
 <!-- SamNGCKeyROCAValidation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index 84a0dd295a..787caffb91 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Scripts Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Allow_Logon_Script_NetbiosDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Allow_Logon_Script_NetbiosDisabled-Applicability-End -->
 
 <!-- Allow_Logon_Script_NetbiosDisabled-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows user logon scripts to run when the logon cross-forest
 <!-- MaxGPOScriptWaitPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MaxGPOScriptWaitPolicy-Applicability-End -->
 
 <!-- MaxGPOScriptWaitPolicy-OmaUri-Begin -->
@@ -151,7 +151,7 @@ An excessively long interval can delay the system and inconvenience users. Howev
 <!-- Run_Computer_PS_Scripts_First-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Computer_PS_Scripts_First-Applicability-End -->
 
 <!-- Run_Computer_PS_Scripts_First-OmaUri-Begin -->
@@ -229,7 +229,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script
 <!-- Run_Legacy_Logon_Script_Hidden-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Legacy_Logon_Script_Hidden-Applicability-End -->
 
 <!-- Run_Legacy_Logon_Script_Hidden-OmaUri-Begin -->
@@ -292,7 +292,7 @@ Also, see the "Run Logon Scripts Visible" setting.
 <!-- Run_Logoff_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logoff_Script_Visible-Applicability-End -->
 
 <!-- Run_Logoff_Script_Visible-OmaUri-Begin -->
@@ -353,7 +353,7 @@ Logoff scripts are batch files of instructions that run when the user logs off.
 <!-- Run_Logon_Script_Sync_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logon_Script_Sync_1-Applicability-End -->
 
 <!-- Run_Logon_Script_Sync_1-OmaUri-Begin -->
@@ -414,7 +414,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- Run_Logon_Script_Sync_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logon_Script_Sync_2-Applicability-End -->
 
 <!-- Run_Logon_Script_Sync_2-OmaUri-Begin -->
@@ -475,7 +475,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!-- Run_Logon_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Logon_Script_Visible-Applicability-End -->
 
 <!-- Run_Logon_Script_Visible-OmaUri-Begin -->
@@ -536,7 +536,7 @@ Logon scripts are batch files of instructions that run when the user logs on. By
 <!-- Run_Shutdown_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Shutdown_Script_Visible-Applicability-End -->
 
 <!-- Run_Shutdown_Script_Visible-OmaUri-Begin -->
@@ -597,7 +597,7 @@ Shutdown scripts are batch files of instructions that run when the user restarts
 <!-- Run_Startup_Script_Sync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Startup_Script_Sync-Applicability-End -->
 
 <!-- Run_Startup_Script_Sync-OmaUri-Begin -->
@@ -661,7 +661,7 @@ Startup scripts are batch files that run before the user is invited to log on. B
 <!-- Run_Startup_Script_Visible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_Startup_Script_Visible-Applicability-End -->
 
 <!-- Run_Startup_Script_Visible-OmaUri-Begin -->
@@ -725,7 +725,7 @@ Startup scripts are batch files of instructions that run before the user is invi
 <!-- Run_User_PS_Scripts_First-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Run_User_PS_Scripts_First-Applicability-End -->
 
 <!-- Run_User_PS_Scripts_First-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index b00d4f7d27..6d21f4a202 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_sdiageng Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BetterWhenConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BetterWhenConnected-Applicability-End -->
 
 <!-- BetterWhenConnected-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows users who are connected to the Internet to access and
 <!-- ScriptedDiagnosticsExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScriptedDiagnosticsExecutionPolicy-Applicability-End -->
 
 <!-- ScriptedDiagnosticsExecutionPolicy-OmaUri-Begin -->
@@ -148,7 +148,7 @@ Note that this setting also controls a user's ability to launch standalone troub
 <!-- ScriptedDiagnosticsSecurityPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScriptedDiagnosticsSecurityPolicy-Applicability-End -->
 
 <!-- ScriptedDiagnosticsSecurityPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 7370644c81..7fe4560ed8 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_sdiagschd Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ScheduledDiagnosticsExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScheduledDiagnosticsExecutionPolicy-Applicability-End -->
 
 <!-- ScheduledDiagnosticsExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 40f546a5ed..7195e4fc98 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Securitycenter Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/18/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SecurityCenter_SecurityCenterInDomain-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SecurityCenter_SecurityCenterInDomain-Applicability-End -->
 
 <!-- SecurityCenter_SecurityCenterInDomain-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 4a9cd48d2b..467b0c299b 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Sensors Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableLocation_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocation_1-Applicability-End -->
 
 <!-- DisableLocation_1-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting turns off the location feature for this computer.
 <!-- DisableLocationScripting_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocationScripting_1-Applicability-End -->
 
 <!-- DisableLocationScripting_1-OmaUri-Begin -->
@@ -146,7 +146,7 @@ This policy setting turns off scripting for the location feature.
 <!-- DisableLocationScripting_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableLocationScripting_2-Applicability-End -->
 
 <!-- DisableLocationScripting_2-OmaUri-Begin -->
@@ -205,7 +205,7 @@ This policy setting turns off scripting for the location feature.
 <!-- DisableSensors_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSensors_1-Applicability-End -->
 
 <!-- DisableSensors_1-OmaUri-Begin -->
@@ -264,7 +264,7 @@ This policy setting turns off the sensor feature for this computer.
 <!-- DisableSensors_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSensors_2-Applicability-End -->
 
 <!-- DisableSensors_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index f662948db4..2e0010499f 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ServerManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Do_not_display_Manage_Your_Server_page-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Do_not_display_Manage_Your_Server_page-Applicability-End -->
 
 <!-- Do_not_display_Manage_Your_Server_page-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting allows you to turn off the automatic display of the Manage Y
 <!-- DoNotLaunchInitialConfigurationTasks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotLaunchInitialConfigurationTasks-Applicability-End -->
 
 <!-- DoNotLaunchInitialConfigurationTasks-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy setting allows you to turn off the automatic display of the Initial
 <!-- DoNotLaunchServerManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotLaunchServerManager-Applicability-End -->
 
 <!-- DoNotLaunchServerManager-OmaUri-Begin -->
@@ -214,7 +214,7 @@ This policy setting allows you to turn off the automatic display of Server Manag
 <!-- ServerManagerAutoRefreshRate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ServerManagerAutoRefreshRate-Applicability-End -->
 
 <!-- ServerManagerAutoRefreshRate-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index 42f2718866..8a4ae0fb37 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Servicing Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Servicing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Servicing-Applicability-End -->
 
 <!-- Servicing-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index de81e34abc..27aef62087 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_SettingSync Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableApplicationSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableApplicationSettingSync-Applicability-End -->
 
 <!-- DisableApplicationSettingSync-OmaUri-Begin -->
@@ -89,7 +89,7 @@ If you don't set or disable this setting, syncing of the "app settings" group is
 <!-- DisableAppSyncSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAppSyncSettingSync-Applicability-End -->
 
 <!-- DisableAppSyncSettingSync-OmaUri-Begin -->
@@ -150,7 +150,7 @@ If you don't set or disable this setting, syncing of the "AppSync" group is on b
 <!-- DisableCredentialsSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCredentialsSettingSync-Applicability-End -->
 
 <!-- DisableCredentialsSettingSync-OmaUri-Begin -->
@@ -211,7 +211,7 @@ If you don't set or disable this setting, syncing of the "passwords" group is on
 <!-- DisableDesktopThemeSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableDesktopThemeSettingSync-Applicability-End -->
 
 <!-- DisableDesktopThemeSettingSync-OmaUri-Begin -->
@@ -272,7 +272,7 @@ If you don't set or disable this setting, syncing of the "desktop personalizatio
 <!-- DisablePersonalizationSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisablePersonalizationSettingSync-Applicability-End -->
 
 <!-- DisablePersonalizationSettingSync-OmaUri-Begin -->
@@ -333,7 +333,7 @@ If you don't set or disable this setting, syncing of the "personalize" group is
 <!-- DisableSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSettingSync-Applicability-End -->
 
 <!-- DisableSettingSync-OmaUri-Begin -->
@@ -394,7 +394,7 @@ If you don't set or disable this setting, "sync your settings" is on by default
 <!-- DisableStartLayoutSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableStartLayoutSettingSync-Applicability-End -->
 
 <!-- DisableStartLayoutSettingSync-OmaUri-Begin -->
@@ -455,7 +455,7 @@ If you don't set or disable this setting, syncing of the "Start layout" group is
 <!-- DisableSyncOnPaidNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSyncOnPaidNetwork-Applicability-End -->
 
 <!-- DisableSyncOnPaidNetwork-OmaUri-Begin -->
@@ -514,7 +514,7 @@ If you don't set or disable this setting, syncing on metered connections is conf
 <!-- DisableWindowsSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWindowsSettingSync-Applicability-End -->
 
 <!-- DisableWindowsSettingSync-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index 316e955dd2..78196c2803 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_SharedFolders Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PublishDfsRoots-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PublishDfsRoots-Applicability-End -->
 
 <!-- PublishDfsRoots-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting determines whether the user can publish DFS roots in Active
 <!-- PublishSharedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PublishSharedFolders-Applicability-End -->
 
 <!-- PublishSharedFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index cf95b1984b..5af4415dfe 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Sharing Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableHomeGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableHomeGroup-Applicability-End -->
 
 <!-- DisableHomeGroup-OmaUri-Begin -->
@@ -91,7 +91,7 @@ You must restart the computer for this policy setting to take effect.
 <!-- NoInplaceSharing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInplaceSharing-Applicability-End -->
 
 <!-- NoInplaceSharing-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index 9e2556c33d..97565d0fc8 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ShellCommandPromptRegEditTools Area in Po
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableCMD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCMD-Applicability-End -->
 
 <!-- DisableCMD-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting prevents users from running the interactive command prompt,
 <!-- DisableRegedit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableRegedit-Applicability-End -->
 
 <!-- DisableRegedit-OmaUri-Begin -->
@@ -149,7 +149,7 @@ To prevent users from using other administrative tools, use the "Run only specif
 <!-- DisallowApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowApps-Applicability-End -->
 
 <!-- DisallowApps-OmaUri-Begin -->
@@ -216,7 +216,7 @@ This policy setting only prevents users from running programs that are started b
 <!-- RestrictApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictApps-Applicability-End -->
 
 <!-- RestrictApps-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 61db310b5f..a427fcd365 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Smartcard Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowCertificatesWithNoEKU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowCertificatesWithNoEKU-Applicability-End -->
 
 <!-- AllowCertificatesWithNoEKU-OmaUri-Begin -->
@@ -93,7 +93,7 @@ In versions of Windows prior to Windows Vista, smart card certificates that are
 <!-- AllowIntegratedUnblock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowIntegratedUnblock-Applicability-End -->
 
 <!-- AllowIntegratedUnblock-OmaUri-Begin -->
@@ -154,7 +154,7 @@ In order to use the integrated unblock feature your smart card must support this
 <!-- AllowSignatureOnlyKeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSignatureOnlyKeys-Applicability-End -->
 
 <!-- AllowSignatureOnlyKeys-OmaUri-Begin -->
@@ -213,7 +213,7 @@ This policy setting lets you allow signature key-based certificates to be enumer
 <!-- AllowTimeInvalidCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowTimeInvalidCertificates-Applicability-End -->
 
 <!-- AllowTimeInvalidCertificates-OmaUri-Begin -->
@@ -274,7 +274,7 @@ Under previous versions of Microsoft Windows, certificates were required to cont
 <!-- CertPropEnabledString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertPropEnabledString-Applicability-End -->
 
 <!-- CertPropEnabledString-OmaUri-Begin -->
@@ -333,7 +333,7 @@ This policy setting allows you to manage the certificate propagation that occurs
 <!-- CertPropRootCleanupString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertPropRootCleanupString-Applicability-End -->
 
 <!-- CertPropRootCleanupString-OmaUri-Begin -->
@@ -391,7 +391,7 @@ This policy setting allows you to manage the clean up behavior of root certifica
 <!-- CertPropRootEnabledString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CertPropRootEnabledString-Applicability-End -->
 
 <!-- CertPropRootEnabledString-OmaUri-Begin -->
@@ -453,7 +453,7 @@ This policy setting allows you to manage the root certificate propagation that o
 <!-- DisallowPlaintextPin-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowPlaintextPin-Applicability-End -->
 
 <!-- DisallowPlaintextPin-OmaUri-Begin -->
@@ -515,7 +515,7 @@ This policy setting prevents plaintext PINs from being returned by Credential Ma
 <!-- EnumerateECCCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnumerateECCCerts-Applicability-End -->
 
 <!-- EnumerateECCCerts-OmaUri-Begin -->
@@ -580,7 +580,7 @@ This policy setting allows you to control whether elliptic curve cryptography (E
 <!-- FilterDuplicateCerts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FilterDuplicateCerts-Applicability-End -->
 
 <!-- FilterDuplicateCerts-OmaUri-Begin -->
@@ -646,7 +646,7 @@ If there are two or more of the "same" certificate on a smart card and this poli
 <!-- ForceReadingAllCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceReadingAllCertificates-Applicability-End -->
 
 <!-- ForceReadingAllCertificates-OmaUri-Begin -->
@@ -707,7 +707,7 @@ During logon Windows will by default only read the default certificate from the
 <!-- IntegratedUnblockPromptString-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IntegratedUnblockPromptString-Applicability-End -->
 
 <!-- IntegratedUnblockPromptString-OmaUri-Begin -->
@@ -768,7 +768,7 @@ This policy setting allows you to manage the displayed message when a smart card
 <!-- ReverseSubject-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ReverseSubject-Applicability-End -->
 
 <!-- ReverseSubject-OmaUri-Begin -->
@@ -829,7 +829,7 @@ If you disable , the subject name will be displayed as it appears in the certifi
 <!-- SCPnPEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SCPnPEnabled-Applicability-End -->
 
 <!-- SCPnPEnabled-OmaUri-Begin -->
@@ -891,7 +891,7 @@ This policy setting allows you to control whether Smart Card Plug and Play is en
 <!-- SCPnPNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SCPnPNotification-Applicability-End -->
 
 <!-- SCPnPNotification-OmaUri-Begin -->
@@ -953,7 +953,7 @@ This policy setting allows you to control whether a confirmation message is disp
 <!-- X509HintsNeeded-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- X509HintsNeeded-Applicability-End -->
 
 <!-- X509HintsNeeded-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 3e8c855e69..36d22a34e9 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Snmp Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SNMP_Communities-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SNMP_Communities-Applicability-End -->
 
 <!-- SNMP_Communities-OmaUri-Begin -->
@@ -100,7 +100,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify
 <!-- SNMP_PermittedManagers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SNMP_PermittedManagers-Applicability-End -->
 
 <!-- SNMP_PermittedManagers-OmaUri-Begin -->
@@ -169,7 +169,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and "
 <!-- SNMP_Traps_Public-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SNMP_Traps_Public-Applicability-End -->
 
 <!-- SNMP_Traps_Public-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index 1e445c4bdb..ead22da785 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_SoundRec Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Soundrec_DiableApplication_TitleText_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Soundrec_DiableApplication_TitleText_1-Applicability-End -->
 
 <!-- Soundrec_DiableApplication_TitleText_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Sound Recorder is a feature of Microsoft Windows Vista that can be used to recor
 <!-- Soundrec_DiableApplication_TitleText_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Soundrec_DiableApplication_TitleText_2-Applicability-End -->
 
 <!-- Soundrec_DiableApplication_TitleText_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index 37859d9add..1758b042bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_srmfci Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AccessDeniedConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AccessDeniedConfiguration-Applicability-End -->
 
 <!-- AccessDeniedConfiguration-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting specifies the message that users see when they're denied acc
 <!-- CentralClassificationList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CentralClassificationList-Applicability-End -->
 
 <!-- CentralClassificationList-OmaUri-Begin -->
@@ -149,7 +149,7 @@ Administrators can define the properties for the organization by using Active Di
 <!-- EnableManualUX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableManualUX-Applicability-End -->
 
 <!-- EnableManualUX-OmaUri-Begin -->
@@ -210,7 +210,7 @@ The Classification tab enables users to manually classify files by selecting pro
 <!-- EnableShellAccessCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableShellAccessCheck-Applicability-End -->
 
 <!-- EnableShellAccessCheck-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index c72a1ae49c..ea6c920ff9 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_StartMenu Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AddSearchInternetLinkInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AddSearchInternetLinkInStartMenu-Applicability-End -->
 
 <!-- AddSearchInternetLinkInStartMenu-OmaUri-Begin -->
@@ -88,7 +88,7 @@ ms.topic: reference
 <!-- ClearRecentDocsOnExit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearRecentDocsOnExit-Applicability-End -->
 
 <!-- ClearRecentDocsOnExit-OmaUri-Begin -->
@@ -158,7 +158,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L
 <!-- ClearRecentProgForNewUserInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearRecentProgForNewUserInStartMenu-Applicability-End -->
 
 <!-- ClearRecentProgForNewUserInStartMenu-OmaUri-Begin -->
@@ -216,7 +216,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L
 <!-- ClearTilesOnExit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearTilesOnExit-Applicability-End -->
 
 <!-- ClearTilesOnExit-OmaUri-Begin -->
@@ -276,7 +276,7 @@ This setting doesn't prevent new notifications from appearing. See the "Turn off
 <!-- DesktopAppsFirstInAppsView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DesktopAppsFirstInAppsView-Applicability-End -->
 
 <!-- DesktopAppsFirstInAppsView-OmaUri-Begin -->
@@ -335,7 +335,7 @@ This policy setting allows desktop apps to be listed first in the Apps view in S
 <!-- DisableGlobalSearchOnAppsView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableGlobalSearchOnAppsView-Applicability-End -->
 
 <!-- DisableGlobalSearchOnAppsView-OmaUri-Begin -->
@@ -396,7 +396,7 @@ This policy setting is only applied when the Apps view is set as the default vie
 <!-- ForceStartMenuLogOff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceStartMenuLogOff-Applicability-End -->
 
 <!-- ForceStartMenuLogOff-OmaUri-Begin -->
@@ -464,7 +464,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\
 <!-- GoToDesktopOnSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GoToDesktopOnSignIn-Applicability-End -->
 
 <!-- GoToDesktopOnSignIn-OmaUri-Begin -->
@@ -525,7 +525,7 @@ This policy setting allows users to go to the desktop instead of the Start scree
 <!-- GreyMSIAds-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- GreyMSIAds-Applicability-End -->
 
 <!-- GreyMSIAds-OmaUri-Begin -->
@@ -589,7 +589,7 @@ If you disable this setting or don't configure it, all Start menu shortcuts appe
 <!-- HidePowerOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HidePowerOptions-Applicability-End -->
 
 <!-- HidePowerOptions-OmaUri-Begin -->
@@ -648,7 +648,7 @@ This policy setting prevents users from performing the following commands from t
 <!-- Intellimenus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Intellimenus-Applicability-End -->
 
 <!-- Intellimenus-OmaUri-Begin -->
@@ -713,7 +713,7 @@ If you enable this setting, the system doesn't personalize menus. All menu items
 <!-- LockTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LockTaskbar-Applicability-End -->
 
 <!-- LockTaskbar-OmaUri-Begin -->
@@ -777,7 +777,7 @@ The taskbar includes the Start button, list of currently running tasks, and the
 <!-- MemCheckBoxInRunDlg-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MemCheckBoxInRunDlg-Applicability-End -->
 
 <!-- MemCheckBoxInRunDlg-OmaUri-Begin -->
@@ -836,7 +836,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o
 <!-- NoAutoTrayNotify-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoAutoTrayNotify-Applicability-End -->
 
 <!-- NoAutoTrayNotify-OmaUri-Begin -->
@@ -899,7 +899,7 @@ The notification area is located in the task bar, generally at the bottom of the
 <!-- NoBalloonTip-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoBalloonTip-Applicability-End -->
 
 <!-- NoBalloonTip-OmaUri-Begin -->
@@ -960,7 +960,7 @@ When you hold the cursor over an item on the Start menu or in the notification a
 <!-- NoChangeStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChangeStartMenu-Applicability-End -->
 
 <!-- NoChangeStartMenu-OmaUri-Begin -->
@@ -1023,7 +1023,7 @@ This policy setting allows you to prevent users from changing their Start screen
 <!-- NoClose-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoClose-Applicability-End -->
 
 <!-- NoClose-OmaUri-Begin -->
@@ -1085,7 +1085,7 @@ This policy setting prevents users from performing the following commands from t
 <!-- NoCommonGroups-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCommonGroups-Applicability-End -->
 
 <!-- NoCommonGroups-OmaUri-Begin -->
@@ -1145,7 +1145,7 @@ By default, the Programs menu contains items from the All Users profile and item
 <!-- NoFavoritesMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFavoritesMenu-Applicability-End -->
 
 <!-- NoFavoritesMenu-OmaUri-Begin -->
@@ -1213,7 +1213,7 @@ Prevents users from adding the Favorites menu to the Start menu or classic Start
 <!-- NoFind-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFind-Applicability-End -->
 
 <!-- NoFind-OmaUri-Begin -->
@@ -1279,7 +1279,7 @@ This policy setting affects the specified user interface elements only. It doesn
 <!-- NoGamesFolderOnStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoGamesFolderOnStartMenu-Applicability-End -->
 
 <!-- NoGamesFolderOnStartMenu-OmaUri-Begin -->
@@ -1337,7 +1337,7 @@ This policy setting affects the specified user interface elements only. It doesn
 <!-- NoHelp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoHelp-Applicability-End -->
 
 <!-- NoHelp-OmaUri-Begin -->
@@ -1398,7 +1398,7 @@ This policy setting only affects the Start menu. It doesn't remove the Help menu
 <!-- NoInstrumentation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoInstrumentation-Applicability-End -->
 
 <!-- NoInstrumentation-OmaUri-Begin -->
@@ -1461,7 +1461,7 @@ This policy setting doesn't prevent users from pinning programs to the Start Men
 <!-- NoMoreProgramsList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMoreProgramsList-Applicability-End -->
 
 <!-- NoMoreProgramsList-OmaUri-Begin -->
@@ -1528,7 +1528,7 @@ Selecting "Remove and disable setting" will remove the all apps list from Start
 <!-- NoNetAndDialupConnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNetAndDialupConnect-Applicability-End -->
 
 <!-- NoNetAndDialupConnect-OmaUri-Begin -->
@@ -1593,7 +1593,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po
 <!-- NoPinnedPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinnedPrograms-Applicability-End -->
 
 <!-- NoPinnedPrograms-OmaUri-Begin -->
@@ -1653,7 +1653,7 @@ In Windows XP and Windows Vista, the Internet and email checkboxes are removed f
 <!-- NoRecentDocsMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecentDocsMenu-Applicability-End -->
 
 <!-- NoRecentDocsMenu-OmaUri-Begin -->
@@ -1723,7 +1723,7 @@ This setting also doesn't hide document shortcuts displayed in the Open dialog b
 <!-- NoResolveSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoResolveSearch-Applicability-End -->
 
 <!-- NoResolveSearch-OmaUri-Begin -->
@@ -1787,7 +1787,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
 <!-- NoResolveTrack-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoResolveTrack-Applicability-End -->
 
 <!-- NoResolveTrack-OmaUri-Begin -->
@@ -1851,7 +1851,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
 <!-- NoRun-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRun-Applicability-End -->
 
 <!-- NoRun-OmaUri-Begin -->
@@ -1934,7 +1934,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchCommInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchCommInStartMenu-Applicability-End -->
 
 <!-- NoSearchCommInStartMenu-OmaUri-Begin -->
@@ -1992,7 +1992,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchComputerLinkInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchComputerLinkInStartMenu-Applicability-End -->
 
 <!-- NoSearchComputerLinkInStartMenu-OmaUri-Begin -->
@@ -2050,7 +2050,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchEverywhereLinkInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchEverywhereLinkInStartMenu-Applicability-End -->
 
 <!-- NoSearchEverywhereLinkInStartMenu-OmaUri-Begin -->
@@ -2108,7 +2108,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchFilesInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchFilesInStartMenu-Applicability-End -->
 
 <!-- NoSearchFilesInStartMenu-OmaUri-Begin -->
@@ -2168,7 +2168,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchInternetInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchInternetInStartMenu-Applicability-End -->
 
 <!-- NoSearchInternetInStartMenu-OmaUri-Begin -->
@@ -2226,7 +2226,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSearchProgramsInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchProgramsInStartMenu-Applicability-End -->
 
 <!-- NoSearchProgramsInStartMenu-OmaUri-Begin -->
@@ -2284,7 +2284,7 @@ Also, users with extended keyboards will no longer be able to display the Run di
 <!-- NoSetFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSetFolders-Applicability-End -->
 
 <!-- NoSetFolders-OmaUri-Begin -->
@@ -2347,7 +2347,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "
 <!-- NoSetTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSetTaskbar-Applicability-End -->
 
 <!-- NoSetTaskbar-OmaUri-Begin -->
@@ -2412,7 +2412,7 @@ If the user right-clicks the taskbar and then clicks Properties, a message appea
 <!-- NoSMConfigurePrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMConfigurePrograms-Applicability-End -->
 
 <!-- NoSMConfigurePrograms-OmaUri-Begin -->
@@ -2476,7 +2476,7 @@ Clicking the Default Programs link from the Start menu opens the Default Program
 <!-- NoSMMyDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyDocuments-Applicability-End -->
 
 <!-- NoSMMyDocuments-OmaUri-Begin -->
@@ -2540,7 +2540,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting.
 <!-- NoSMMyMusic-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyMusic-Applicability-End -->
 
 <!-- NoSMMyMusic-OmaUri-Begin -->
@@ -2599,7 +2599,7 @@ This policy setting allows you to remove the Music icon from Start Menu.
 <!-- NoSMMyNetworkPlaces-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyNetworkPlaces-Applicability-End -->
 
 <!-- NoSMMyNetworkPlaces-OmaUri-Begin -->
@@ -2658,7 +2658,7 @@ This policy setting allows you to remove the Network icon from Start Menu.
 <!-- NoSMMyPictures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSMMyPictures-Applicability-End -->
 
 <!-- NoSMMyPictures-OmaUri-Begin -->
@@ -2717,7 +2717,7 @@ This policy setting allows you to remove the Pictures icon from Start Menu.
 <!-- NoStartMenuDownload-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuDownload-Applicability-End -->
 
 <!-- NoStartMenuDownload-OmaUri-Begin -->
@@ -2776,7 +2776,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu.
 <!-- NoStartMenuHomegroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuHomegroup-Applicability-End -->
 
 <!-- NoStartMenuHomegroup-OmaUri-Begin -->
@@ -2834,7 +2834,7 @@ This policy setting allows you to remove the Downloads link from the Start Menu.
 <!-- NoStartMenuRecordedTV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuRecordedTV-Applicability-End -->
 
 <!-- NoStartMenuRecordedTV-OmaUri-Begin -->
@@ -2893,7 +2893,7 @@ This policy setting allows you to remove the Recorded TV link from the Start Men
 <!-- NoStartMenuSubFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuSubFolders-Applicability-End -->
 
 <!-- NoStartMenuSubFolders-OmaUri-Begin -->
@@ -2956,7 +2956,7 @@ Note that this setting hides all user-specific folders, not just those associate
 <!-- NoStartMenuVideos-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartMenuVideos-Applicability-End -->
 
 <!-- NoStartMenuVideos-OmaUri-Begin -->
@@ -3015,7 +3015,7 @@ This policy setting allows you to remove the Videos link from the Start Menu.
 <!-- NoStartPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStartPage-Applicability-End -->
 
 <!-- NoStartPage-OmaUri-Begin -->
@@ -3078,7 +3078,7 @@ The classic Start menu in Windows 2000 Professional allows users to begin common
 <!-- NoTaskBarClock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTaskBarClock-Applicability-End -->
 
 <!-- NoTaskBarClock-OmaUri-Begin -->
@@ -3137,7 +3137,7 @@ Prevents the clock in the system notification area from being displayed.
 <!-- NoTaskGrouping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTaskGrouping-Applicability-End -->
 
 <!-- NoTaskGrouping-OmaUri-Begin -->
@@ -3198,7 +3198,7 @@ Taskbar grouping consolidates similar applications when there is no room on the
 <!-- NoToolbarsOnTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoToolbarsOnTaskbar-Applicability-End -->
 
 <!-- NoToolbarsOnTaskbar-OmaUri-Begin -->
@@ -3259,7 +3259,7 @@ The taskbar includes the Start button, buttons for currently running tasks, cust
 <!-- NoTrayContextMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTrayContextMenu-Applicability-End -->
 
 <!-- NoTrayContextMenu-OmaUri-Begin -->
@@ -3324,7 +3324,7 @@ This policy setting doesn't prevent users from using other methods to issue the
 <!-- NoTrayItemsDisplay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoTrayItemsDisplay-Applicability-End -->
 
 <!-- NoTrayItemsDisplay-OmaUri-Begin -->
@@ -3388,7 +3388,7 @@ Description: The notification area is located at the far right end of the task b
 <!-- NoUninstallFromStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoUninstallFromStart-Applicability-End -->
 
 <!-- NoUninstallFromStart-OmaUri-Begin -->
@@ -3450,7 +3450,7 @@ Description: The notification area is located at the far right end of the task b
 <!-- NoUserFolderOnStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoUserFolderOnStartMenu-Applicability-End -->
 
 <!-- NoUserFolderOnStartMenu-OmaUri-Begin -->
@@ -3508,7 +3508,7 @@ Description: The notification area is located at the far right end of the task b
 <!-- NoUserNameOnStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoUserNameOnStartMenu-Applicability-End -->
 
 <!-- NoUserNameOnStartMenu-OmaUri-Begin -->
@@ -3569,7 +3569,7 @@ To remove the user name folder on Windows Vista, set the "Remove user folder lin
 <!-- NoWindowsUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsUpdate-Applicability-End -->
 
 <!-- NoWindowsUpdate-OmaUri-Begin -->
@@ -3634,7 +3634,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
 <!-- PowerButtonAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PowerButtonAction-Applicability-End -->
 
 <!-- PowerButtonAction-OmaUri-Begin -->
@@ -3694,7 +3694,7 @@ If you set the button to either Sleep or Hibernate, and that state isn't support
 <!-- QuickLaunchEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QuickLaunchEnabled-Applicability-End -->
 
 <!-- QuickLaunchEnabled-OmaUri-Begin -->
@@ -3755,7 +3755,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas
 <!-- RemoveUnDockPCButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveUnDockPCButton-Applicability-End -->
 
 <!-- RemoveUnDockPCButton-OmaUri-Begin -->
@@ -3813,7 +3813,7 @@ This policy setting controls whether the QuickLaunch bar is displayed in the Tas
 <!-- ShowAppsViewOnStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowAppsViewOnStart-Applicability-End -->
 
 <!-- ShowAppsViewOnStart-OmaUri-Begin -->
@@ -3872,7 +3872,7 @@ This policy setting allows the Apps view to be opened by default when the user g
 <!-- ShowRunAsDifferentUserInStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowRunAsDifferentUserInStart-Applicability-End -->
 
 <!-- ShowRunAsDifferentUserInStart-OmaUri-Begin -->
@@ -3934,7 +3934,7 @@ This policy setting shows or hides the "Run as different user" command on the St
 <!-- ShowRunInStartMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowRunInStartMenu-Applicability-End -->
 
 <!-- ShowRunInStartMenu-OmaUri-Begin -->
@@ -3992,7 +3992,7 @@ This policy setting shows or hides the "Run as different user" command on the St
 <!-- ShowStartOnDisplayWithForegroundOnWinKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowStartOnDisplayWithForegroundOnWinKey-Applicability-End -->
 
 <!-- ShowStartOnDisplayWithForegroundOnWinKey-OmaUri-Begin -->
@@ -4051,7 +4051,7 @@ This policy setting allows the Start screen to appear on the display the user is
 <!-- StartMenuLogOff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StartMenuLogOff-Applicability-End -->
 
 <!-- StartMenuLogOff-OmaUri-Begin -->
@@ -4117,7 +4117,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te
 <!-- StartPinAppsWhenInstalled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StartPinAppsWhenInstalled-Applicability-End -->
 
 <!-- StartPinAppsWhenInstalled-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index 1c5b268e45..c3c396e287 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_SystemRestore Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SR_DisableConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SR_DisableConfig-Applicability-End -->
 
 <!-- SR_DisableConfig-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
index 89ec7e937f..c031995861 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletpcinputpanel.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_TabletPCInputPanel Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AutoComplete_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoComplete_1-Applicability-End -->
 
 <!-- AutoComplete_1-OmaUri-Begin -->
@@ -91,7 +91,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- AutoComplete_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoComplete_2-Applicability-End -->
 
 <!-- AutoComplete_2-OmaUri-Begin -->
@@ -154,7 +154,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- EdgeTarget_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EdgeTarget_1-Applicability-End -->
 
 <!-- EdgeTarget_1-OmaUri-Begin -->
@@ -220,7 +220,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- EdgeTarget_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EdgeTarget_2-Applicability-End -->
 
 <!-- EdgeTarget_2-OmaUri-Begin -->
@@ -286,7 +286,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTarget_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTarget_1-Applicability-End -->
 
 <!-- IPTIPTarget_1-OmaUri-Begin -->
@@ -352,7 +352,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTarget_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTarget_2-Applicability-End -->
 
 <!-- IPTIPTarget_2-OmaUri-Begin -->
@@ -418,7 +418,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTouchTarget_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTouchTarget_1-Applicability-End -->
 
 <!-- IPTIPTouchTarget_1-OmaUri-Begin -->
@@ -481,7 +481,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- IPTIPTouchTarget_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPTIPTouchTarget_2-Applicability-End -->
 
 <!-- IPTIPTouchTarget_2-OmaUri-Begin -->
@@ -544,7 +544,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- PasswordSecurity_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PasswordSecurity_1-Applicability-End -->
 
 <!-- PasswordSecurity_1-OmaUri-Begin -->
@@ -618,7 +618,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- PasswordSecurity_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PasswordSecurity_2-Applicability-End -->
 
 <!-- PasswordSecurity_2-OmaUri-Begin -->
@@ -692,7 +692,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- Prediction_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Prediction_1-Applicability-End -->
 
 <!-- Prediction_1-OmaUri-Begin -->
@@ -755,7 +755,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- Prediction_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Prediction_2-Applicability-End -->
 
 <!-- Prediction_2-OmaUri-Begin -->
@@ -818,7 +818,7 @@ Touch Keyboard and Handwriting panel enables you to use handwriting or an on-scr
 <!-- RareChar_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RareChar_1-Applicability-End -->
 
 <!-- RareChar_1-OmaUri-Begin -->
@@ -881,7 +881,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7
 <!-- RareChar_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RareChar_2-Applicability-End -->
 
 <!-- RareChar_2-OmaUri-Begin -->
@@ -944,7 +944,7 @@ Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7
 <!-- ScratchOut_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScratchOut_1-Applicability-End -->
 
 <!-- ScratchOut_1-OmaUri-Begin -->
@@ -1013,7 +1013,7 @@ Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriti
 <!-- ScratchOut_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ScratchOut_2-Applicability-End -->
 
 <!-- ScratchOut_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index 065e07cce1..6682bc155c 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_TabletShell Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableInkball_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableInkball_1-Applicability-End -->
 
 <!-- DisableInkball_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Prevents start of InkBall game.
 <!-- DisableInkball_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableInkball_2-Applicability-End -->
 
 <!-- DisableInkball_2-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Prevents start of InkBall game.
 <!-- DisableJournal_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableJournal_1-Applicability-End -->
 
 <!-- DisableJournal_1-OmaUri-Begin -->
@@ -211,7 +211,7 @@ Prevents start of Windows Journal.
 <!-- DisableJournal_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableJournal_2-Applicability-End -->
 
 <!-- DisableJournal_2-OmaUri-Begin -->
@@ -272,7 +272,7 @@ Prevents start of Windows Journal.
 <!-- DisableNoteWriterPrinting_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNoteWriterPrinting_1-Applicability-End -->
 
 <!-- DisableNoteWriterPrinting_1-OmaUri-Begin -->
@@ -333,7 +333,7 @@ Prevents printing to Journal Note Writer.
 <!-- DisableNoteWriterPrinting_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNoteWriterPrinting_2-Applicability-End -->
 
 <!-- DisableNoteWriterPrinting_2-OmaUri-Begin -->
@@ -394,7 +394,7 @@ Prevents printing to Journal Note Writer.
 <!-- DisableSnippingTool_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSnippingTool_1-Applicability-End -->
 
 <!-- DisableSnippingTool_1-OmaUri-Begin -->
@@ -455,7 +455,7 @@ Prevents the snipping tool from running.
 <!-- DisableSnippingTool_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSnippingTool_2-Applicability-End -->
 
 <!-- DisableSnippingTool_2-OmaUri-Begin -->
@@ -516,7 +516,7 @@ Prevents the snipping tool from running.
 <!-- PreventBackEscMapping_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventBackEscMapping_1-Applicability-End -->
 
 <!-- PreventBackEscMapping_1-OmaUri-Begin -->
@@ -577,7 +577,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f
 <!-- PreventBackEscMapping_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventBackEscMapping_2-Applicability-End -->
 
 <!-- PreventBackEscMapping_2-OmaUri-Begin -->
@@ -638,7 +638,7 @@ Removes the Back->ESC mapping that normally occurs when menus are visible, and f
 <!-- PreventFlicks_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicks_1-Applicability-End -->
 
 <!-- PreventFlicks_1-OmaUri-Begin -->
@@ -697,7 +697,7 @@ Makes pen flicks and all related features unavailable.
 <!-- PreventFlicks_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicks_2-Applicability-End -->
 
 <!-- PreventFlicks_2-OmaUri-Begin -->
@@ -756,7 +756,7 @@ Makes pen flicks and all related features unavailable.
 <!-- PreventFlicksLearningMode_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicksLearningMode_1-Applicability-End -->
 
 <!-- PreventFlicksLearningMode_1-OmaUri-Begin -->
@@ -815,7 +815,7 @@ Makes pen flicks learning mode unavailable.
 <!-- PreventFlicksLearningMode_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventFlicksLearningMode_2-Applicability-End -->
 
 <!-- PreventFlicksLearningMode_2-OmaUri-Begin -->
@@ -874,7 +874,7 @@ Makes pen flicks learning mode unavailable.
 <!-- PreventLaunchApp_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventLaunchApp_1-Applicability-End -->
 
 <!-- PreventLaunchApp_1-OmaUri-Begin -->
@@ -935,7 +935,7 @@ Prevents the user from launching an application from a Tablet PC hardware button
 <!-- PreventLaunchApp_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventLaunchApp_2-Applicability-End -->
 
 <!-- PreventLaunchApp_2-OmaUri-Begin -->
@@ -996,7 +996,7 @@ Prevents the user from launching an application from a Tablet PC hardware button
 <!-- PreventPressAndHold_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventPressAndHold_1-Applicability-End -->
 
 <!-- PreventPressAndHold_1-OmaUri-Begin -->
@@ -1057,7 +1057,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is
 <!-- PreventPressAndHold_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventPressAndHold_2-Applicability-End -->
 
 <!-- PreventPressAndHold_2-OmaUri-Begin -->
@@ -1118,7 +1118,7 @@ Prevents press and hold actions on hardware buttons, so that only one action is
 <!-- TurnOffButtons_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffButtons_1-Applicability-End -->
 
 <!-- TurnOffButtons_1-OmaUri-Begin -->
@@ -1179,7 +1179,7 @@ Turns off Tablet PC hardware buttons.
 <!-- TurnOffButtons_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffButtons_2-Applicability-End -->
 
 <!-- TurnOffButtons_2-OmaUri-Begin -->
@@ -1240,7 +1240,7 @@ Turns off Tablet PC hardware buttons.
 <!-- TurnOffFeedback_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffFeedback_1-Applicability-End -->
 
 <!-- TurnOffFeedback_1-OmaUri-Begin -->
@@ -1299,7 +1299,7 @@ Disables visual pen action feedback, except for press and hold feedback.
 <!-- TurnOffFeedback_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffFeedback_2-Applicability-End -->
 
 <!-- TurnOffFeedback_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 0bb76d65e5..97e296b53b 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Taskbar Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableNotificationCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNotificationCenter-Applicability-End -->
 
 <!-- DisableNotificationCenter-OmaUri-Begin -->
@@ -95,7 +95,7 @@ A reboot is required for this policy setting to take effect.
 <!-- EnableLegacyBalloonNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableLegacyBalloonNotifications-Applicability-End -->
 
 <!-- EnableLegacyBalloonNotifications-OmaUri-Begin -->
@@ -158,7 +158,7 @@ A reboot is required for this policy setting to take effect.
 <!-- HideSCAHealth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCAHealth-Applicability-End -->
 
 <!-- HideSCAHealth-OmaUri-Begin -->
@@ -217,7 +217,7 @@ This policy setting allows you to remove Security and Maintenance from the syste
 <!-- HideSCANetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCANetwork-Applicability-End -->
 
 <!-- HideSCANetwork-OmaUri-Begin -->
@@ -276,7 +276,7 @@ This policy setting allows you to remove the networking icon from the system con
 <!-- HideSCAPower-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCAPower-Applicability-End -->
 
 <!-- HideSCAPower-OmaUri-Begin -->
@@ -335,7 +335,7 @@ This policy setting allows you to remove the battery meter from the system contr
 <!-- HideSCAVolume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSCAVolume-Applicability-End -->
 
 <!-- HideSCAVolume-OmaUri-Begin -->
@@ -394,7 +394,7 @@ This policy setting allows you to remove the volume control icon from the system
 <!-- NoBalloonFeatureAdvertisements-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoBalloonFeatureAdvertisements-Applicability-End -->
 
 <!-- NoBalloonFeatureAdvertisements-OmaUri-Begin -->
@@ -453,7 +453,7 @@ If you disable don't configure this policy setting, feature advertisement balloo
 <!-- NoPinningStoreToTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinningStoreToTaskbar-Applicability-End -->
 
 <!-- NoPinningStoreToTaskbar-OmaUri-Begin -->
@@ -512,7 +512,7 @@ This policy setting allows you to control pinning the Store app to the Taskbar.
 <!-- NoPinningToDestinations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinningToDestinations-Applicability-End -->
 
 <!-- NoPinningToDestinations-OmaUri-Begin -->
@@ -571,7 +571,7 @@ This policy setting allows you to control pinning items in Jump Lists.
 <!-- NoPinningToTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPinningToTaskbar-Applicability-End -->
 
 <!-- NoPinningToTaskbar-OmaUri-Begin -->
@@ -630,7 +630,7 @@ This policy setting allows you to control pinning programs to the Taskbar.
 <!-- NoRemoteDestinations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRemoteDestinations-Applicability-End -->
 
 <!-- NoRemoteDestinations-OmaUri-Begin -->
@@ -694,7 +694,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu
 <!-- NoSystraySystemPromotion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSystraySystemPromotion-Applicability-End -->
 
 <!-- NoSystraySystemPromotion-OmaUri-Begin -->
@@ -753,7 +753,7 @@ This policy setting allows you to turn off automatic promotion of notification i
 <!-- ShowWindowsStoreAppsOnTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowWindowsStoreAppsOnTaskbar-Applicability-End -->
 
 <!-- ShowWindowsStoreAppsOnTaskbar-OmaUri-Begin -->
@@ -814,7 +814,7 @@ This policy setting allows users to see Windows Store apps on the taskbar.
 <!-- TaskbarLockAll-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarLockAll-Applicability-End -->
 
 <!-- TaskbarLockAll-OmaUri-Begin -->
@@ -873,7 +873,7 @@ This policy setting allows you to lock all taskbar settings.
 <!-- TaskbarNoAddRemoveToolbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoAddRemoveToolbar-Applicability-End -->
 
 <!-- TaskbarNoAddRemoveToolbar-OmaUri-Begin -->
@@ -932,7 +932,7 @@ This policy setting allows you to prevent users from adding or removing toolbars
 <!-- TaskbarNoDragToolbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoDragToolbar-Applicability-End -->
 
 <!-- TaskbarNoDragToolbar-OmaUri-Begin -->
@@ -991,7 +991,7 @@ This policy setting allows you to prevent users from rearranging toolbars.
 <!-- TaskbarNoMultimon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoMultimon-Applicability-End -->
 
 <!-- TaskbarNoMultimon-OmaUri-Begin -->
@@ -1050,7 +1050,7 @@ This policy setting allows you to prevent taskbars from being displayed on more
 <!-- TaskbarNoNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoNotification-Applicability-End -->
 
 <!-- TaskbarNoNotification-OmaUri-Begin -->
@@ -1109,7 +1109,7 @@ This policy setting allows you to turn off all notification balloons.
 <!-- TaskbarNoPinnedList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoPinnedList-Applicability-End -->
 
 <!-- TaskbarNoPinnedList-OmaUri-Begin -->
@@ -1172,7 +1172,7 @@ This policy setting allows you to remove pinned programs from the taskbar.
 <!-- TaskbarNoRedock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoRedock-Applicability-End -->
 
 <!-- TaskbarNoRedock-OmaUri-Begin -->
@@ -1231,7 +1231,7 @@ This policy setting allows you to prevent users from moving taskbar to another s
 <!-- TaskbarNoResize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoResize-Applicability-End -->
 
 <!-- TaskbarNoResize-OmaUri-Begin -->
@@ -1290,7 +1290,7 @@ This policy setting allows you to prevent users from resizing the taskbar.
 <!-- TaskbarNoThumbnail-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TaskbarNoThumbnail-Applicability-End -->
 
 <!-- TaskbarNoThumbnail-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index b532bdadd9..efef32bb83 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_tcpip Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- 6to4_Router_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- 6to4_Router_Name-Applicability-End -->
 
 <!-- 6to4_Router_Name-OmaUri-Begin -->
@@ -86,7 +86,7 @@ This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6
 <!-- 6to4_Router_Name_Resolution_Interval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- 6to4_Router_Name_Resolution_Interval-Applicability-End -->
 
 <!-- 6to4_Router_Name_Resolution_Interval-OmaUri-Begin -->
@@ -144,7 +144,7 @@ This policy setting allows you to specify the interval at which the relay name i
 <!-- 6to4_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- 6to4_State-Applicability-End -->
 
 <!-- 6to4_State-OmaUri-Begin -->
@@ -208,7 +208,7 @@ Policy Disabled State: 6to4 is turned off and connectivity with 6to4 won't be av
 <!-- IP_Stateless_Autoconfiguration_Limits_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IP_Stateless_Autoconfiguration_Limits_State-Applicability-End -->
 
 <!-- IP_Stateless_Autoconfiguration_Limits_State-OmaUri-Begin -->
@@ -267,7 +267,7 @@ This policy setting allows you to configure IP Stateless Autoconfiguration Limit
 <!-- IPHTTPS_ClientState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IPHTTPS_ClientState-Applicability-End -->
 
 <!-- IPHTTPS_ClientState-OmaUri-Begin -->
@@ -331,7 +331,7 @@ Policy Disabled State: No IP-HTTPS interfaces are present on the host.
 <!-- ISATAP_Router_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ISATAP_Router_Name-Applicability-End -->
 
 <!-- ISATAP_Router_Name-OmaUri-Begin -->
@@ -389,7 +389,7 @@ This policy setting allows you to specify a router name or Internet Protocol ver
 <!-- ISATAP_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ISATAP_State-Applicability-End -->
 
 <!-- ISATAP_State-OmaUri-Begin -->
@@ -453,7 +453,7 @@ Policy Disabled State: No ISATAP interfaces are present on the host.
 <!-- Teredo_Client_Port-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Client_Port-Applicability-End -->
 
 <!-- Teredo_Client_Port-OmaUri-Begin -->
@@ -511,7 +511,7 @@ This policy setting allows you to select the UDP port the Teredo client will use
 <!-- Teredo_Default_Qualified-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Default_Qualified-Applicability-End -->
 
 <!-- Teredo_Default_Qualified-OmaUri-Begin -->
@@ -571,7 +571,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali
 <!-- Teredo_Refresh_Rate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Refresh_Rate-Applicability-End -->
 
 <!-- Teredo_Refresh_Rate-OmaUri-Begin -->
@@ -632,7 +632,7 @@ This policy setting allows you to configure the Teredo refresh rate.
 <!-- Teredo_Server_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_Server_Name-Applicability-End -->
 
 <!-- Teredo_Server_Name-OmaUri-Begin -->
@@ -690,7 +690,7 @@ This policy setting allows you to specify the name of the Teredo server. This se
 <!-- Teredo_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Teredo_State-Applicability-End -->
 
 <!-- Teredo_State-OmaUri-Begin -->
@@ -756,7 +756,7 @@ Enterprise Client: The Teredo interface is always present, even if the host is o
 <!-- Windows_Scaling_Heuristics_State-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Windows_Scaling_Heuristics_State-Applicability-End -->
 
 <!-- Windows_Scaling_Heuristics_State-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index a372de4237..690350461f 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- TS_AUTO_RECONNECT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_AUTO_RECONNECT-Applicability-End -->
 
 <!-- TS_AUTO_RECONNECT-OmaUri-Begin -->
@@ -89,7 +89,7 @@ If the status is set to Not Configured, automatic reconnection isn't specified a
 <!-- TS_CAMERA_REDIRECTION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CAMERA_REDIRECTION-Applicability-End -->
 
 <!-- TS_CAMERA_REDIRECTION-OmaUri-Begin -->
@@ -150,7 +150,7 @@ By default, Remote Desktop Services allows redirection of video capture devices.
 <!-- TS_CERTIFICATE_TEMPLATE_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CERTIFICATE_TEMPLATE_POLICY-Applicability-End -->
 
 <!-- TS_CERTIFICATE_TEMPLATE_POLICY-OmaUri-Begin -->
@@ -215,7 +215,7 @@ If no certificate can be found that was created with the specified certificate t
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_1-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_1-OmaUri-Begin -->
@@ -279,7 +279,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_2-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_SIGNED_FILES_2-OmaUri-Begin -->
@@ -343,7 +343,7 @@ This policy setting allows you to specify whether users can run Remote Desktop P
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_1-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_1-OmaUri-Begin -->
@@ -402,7 +402,7 @@ This policy setting allows you to specify whether users can run unsigned Remote
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_2-Applicability-End -->
 
 <!-- TS_CLIENT_ALLOW_UNSIGNED_FILES_2-OmaUri-Begin -->
@@ -461,7 +461,7 @@ This policy setting allows you to specify whether users can run unsigned Remote
 <!-- TS_CLIENT_AUDIO-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_AUDIO-Applicability-End -->
 
 <!-- TS_CLIENT_AUDIO-OmaUri-Begin -->
@@ -526,7 +526,7 @@ By default, audio and video playback redirection isn't allowed when connecting t
 <!-- TS_CLIENT_AUDIO_CAPTURE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_AUDIO_CAPTURE-Applicability-End -->
 
 <!-- TS_CLIENT_AUDIO_CAPTURE-OmaUri-Begin -->
@@ -591,7 +591,7 @@ By default, audio recording redirection isn't allowed when connecting to a compu
 <!-- TS_CLIENT_AUDIO_QUALITY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_AUDIO_QUALITY-Applicability-End -->
 
 <!-- TS_CLIENT_AUDIO_QUALITY-OmaUri-Begin -->
@@ -653,7 +653,7 @@ Audio playback quality can be configured on the client computer by using the aud
 <!-- TS_CLIENT_CLIPBOARD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_CLIPBOARD-Applicability-End -->
 
 <!-- TS_CLIENT_CLIPBOARD-OmaUri-Begin -->
@@ -716,7 +716,7 @@ You can use this setting to prevent users from redirecting Clipboard data to and
 <!-- TS_CLIENT_COM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_COM-Applicability-End -->
 
 <!-- TS_CLIENT_COM-OmaUri-Begin -->
@@ -779,7 +779,7 @@ You can use this setting to prevent users from redirecting data to COM port peri
 <!-- TS_CLIENT_DEFAULT_M-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_DEFAULT_M-Applicability-End -->
 
 <!-- TS_CLIENT_DEFAULT_M-OmaUri-Begin -->
@@ -842,7 +842,7 @@ By default, Remote Desktop Services automatically designates the client default
 <!-- TS_CLIENT_DISABLE_HARDWARE_MODE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_DISABLE_HARDWARE_MODE-Applicability-End -->
 
 <!-- TS_CLIENT_DISABLE_HARDWARE_MODE-OmaUri-Begin -->
@@ -897,7 +897,7 @@ This policy setting specifies whether the Remote Desktop Connection can use hard
 <!-- TS_CLIENT_DISABLE_PASSWORD_SAVING_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_DISABLE_PASSWORD_SAVING_1-Applicability-End -->
 
 <!-- TS_CLIENT_DISABLE_PASSWORD_SAVING_1-OmaUri-Begin -->
@@ -956,7 +956,7 @@ Controls whether a user can save passwords using Remote Desktop Connection.
 <!-- TS_CLIENT_LPT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_LPT-Applicability-End -->
 
 <!-- TS_CLIENT_LPT-OmaUri-Begin -->
@@ -1019,7 +1019,7 @@ You can use this setting to prevent users from mapping local LPT ports and redir
 <!-- TS_CLIENT_PNP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_PNP-Applicability-End -->
 
 <!-- TS_CLIENT_PNP-OmaUri-Begin -->
@@ -1085,7 +1085,7 @@ By default, Remote Desktop Services doesn't allow redirection of supported Plug
 <!-- TS_CLIENT_PRINTER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_PRINTER-Applicability-End -->
 
 <!-- TS_CLIENT_PRINTER-OmaUri-Begin -->
@@ -1148,7 +1148,7 @@ You can use this policy setting to prevent users from redirecting print jobs fro
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1-Applicability-End -->
 
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1-OmaUri-Begin -->
@@ -1165,9 +1165,8 @@ This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA
 
 - If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
 
-Note:
-
-You can define this policy setting in the Computer Configuration node or in the User Configuration node.
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node.
 
 - If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
 
@@ -1216,7 +1215,7 @@ If the list contains a string that isn't a certificate thumbprint, it's ignored.
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2-Applicability-End -->
 
 <!-- TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2-OmaUri-Begin -->
@@ -1233,9 +1232,8 @@ This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA
 
 - If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
 
-Note:
-
-You can define this policy setting in the Computer Configuration node or in the User Configuration node.
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node.
 
 - If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
 
@@ -1284,7 +1282,7 @@ If the list contains a string that isn't a certificate thumbprint, it's ignored.
 <!-- TS_CLIENT_TURN_OFF_UDP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_CLIENT_TURN_OFF_UDP-Applicability-End -->
 
 <!-- TS_CLIENT_TURN_OFF_UDP-OmaUri-Begin -->
@@ -1343,7 +1341,7 @@ This policy setting specifies whether the UDP protocol will be used to access se
 <!-- TS_COLORDEPTH-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_COLORDEPTH-Applicability-End -->
 
 <!-- TS_COLORDEPTH-OmaUri-Begin -->
@@ -1415,7 +1413,7 @@ If the client doesn't support at least 16 bits, the connection is terminated.
 <!-- TS_DELETE_ROAMING_USER_PROFILES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_DELETE_ROAMING_USER_PROFILES-Applicability-End -->
 
 <!-- TS_DELETE_ROAMING_USER_PROFILES-OmaUri-Begin -->
@@ -1480,7 +1478,7 @@ This policy setting allows you to limit the size of the entire roaming user prof
 <!-- TS_DISABLE_REMOTE_DESKTOP_WALLPAPER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_DISABLE_REMOTE_DESKTOP_WALLPAPER-Applicability-End -->
 
 <!-- TS_DISABLE_REMOTE_DESKTOP_WALLPAPER-OmaUri-Begin -->
@@ -1543,7 +1541,7 @@ If the status is set to Not Configured, the default behavior applies.
 <!-- TS_DX_USE_FULL_HWGPU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_DX_USE_FULL_HWGPU-Applicability-End -->
 
 <!-- TS_DX_USE_FULL_HWGPU-OmaUri-Begin -->
@@ -1607,7 +1605,7 @@ This policy setting enables system administrators to change the graphics renderi
 <!-- TS_EASY_PRINT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_EASY_PRINT-Applicability-End -->
 
 <!-- TS_EASY_PRINT-OmaUri-Begin -->
@@ -1669,7 +1667,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print
 <!-- TS_EASY_PRINT_User-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_EASY_PRINT_User-Applicability-End -->
 
 <!-- TS_EASY_PRINT_User-OmaUri-Begin -->
@@ -1731,7 +1729,7 @@ This policy setting allows you to specify whether the Remote Desktop Easy Print
 <!-- TS_EnableVirtualGraphics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_EnableVirtualGraphics-Applicability-End -->
 
 <!-- TS_EnableVirtualGraphics-OmaUri-Begin -->
@@ -1796,7 +1794,7 @@ When deployed on an RD Session Host server, RemoteFX delivers a rich user experi
 <!-- TS_FALLBACKPRINTDRIVERTYPE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_FALLBACKPRINTDRIVERTYPE-Applicability-End -->
 
 <!-- TS_FALLBACKPRINTDRIVERTYPE-OmaUri-Begin -->
@@ -1870,7 +1868,7 @@ By default, the RD Session Host server fallback printer driver is disabled. If t
 <!-- TS_FORCIBLE_LOGOFF-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_FORCIBLE_LOGOFF-Applicability-End -->
 
 <!-- TS_FORCIBLE_LOGOFF-OmaUri-Begin -->
@@ -1934,7 +1932,7 @@ This policy is useful when the currently connected administrator doesn't want to
 <!-- TS_GATEWAY_POLICY_AUTH_METHOD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_GATEWAY_POLICY_AUTH_METHOD-Applicability-End -->
 
 <!-- TS_GATEWAY_POLICY_AUTH_METHOD-OmaUri-Begin -->
@@ -1992,7 +1990,7 @@ If you disable or don't configure this policy setting, the authentication method
 <!-- TS_GATEWAY_POLICY_ENABLE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_GATEWAY_POLICY_ENABLE-Applicability-End -->
 
 <!-- TS_GATEWAY_POLICY_ENABLE-OmaUri-Begin -->
@@ -2057,7 +2055,7 @@ To allow users to overwrite this policy setting, select the "Allow users to chan
 <!-- TS_GATEWAY_POLICY_SERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_GATEWAY_POLICY_SERVER-Applicability-End -->
 
 <!-- TS_GATEWAY_POLICY_SERVER-OmaUri-Begin -->
@@ -2119,7 +2117,7 @@ To allow users to overwrite the "Set RD Gateway server address" policy setting a
 <!-- TS_JOIN_SESSION_DIRECTORY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_JOIN_SESSION_DIRECTORY-Applicability-End -->
 
 <!-- TS_JOIN_SESSION_DIRECTORY-OmaUri-Begin -->
@@ -2188,7 +2186,7 @@ Note:
 <!-- TS_KEEP_ALIVE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_KEEP_ALIVE-Applicability-End -->
 
 <!-- TS_KEEP_ALIVE-OmaUri-Begin -->
@@ -2249,7 +2247,7 @@ After an RD Session Host server client loses the connection to an RD Session Hos
 <!-- TS_LICENSE_SECGROUP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSE_SECGROUP-Applicability-End -->
 
 <!-- TS_LICENSE_SECGROUP-OmaUri-Begin -->
@@ -2315,7 +2313,7 @@ By default, the RDS Endpoint Servers group is empty.
 <!-- TS_LICENSE_SERVERS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSE_SERVERS-Applicability-End -->
 
 <!-- TS_LICENSE_SERVERS-OmaUri-Begin -->
@@ -2377,7 +2375,7 @@ This policy setting allows you to specify the order in which an RD Session Host
 <!-- TS_LICENSE_TOOLTIP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSE_TOOLTIP-Applicability-End -->
 
 <!-- TS_LICENSE_TOOLTIP-OmaUri-Begin -->
@@ -2437,7 +2435,7 @@ By default, notifications are displayed on an RD Session Host server after you l
 <!-- TS_LICENSING_MODE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_LICENSING_MODE-Applicability-End -->
 
 <!-- TS_LICENSING_MODE-OmaUri-Begin -->
@@ -2459,6 +2457,9 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
 - If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
 
 - If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.
+
+> [!NOTE]
+> AAD Per User mode is deprecated on Windows 11 and above.
 <!-- TS_LICENSING_MODE-Description-End -->
 
 <!-- TS_LICENSING_MODE-Editable-Begin -->
@@ -2501,7 +2502,7 @@ Per Device licensing mode requires that each device connecting to this RD Sessio
 <!-- TS_MAX_CON_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_MAX_CON_POLICY-Applicability-End -->
 
 <!-- TS_MAX_CON_POLICY-OmaUri-Begin -->
@@ -2566,7 +2567,7 @@ If the status is set to Disabled or Not Configured, limits to the number of conn
 <!-- TS_MAXDISPLAYRES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_MAXDISPLAYRES-Applicability-End -->
 
 <!-- TS_MAXDISPLAYRES-OmaUri-Begin -->
@@ -2624,7 +2625,7 @@ This policy setting allows you to specify the maximum display resolution that ca
 <!-- TS_MAXMONITOR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_MAXMONITOR-Applicability-End -->
 
 <!-- TS_MAXMONITOR-OmaUri-Begin -->
@@ -2682,7 +2683,7 @@ This policy setting allows you to limit the number of monitors that a user can u
 <!-- TS_NoDisconnectMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_NoDisconnectMenu-Applicability-End -->
 
 <!-- TS_NoDisconnectMenu-OmaUri-Begin -->
@@ -2746,7 +2747,7 @@ You can use this policy setting to prevent users from using this familiar method
 <!-- TS_NoSecurityMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_NoSecurityMenu-Applicability-End -->
 
 <!-- TS_NoSecurityMenu-OmaUri-Begin -->
@@ -2805,7 +2806,7 @@ If the status is set to Disabled or Not Configured, Windows Security remains in
 <!-- TS_PreventLicenseUpgrade-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_PreventLicenseUpgrade-Applicability-End -->
 
 <!-- TS_PreventLicenseUpgrade-OmaUri-Begin -->
@@ -2871,7 +2872,7 @@ By default, if the most appropriate RDS CAL isn't available for a connection, a
 <!-- TS_PROMT_CREDS_CLIENT_COMP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_PROMT_CREDS_CLIENT_COMP-Applicability-End -->
 
 <!-- TS_PROMT_CREDS_CLIENT_COMP-OmaUri-Begin -->
@@ -2933,7 +2934,7 @@ This policy setting determines whether a user will be prompted on the client com
 <!-- TS_RADC_DefaultConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RADC_DefaultConnection-Applicability-End -->
 
 <!-- TS_RADC_DefaultConnection-OmaUri-Begin -->
@@ -2996,7 +2997,7 @@ The default connection URL must be configured in the form of< https://contoso.co
 <!-- TS_RDSAppX_WaitForRegistration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RDSAppX_WaitForRegistration-Applicability-End -->
 
 <!-- TS_RDSAppX_WaitForRegistration-OmaUri-Begin -->
@@ -3057,7 +3058,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an
 <!-- TS_RemoteControl_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RemoteControl_1-Applicability-End -->
 
 <!-- TS_RemoteControl_1-OmaUri-Begin -->
@@ -3124,7 +3125,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an
 <!-- TS_RemoteControl_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RemoteControl_2-Applicability-End -->
 
 <!-- TS_RemoteControl_2-OmaUri-Begin -->
@@ -3191,7 +3192,7 @@ By default, when a new user signs in to a computer, the Start screen is shown an
 <!-- TS_RemoteDesktopVirtualGraphics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_RemoteDesktopVirtualGraphics-Applicability-End -->
 
 <!-- TS_RemoteDesktopVirtualGraphics-OmaUri-Begin -->
@@ -3251,7 +3252,7 @@ By default, Remote Desktop Connection sessions that use RemoteFX are optimized f
 <!-- TS_SD_ClustName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SD_ClustName-Applicability-End -->
 
 <!-- TS_SD_ClustName-OmaUri-Begin -->
@@ -3317,7 +3318,7 @@ Note:
 <!-- TS_SD_EXPOSE_ADDRESS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SD_EXPOSE_ADDRESS-Applicability-End -->
 
 <!-- TS_SD_EXPOSE_ADDRESS-OmaUri-Begin -->
@@ -3382,7 +3383,7 @@ Note:
 <!-- TS_SD_Loc-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SD_Loc-Applicability-End -->
 
 <!-- TS_SD_Loc-OmaUri-Begin -->
@@ -3448,7 +3449,7 @@ Note:
 <!-- TS_SECURITY_LAYER_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SECURITY_LAYER_POLICY-Applicability-End -->
 
 <!-- TS_SECURITY_LAYER_POLICY-OmaUri-Begin -->
@@ -3512,7 +3513,7 @@ This policy setting specifies whether to require the use of a specific security
 <!-- TS_SELECT_NETWORK_DETECT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SELECT_NETWORK_DETECT-Applicability-End -->
 
 <!-- TS_SELECT_NETWORK_DETECT-OmaUri-Begin -->
@@ -3576,7 +3577,7 @@ If you disable or don't configure this policy setting, Remote Desktop Protocol w
 <!-- TS_SELECT_TRANSPORT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SELECT_TRANSPORT-Applicability-End -->
 
 <!-- TS_SELECT_TRANSPORT-OmaUri-Begin -->
@@ -3640,7 +3641,7 @@ If the UDP connection isn't successful or if you select "Use only TCP," all of t
 <!-- TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP-Applicability-End -->
 
 <!-- TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP-OmaUri-Begin -->
@@ -3699,7 +3700,7 @@ This policy setting allows you to enable RemoteApp programs to use advanced grap
 <!-- TS_SERVER_AUTH-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_AUTH-Applicability-End -->
 
 <!-- TS_SERVER_AUTH-OmaUri-Begin -->
@@ -3763,7 +3764,7 @@ Don't connect if authentication fails: The client establishes a connection to th
 <!-- TS_SERVER_AVC_HW_ENCODE_PREFERRED-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_AVC_HW_ENCODE_PREFERRED-Applicability-End -->
 
 <!-- TS_SERVER_AVC_HW_ENCODE_PREFERRED-OmaUri-Begin -->
@@ -3818,7 +3819,7 @@ This policy setting lets you enable H.264/AVC hardware encoding support for Remo
 <!-- TS_SERVER_AVC444_MODE_PREFERRED-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_AVC444_MODE_PREFERRED-Applicability-End -->
 
 <!-- TS_SERVER_AVC444_MODE_PREFERRED-OmaUri-Begin -->
@@ -3873,7 +3874,7 @@ This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX
 <!-- TS_SERVER_COMPRESSOR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_COMPRESSOR-Applicability-End -->
 
 <!-- TS_SERVER_COMPRESSOR-OmaUri-Begin -->
@@ -3935,7 +3936,7 @@ You can also choose not to use an RDP compression algorithm. Choosing not to use
 <!-- TS_SERVER_IMAGE_QUALITY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_IMAGE_QUALITY-Applicability-End -->
 
 <!-- TS_SERVER_IMAGE_QUALITY-OmaUri-Begin -->
@@ -3999,7 +4000,7 @@ This policy setting allows you to specify the visual quality for remote users wh
 <!-- TS_SERVER_LEGACY_RFX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_LEGACY_RFX-Applicability-End -->
 
 <!-- TS_SERVER_LEGACY_RFX-OmaUri-Begin -->
@@ -4058,7 +4059,7 @@ This policy setting allows you to configure graphics encoding to use the RemoteF
 <!-- TS_SERVER_PROFILE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_PROFILE-Applicability-End -->
 
 <!-- TS_SERVER_PROFILE-OmaUri-Begin -->
@@ -4121,7 +4122,7 @@ This policy setting allows the administrator to configure the RemoteFX experienc
 <!-- TS_SERVER_VISEXP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_VISEXP-Applicability-End -->
 
 <!-- TS_SERVER_VISEXP-OmaUri-Begin -->
@@ -4181,7 +4182,7 @@ By default, Remote Desktop Services sessions are optimized for rich multimedia,
 <!-- TS_SERVER_WDDM_GRAPHICS_DRIVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_WDDM_GRAPHICS_DRIVER-Applicability-End -->
 
 <!-- TS_SERVER_WDDM_GRAPHICS_DRIVER-OmaUri-Begin -->
@@ -4242,7 +4243,7 @@ For this change to take effect, you must restart Windows.
 <!-- TS_Session_End_On_Limit_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_Session_End_On_Limit_1-Applicability-End -->
 
 <!-- TS_Session_End_On_Limit_1-OmaUri-Begin -->
@@ -4310,7 +4311,7 @@ Time limits are set locally by the server administrator or by using Group Policy
 <!-- TS_Session_End_On_Limit_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_Session_End_On_Limit_2-Applicability-End -->
 
 <!-- TS_Session_End_On_Limit_2-OmaUri-Begin -->
@@ -4378,7 +4379,7 @@ Time limits are set locally by the server administrator or by using Group Policy
 <!-- TS_SESSIONS_Disconnected_Timeout_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Disconnected_Timeout_1-Applicability-End -->
 
 <!-- TS_SESSIONS_Disconnected_Timeout_1-OmaUri-Begin -->
@@ -4443,7 +4444,7 @@ When a session is in a disconnected state, running programs are kept active even
 <!-- TS_SESSIONS_Disconnected_Timeout_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Disconnected_Timeout_2-Applicability-End -->
 
 <!-- TS_SESSIONS_Disconnected_Timeout_2-OmaUri-Begin -->
@@ -4508,7 +4509,7 @@ When a session is in a disconnected state, running programs are kept active even
 <!-- TS_SESSIONS_Idle_Limit_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Idle_Limit_1-Applicability-End -->
 
 <!-- TS_SESSIONS_Idle_Limit_1-OmaUri-Begin -->
@@ -4571,7 +4572,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SESSIONS_Idle_Limit_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Idle_Limit_2-Applicability-End -->
 
 <!-- TS_SESSIONS_Idle_Limit_2-OmaUri-Begin -->
@@ -4634,7 +4635,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SESSIONS_Limits_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Limits_1-Applicability-End -->
 
 <!-- TS_SESSIONS_Limits_1-OmaUri-Begin -->
@@ -4697,7 +4698,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SESSIONS_Limits_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SESSIONS_Limits_2-Applicability-End -->
 
 <!-- TS_SESSIONS_Limits_2-OmaUri-Begin -->
@@ -4760,7 +4761,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
 <!-- TS_SINGLE_SESSION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SINGLE_SESSION-Applicability-End -->
 
 <!-- TS_SINGLE_SESSION-OmaUri-Begin -->
@@ -4821,7 +4822,7 @@ This policy setting allows you to restrict users to a single Remote Desktop Serv
 <!-- TS_SMART_CARD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SMART_CARD-Applicability-End -->
 
 <!-- TS_SMART_CARD-OmaUri-Begin -->
@@ -4883,7 +4884,7 @@ This policy setting allows you to control the redirection of smart card devices
 <!-- TS_START_PROGRAM_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_START_PROGRAM_1-Applicability-End -->
 
 <!-- TS_START_PROGRAM_1-OmaUri-Begin -->
@@ -4951,7 +4952,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess
 <!-- TS_START_PROGRAM_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_START_PROGRAM_2-Applicability-End -->
 
 <!-- TS_START_PROGRAM_2-OmaUri-Begin -->
@@ -5018,7 +5019,7 @@ If the status is set to Disabled or Not Configured, Remote Desktop Services sess
 <!-- TS_TEMP_DELETE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TEMP_DELETE-Applicability-End -->
 
 <!-- TS_TEMP_DELETE-OmaUri-Begin -->
@@ -5084,7 +5085,7 @@ You can use this setting to maintain a user's session-specific temporary folders
 <!-- TS_TEMP_PER_SESSION-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TEMP_PER_SESSION-Applicability-End -->
 
 <!-- TS_TEMP_PER_SESSION-OmaUri-Begin -->
@@ -5147,7 +5148,7 @@ You can use this policy setting to disable the creation of separate temporary fo
 <!-- TS_TIME_ZONE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TIME_ZONE-Applicability-End -->
 
 <!-- TS_TIME_ZONE-OmaUri-Begin -->
@@ -5209,7 +5210,7 @@ This policy setting determines whether the client computer redirects its time zo
 <!-- TS_TSCC_PERMISSIONS_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TSCC_PERMISSIONS_POLICY-Applicability-End -->
 
 <!-- TS_TSCC_PERMISSIONS_POLICY-OmaUri-Begin -->
@@ -5273,7 +5274,7 @@ You can use this setting to prevent administrators from making changes to the us
 <!-- TS_TURNOFF_SINGLEAPP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_TURNOFF_SINGLEAPP-Applicability-End -->
 
 <!-- TS_TURNOFF_SINGLEAPP-OmaUri-Begin -->
@@ -5335,7 +5336,7 @@ This policy setting determines whether the desktop is always displayed after a c
 <!-- TS_UIA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_UIA-Applicability-End -->
 
 <!-- TS_UIA-OmaUri-Begin -->
@@ -5398,7 +5399,7 @@ Remote Desktop sessions don't currently support UI Automation redirection.
 <!-- TS_USB_REDIRECTION_DISABLE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USB_REDIRECTION_DISABLE-Applicability-End -->
 
 <!-- TS_USB_REDIRECTION_DISABLE-OmaUri-Begin -->
@@ -5458,7 +5459,7 @@ For this change to take effect, you must restart Windows.
 <!-- TS_USER_AUTHENTICATION_POLICY-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_AUTHENTICATION_POLICY-Applicability-End -->
 
 <!-- TS_USER_AUTHENTICATION_POLICY-OmaUri-Begin -->
@@ -5524,7 +5525,7 @@ To determine whether a client computer supports Network Level Authentication, st
 <!-- TS_USER_HOME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_HOME-Applicability-End -->
 
 <!-- TS_USER_HOME-OmaUri-Begin -->
@@ -5589,7 +5590,7 @@ If the status is set to Disabled or Not Configured, the user's home directory is
 <!-- TS_USER_MANDATORY_PROFILES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_MANDATORY_PROFILES-Applicability-End -->
 
 <!-- TS_USER_MANDATORY_PROFILES-OmaUri-Begin -->
@@ -5606,9 +5607,8 @@ This policy setting allows you to specify whether Remote Desktop Services uses a
 
 - If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server.
 
-Note:
-
-For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
+> [!NOTE]
+> For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
 <!-- TS_USER_MANDATORY_PROFILES-Description-End -->
 
 <!-- TS_USER_MANDATORY_PROFILES-Editable-Begin -->
@@ -5652,7 +5652,7 @@ For this policy setting to take effect, you must also enable and configure the "
 <!-- TS_USER_PROFILES-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_USER_PROFILES-Applicability-End -->
 
 <!-- TS_USER_PROFILES-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index 8bec5bef40..aa937ea978 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Thumbnails Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableThumbnails-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableThumbnails-Applicability-End -->
 
 <!-- DisableThumbnails-OmaUri-Begin -->
@@ -89,7 +89,7 @@ File Explorer displays thumbnail images by default.
 <!-- DisableThumbnailsOnNetworkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableThumbnailsOnNetworkFolders-Applicability-End -->
 
 <!-- DisableThumbnailsOnNetworkFolders-OmaUri-Begin -->
@@ -150,7 +150,7 @@ File Explorer displays thumbnail images on network folders by default.
 <!-- DisableThumbsDBOnNetworkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableThumbsDBOnNetworkFolders-Applicability-End -->
 
 <!-- DisableThumbsDBOnNetworkFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index a0905b6d96..2442bd1a0c 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_TouchInput Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PanningEverywhereOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PanningEverywhereOff_1-Applicability-End -->
 
 <!-- PanningEverywhereOff_1-OmaUri-Begin -->
@@ -94,7 +94,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co
 <!-- PanningEverywhereOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PanningEverywhereOff_2-Applicability-End -->
 
 <!-- PanningEverywhereOff_2-OmaUri-Begin -->
@@ -160,7 +160,7 @@ Turns off touch panning, which allows users pan inside windows by touch. On a co
 <!-- TouchInputOff_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TouchInputOff_1-Applicability-End -->
 
 <!-- TouchInputOff_1-OmaUri-Begin -->
@@ -226,7 +226,7 @@ Turns off touch input, which allows the user to interact with their computer usi
 <!-- TouchInputOff_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TouchInputOff_2-Applicability-End -->
 
 <!-- TouchInputOff_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index 079119d22b..c0de908883 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_TPM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BlockedCommandsList_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockedCommandsList_Name-Applicability-End -->
 
 <!-- BlockedCommandsList_Name-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows you to manage the Group Policy list of Trusted Platfo
 <!-- ClearTPMIfNotReady_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClearTPMIfNotReady_Name-Applicability-End -->
 
 <!-- ClearTPMIfNotReady_Name-OmaUri-Begin -->
@@ -142,7 +142,7 @@ This policy setting configures the system to prompt the user to clear the TPM if
 <!-- IgnoreDefaultList_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IgnoreDefaultList_Name-Applicability-End -->
 
 <!-- IgnoreDefaultList_Name-OmaUri-Begin -->
@@ -203,7 +203,7 @@ The default list of blocked TPM commands is pre-configured by Windows. You can v
 <!-- IgnoreLocalList_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IgnoreLocalList_Name-Applicability-End -->
 
 <!-- IgnoreLocalList_Name-OmaUri-Begin -->
@@ -264,7 +264,7 @@ The local list of blocked TPM commands is configured outside of Group Policy by
 <!-- OptIntoDSHA_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- OptIntoDSHA_Name-Applicability-End -->
 
 <!-- OptIntoDSHA_Name-OmaUri-Begin -->
@@ -319,7 +319,7 @@ This group policy enables Device Health Attestation reporting (DHA-report) on su
 <!-- OSManagedAuth_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- OSManagedAuth_Name-Applicability-End -->
 
 <!-- OSManagedAuth_Name-OmaUri-Begin -->
@@ -386,7 +386,7 @@ Choose the operating system managed TPM authentication setting of "None" for com
 <!-- StandardUserAuthorizationFailureDuration_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StandardUserAuthorizationFailureDuration_Name-Applicability-End -->
 
 <!-- StandardUserAuthorizationFailureDuration_Name-OmaUri-Begin -->
@@ -457,7 +457,7 @@ If this value isn't configured, a default value of 480 minutes (8 hours) is used
 <!-- StandardUserAuthorizationFailureIndividualThreshold_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StandardUserAuthorizationFailureIndividualThreshold_Name-Applicability-End -->
 
 <!-- StandardUserAuthorizationFailureIndividualThreshold_Name-OmaUri-Begin -->
@@ -530,7 +530,7 @@ A value of zero means the OS won't allow standard users to send commands to the
 <!-- StandardUserAuthorizationFailureTotalThreshold_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- StandardUserAuthorizationFailureTotalThreshold_Name-Applicability-End -->
 
 <!-- StandardUserAuthorizationFailureTotalThreshold_Name-OmaUri-Begin -->
@@ -603,7 +603,7 @@ A value of zero means the OS won't allow standard users to send commands to the
 <!-- UseLegacyDAP_Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UseLegacyDAP_Name-Applicability-End -->
 
 <!-- UseLegacyDAP_Name-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index 93388ebc6f..c89a4542be 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_UserExperienceVirtualization Area in Poli
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Calculator-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Calculator-Applicability-End -->
 
 <!-- Calculator-OmaUri-Begin -->
@@ -95,7 +95,7 @@ By default, the user settings of Calculator synchronize between computers. Use t
 <!-- ConfigureSyncMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureSyncMethod-Applicability-End -->
 
 <!-- ConfigureSyncMethod-OmaUri-Begin -->
@@ -163,7 +163,7 @@ With notifications enabled, UE-V users receive a message when the settings sync
 <!-- ConfigureVdi-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureVdi-Applicability-End -->
 
 <!-- ConfigureVdi-OmaUri-Begin -->
@@ -228,7 +228,7 @@ This policy setting configures the synchronization of User Experience Virtualiza
 <!-- ContactITDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ContactITDescription-Applicability-End -->
 
 <!-- ContactITDescription-OmaUri-Begin -->
@@ -288,7 +288,7 @@ This policy setting specifies the text of the Contact IT URL hyperlink in the Co
 <!-- ContactITUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ContactITUrl-Applicability-End -->
 
 <!-- ContactITUrl-OmaUri-Begin -->
@@ -348,7 +348,7 @@ This policy setting specifies the URL for the Contact IT link in the Company Set
 <!-- DisableWin8Sync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWin8Sync-Applicability-End -->
 
 <!-- DisableWin8Sync-OmaUri-Begin -->
@@ -418,7 +418,7 @@ By default, the UE-V Agent synchronizes settings for Windows apps between the co
 <!-- DisableWindowsOSSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWindowsOSSettings-Applicability-End -->
 
 <!-- DisableWindowsOSSettings-OmaUri-Begin -->
@@ -484,7 +484,7 @@ Certain Windows settings will synchronize between computers by default. These se
 <!-- EnableUEV-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableUEV-Applicability-End -->
 
 <!-- EnableUEV-OmaUri-Begin -->
@@ -539,7 +539,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati
 <!-- Finance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Finance-Applicability-End -->
 
 <!-- Finance-OmaUri-Begin -->
@@ -606,7 +606,7 @@ By default, the user settings of Finance sync between computers. Use the policy
 <!-- FirstUseNotificationEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- FirstUseNotificationEnabled-Applicability-End -->
 
 <!-- FirstUseNotificationEnabled-OmaUri-Begin -->
@@ -669,7 +669,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- Games-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Games-Applicability-End -->
 
 <!-- Games-OmaUri-Begin -->
@@ -736,7 +736,7 @@ By default, the user settings of Games sync between computers. Use the policy se
 <!-- InternetExplorer10-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer10-Applicability-End -->
 
 <!-- InternetExplorer10-OmaUri-Begin -->
@@ -803,7 +803,7 @@ By default, the user settings of Internet Explorer 10 synchronize between comput
 <!-- InternetExplorer11-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer11-Applicability-End -->
 
 <!-- InternetExplorer11-OmaUri-Begin -->
@@ -870,7 +870,7 @@ By default, the user settings of Internet Explorer 11 synchronize between comput
 <!-- InternetExplorer8-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer8-Applicability-End -->
 
 <!-- InternetExplorer8-OmaUri-Begin -->
@@ -937,7 +937,7 @@ By default, the user settings of Internet Explorer 8 synchronize between compute
 <!-- InternetExplorer9-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorer9-Applicability-End -->
 
 <!-- InternetExplorer9-OmaUri-Begin -->
@@ -1004,7 +1004,7 @@ By default, the user settings of Internet Explorer 9 synchronize between compute
 <!-- InternetExplorerCommon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- InternetExplorerCommon-Applicability-End -->
 
 <!-- InternetExplorerCommon-OmaUri-Begin -->
@@ -1070,7 +1070,7 @@ By default, the user settings which are common between the versions of Internet
 <!-- Maps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Maps-Applicability-End -->
 
 <!-- Maps-OmaUri-Begin -->
@@ -1137,7 +1137,7 @@ By default, the user settings of Maps sync between computers. Use the policy set
 <!-- MaxPackageSizeInBytes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MaxPackageSizeInBytes-Applicability-End -->
 
 <!-- MaxPackageSizeInBytes-OmaUri-Begin -->
@@ -1199,7 +1199,7 @@ This policy setting allows you to configure the UE-V Agent to write a warning ev
 <!-- MicrosoftOffice2010Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Access-Applicability-End -->
 
 <!-- MicrosoftOffice2010Access-OmaUri-Begin -->
@@ -1265,7 +1265,7 @@ By default, the user settings of Microsoft Access 2010 synchronize between compu
 <!-- MicrosoftOffice2010Common-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Common-Applicability-End -->
 
 <!-- MicrosoftOffice2010Common-OmaUri-Begin -->
@@ -1330,7 +1330,7 @@ By default, the user settings which are common between the Microsoft Office Suit
 <!-- MicrosoftOffice2010Excel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Excel-Applicability-End -->
 
 <!-- MicrosoftOffice2010Excel-OmaUri-Begin -->
@@ -1396,7 +1396,7 @@ By default, the user settings of Microsoft Excel 2010 synchronize between comput
 <!-- MicrosoftOffice2010InfoPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010InfoPath-Applicability-End -->
 
 <!-- MicrosoftOffice2010InfoPath-OmaUri-Begin -->
@@ -1462,7 +1462,7 @@ By default, the user settings of Microsoft InfoPath 2010 synchronize between com
 <!-- MicrosoftOffice2010Lync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Lync-Applicability-End -->
 
 <!-- MicrosoftOffice2010Lync-OmaUri-Begin -->
@@ -1529,7 +1529,7 @@ By default, the user settings of Microsoft Lync 2010 synchronize between compute
 <!-- MicrosoftOffice2010OneNote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010OneNote-Applicability-End -->
 
 <!-- MicrosoftOffice2010OneNote-OmaUri-Begin -->
@@ -1595,7 +1595,7 @@ By default, the user settings of Microsoft OneNote 2010 synchronize between comp
 <!-- MicrosoftOffice2010Outlook-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Outlook-Applicability-End -->
 
 <!-- MicrosoftOffice2010Outlook-OmaUri-Begin -->
@@ -1661,7 +1661,7 @@ By default, the user settings of Microsoft Outlook 2010 synchronize between comp
 <!-- MicrosoftOffice2010PowerPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010PowerPoint-Applicability-End -->
 
 <!-- MicrosoftOffice2010PowerPoint-OmaUri-Begin -->
@@ -1727,7 +1727,7 @@ By default, the user settings of Microsoft PowerPoint 2010 synchronize between c
 <!-- MicrosoftOffice2010Project-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Project-Applicability-End -->
 
 <!-- MicrosoftOffice2010Project-OmaUri-Begin -->
@@ -1793,7 +1793,7 @@ By default, the user settings of Microsoft Project 2010 synchronize between comp
 <!-- MicrosoftOffice2010Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Publisher-Applicability-End -->
 
 <!-- MicrosoftOffice2010Publisher-OmaUri-Begin -->
@@ -1859,7 +1859,7 @@ By default, the user settings of Microsoft Publisher 2010 synchronize between co
 <!-- MicrosoftOffice2010SharePointDesigner-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010SharePointDesigner-Applicability-End -->
 
 <!-- MicrosoftOffice2010SharePointDesigner-OmaUri-Begin -->
@@ -1925,7 +1925,7 @@ By default, the user settings of Microsoft SharePoint Designer 2010 synchronize
 <!-- MicrosoftOffice2010SharePointWorkspace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010SharePointWorkspace-Applicability-End -->
 
 <!-- MicrosoftOffice2010SharePointWorkspace-OmaUri-Begin -->
@@ -1991,7 +1991,7 @@ By default, the user settings of Microsoft SharePoint Workspace 2010 synchronize
 <!-- MicrosoftOffice2010Visio-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Visio-Applicability-End -->
 
 <!-- MicrosoftOffice2010Visio-OmaUri-Begin -->
@@ -2057,7 +2057,7 @@ By default, the user settings of Microsoft Visio 2010 synchronize between comput
 <!-- MicrosoftOffice2010Word-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2010Word-Applicability-End -->
 
 <!-- MicrosoftOffice2010Word-OmaUri-Begin -->
@@ -2123,7 +2123,7 @@ By default, the user settings of Microsoft Word 2010 synchronize between compute
 <!-- MicrosoftOffice2013Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Access-Applicability-End -->
 
 <!-- MicrosoftOffice2013Access-OmaUri-Begin -->
@@ -2189,7 +2189,7 @@ By default, the user settings of Microsoft Access 2013 synchronize between compu
 <!-- MicrosoftOffice2013AccessBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013AccessBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013AccessBackup-OmaUri-Begin -->
@@ -2255,7 +2255,7 @@ Microsoft Access 2013 has user settings that are backed up instead of synchroniz
 <!-- MicrosoftOffice2013Common-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Common-Applicability-End -->
 
 <!-- MicrosoftOffice2013Common-OmaUri-Begin -->
@@ -2321,7 +2321,7 @@ By default, the user settings which are common between the Microsoft Office Suit
 <!-- MicrosoftOffice2013CommonBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013CommonBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013CommonBackup-OmaUri-Begin -->
@@ -2387,7 +2387,7 @@ Microsoft Office Suite 2013 has user settings which are common between applicati
 <!-- MicrosoftOffice2013Excel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Excel-Applicability-End -->
 
 <!-- MicrosoftOffice2013Excel-OmaUri-Begin -->
@@ -2453,7 +2453,7 @@ By default, the user settings of Microsoft Excel 2013 synchronize between comput
 <!-- MicrosoftOffice2013ExcelBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013ExcelBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013ExcelBackup-OmaUri-Begin -->
@@ -2519,7 +2519,7 @@ Microsoft Excel 2013 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2013InfoPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013InfoPath-Applicability-End -->
 
 <!-- MicrosoftOffice2013InfoPath-OmaUri-Begin -->
@@ -2585,7 +2585,7 @@ By default, the user settings of Microsoft InfoPath 2013 synchronize between com
 <!-- MicrosoftOffice2013InfoPathBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013InfoPathBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013InfoPathBackup-OmaUri-Begin -->
@@ -2651,7 +2651,7 @@ Microsoft InfoPath 2013 has user settings that are backed up instead of synchron
 <!-- MicrosoftOffice2013Lync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Lync-Applicability-End -->
 
 <!-- MicrosoftOffice2013Lync-OmaUri-Begin -->
@@ -2717,7 +2717,7 @@ By default, the user settings of Microsoft Lync 2013 synchronize between compute
 <!-- MicrosoftOffice2013LyncBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013LyncBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013LyncBackup-OmaUri-Begin -->
@@ -2783,7 +2783,7 @@ Microsoft Lync 2013 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice2013OneDriveForBusiness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OneDriveForBusiness-Applicability-End -->
 
 <!-- MicrosoftOffice2013OneDriveForBusiness-OmaUri-Begin -->
@@ -2849,7 +2849,7 @@ By default, the user settings of OneDrive for Business 2013 synchronize between
 <!-- MicrosoftOffice2013OneNote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OneNote-Applicability-End -->
 
 <!-- MicrosoftOffice2013OneNote-OmaUri-Begin -->
@@ -2915,7 +2915,7 @@ By default, the user settings of Microsoft OneNote 2013 synchronize between comp
 <!-- MicrosoftOffice2013OneNoteBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OneNoteBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013OneNoteBackup-OmaUri-Begin -->
@@ -2981,7 +2981,7 @@ Microsoft OneNote 2013 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2013Outlook-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Outlook-Applicability-End -->
 
 <!-- MicrosoftOffice2013Outlook-OmaUri-Begin -->
@@ -3047,7 +3047,7 @@ By default, the user settings of Microsoft Outlook 2013 synchronize between comp
 <!-- MicrosoftOffice2013OutlookBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013OutlookBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013OutlookBackup-OmaUri-Begin -->
@@ -3113,7 +3113,7 @@ Microsoft Outlook 2013 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2013PowerPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013PowerPoint-Applicability-End -->
 
 <!-- MicrosoftOffice2013PowerPoint-OmaUri-Begin -->
@@ -3179,7 +3179,7 @@ By default, the user settings of Microsoft PowerPoint 2013 synchronize between c
 <!-- MicrosoftOffice2013PowerPointBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013PowerPointBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013PowerPointBackup-OmaUri-Begin -->
@@ -3245,7 +3245,7 @@ Microsoft PowerPoint 2013 has user settings that are backed up instead of synchr
 <!-- MicrosoftOffice2013Project-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Project-Applicability-End -->
 
 <!-- MicrosoftOffice2013Project-OmaUri-Begin -->
@@ -3311,7 +3311,7 @@ By default, the user settings of Microsoft Project 2013 synchronize between comp
 <!-- MicrosoftOffice2013ProjectBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013ProjectBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013ProjectBackup-OmaUri-Begin -->
@@ -3377,7 +3377,7 @@ Microsoft Project 2013 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2013Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Publisher-Applicability-End -->
 
 <!-- MicrosoftOffice2013Publisher-OmaUri-Begin -->
@@ -3443,7 +3443,7 @@ By default, the user settings of Microsoft Publisher 2013 synchronize between co
 <!-- MicrosoftOffice2013PublisherBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013PublisherBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013PublisherBackup-OmaUri-Begin -->
@@ -3509,7 +3509,7 @@ Microsoft Publisher 2013 has user settings that are backed up instead of synchro
 <!-- MicrosoftOffice2013SharePointDesigner-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013SharePointDesigner-Applicability-End -->
 
 <!-- MicrosoftOffice2013SharePointDesigner-OmaUri-Begin -->
@@ -3575,7 +3575,7 @@ By default, the user settings of Microsoft SharePoint Designer 2013 synchronize
 <!-- MicrosoftOffice2013SharePointDesignerBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013SharePointDesignerBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013SharePointDesignerBackup-OmaUri-Begin -->
@@ -3641,7 +3641,7 @@ Microsoft SharePoint Designer 2013 has user settings that are backed up instead
 <!-- MicrosoftOffice2013UploadCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013UploadCenter-Applicability-End -->
 
 <!-- MicrosoftOffice2013UploadCenter-OmaUri-Begin -->
@@ -3707,7 +3707,7 @@ By default, the user settings of Microsoft Office 2013 Upload Center synchronize
 <!-- MicrosoftOffice2013Visio-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Visio-Applicability-End -->
 
 <!-- MicrosoftOffice2013Visio-OmaUri-Begin -->
@@ -3773,7 +3773,7 @@ By default, the user settings of Microsoft Visio 2013 synchronize between comput
 <!-- MicrosoftOffice2013VisioBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013VisioBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013VisioBackup-OmaUri-Begin -->
@@ -3839,7 +3839,7 @@ Microsoft Visio 2013 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2013Word-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013Word-Applicability-End -->
 
 <!-- MicrosoftOffice2013Word-OmaUri-Begin -->
@@ -3905,7 +3905,7 @@ By default, the user settings of Microsoft Word 2013 synchronize between compute
 <!-- MicrosoftOffice2013WordBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2013WordBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2013WordBackup-OmaUri-Begin -->
@@ -3971,7 +3971,7 @@ Microsoft Word 2013 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice2016Access-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Access-Applicability-End -->
 
 <!-- MicrosoftOffice2016Access-OmaUri-Begin -->
@@ -4037,7 +4037,7 @@ By default, the user settings of Microsoft Access 2016 synchronize between compu
 <!-- MicrosoftOffice2016AccessBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016AccessBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016AccessBackup-OmaUri-Begin -->
@@ -4103,7 +4103,7 @@ Microsoft Access 2016 has user settings that are backed up instead of synchroniz
 <!-- MicrosoftOffice2016Common-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Common-Applicability-End -->
 
 <!-- MicrosoftOffice2016Common-OmaUri-Begin -->
@@ -4169,7 +4169,7 @@ By default, the user settings which are common between the Microsoft Office Suit
 <!-- MicrosoftOffice2016CommonBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016CommonBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016CommonBackup-OmaUri-Begin -->
@@ -4235,7 +4235,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati
 <!-- MicrosoftOffice2016Excel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Excel-Applicability-End -->
 
 <!-- MicrosoftOffice2016Excel-OmaUri-Begin -->
@@ -4301,7 +4301,7 @@ By default, the user settings of Microsoft Excel 2016 synchronize between comput
 <!-- MicrosoftOffice2016ExcelBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016ExcelBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016ExcelBackup-OmaUri-Begin -->
@@ -4367,7 +4367,7 @@ Microsoft Excel 2016 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2016Lync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Lync-Applicability-End -->
 
 <!-- MicrosoftOffice2016Lync-OmaUri-Begin -->
@@ -4433,7 +4433,7 @@ By default, the user settings of Microsoft Lync 2016 synchronize between compute
 <!-- MicrosoftOffice2016LyncBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016LyncBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016LyncBackup-OmaUri-Begin -->
@@ -4499,7 +4499,7 @@ Microsoft Lync 2016 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice2016OneDriveForBusiness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OneDriveForBusiness-Applicability-End -->
 
 <!-- MicrosoftOffice2016OneDriveForBusiness-OmaUri-Begin -->
@@ -4565,7 +4565,7 @@ By default, the user settings of OneDrive for Business 2016 synchronize between
 <!-- MicrosoftOffice2016OneNote-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OneNote-Applicability-End -->
 
 <!-- MicrosoftOffice2016OneNote-OmaUri-Begin -->
@@ -4631,7 +4631,7 @@ By default, the user settings of Microsoft OneNote 2016 synchronize between comp
 <!-- MicrosoftOffice2016OneNoteBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OneNoteBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016OneNoteBackup-OmaUri-Begin -->
@@ -4697,7 +4697,7 @@ Microsoft OneNote 2016 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2016Outlook-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Outlook-Applicability-End -->
 
 <!-- MicrosoftOffice2016Outlook-OmaUri-Begin -->
@@ -4763,7 +4763,7 @@ By default, the user settings of Microsoft Outlook 2016 synchronize between comp
 <!-- MicrosoftOffice2016OutlookBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016OutlookBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016OutlookBackup-OmaUri-Begin -->
@@ -4829,7 +4829,7 @@ Microsoft Outlook 2016 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2016PowerPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016PowerPoint-Applicability-End -->
 
 <!-- MicrosoftOffice2016PowerPoint-OmaUri-Begin -->
@@ -4895,7 +4895,7 @@ By default, the user settings of Microsoft PowerPoint 2016 synchronize between c
 <!-- MicrosoftOffice2016PowerPointBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016PowerPointBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016PowerPointBackup-OmaUri-Begin -->
@@ -4961,7 +4961,7 @@ Microsoft PowerPoint 2016 has user settings that are backed up instead of synchr
 <!-- MicrosoftOffice2016Project-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Project-Applicability-End -->
 
 <!-- MicrosoftOffice2016Project-OmaUri-Begin -->
@@ -5027,7 +5027,7 @@ By default, the user settings of Microsoft Project 2016 synchronize between comp
 <!-- MicrosoftOffice2016ProjectBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016ProjectBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016ProjectBackup-OmaUri-Begin -->
@@ -5093,7 +5093,7 @@ Microsoft Project 2016 has user settings that are backed up instead of synchroni
 <!-- MicrosoftOffice2016Publisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Publisher-Applicability-End -->
 
 <!-- MicrosoftOffice2016Publisher-OmaUri-Begin -->
@@ -5159,7 +5159,7 @@ By default, the user settings of Microsoft Publisher 2016 synchronize between co
 <!-- MicrosoftOffice2016PublisherBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016PublisherBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016PublisherBackup-OmaUri-Begin -->
@@ -5225,7 +5225,7 @@ Microsoft Publisher 2016 has user settings that are backed up instead of synchro
 <!-- MicrosoftOffice2016UploadCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016UploadCenter-Applicability-End -->
 
 <!-- MicrosoftOffice2016UploadCenter-OmaUri-Begin -->
@@ -5291,7 +5291,7 @@ By default, the user settings of Microsoft Office 2016 Upload Center synchronize
 <!-- MicrosoftOffice2016Visio-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Visio-Applicability-End -->
 
 <!-- MicrosoftOffice2016Visio-OmaUri-Begin -->
@@ -5357,7 +5357,7 @@ By default, the user settings of Microsoft Visio 2016 synchronize between comput
 <!-- MicrosoftOffice2016VisioBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016VisioBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016VisioBackup-OmaUri-Begin -->
@@ -5423,7 +5423,7 @@ Microsoft Visio 2016 has user settings that are backed up instead of synchronizi
 <!-- MicrosoftOffice2016Word-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016Word-Applicability-End -->
 
 <!-- MicrosoftOffice2016Word-OmaUri-Begin -->
@@ -5489,7 +5489,7 @@ By default, the user settings of Microsoft Word 2016 synchronize between compute
 <!-- MicrosoftOffice2016WordBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice2016WordBackup-Applicability-End -->
 
 <!-- MicrosoftOffice2016WordBackup-OmaUri-Begin -->
@@ -5555,7 +5555,7 @@ Microsoft Word 2016 has user settings that are backed up instead of synchronizin
 <!-- MicrosoftOffice365Access2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Access2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Access2013-OmaUri-Begin -->
@@ -5621,7 +5621,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Access2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Access2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Access2016-OmaUri-Begin -->
@@ -5687,7 +5687,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Common2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Common2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Common2013-OmaUri-Begin -->
@@ -5753,7 +5753,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Common2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Common2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Common2016-OmaUri-Begin -->
@@ -5819,7 +5819,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Excel2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Excel2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Excel2013-OmaUri-Begin -->
@@ -5885,7 +5885,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Excel2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Excel2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Excel2016-OmaUri-Begin -->
@@ -5951,7 +5951,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365InfoPath2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365InfoPath2013-Applicability-End -->
 
 <!-- MicrosoftOffice365InfoPath2013-OmaUri-Begin -->
@@ -6017,7 +6017,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Lync2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Lync2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Lync2013-OmaUri-Begin -->
@@ -6083,7 +6083,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Lync2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Lync2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Lync2016-OmaUri-Begin -->
@@ -6149,7 +6149,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365OneNote2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365OneNote2013-Applicability-End -->
 
 <!-- MicrosoftOffice365OneNote2013-OmaUri-Begin -->
@@ -6215,7 +6215,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365OneNote2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365OneNote2016-Applicability-End -->
 
 <!-- MicrosoftOffice365OneNote2016-OmaUri-Begin -->
@@ -6281,7 +6281,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Outlook2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Outlook2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Outlook2013-OmaUri-Begin -->
@@ -6347,7 +6347,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Outlook2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Outlook2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Outlook2016-OmaUri-Begin -->
@@ -6413,7 +6413,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365PowerPoint2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365PowerPoint2013-Applicability-End -->
 
 <!-- MicrosoftOffice365PowerPoint2013-OmaUri-Begin -->
@@ -6479,7 +6479,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365PowerPoint2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365PowerPoint2016-Applicability-End -->
 
 <!-- MicrosoftOffice365PowerPoint2016-OmaUri-Begin -->
@@ -6545,7 +6545,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Project2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Project2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Project2013-OmaUri-Begin -->
@@ -6611,7 +6611,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Project2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Project2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Project2016-OmaUri-Begin -->
@@ -6677,7 +6677,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Publisher2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Publisher2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Publisher2013-OmaUri-Begin -->
@@ -6743,7 +6743,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Publisher2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Publisher2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Publisher2016-OmaUri-Begin -->
@@ -6809,7 +6809,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365SharePointDesigner2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365SharePointDesigner2013-Applicability-End -->
 
 <!-- MicrosoftOffice365SharePointDesigner2013-OmaUri-Begin -->
@@ -6875,7 +6875,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Visio2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Visio2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Visio2013-OmaUri-Begin -->
@@ -6941,7 +6941,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Visio2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Visio2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Visio2016-OmaUri-Begin -->
@@ -7007,7 +7007,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Word2013-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Word2013-Applicability-End -->
 
 <!-- MicrosoftOffice365Word2013-OmaUri-Begin -->
@@ -7073,7 +7073,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- MicrosoftOffice365Word2016-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MicrosoftOffice365Word2016-Applicability-End -->
 
 <!-- MicrosoftOffice365Word2016-OmaUri-Begin -->
@@ -7139,7 +7139,7 @@ Microsoft Office 365 synchronizes certain settings by default without UE-V. If t
 <!-- Music-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Music-Applicability-End -->
 
 <!-- Music-OmaUri-Begin -->
@@ -7206,7 +7206,7 @@ By default, the user settings of Music sync between computers. Use the policy se
 <!-- News-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- News-Applicability-End -->
 
 <!-- News-OmaUri-Begin -->
@@ -7273,7 +7273,7 @@ By default, the user settings of News sync between computers. Use the policy set
 <!-- Notepad-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Notepad-Applicability-End -->
 
 <!-- Notepad-OmaUri-Begin -->
@@ -7340,7 +7340,7 @@ By default, the user settings of Notepad synchronize between computers. Use the
 <!-- Reader-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Reader-Applicability-End -->
 
 <!-- Reader-OmaUri-Begin -->
@@ -7407,7 +7407,7 @@ By default, the user settings of Reader sync between computers. Use the policy s
 <!-- RepositoryTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RepositoryTimeout-Applicability-End -->
 
 <!-- RepositoryTimeout-OmaUri-Begin -->
@@ -7471,7 +7471,7 @@ You can use this setting to override the default value of 2000 milliseconds.
 <!-- SettingsStoragePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SettingsStoragePath-Applicability-End -->
 
 <!-- SettingsStoragePath-OmaUri-Begin -->
@@ -7533,7 +7533,7 @@ This policy setting configures where the settings package files that contain use
 <!-- SettingsTemplateCatalogPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SettingsTemplateCatalogPath-Applicability-End -->
 
 <!-- SettingsTemplateCatalogPath-OmaUri-Begin -->
@@ -7599,7 +7599,7 @@ If you specify a UNC path and check the option to replace the default Microsoft
 <!-- Sports-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Sports-Applicability-End -->
 
 <!-- Sports-OmaUri-Begin -->
@@ -7666,7 +7666,7 @@ By default, the user settings of Sports sync between computers. Use the policy s
 <!-- SyncEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncEnabled-Applicability-End -->
 
 <!-- SyncEnabled-OmaUri-Begin -->
@@ -7725,7 +7725,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati
 <!-- SyncOverMeteredNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncOverMeteredNetwork-Applicability-End -->
 
 <!-- SyncOverMeteredNetwork-OmaUri-Begin -->
@@ -7792,7 +7792,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- SyncOverMeteredNetworkWhenRoaming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncOverMeteredNetworkWhenRoaming-Applicability-End -->
 
 <!-- SyncOverMeteredNetworkWhenRoaming-OmaUri-Begin -->
@@ -7859,7 +7859,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- SyncProviderPingEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncProviderPingEnabled-Applicability-End -->
 
 <!-- SyncProviderPingEnabled-OmaUri-Begin -->
@@ -7924,7 +7924,7 @@ This policy setting allows you to configure the User Experience Virtualization (
 <!-- SyncUnlistedWindows8Apps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SyncUnlistedWindows8Apps-Applicability-End -->
 
 <!-- SyncUnlistedWindows8Apps-OmaUri-Begin -->
@@ -7987,7 +7987,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- Travel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Travel-Applicability-End -->
 
 <!-- Travel-OmaUri-Begin -->
@@ -8054,7 +8054,7 @@ By default, the user settings of Travel sync between computers. Use the policy s
 <!-- TrayIconEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TrayIconEnabled-Applicability-End -->
 
 <!-- TrayIconEnabled-OmaUri-Begin -->
@@ -8113,7 +8113,7 @@ If you don't configure this policy setting, any defined values are deleted.
 <!-- Video-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Video-Applicability-End -->
 
 <!-- Video-OmaUri-Begin -->
@@ -8180,7 +8180,7 @@ By default, the user settings of Video sync between computers. Use the policy se
 <!-- Weather-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Weather-Applicability-End -->
 
 <!-- Weather-OmaUri-Begin -->
@@ -8247,7 +8247,7 @@ By default, the user settings of Weather sync between computers. Use the policy
 <!-- Wordpad-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Wordpad-Applicability-End -->
 
 <!-- Wordpad-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index f3cd36cf4c..df2fd32ecf 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_UserProfiles Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CleanupProfiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CleanupProfiles-Applicability-End -->
 
 <!-- CleanupProfiles-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting allows an administrator to automatically delete user profile
 <!-- DontForceUnloadHive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DontForceUnloadHive-Applicability-End -->
 
 <!-- DontForceUnloadHive-OmaUri-Begin -->
@@ -151,7 +151,7 @@ This policy setting controls whether Windows forcefully unloads the user's regis
 <!-- LeaveAppMgmtData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LeaveAppMgmtData-Applicability-End -->
 
 <!-- LeaveAppMgmtData-OmaUri-Begin -->
@@ -215,7 +215,7 @@ By default Windows deletes all information related to a roaming user (which incl
 <!-- LimitSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LimitSize-Applicability-End -->
 
 <!-- LimitSize-OmaUri-Begin -->
@@ -287,7 +287,7 @@ This policy setting sets the maximum size of each user profile and determines th
 <!-- ProfileErrorAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProfileErrorAction-Applicability-End -->
 
 <!-- ProfileErrorAction-OmaUri-Begin -->
@@ -350,7 +350,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting.
 <!-- SlowLinkTimeOut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SlowLinkTimeOut-Applicability-End -->
 
 <!-- SlowLinkTimeOut-OmaUri-Begin -->
@@ -415,7 +415,7 @@ This policy setting and related policy settings in this folder together define t
 <!-- USER_HOME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- USER_HOME-Applicability-End -->
 
 <!-- USER_HOME-OmaUri-Begin -->
@@ -482,7 +482,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl
 <!-- UserInfoAccessAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- UserInfoAccessAction-Applicability-End -->
 
 <!-- UserInfoAccessAction-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 7688d55e7b..4c34ddc617 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_W32Time Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- W32TIME_POLICY_CONFIG-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_CONFIG-Applicability-End -->
 
 <!-- W32TIME_POLICY_CONFIG-OmaUri-Begin -->
@@ -186,7 +186,7 @@ This parameter controls the frequency at which an event that indicates the numbe
 <!-- W32TIME_POLICY_CONFIGURE_NTPCLIENT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_CONFIGURE_NTPCLIENT-Applicability-End -->
 
 <!-- W32TIME_POLICY_CONFIGURE_NTPCLIENT-OmaUri-Begin -->
@@ -272,7 +272,7 @@ This value is a bitmask that controls events that may be logged to the System lo
 <!-- W32TIME_POLICY_ENABLE_NTPCLIENT-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_ENABLE_NTPCLIENT-Applicability-End -->
 
 <!-- W32TIME_POLICY_ENABLE_NTPCLIENT-OmaUri-Begin -->
@@ -333,7 +333,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer
 <!-- W32TIME_POLICY_ENABLE_NTPSERVER-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- W32TIME_POLICY_ENABLE_NTPSERVER-Applicability-End -->
 
 <!-- W32TIME_POLICY_ENABLE_NTPSERVER-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index 864c2f00fc..2daf25532c 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WCM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WCM_DisablePowerManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCM_DisablePowerManagement-Applicability-End -->
 
 <!-- WCM_DisablePowerManagement-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting specifies that power management is disabled when the machine
 <!-- WCM_EnableSoftDisconnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCM_EnableSoftDisconnect-Applicability-End -->
 
 <!-- WCM_EnableSoftDisconnect-OmaUri-Begin -->
@@ -156,7 +156,7 @@ This policy setting depends on other group policy settings. For example, if 'Min
 <!-- WCM_MinimizeConnections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCM_MinimizeConnections-Applicability-End -->
 
 <!-- WCM_MinimizeConnections-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index 332bf3fb75..14371f71cf 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WDI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WdiDpsScenarioDataSizeLimitPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiDpsScenarioDataSizeLimitPolicy-Applicability-End -->
 
 <!-- WdiDpsScenarioDataSizeLimitPolicy-OmaUri-Begin -->
@@ -91,7 +91,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!-- WdiDpsScenarioExecutionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WdiDpsScenarioExecutionPolicy-Applicability-End -->
 
 <!-- WdiDpsScenarioExecutionPolicy-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index e830e78e1e..97141edb41 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinCal Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- TurnOffWinCal_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffWinCal_1-Applicability-End -->
 
 <!-- TurnOffWinCal_1-OmaUri-Begin -->
@@ -89,7 +89,7 @@ The default is for Windows Calendar to be turned on.
 <!-- TurnOffWinCal_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TurnOffWinCal_2-Applicability-End -->
 
 <!-- TurnOffWinCal_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index 782b870f9c..c7c06a9fc3 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsColorSystem Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ProhibitChangingInstalledProfileList_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProhibitChangingInstalledProfileList_1-Applicability-End -->
 
 <!-- ProhibitChangingInstalledProfileList_1-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting affects the ability of users to install or uninstall color p
 <!-- ProhibitChangingInstalledProfileList_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProhibitChangingInstalledProfileList_2-Applicability-End -->
 
 <!-- ProhibitChangingInstalledProfileList_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 894b258e47..10dcf61ff3 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsConnectNow Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- WCN_DisableWcnUi_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCN_DisableWcnUi_1-Applicability-End -->
 
 <!-- WCN_DisableWcnUi_1-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards.
 <!-- WCN_DisableWcnUi_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCN_DisableWcnUi_2-Applicability-End -->
 
 <!-- WCN_DisableWcnUi_2-OmaUri-Begin -->
@@ -146,7 +146,7 @@ This policy setting prohibits access to Windows Connect Now (WCN) wizards.
 <!-- WCN_EnableRegistrar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WCN_EnableRegistrar-Applicability-End -->
 
 <!-- WCN_EnableRegistrar-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 4a8727e522..33ab184dc5 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CheckSameSourceAndTargetForFRAndDFS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CheckSameSourceAndTargetForFRAndDFS-Applicability-End -->
 
 <!-- CheckSameSourceAndTargetForFRAndDFS-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting allows you to prevent data loss when you change the target l
 <!-- ClassicShell-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ClassicShell-Applicability-End -->
 
 <!-- ClassicShell-OmaUri-Begin -->
@@ -156,7 +156,7 @@ Also, see the "Disable Active Desktop" setting in User Configuration\Administrat
 <!-- ConfirmFileDelete-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfirmFileDelete-Applicability-End -->
 
 <!-- ConfirmFileDelete-OmaUri-Begin -->
@@ -215,7 +215,7 @@ Allows you to have File Explorer display a confirmation dialog whenever a file i
 <!-- DefaultLibrariesLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DefaultLibrariesLocation-Applicability-End -->
 
 <!-- DefaultLibrariesLocation-OmaUri-Begin -->
@@ -277,7 +277,7 @@ This policy setting allows you to specify a location where all default Library d
 <!-- DisableBindDirectlyToPropertySetStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableBindDirectlyToPropertySetStorage-Applicability-End -->
 
 <!-- DisableBindDirectlyToPropertySetStorage-OmaUri-Begin -->
@@ -338,7 +338,7 @@ This disables access to user-defined properties, and properties stored in NTFS s
 <!-- DisableIndexedLibraryExperience-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableIndexedLibraryExperience-Applicability-End -->
 
 <!-- DisableIndexedLibraryExperience-OmaUri-Begin -->
@@ -409,7 +409,7 @@ This policy won't enable users to add unsupported locations to Libraries.
 <!-- DisableKnownFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableKnownFolders-Applicability-End -->
 
 <!-- DisableKnownFolders-OmaUri-Begin -->
@@ -469,7 +469,7 @@ You can specify a known folder using its known folder id or using its canonical
 <!-- DisableSearchBoxSuggestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSearchBoxSuggestions-Applicability-End -->
 
 <!-- DisableSearchBoxSuggestions-OmaUri-Begin -->
@@ -529,7 +529,7 @@ File Explorer shows suggestion pop-ups as users type into the Search Box. These
 <!-- EnableShellShortcutIconRemotePath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableShellShortcutIconRemotePath-Applicability-End -->
 
 <!-- EnableShellShortcutIconRemotePath-OmaUri-Begin -->
@@ -591,7 +591,7 @@ This policy setting determines whether remote paths can be used for file shortcu
 <!-- EnableSmartScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableSmartScreen-Applicability-End -->
 
 <!-- EnableSmartScreen-OmaUri-Begin -->
@@ -622,8 +622,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t
 
 <!-- EnableSmartScreen-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-
-For more information, see [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).
+For more information, see [Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen).
 <!-- EnableSmartScreen-Editable-End -->
 
 <!-- EnableSmartScreen-DFProperties-Begin -->
@@ -663,7 +662,7 @@ For more information, see [Microsoft Defender SmartScreen](/windows/security/thr
 <!-- EnforceShellExtensionSecurity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnforceShellExtensionSecurity-Applicability-End -->
 
 <!-- EnforceShellExtensionSecurity-OmaUri-Begin -->
@@ -724,7 +723,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_
 <!-- ExplorerRibbonStartsMinimized-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ExplorerRibbonStartsMinimized-Applicability-End -->
 
 <!-- ExplorerRibbonStartsMinimized-OmaUri-Begin -->
@@ -787,7 +786,7 @@ This policy setting allows you to specify whether the ribbon appears minimized o
 <!-- HideContentViewModeSnippets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideContentViewModeSnippets-Applicability-End -->
 
 <!-- HideContentViewModeSnippets-OmaUri-Begin -->
@@ -846,7 +845,7 @@ This policy setting allows you to turn off the display of snippets in Content vi
 <!-- IZ_Policy_OpenSearchPreview_Internet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Internet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Internet-OmaUri-Begin -->
@@ -913,7 +912,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_InternetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_InternetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_InternetLockdown-OmaUri-Begin -->
@@ -980,7 +979,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_Intranet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Intranet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Intranet-OmaUri-Begin -->
@@ -1047,7 +1046,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_IntranetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_IntranetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_IntranetLockdown-OmaUri-Begin -->
@@ -1114,7 +1113,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_LocalMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_LocalMachine-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_LocalMachine-OmaUri-Begin -->
@@ -1181,7 +1180,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_LocalMachineLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_LocalMachineLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_LocalMachineLockdown-OmaUri-Begin -->
@@ -1248,7 +1247,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_Restricted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Restricted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Restricted-OmaUri-Begin -->
@@ -1315,7 +1314,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_RestrictedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_RestrictedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_RestrictedLockdown-OmaUri-Begin -->
@@ -1382,7 +1381,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_Trusted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_Trusted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_Trusted-OmaUri-Begin -->
@@ -1449,7 +1448,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchPreview_TrustedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchPreview_TrustedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchPreview_TrustedLockdown-OmaUri-Begin -->
@@ -1516,7 +1515,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
 <!-- IZ_Policy_OpenSearchQuery_Internet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Internet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Internet-OmaUri-Begin -->
@@ -1581,7 +1580,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_InternetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_InternetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_InternetLockdown-OmaUri-Begin -->
@@ -1646,7 +1645,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_Intranet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Intranet-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Intranet-OmaUri-Begin -->
@@ -1711,7 +1710,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_IntranetLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_IntranetLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_IntranetLockdown-OmaUri-Begin -->
@@ -1776,7 +1775,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_LocalMachine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_LocalMachine-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_LocalMachine-OmaUri-Begin -->
@@ -1841,7 +1840,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_LocalMachineLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_LocalMachineLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_LocalMachineLockdown-OmaUri-Begin -->
@@ -1906,7 +1905,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_Restricted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Restricted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Restricted-OmaUri-Begin -->
@@ -1971,7 +1970,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_RestrictedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_RestrictedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_RestrictedLockdown-OmaUri-Begin -->
@@ -2036,7 +2035,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_Trusted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_Trusted-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_Trusted-OmaUri-Begin -->
@@ -2101,7 +2100,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- IZ_Policy_OpenSearchQuery_TrustedLockdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- IZ_Policy_OpenSearchQuery_TrustedLockdown-Applicability-End -->
 
 <!-- IZ_Policy_OpenSearchQuery_TrustedLockdown-OmaUri-Begin -->
@@ -2166,7 +2165,7 @@ This policy setting allows you to manage whether OpenSearch queries in this zone
 <!-- LinkResolveIgnoreLinkInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LinkResolveIgnoreLinkInfo-Applicability-End -->
 
 <!-- LinkResolveIgnoreLinkInfo-OmaUri-Begin -->
@@ -2227,7 +2226,7 @@ Shortcut files typically include an absolute path to the original target file as
 <!-- MaxRecentDocs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MaxRecentDocs-Applicability-End -->
 
 <!-- MaxRecentDocs-OmaUri-Begin -->
@@ -2287,7 +2286,7 @@ The Recent Items menu contains shortcuts to the nonprogram files the user has mo
 <!-- NoBackButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoBackButton-Applicability-End -->
 
 <!-- NoBackButton-OmaUri-Begin -->
@@ -2353,7 +2352,7 @@ To see an example of the standard Open dialog box, start Notepad and, on the Fil
 <!-- NoCacheThumbNailPictures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCacheThumbNailPictures-Applicability-End -->
 
 <!-- NoCacheThumbNailPictures-OmaUri-Begin -->
@@ -2415,7 +2414,7 @@ This policy setting allows you to turn off caching of thumbnail pictures.
 <!-- NoCDBurning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCDBurning-Applicability-End -->
 
 <!-- NoCDBurning-OmaUri-Begin -->
@@ -2477,7 +2476,7 @@ This policy setting allows you to remove CD Burning features. File Explorer allo
 <!-- NoChangeAnimation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChangeAnimation-Applicability-End -->
 
 <!-- NoChangeAnimation-OmaUri-Begin -->
@@ -2538,7 +2537,7 @@ Effects, such as animation, are designed to enhance the user's experience but mi
 <!-- NoChangeKeyboardNavigationIndicators-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoChangeKeyboardNavigationIndicators-Applicability-End -->
 
 <!-- NoChangeKeyboardNavigationIndicators-OmaUri-Begin -->
@@ -2597,7 +2596,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper
 <!-- NoDFSTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDFSTab-Applicability-End -->
 
 <!-- NoDFSTab-OmaUri-Begin -->
@@ -2658,7 +2657,7 @@ This policy setting doesn't prevent users from using other methods to configure
 <!-- NoDrives-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoDrives-Applicability-End -->
 
 <!-- NoDrives-OmaUri-Begin -->
@@ -2725,7 +2724,7 @@ Also, see the "Prevent access to drives from My Computer" policy setting.
 <!-- NoEntireNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoEntireNetwork-Applicability-End -->
 
 <!-- NoEntireNetwork-OmaUri-Begin -->
@@ -2789,7 +2788,7 @@ To remove computers in the user's workgroup or domain from lists of network reso
 <!-- NoFileMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFileMenu-Applicability-End -->
 
 <!-- NoFileMenu-OmaUri-Begin -->
@@ -2846,7 +2845,7 @@ This setting doesn't prevent users from using other methods to perform tasks ava
 <!-- NoFileMRU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFileMRU-Applicability-End -->
 
 <!-- NoFileMRU-OmaUri-Begin -->
@@ -2912,7 +2911,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil
 <!-- NoFolderOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoFolderOptions-Applicability-End -->
 
 <!-- NoFolderOptions-OmaUri-Begin -->
@@ -2973,7 +2972,7 @@ Folder Options allows users to change the way files and folders open, what appea
 <!-- NoHardwareTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoHardwareTab-Applicability-End -->
 
 <!-- NoHardwareTab-OmaUri-Begin -->
@@ -3030,7 +3029,7 @@ This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio
 <!-- NoManageMyComputerVerb-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoManageMyComputerVerb-Applicability-End -->
 
 <!-- NoManageMyComputerVerb-OmaUri-Begin -->
@@ -3092,7 +3091,7 @@ This setting doesn't remove the Computer Management item from the Start menu (St
 <!-- NoMyComputerSharedDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoMyComputerSharedDocuments-Applicability-End -->
 
 <!-- NoMyComputerSharedDocuments-OmaUri-Begin -->
@@ -3156,7 +3155,7 @@ When a Windows client is in a workgroup, a Shared Documents icon appears in the
 <!-- NoNetConnectDisconnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNetConnectDisconnect-Applicability-End -->
 
 <!-- NoNetConnectDisconnect-OmaUri-Begin -->
@@ -3174,9 +3173,7 @@ If you enable this setting, the system removes the Map Network Drive and Disconn
 This setting doesn't prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
 
 > [!NOTE]
-> 
-
-This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
+> This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
 
 > [!NOTE]
 > It's a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
@@ -3223,7 +3220,7 @@ This setting was documented incorrectly on the Explain tab in Group Policy for W
 <!-- NoNewAppAlert-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoNewAppAlert-Applicability-End -->
 
 <!-- NoNewAppAlert-OmaUri-Begin -->
@@ -3280,7 +3277,7 @@ If this group policy is enabled, no notifications will be shown. If the group po
 <!-- NoPlacesBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoPlacesBar-Applicability-End -->
 
 <!-- NoPlacesBar-OmaUri-Begin -->
@@ -3342,7 +3339,7 @@ To see an example of the standard Open dialog box, start Wordpad and, on the Fil
 <!-- NoRecycleFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRecycleFiles-Applicability-End -->
 
 <!-- NoRecycleFiles-OmaUri-Begin -->
@@ -3401,7 +3398,7 @@ When a file or folder is deleted in File Explorer, a copy of the file or folder
 <!-- NoRunAsInstallPrompt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoRunAsInstallPrompt-Applicability-End -->
 
 <!-- NoRunAsInstallPrompt-OmaUri-Begin -->
@@ -3466,7 +3463,7 @@ By default, users aren't prompted for alternate logon credentials when installin
 <!-- NoSearchInternetTryHarderButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSearchInternetTryHarderButton-Applicability-End -->
 
 <!-- NoSearchInternetTryHarderButton-OmaUri-Begin -->
@@ -3526,7 +3523,7 @@ By default, users aren't prompted for alternate logon credentials when installin
 <!-- NoSecurityTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoSecurityTab-Applicability-End -->
 
 <!-- NoSecurityTab-OmaUri-Begin -->
@@ -3585,7 +3582,7 @@ Removes the Security tab from File Explorer.
 <!-- NoShellSearchButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoShellSearchButton-Applicability-End -->
 
 <!-- NoShellSearchButton-OmaUri-Begin -->
@@ -3648,7 +3645,7 @@ This policy setting doesn't affect the Search items on the File Explorer context
 <!-- NoStrCmpLogical-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoStrCmpLogical-Applicability-End -->
 
 <!-- NoStrCmpLogical-OmaUri-Begin -->
@@ -3711,7 +3708,7 @@ This policy setting allows you to have file names sorted literally (as in Window
 <!-- NoViewContextMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoViewContextMenu-Applicability-End -->
 
 <!-- NoViewContextMenu-OmaUri-Begin -->
@@ -3768,7 +3765,7 @@ If you enable this setting, menus don't appear when you right-click the desktop
 <!-- NoViewOnDrive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoViewOnDrive-Applicability-End -->
 
 <!-- NoViewOnDrive-OmaUri-Begin -->
@@ -3833,7 +3830,7 @@ Also, see the "Hide these specified drives in My Computer" setting.
 <!-- NoWindowsHotKeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWindowsHotKeys-Applicability-End -->
 
 <!-- NoWindowsHotKeys-OmaUri-Begin -->
@@ -3894,7 +3891,7 @@ Keyboards with a Windows key provide users with shortcuts to common shell featur
 <!-- NoWorkgroupContents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoWorkgroupContents-Applicability-End -->
 
 <!-- NoWorkgroupContents-OmaUri-Begin -->
@@ -3957,7 +3954,7 @@ To remove network computers from lists of network resources, use the "No Entire
 <!-- PlacesBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PlacesBar-Applicability-End -->
 
 <!-- PlacesBar-OmaUri-Begin -->
@@ -3968,7 +3965,9 @@ To remove network computers from lists of network resources, use the "No Entire
 
 <!-- PlacesBar-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
+Configures the list of items displayed in the Places Bar in the Windows File/Open dialog.
+
+- If you enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
 
 The valid items you may display in the Places Bar are:
 
@@ -3986,7 +3985,7 @@ The list of Common Shell Folders that may be specified:
 
 Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
 
-If you disable or don't configure this setting the default list of items will be displayed in the Places Bar.
+- If you disable or don't configure this setting the default list of items will be displayed in the Places Bar.
 
 > [!NOTE]
 > In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting doesn't apply to the new Windows Vista common dialog box style.
@@ -4032,7 +4031,7 @@ If you disable or don't configure this setting the default list of items will be
 <!-- PromptRunasInstallNetPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PromptRunasInstallNetPath-Applicability-End -->
 
 <!-- PromptRunasInstallNetPath-OmaUri-Begin -->
@@ -4098,7 +4097,7 @@ If the dialog box doesn't appear, the installation proceeds with the current use
 <!-- RecycleBinSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RecycleBinSize-Applicability-End -->
 
 <!-- RecycleBinSize-OmaUri-Begin -->
@@ -4159,7 +4158,7 @@ Limits the percentage of a volume's disk space that can be used to store deleted
 <!-- ShellProtocolProtectedModeTitle_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellProtocolProtectedModeTitle_1-Applicability-End -->
 
 <!-- ShellProtocolProtectedModeTitle_1-OmaUri-Begin -->
@@ -4220,7 +4219,7 @@ This policy setting allows you to configure the amount of functionality that the
 <!-- ShellProtocolProtectedModeTitle_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShellProtocolProtectedModeTitle_2-Applicability-End -->
 
 <!-- ShellProtocolProtectedModeTitle_2-OmaUri-Begin -->
@@ -4281,7 +4280,7 @@ This policy setting allows you to configure the amount of functionality that the
 <!-- ShowHibernateOption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowHibernateOption-Applicability-End -->
 
 <!-- ShowHibernateOption-OmaUri-Begin -->
@@ -4342,7 +4341,7 @@ Shows or hides hibernate from the power options menu.
 <!-- ShowSleepOption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowSleepOption-Applicability-End -->
 
 <!-- ShowSleepOption-OmaUri-Begin -->
@@ -4403,7 +4402,7 @@ Shows or hides sleep from the power options menu.
 <!-- TryHarderPinnedLibrary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TryHarderPinnedLibrary-Applicability-End -->
 
 <!-- TryHarderPinnedLibrary-OmaUri-Begin -->
@@ -4466,7 +4465,7 @@ The first several links will also be pinned to the Start menu. A total of four l
 <!-- TryHarderPinnedOpenSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TryHarderPinnedOpenSearch-Applicability-End -->
 
 <!-- TryHarderPinnedOpenSearch-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index 0c6b7d6c45..9476a4fabb 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsMediaDRM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableOnline-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOnline-Applicability-End -->
 
 <!-- DisableOnline-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index 87267407d6..46150339f6 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsMediaPlayer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ConfigureHTTPProxySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureHTTPProxySettings-Applicability-End -->
 
 <!-- ConfigureHTTPProxySettings-OmaUri-Begin -->
@@ -101,7 +101,7 @@ This policy is ignored if the "Streaming media protocols" policy setting is enab
 <!-- ConfigureMMSProxySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureMMSProxySettings-Applicability-End -->
 
 <!-- ConfigureMMSProxySettings-OmaUri-Begin -->
@@ -172,7 +172,7 @@ This policy setting is ignored if the "Streaming media protocols" policy setting
 <!-- ConfigureRTSPProxySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureRTSPProxySettings-Applicability-End -->
 
 <!-- ConfigureRTSPProxySettings-OmaUri-Begin -->
@@ -241,7 +241,7 @@ The Configure button on the Network tab in the Player isn't available and the pr
 <!-- DisableAutoUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoUpdate-Applicability-End -->
 
 <!-- DisableAutoUpdate-OmaUri-Begin -->
@@ -302,7 +302,7 @@ This policy setting prevents the dialog boxes which allow users to select privac
 <!-- DisableNetworkSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNetworkSettings-Applicability-End -->
 
 <!-- DisableNetworkSettings-OmaUri-Begin -->
@@ -361,7 +361,7 @@ This policy setting allows you to hide the Network tab.
 <!-- DisableSetupFirstUseConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableSetupFirstUseConfiguration-Applicability-End -->
 
 <!-- DisableSetupFirstUseConfiguration-OmaUri-Begin -->
@@ -422,7 +422,7 @@ This policy setting allows you to prevent the anchor window from being displayed
 <!-- DoNotShowAnchor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotShowAnchor-Applicability-End -->
 
 <!-- DoNotShowAnchor-OmaUri-Begin -->
@@ -483,7 +483,7 @@ When this policy isn't configured and the Set and Lock Skin policy is enabled, s
 <!-- DontUseFrameInterpolation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DontUseFrameInterpolation-Applicability-End -->
 
 <!-- DontUseFrameInterpolation-OmaUri-Begin -->
@@ -546,7 +546,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP
 <!-- EnableScreenSaver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableScreenSaver-Applicability-End -->
 
 <!-- EnableScreenSaver-OmaUri-Begin -->
@@ -607,7 +607,7 @@ This policy setting allows a screen saver to interrupt playback.
 <!-- HidePrivacyTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HidePrivacyTab-Applicability-End -->
 
 <!-- HidePrivacyTab-OmaUri-Begin -->
@@ -668,7 +668,7 @@ The default privacy settings are used for the options on the Privacy tab unless
 <!-- HideSecurityTab-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HideSecurityTab-Applicability-End -->
 
 <!-- HideSecurityTab-OmaUri-Begin -->
@@ -727,7 +727,7 @@ This policy setting allows you to hide the Security tab in Windows Media Player.
 <!-- NetworkBuffering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NetworkBuffering-Applicability-End -->
 
 <!-- NetworkBuffering-OmaUri-Begin -->
@@ -792,7 +792,7 @@ The "Use default buffering" and "Buffer" options on the Performance tab in the P
 <!-- PolicyCodecUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PolicyCodecUpdate-Applicability-End -->
 
 <!-- PolicyCodecUpdate-OmaUri-Begin -->
@@ -853,7 +853,7 @@ This policy setting allows you to prevent Windows Media Player from downloading
 <!-- PreventCDDVDMetadataRetrieval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventCDDVDMetadataRetrieval-Applicability-End -->
 
 <!-- PreventCDDVDMetadataRetrieval-OmaUri-Begin -->
@@ -912,7 +912,7 @@ This policy setting allows you to prevent media information for CDs and DVDs fro
 <!-- PreventLibrarySharing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventLibrarySharing-Applicability-End -->
 
 <!-- PreventLibrarySharing-OmaUri-Begin -->
@@ -971,7 +971,7 @@ This policy setting allows you to prevent media sharing from Windows Media Playe
 <!-- PreventMusicFileMetadataRetrieval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventMusicFileMetadataRetrieval-Applicability-End -->
 
 <!-- PreventMusicFileMetadataRetrieval-OmaUri-Begin -->
@@ -1030,7 +1030,7 @@ This policy setting allows you to prevent media information for music files from
 <!-- PreventQuickLaunchShortcut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventQuickLaunchShortcut-Applicability-End -->
 
 <!-- PreventQuickLaunchShortcut-OmaUri-Begin -->
@@ -1089,7 +1089,7 @@ This policy setting allows you to prevent a shortcut for the Player from being a
 <!-- PreventRadioPresetsRetrieval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventRadioPresetsRetrieval-Applicability-End -->
 
 <!-- PreventRadioPresetsRetrieval-OmaUri-Begin -->
@@ -1148,7 +1148,7 @@ This policy setting allows you to prevent radio station presets from being retri
 <!-- PreventWMPDeskTopShortcut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- PreventWMPDeskTopShortcut-Applicability-End -->
 
 <!-- PreventWMPDeskTopShortcut-OmaUri-Begin -->
@@ -1207,7 +1207,7 @@ This policy setting allows you to prevent a shortcut icon for the Player from be
 <!-- SkinLockDown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SkinLockDown-Applicability-End -->
 
 <!-- SkinLockDown-OmaUri-Begin -->
@@ -1270,7 +1270,7 @@ A user has access only to the Player features that are available with the specif
 <!-- WindowsStreamingMediaProtocols-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WindowsStreamingMediaProtocols-Applicability-End -->
 
 <!-- WindowsStreamingMediaProtocols-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 462ba24fcb..3a972ef92a 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsRemoteManagement Area in Policy CS
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisallowKerberos_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowKerberos_1-Applicability-End -->
 
 <!-- DisallowKerberos_1-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- DisallowKerberos_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisallowKerberos_2-Applicability-End -->
 
 <!-- DisallowKerberos_2-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 0303ddaecd..757279b2fc 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WindowsStore Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableAutoDownloadWin8-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableAutoDownloadWin8-Applicability-End -->
 
 <!-- DisableAutoDownloadWin8-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Enables or disables the automatic download of app updates on PCs running Windows
 <!-- DisableOSUpgrade_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOSUpgrade_1-Applicability-End -->
 
 <!-- DisableOSUpgrade_1-OmaUri-Begin -->
@@ -148,7 +148,7 @@ Enables or disables the Store offer to update to the latest version of Windows.
 <!-- DisableOSUpgrade_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOSUpgrade_2-Applicability-End -->
 
 <!-- DisableOSUpgrade_2-OmaUri-Begin -->
@@ -207,7 +207,7 @@ Enables or disables the Store offer to update to the latest version of Windows.
 <!-- RemoveWindowsStore_1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveWindowsStore_1-Applicability-End -->
 
 <!-- RemoveWindowsStore_1-OmaUri-Begin -->
@@ -227,6 +227,8 @@ Denies or allows access to the Store application.
 
 <!-- RemoveWindowsStore_1-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> This policy is not supported on Windows Professional edition, and requires Windows Enterprise or Windows Education to function. For more information, see [Can't disable Microsoft Store in Windows Pro through Group Policy](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
 <!-- RemoveWindowsStore_1-Editable-End -->
 
 <!-- RemoveWindowsStore_1-DFProperties-Begin -->
@@ -266,7 +268,7 @@ Denies or allows access to the Store application.
 <!-- RemoveWindowsStore_2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RemoveWindowsStore_2-Applicability-End -->
 
 <!-- RemoveWindowsStore_2-OmaUri-Begin -->
@@ -286,6 +288,8 @@ Denies or allows access to the Store application.
 
 <!-- RemoveWindowsStore_2-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> This policy is not supported on Windows Professional edition, and requires Windows Enterprise or Windows Education to function. For more information, see [Can't disable Microsoft Store in Windows Pro through Group Policy](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
 <!-- RemoveWindowsStore_2-Editable-End -->
 
 <!-- RemoveWindowsStore_2-DFProperties-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 88222e9dd9..b4561c36e3 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinInit Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisableNamedPipeShutdownPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableNamedPipeShutdownPolicyDescription-Applicability-End -->
 
 <!-- DisableNamedPipeShutdownPolicyDescription-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting controls the legacy remote shutdown interface (named pipe).
 <!-- Hiberboot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Hiberboot-Applicability-End -->
 
 <!-- Hiberboot-OmaUri-Begin -->
@@ -146,7 +146,7 @@ This policy setting controls the use of fast startup.
 <!-- ShutdownTimeoutHungSessionsDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShutdownTimeoutHungSessionsDescription-Applicability-End -->
 
 <!-- ShutdownTimeoutHungSessionsDescription-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index c53065c78d..e9191d0a40 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WinLogon Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CustomShell-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomShell-Applicability-End -->
 
 <!-- CustomShell-OmaUri-Begin -->
@@ -93,7 +93,7 @@ To use this setting, copy your interface program to a network share or to your s
 <!-- DisplayLastLogonInfoDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisplayLastLogonInfoDescription-Applicability-End -->
 
 <!-- DisplayLastLogonInfoDescription-OmaUri-Begin -->
@@ -154,7 +154,7 @@ If you disable or don't configure this setting, messages about the previous logo
 <!-- LogonHoursNotificationPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LogonHoursNotificationPolicyDescription-Applicability-End -->
 
 <!-- LogonHoursNotificationPolicyDescription-OmaUri-Begin -->
@@ -216,7 +216,7 @@ This policy controls whether the logged-on user should be notified when his logo
 <!-- LogonHoursPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LogonHoursPolicyDescription-Applicability-End -->
 
 <!-- LogonHoursPolicyDescription-OmaUri-Begin -->
@@ -281,7 +281,7 @@ If you choose to log off a user, the user can't log on again except during permi
 <!-- ReportCachedLogonPolicyDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ReportCachedLogonPolicyDescription-Applicability-End -->
 
 <!-- ReportCachedLogonPolicyDescription-OmaUri-Begin -->
@@ -344,7 +344,7 @@ If disabled or not configured, no popup will be displayed to the user.
 <!-- SoftwareSASGeneration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SoftwareSASGeneration-Applicability-End -->
 
 <!-- SoftwareSASGeneration-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 84f8a86271..f92cba7883 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Winsrv Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowBlockingAppsAtShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowBlockingAppsAtShutdown-Applicability-End -->
 
 <!-- AllowBlockingAppsAtShutdown-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 51b01f6e05..67f7fd4932 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_wlansvc Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SetCost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetCost-Applicability-End -->
 
 <!-- SetCost-OmaUri-Begin -->
@@ -92,7 +92,7 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th
 <!-- SetPINEnforced-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPINEnforced-Applicability-End -->
 
 <!-- SetPINEnforced-OmaUri-Begin -->
@@ -151,7 +151,7 @@ Conversely it means that Push Button is NOT allowed.
 <!-- SetPINPreferred-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPINPreferred-Applicability-End -->
 
 <!-- SetPINPreferred-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index b4bf212607..8217f78031 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WordWheel Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CustomSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CustomSearch-Applicability-End -->
 
 <!-- CustomSearch-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index c0b857187f..90b757d7e6 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WorkFoldersClient Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- Pol_MachineEnableWorkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_MachineEnableWorkFolders-Applicability-End -->
 
 <!-- Pol_MachineEnableWorkFolders-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting specifies whether Work Folders should be set up automaticall
 <!-- Pol_UserEnableTokenBroker-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_UserEnableTokenBroker-Applicability-End -->
 
 <!-- Pol_UserEnableTokenBroker-OmaUri-Begin -->
@@ -142,7 +142,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti
 <!-- Pol_UserEnableWorkFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Pol_UserEnableWorkFolders-Applicability-End -->
 
 <!-- Pol_UserEnableWorkFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index e9f61c9ac5..3a2751af33 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -4,7 +4,7 @@ description: Learn more about the ADMX_WPN Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- NoCallsDuringQuietHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoCallsDuringQuietHours-Applicability-End -->
 
 <!-- NoCallsDuringQuietHours-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting blocks voice and video calls during Quiet Hours.
 <!-- NoLockScreenToastNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoLockScreenToastNotification-Applicability-End -->
 
 <!-- NoLockScreenToastNotification-OmaUri-Begin -->
@@ -150,7 +150,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- NoQuietHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoQuietHours-Applicability-End -->
 
 <!-- NoQuietHours-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This policy setting turns off Quiet Hours functionality.
 <!-- NoToastNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- NoToastNotification-Applicability-End -->
 
 <!-- NoToastNotification-OmaUri-Begin -->
@@ -280,7 +280,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- QuietHoursDailyBeginMinute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QuietHoursDailyBeginMinute-Applicability-End -->
 
 <!-- QuietHoursDailyBeginMinute-OmaUri-Begin -->
@@ -340,7 +340,7 @@ This policy setting specifies the number of minutes after midnight (local time)
 <!-- QuietHoursDailyEndMinute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- QuietHoursDailyEndMinute-Applicability-End -->
 
 <!-- QuietHoursDailyEndMinute-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 3b93d81859..0d8d931bf2 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -4,7 +4,7 @@ description: Learn more about the ApplicationDefaults Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- DefaultAssociationsConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DefaultAssociationsConfiguration-Applicability-End -->
 
 <!-- DefaultAssociationsConfiguration-OmaUri-Begin -->
@@ -36,20 +36,8 @@ ms.topic: reference
 <!-- DefaultAssociationsConfiguration-OmaUri-End -->
 
 <!-- DefaultAssociationsConfiguration-Description-Begin -->
-<!-- Description-Source-ADMX -->
-This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol default application associations. This file can be created using the DISM tool.
-
-For example:
-
-Dism.exe /Online /Export-DefaultAppAssociations:C:\AppAssoc.txt.
-
-For more information, refer to the DISM documentation on TechNet.
-
-If this group policy is enabled and the client machine is domain-joined, the file will be processed and default associations will be applied at logon time.
-
-If the group policy isn't configured, disabled, or the client machine isn't domain-joined, no default associations will be applied at logon time.
-
-If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protocol associations.
+<!-- Description-Source-DDF-Forced -->
+This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml). The file can be further edited by adding attributes to control how often associations are applied by the policy. The file then needs to be base64 encoded before being added to SyncML. If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
 <!-- DefaultAssociationsConfiguration-Description-End -->
 
 <!-- DefaultAssociationsConfiguration-Editable-Begin -->
@@ -84,54 +72,69 @@ If the policy is enabled, disabled, or not configured, users will still be able
 **Example**:
 
 To create the SyncML, follow these steps:
-<ol>
-<li>Install a few apps and change your defaults.</li>
-<li>From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"</li>
-<li>Take the XML output and put it through your favorite base64 encoder app.</li>
-<li>Paste the base64 encoded XML into the SyncML</li>
-</ol>
 
-Here's an example output from the dism default association export command:
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<DefaultAssociations>
-  <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-  <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-  <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
-  <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
-  <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
-</DefaultAssociations>
-```
+1. Install a few apps and change your defaults.
+1. From an elevated prompt, run `dism /online /export-defaultappassociations:C:\appassoc.xml`. Here's an example output from the dism default association export command:
 
-Here's the base64 encoded result:
+    ```xml
+    <?xml version="1.0" encoding="UTF-8"?>
+    <DefaultAssociations>
+      <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+      <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+      <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
+      <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
+      <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
+    </DefaultAssociations>
+    ```
 
-``` syntax
-PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
-```
-Here's the SyncML example:
+    Starting in Windows 11, version 22H2, two new attributes are available for further customization of the policy. These attributes can be used to change how often the policy associations are applied.
 
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<SyncML xmlns="SYNCML:SYNCML1.1">
-<SyncBody>
-    <Replace>
-      <CmdID>101</CmdID>
-      <Item>
-        <Meta>
-          <Format>chr</Format>
-          <Type>text/plain</Type>
-        </Meta>
-        <Target>
-          <LocURI>./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration</LocURI>
-        </Target>
-        <Data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
-</Data>
-      </Item>
-    </Replace>
-  <Final/>
-  </SyncBody>
-</SyncML>
-```
+    - **Version** attribute for `DefaultAssociations`. This attribute is used to control when **Suggested** associations are applied. Whenever the **Version** value is incremented, a **Suggested** association is applied one time.
+    - **Suggested** attribute for `Association`. The default value is false. If it's false, the **Association** is applied on every sign-in. If it's true, the **Association** is only applied once for the current **DefaultAssociations** Version. When the **Version** is incremented, the **Association** is applied once again, on next sign-in.
+
+    In the following example, the **Association** for `.htm` is applied on first sign-in of the user, and all others are applied on every sign-in. If **Version** is incremented, and the updated file is deployed to the user, the **Association** for `.htm` is applied again:
+
+    ```xml
+    <?xml version="1.0" encoding="UTF-8"?>
+    <DefaultAssociations Version="1" >
+      <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" Suggested="true" />
+      <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+      <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
+      <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
+      <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
+    </DefaultAssociations>
+    ```
+
+1. Take the XML output and put it through your favorite base64 encoder app. Here's the base64 encoded result:
+
+    ```text
+    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
+    ```
+
+1. Paste the base64 encoded XML into the SyncML. Here's the SyncML example:
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8"?>
+    <SyncML xmlns="SYNCML:SYNCML1.1">
+    <SyncBody>
+        <Replace>
+          <CmdID>101</CmdID>
+          <Item>
+            <Meta>
+              <Format>chr</Format>
+              <Type>text/plain</Type>
+            </Meta>
+            <Target>
+              <LocURI>./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration</LocURI>
+            </Target>
+            <Data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
+            </Data>
+          </Item>
+        </Replace>
+      <Final/>
+      </SyncBody>
+    </SyncML>
+    ```
 <!-- DefaultAssociationsConfiguration-Examples-End -->
 
 <!-- DefaultAssociationsConfiguration-End -->
@@ -142,7 +145,7 @@ Here's the SyncML example:
 <!-- EnableAppUriHandlers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableAppUriHandlers-Applicability-End -->
 
 <!-- EnableAppUriHandlers-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index 9286bcdf16..15396470d3 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -4,7 +4,7 @@ description: Learn more about the ApplicationManagement Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAllTrustedApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAllTrustedApps-Applicability-End -->
 
 <!-- AllowAllTrustedApps-OmaUri-Begin -->
@@ -94,7 +94,7 @@ This policy setting allows you to manage the installation of trusted line-of-bus
 <!-- AllowAppStoreAutoUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAppStoreAutoUpdate-Applicability-End -->
 
 <!-- AllowAppStoreAutoUpdate-OmaUri-Begin -->
@@ -158,7 +158,7 @@ Specifies whether automatic update of apps from Microsoft Store are allowed. Mos
 <!-- AllowAutomaticAppArchiving-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowAutomaticAppArchiving-Applicability-End -->
 
 <!-- AllowAutomaticAppArchiving-OmaUri-Begin -->
@@ -228,7 +228,7 @@ This policy setting controls whether the system can archive infrequently used ap
 <!-- AllowDeveloperUnlock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDeveloperUnlock-Applicability-End -->
 
 <!-- AllowDeveloperUnlock-OmaUri-Begin -->
@@ -296,7 +296,7 @@ Allows or denies development of Microsoft Store applications and installing them
 <!-- AllowGameDVR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowGameDVR-Applicability-End -->
 
 <!-- AllowGameDVR-OmaUri-Begin -->
@@ -365,7 +365,7 @@ If the setting is enabled or not configured, then Recording and Broadcasting (st
 <!-- AllowSharedUserAppData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSharedUserAppData-Applicability-End -->
 
 <!-- AllowSharedUserAppData-OmaUri-Begin -->
@@ -435,7 +435,7 @@ Manages a Windows app's ability to share data between users who have installed t
 <!-- AllowStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowStore-Applicability-End -->
 
 <!-- AllowStore-OmaUri-Begin -->
@@ -487,7 +487,7 @@ This policy is deprecated.
 <!-- ApplicationRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ApplicationRestrictions-Applicability-End -->
 
 <!-- ApplicationRestrictions-OmaUri-Begin -->
@@ -526,7 +526,7 @@ This policy is deprecated.
 <!-- BlockNonAdminUserInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- BlockNonAdminUserInstall-Applicability-End -->
 
 <!-- BlockNonAdminUserInstall-OmaUri-Begin -->
@@ -593,7 +593,7 @@ Manages non-Administrator users' ability to install Windows app packages.
 <!-- DisableStoreOriginatedApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisableStoreOriginatedApps-Applicability-End -->
 
 <!-- DisableStoreOriginatedApps-OmaUri-Begin -->
@@ -656,7 +656,7 @@ Disable turns off the launch of all apps from the Microsoft Store that came pre-
 <!-- LaunchAppAfterLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- LaunchAppAfterLogOn-Applicability-End -->
 
 <!-- LaunchAppAfterLogOn-OmaUri-Begin -->
@@ -709,7 +709,7 @@ For this policy to work, the Windows apps need to declare in their manifest that
 <!-- MSIAllowUserControlOverInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MSIAllowUserControlOverInstall-Applicability-End -->
 
 <!-- MSIAllowUserControlOverInstall-OmaUri-Begin -->
@@ -780,7 +780,7 @@ This policy setting is designed for less restrictive environments. It can be use
 <!-- MSIAlwaysInstallWithElevatedPrivileges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MSIAlwaysInstallWithElevatedPrivileges-Applicability-End -->
 
 <!-- MSIAlwaysInstallWithElevatedPrivileges-OmaUri-Begin -->
@@ -857,7 +857,7 @@ This policy setting directs Windows Installer to use elevated permissions when i
 <!-- RequirePrivateStoreOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- RequirePrivateStoreOnly-Applicability-End -->
 
 <!-- RequirePrivateStoreOnly-OmaUri-Begin -->
@@ -928,7 +928,7 @@ Denies access to the retail catalog in the Microsoft Store, but displays the pri
 <!-- RestrictAppDataToSystemVolume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- RestrictAppDataToSystemVolume-Applicability-End -->
 
 <!-- RestrictAppDataToSystemVolume-OmaUri-Begin -->
@@ -995,7 +995,7 @@ Prevent users' app data from moving to another location when an app is moved or
 <!-- RestrictAppToSystemVolume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- RestrictAppToSystemVolume-Applicability-End -->
 
 <!-- RestrictAppToSystemVolume-OmaUri-Begin -->
@@ -1062,7 +1062,7 @@ This policy setting allows you to manage installing Windows apps on additional v
 <!-- ScheduleForceRestartForUpdateFailures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ScheduleForceRestartForUpdateFailures-Applicability-End -->
 
 <!-- ScheduleForceRestartForUpdateFailures-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index cc82ff6965..c80e7472b4 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -4,7 +4,7 @@ description: Learn more about the AppRuntime Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowMicrosoftAccountsToBeOptional-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowMicrosoftAccountsToBeOptional-Applicability-End -->
 
 <!-- AllowMicrosoftAccountsToBeOptional-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 273303fe89..b571cedbad 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -4,7 +4,7 @@ description: Learn more about the AppVirtualization Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowAppVClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowAppVClient-Applicability-End -->
 
 <!-- AllowAppVClient-OmaUri-Begin -->
@@ -83,7 +83,7 @@ This policy setting allows you to enable or disable Microsoft Application Virtua
 <!-- AllowDynamicVirtualization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowDynamicVirtualization-Applicability-End -->
 
 <!-- AllowDynamicVirtualization-OmaUri-Begin -->
@@ -138,7 +138,7 @@ Enables Dynamic Virtualization of supported shell extensions, browser helper obj
 <!-- AllowPackageCleanup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPackageCleanup-Applicability-End -->
 
 <!-- AllowPackageCleanup-OmaUri-Begin -->
@@ -193,7 +193,7 @@ Enables automatic cleanup of appv packages that were added after Windows10 anniv
 <!-- AllowPackageScripts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPackageScripts-Applicability-End -->
 
 <!-- AllowPackageScripts-OmaUri-Begin -->
@@ -248,7 +248,7 @@ Enables scripts defined in the package manifest of configuration files that shou
 <!-- AllowPublishingRefreshUX-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPublishingRefreshUX-Applicability-End -->
 
 <!-- AllowPublishingRefreshUX-OmaUri-Begin -->
@@ -303,7 +303,7 @@ Enables a UX to display to the user when a publishing refresh is performed on th
 <!-- AllowReportingServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowReportingServer-Applicability-End -->
 
 <!-- AllowReportingServer-OmaUri-Begin -->
@@ -368,7 +368,7 @@ Data Block Size: This value specifies the maximum size in bytes to transmit to t
 <!-- AllowRoamingFileExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowRoamingFileExclusions-Applicability-End -->
 
 <!-- AllowRoamingFileExclusions-OmaUri-Begin -->
@@ -422,7 +422,7 @@ Specifies the file paths relative to %userprofile% that don't roam with a user's
 <!-- AllowRoamingRegistryExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowRoamingRegistryExclusions-Applicability-End -->
 
 <!-- AllowRoamingRegistryExclusions-OmaUri-Begin -->
@@ -476,7 +476,7 @@ Specifies the registry paths that don't roam with a user profile. Example usage:
 <!-- AllowStreamingAutoload-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowStreamingAutoload-Applicability-End -->
 
 <!-- AllowStreamingAutoload-OmaUri-Begin -->
@@ -530,7 +530,7 @@ Specifies how new packages should be loaded automatically by App-V on a specific
 <!-- ClientCoexistenceAllowMigrationmode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ClientCoexistenceAllowMigrationmode-Applicability-End -->
 
 <!-- ClientCoexistenceAllowMigrationmode-OmaUri-Begin -->
@@ -585,7 +585,7 @@ Migration mode allows the App-V client to modify shortcuts and FTA's for package
 <!-- IntegrationAllowRootGlobal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntegrationAllowRootGlobal-Applicability-End -->
 
 <!-- IntegrationAllowRootGlobal-OmaUri-Begin -->
@@ -639,7 +639,7 @@ Specifies the location where symbolic links are created to the current version o
 <!-- IntegrationAllowRootUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntegrationAllowRootUser-Applicability-End -->
 
 <!-- IntegrationAllowRootUser-OmaUri-Begin -->
@@ -693,7 +693,7 @@ Specifies the location where symbolic links are created to the current version o
 <!-- PublishingAllowServer1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PublishingAllowServer1-Applicability-End -->
 
 <!-- PublishingAllowServer1-OmaUri-Begin -->
@@ -765,7 +765,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 <!-- PublishingAllowServer2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PublishingAllowServer2-Applicability-End -->
 
 <!-- PublishingAllowServer2-OmaUri-Begin -->
@@ -837,7 +837,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 <!-- PublishingAllowServer3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PublishingAllowServer3-Applicability-End -->
 
 <!-- PublishingAllowServer3-OmaUri-Begin -->
@@ -909,7 +909,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 <!-- PublishingAllowServer4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PublishingAllowServer4-Applicability-End -->
 
 <!-- PublishingAllowServer4-OmaUri-Begin -->
@@ -981,7 +981,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 <!-- PublishingAllowServer5-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PublishingAllowServer5-Applicability-End -->
 
 <!-- PublishingAllowServer5-OmaUri-Begin -->
@@ -1053,7 +1053,7 @@ User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, D
 <!-- StreamingAllowCertificateFilterForClient_SSL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowCertificateFilterForClient_SSL-Applicability-End -->
 
 <!-- StreamingAllowCertificateFilterForClient_SSL-OmaUri-Begin -->
@@ -1107,7 +1107,7 @@ Specifies the path to a valid certificate in the certificate store.
 <!-- StreamingAllowHighCostLaunch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowHighCostLaunch-Applicability-End -->
 
 <!-- StreamingAllowHighCostLaunch-OmaUri-Begin -->
@@ -1162,7 +1162,7 @@ This setting controls whether virtualized applications are launched on Windows 8
 <!-- StreamingAllowLocationProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowLocationProvider-Applicability-End -->
 
 <!-- StreamingAllowLocationProvider-OmaUri-Begin -->
@@ -1216,7 +1216,7 @@ Specifies the CLSID for a compatible implementation of the IAppvPackageLocationP
 <!-- StreamingAllowPackageInstallationRoot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowPackageInstallationRoot-Applicability-End -->
 
 <!-- StreamingAllowPackageInstallationRoot-OmaUri-Begin -->
@@ -1270,7 +1270,7 @@ Specifies directory where all new applications and updates will be installed.
 <!-- StreamingAllowPackageSourceRoot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowPackageSourceRoot-Applicability-End -->
 
 <!-- StreamingAllowPackageSourceRoot-OmaUri-Begin -->
@@ -1324,7 +1324,7 @@ Overrides source location for downloading package content.
 <!-- StreamingAllowReestablishmentInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowReestablishmentInterval-Applicability-End -->
 
 <!-- StreamingAllowReestablishmentInterval-OmaUri-Begin -->
@@ -1378,7 +1378,7 @@ Specifies the number of seconds between attempts to reestablish a dropped sessio
 <!-- StreamingAllowReestablishmentRetries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingAllowReestablishmentRetries-Applicability-End -->
 
 <!-- StreamingAllowReestablishmentRetries-OmaUri-Begin -->
@@ -1432,7 +1432,7 @@ Specifies the number of times to retry a dropped session.
 <!-- StreamingSharedContentStoreMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingSharedContentStoreMode-Applicability-End -->
 
 <!-- StreamingSharedContentStoreMode-OmaUri-Begin -->
@@ -1487,7 +1487,7 @@ Specifies that streamed package contents will be not be saved to the local hard
 <!-- StreamingSupportBranchCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingSupportBranchCache-Applicability-End -->
 
 <!-- StreamingSupportBranchCache-OmaUri-Begin -->
@@ -1542,7 +1542,7 @@ If enabled, the App-V client will support BrancheCache compatible HTTP streaming
 <!-- StreamingVerifyCertificateRevocationList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- StreamingVerifyCertificateRevocationList-Applicability-End -->
 
 <!-- StreamingVerifyCertificateRevocationList-OmaUri-Begin -->
@@ -1597,7 +1597,7 @@ Verifies Server certificate revocation status before streaming using HTTPS.
 <!-- VirtualComponentsAllowList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- VirtualComponentsAllowList-Applicability-End -->
 
 <!-- VirtualComponentsAllowList-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 0a4a89d068..ad924dc539 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -4,7 +4,7 @@ description: Learn more about the AttachmentManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DoNotPreserveZoneInformation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotPreserveZoneInformation-Applicability-End -->
 
 <!-- DoNotPreserveZoneInformation-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting allows you to manage whether Windows marks file attachments
 <!-- HideZoneInfoMechanism-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideZoneInfoMechanism-Applicability-End -->
 
 <!-- HideZoneInfoMechanism-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy setting allows you to manage whether users can manually remove the z
 <!-- NotifyAntivirusPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- NotifyAntivirusPrograms-Applicability-End -->
 
 <!-- NotifyAntivirusPrograms-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 2cad1d5a95..174c8e6dd0 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AccountLogon_AuditCredentialValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditCredentialValidation-Applicability-End -->
 
 <!-- AccountLogon_AuditCredentialValidation-OmaUri-Begin -->
@@ -87,7 +87,7 @@ Volume: High on domain controllers.
 <!-- AccountLogon_AuditKerberosAuthenticationService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditKerberosAuthenticationService-Applicability-End -->
 
 <!-- AccountLogon_AuditKerberosAuthenticationService-OmaUri-Begin -->
@@ -152,7 +152,7 @@ Volume: High on Kerberos Key Distribution Center servers.
 <!-- AccountLogon_AuditKerberosServiceTicketOperations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditKerberosServiceTicketOperations-Applicability-End -->
 
 <!-- AccountLogon_AuditKerberosServiceTicketOperations-OmaUri-Begin -->
@@ -217,7 +217,7 @@ Volume: Low.
 <!-- AccountLogon_AuditOtherAccountLogonEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogon_AuditOtherAccountLogonEvents-Applicability-End -->
 
 <!-- AccountLogon_AuditOtherAccountLogonEvents-OmaUri-Begin -->
@@ -277,7 +277,7 @@ This policy setting allows you to audit events generated by responses to credent
 <!-- AccountLogonLogoff_AuditAccountLockout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditAccountLockout-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditAccountLockout-OmaUri-Begin -->
@@ -338,7 +338,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditGroupMembership-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditGroupMembership-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditGroupMembership-OmaUri-Begin -->
@@ -399,7 +399,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser
 <!-- AccountLogonLogoff_AuditIPsecExtendedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditIPsecExtendedMode-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditIPsecExtendedMode-OmaUri-Begin -->
@@ -464,7 +464,7 @@ Volume: High.
 <!-- AccountLogonLogoff_AuditIPsecMainMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditIPsecMainMode-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditIPsecMainMode-OmaUri-Begin -->
@@ -529,7 +529,7 @@ Volume: High.
 <!-- AccountLogonLogoff_AuditIPsecQuickMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditIPsecQuickMode-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditIPsecQuickMode-OmaUri-Begin -->
@@ -590,7 +590,7 @@ Volume: High.
 <!-- AccountLogonLogoff_AuditLogoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditLogoff-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditLogoff-OmaUri-Begin -->
@@ -655,7 +655,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditLogon-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditLogon-OmaUri-Begin -->
@@ -716,7 +716,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser
 <!-- AccountLogonLogoff_AuditNetworkPolicyServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditNetworkPolicyServer-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditNetworkPolicyServer-OmaUri-Begin -->
@@ -781,7 +781,7 @@ Volume: Medium or High on NPS and IAS server. No volume on other computers.
 <!-- AccountLogonLogoff_AuditOtherLogonLogoffEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditOtherLogonLogoffEvents-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditOtherLogonLogoffEvents-OmaUri-Begin -->
@@ -842,7 +842,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditSpecialLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditSpecialLogon-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditSpecialLogon-OmaUri-Begin -->
@@ -903,7 +903,7 @@ Volume: Low.
 <!-- AccountLogonLogoff_AuditUserDeviceClaims-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountLogonLogoff_AuditUserDeviceClaims-Applicability-End -->
 
 <!-- AccountLogonLogoff_AuditUserDeviceClaims-OmaUri-Begin -->
@@ -964,7 +964,7 @@ Volume: Low on a client computer. Medium on a domain controller or a network ser
 <!-- AccountManagement_AuditApplicationGroupManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditApplicationGroupManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditApplicationGroupManagement-OmaUri-Begin -->
@@ -1029,7 +1029,7 @@ Volume: Low.
 <!-- AccountManagement_AuditComputerAccountManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditComputerAccountManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditComputerAccountManagement-OmaUri-Begin -->
@@ -1094,7 +1094,7 @@ Volume: Low.
 <!-- AccountManagement_AuditDistributionGroupManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditDistributionGroupManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditDistributionGroupManagement-OmaUri-Begin -->
@@ -1162,7 +1162,7 @@ Volume: Low.
 <!-- AccountManagement_AuditOtherAccountManagementEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditOtherAccountManagementEvents-Applicability-End -->
 
 <!-- AccountManagement_AuditOtherAccountManagementEvents-OmaUri-Begin -->
@@ -1223,7 +1223,7 @@ Volume: Low.
 <!-- AccountManagement_AuditSecurityGroupManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditSecurityGroupManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditSecurityGroupManagement-OmaUri-Begin -->
@@ -1288,7 +1288,7 @@ Volume: Low.
 <!-- AccountManagement_AuditUserAccountManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AccountManagement_AuditUserAccountManagement-Applicability-End -->
 
 <!-- AccountManagement_AuditUserAccountManagement-OmaUri-Begin -->
@@ -1353,7 +1353,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditDPAPIActivity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditDPAPIActivity-Applicability-End -->
 
 <!-- DetailedTracking_AuditDPAPIActivity-OmaUri-Begin -->
@@ -1418,7 +1418,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditPNPActivity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditPNPActivity-Applicability-End -->
 
 <!-- DetailedTracking_AuditPNPActivity-OmaUri-Begin -->
@@ -1483,7 +1483,7 @@ Volume: Low.
 <!-- DetailedTracking_AuditProcessCreation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditProcessCreation-Applicability-End -->
 
 <!-- DetailedTracking_AuditProcessCreation-OmaUri-Begin -->
@@ -1548,7 +1548,7 @@ Volume: Depends on how the computer is used.
 <!-- DetailedTracking_AuditProcessTermination-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditProcessTermination-Applicability-End -->
 
 <!-- DetailedTracking_AuditProcessTermination-OmaUri-Begin -->
@@ -1613,7 +1613,7 @@ Volume: Depends on how the computer is used.
 <!-- DetailedTracking_AuditRPCEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditRPCEvents-Applicability-End -->
 
 <!-- DetailedTracking_AuditRPCEvents-OmaUri-Begin -->
@@ -1678,7 +1678,7 @@ Volume: High on RPC servers.
 <!-- DetailedTracking_AuditTokenRightAdjusted-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DetailedTracking_AuditTokenRightAdjusted-Applicability-End -->
 
 <!-- DetailedTracking_AuditTokenRightAdjusted-OmaUri-Begin -->
@@ -1739,7 +1739,7 @@ Volume: High.
 <!-- DSAccess_AuditDetailedDirectoryServiceReplication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDetailedDirectoryServiceReplication-Applicability-End -->
 
 <!-- DSAccess_AuditDetailedDirectoryServiceReplication-OmaUri-Begin -->
@@ -1800,7 +1800,7 @@ Volume: High.
 <!-- DSAccess_AuditDirectoryServiceAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDirectoryServiceAccess-Applicability-End -->
 
 <!-- DSAccess_AuditDirectoryServiceAccess-OmaUri-Begin -->
@@ -1861,7 +1861,7 @@ Volume: High on domain controllers. None on client computers.
 <!-- DSAccess_AuditDirectoryServiceChanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDirectoryServiceChanges-Applicability-End -->
 
 <!-- DSAccess_AuditDirectoryServiceChanges-OmaUri-Begin -->
@@ -1929,7 +1929,7 @@ Volume: High on domain controllers only.
 <!-- DSAccess_AuditDirectoryServiceReplication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DSAccess_AuditDirectoryServiceReplication-Applicability-End -->
 
 <!-- DSAccess_AuditDirectoryServiceReplication-OmaUri-Begin -->
@@ -1994,7 +1994,7 @@ Volume: Medium on domain controllers. None on client computers.
 <!-- ObjectAccess_AuditApplicationGenerated-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditApplicationGenerated-Applicability-End -->
 
 <!-- ObjectAccess_AuditApplicationGenerated-OmaUri-Begin -->
@@ -2055,7 +2055,7 @@ Volume: Depends on the applications that are generating them.
 <!-- ObjectAccess_AuditCentralAccessPolicyStaging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditCentralAccessPolicyStaging-Applicability-End -->
 
 <!-- ObjectAccess_AuditCentralAccessPolicyStaging-OmaUri-Begin -->
@@ -2116,7 +2116,7 @@ Volume: Potentially high on a file server when the proposed policy differs signi
 <!-- ObjectAccess_AuditCertificationServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditCertificationServices-Applicability-End -->
 
 <!-- ObjectAccess_AuditCertificationServices-OmaUri-Begin -->
@@ -2177,7 +2177,7 @@ Volume: Medium or Low on computers running Active Directory Certificate Services
 <!-- ObjectAccess_AuditDetailedFileShare-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditDetailedFileShare-Applicability-End -->
 
 <!-- ObjectAccess_AuditDetailedFileShare-OmaUri-Begin -->
@@ -2245,7 +2245,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileShare-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFileShare-Applicability-End -->
 
 <!-- ObjectAccess_AuditFileShare-OmaUri-Begin -->
@@ -2315,7 +2315,7 @@ Volume: High on a file server or domain controller because of SYSVOL network acc
 <!-- ObjectAccess_AuditFileSystem-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFileSystem-Applicability-End -->
 
 <!-- ObjectAccess_AuditFileSystem-OmaUri-Begin -->
@@ -2383,7 +2383,7 @@ Volume: Depends on how the file system SACLs are configured.
 <!-- ObjectAccess_AuditFilteringPlatformConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFilteringPlatformConnection-Applicability-End -->
 
 <!-- ObjectAccess_AuditFilteringPlatformConnection-OmaUri-Begin -->
@@ -2448,7 +2448,7 @@ Volume: High.
 <!-- ObjectAccess_AuditFilteringPlatformPacketDrop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditFilteringPlatformPacketDrop-Applicability-End -->
 
 <!-- ObjectAccess_AuditFilteringPlatformPacketDrop-OmaUri-Begin -->
@@ -2509,7 +2509,7 @@ Volume: High.
 <!-- ObjectAccess_AuditHandleManipulation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditHandleManipulation-Applicability-End -->
 
 <!-- ObjectAccess_AuditHandleManipulation-OmaUri-Begin -->
@@ -2577,7 +2577,7 @@ Volume: Depends on how SACLs are configured.
 <!-- ObjectAccess_AuditKernelObject-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditKernelObject-Applicability-End -->
 
 <!-- ObjectAccess_AuditKernelObject-OmaUri-Begin -->
@@ -2641,7 +2641,7 @@ Volume: High if auditing access of global system objects is enabled.
 <!-- ObjectAccess_AuditOtherObjectAccessEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditOtherObjectAccessEvents-Applicability-End -->
 
 <!-- ObjectAccess_AuditOtherObjectAccessEvents-OmaUri-Begin -->
@@ -2702,7 +2702,7 @@ Volume: Low.
 <!-- ObjectAccess_AuditRegistry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditRegistry-Applicability-End -->
 
 <!-- ObjectAccess_AuditRegistry-OmaUri-Begin -->
@@ -2770,7 +2770,7 @@ Volume: Depends on how registry SACLs are configured.
 <!-- ObjectAccess_AuditRemovableStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditRemovableStorage-Applicability-End -->
 
 <!-- ObjectAccess_AuditRemovableStorage-OmaUri-Begin -->
@@ -2834,7 +2834,7 @@ This policy setting allows you to audit user attempts to access file system obje
 <!-- ObjectAccess_AuditSAM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ObjectAccess_AuditSAM-Applicability-End -->
 
 <!-- ObjectAccess_AuditSAM-OmaUri-Begin -->
@@ -2902,7 +2902,7 @@ Volume: High on domain controllers. For more information about reducing the numb
 <!-- PolicyChange_AuditAuthenticationPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditAuthenticationPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditAuthenticationPolicyChange-OmaUri-Begin -->
@@ -2970,7 +2970,7 @@ Volume: Low.
 <!-- PolicyChange_AuditAuthorizationPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditAuthorizationPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditAuthorizationPolicyChange-OmaUri-Begin -->
@@ -3035,7 +3035,7 @@ Volume: Low.
 <!-- PolicyChange_AuditFilteringPlatformPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditFilteringPlatformPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditFilteringPlatformPolicyChange-OmaUri-Begin -->
@@ -3100,7 +3100,7 @@ Volume: Low.
 <!-- PolicyChange_AuditMPSSVCRuleLevelPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditMPSSVCRuleLevelPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditMPSSVCRuleLevelPolicyChange-OmaUri-Begin -->
@@ -3165,7 +3165,7 @@ Volume: Low.
 <!-- PolicyChange_AuditOtherPolicyChangeEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditOtherPolicyChangeEvents-Applicability-End -->
 
 <!-- PolicyChange_AuditOtherPolicyChangeEvents-OmaUri-Begin -->
@@ -3226,7 +3226,7 @@ Volume: Low.
 <!-- PolicyChange_AuditPolicyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PolicyChange_AuditPolicyChange-Applicability-End -->
 
 <!-- PolicyChange_AuditPolicyChange-OmaUri-Begin -->
@@ -3290,7 +3290,7 @@ Volume: Low.
 <!-- PrivilegeUse_AuditNonSensitivePrivilegeUse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PrivilegeUse_AuditNonSensitivePrivilegeUse-Applicability-End -->
 
 <!-- PrivilegeUse_AuditNonSensitivePrivilegeUse-OmaUri-Begin -->
@@ -3356,7 +3356,7 @@ Volume: Very High.
 <!-- PrivilegeUse_AuditOtherPrivilegeUseEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PrivilegeUse_AuditOtherPrivilegeUseEvents-Applicability-End -->
 
 <!-- PrivilegeUse_AuditOtherPrivilegeUseEvents-OmaUri-Begin -->
@@ -3416,7 +3416,7 @@ Not used.
 <!-- PrivilegeUse_AuditSensitivePrivilegeUse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PrivilegeUse_AuditSensitivePrivilegeUse-Applicability-End -->
 
 <!-- PrivilegeUse_AuditSensitivePrivilegeUse-OmaUri-Begin -->
@@ -3481,7 +3481,7 @@ Volume: High.
 <!-- System_AuditIPsecDriver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditIPsecDriver-Applicability-End -->
 
 <!-- System_AuditIPsecDriver-OmaUri-Begin -->
@@ -3546,7 +3546,7 @@ Volume: Low.
 <!-- System_AuditOtherSystemEvents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditOtherSystemEvents-Applicability-End -->
 
 <!-- System_AuditOtherSystemEvents-OmaUri-Begin -->
@@ -3607,7 +3607,7 @@ Volume: Low.
 <!-- System_AuditSecurityStateChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditSecurityStateChange-Applicability-End -->
 
 <!-- System_AuditSecurityStateChange-OmaUri-Begin -->
@@ -3668,7 +3668,7 @@ Volume: Low.
 <!-- System_AuditSecuritySystemExtension-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditSecuritySystemExtension-Applicability-End -->
 
 <!-- System_AuditSecuritySystemExtension-OmaUri-Begin -->
@@ -3733,7 +3733,7 @@ Volume: Low. Security system extension events are generated more often on a doma
 <!-- System_AuditSystemIntegrity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1039] and later <br> ✅ Windows 10, version 1809 [10.0.17763.774] and later <br> ✅ Windows 10, version 1903 [10.0.18362.329] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- System_AuditSystemIntegrity-Applicability-End -->
 
 <!-- System_AuditSystemIntegrity-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index f89819c7ab..1a51901f9e 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -4,7 +4,7 @@ description: Learn more about the Authentication Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowAadPasswordReset-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowAadPasswordReset-Applicability-End -->
 
 <!-- AllowAadPasswordReset-OmaUri-Begin -->
@@ -79,7 +79,7 @@ This policy allows the Azure Active Directory (Azure AD) tenant administrator to
 <!-- AllowEAPCertSSO-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowEAPCertSSO-Applicability-End -->
 
 <!-- AllowEAPCertSSO-OmaUri-Begin -->
@@ -128,7 +128,7 @@ Allows an EAP cert-based authentication for a single sign on (SSO) to access int
 <!-- AllowFastReconnect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowFastReconnect-Applicability-End -->
 
 <!-- AllowFastReconnect-OmaUri-Begin -->
@@ -177,7 +177,7 @@ Allows EAP Fast Reconnect from being attempted for EAP Method TLS. Most restrict
 <!-- AllowSecondaryAuthenticationDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowSecondaryAuthenticationDevice-Applicability-End -->
 
 <!-- AllowSecondaryAuthenticationDevice-OmaUri-Begin -->
@@ -244,7 +244,7 @@ This policy allows users to use a companion device, such as a phone, fitness ban
 <!-- ConfigureWebcamAccessDomainNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureWebcamAccessDomainNames-Applicability-End -->
 
 <!-- ConfigureWebcamAccessDomainNames-OmaUri-Begin -->
@@ -293,7 +293,7 @@ Your organization federates to "Contoso IDP" and your web sign-in portal at `sig
 <!-- ConfigureWebSignInAllowedUrls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.2145] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.2145] and later |
 <!-- ConfigureWebSignInAllowedUrls-Applicability-End -->
 
 <!-- ConfigureWebSignInAllowedUrls-OmaUri-Begin -->
@@ -347,7 +347,7 @@ Your organization's PIN reset or web sign-in authentication flow is expected to
 <!-- EnableFastFirstSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- EnableFastFirstSignIn-Applicability-End -->
 
 <!-- EnableFastFirstSignIn-OmaUri-Begin -->
@@ -402,7 +402,7 @@ This policy is intended for use on Shared PCs to enable a quick first sign-in ex
 <!-- EnablePasswordlessExperience-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- EnablePasswordlessExperience-Applicability-End -->
 
 <!-- EnablePasswordlessExperience-OmaUri-Begin -->
@@ -452,7 +452,7 @@ Specifies whether connected users on AADJ devices receive a Passwordless experie
 <!-- EnableWebSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- EnableWebSignIn-Applicability-End -->
 
 <!-- EnableWebSignIn-OmaUri-Begin -->
@@ -510,7 +510,7 @@ Specifies whether web-based sign-in is allowed for signing in to Windows.
 <!-- PreferredAadTenantDomainName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- PreferredAadTenantDomainName-Applicability-End -->
 
 <!-- PreferredAadTenantDomainName-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index b5b2859f9f..fbf76ab56a 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -4,7 +4,7 @@ description: Learn more about the Autoplay Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisallowAutoplayForNonVolumeDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisallowAutoplayForNonVolumeDevices-Applicability-End -->
 
 <!-- DisallowAutoplayForNonVolumeDevices-OmaUri-Begin -->
@@ -91,7 +91,7 @@ This policy setting disallows AutoPlay for MTP devices like cameras or phones.
 <!-- SetDefaultAutoRunBehavior-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetDefaultAutoRunBehavior-Applicability-End -->
 
 <!-- SetDefaultAutoRunBehavior-OmaUri-Begin -->
@@ -161,7 +161,7 @@ a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista b
 <!-- TurnOffAutoPlay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TurnOffAutoPlay-Applicability-End -->
 
 <!-- TurnOffAutoPlay-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 25e1f03451..bdc7ed5eee 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -4,7 +4,7 @@ description: Learn more about the Bitlocker Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/09/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EncryptionMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EncryptionMethod-Applicability-End -->
 
 <!-- EncryptionMethod-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index f9002b94a5..b1d3449ae2 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -4,7 +4,7 @@ description: Learn more about the BITS Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- BandwidthThrottlingEndTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- BandwidthThrottlingEndTime-Applicability-End -->
 
 <!-- BandwidthThrottlingEndTime-OmaUri-Begin -->
@@ -92,7 +92,7 @@ Consider using this setting to prevent BITS transfers from competing for network
 <!-- BandwidthThrottlingStartTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- BandwidthThrottlingStartTime-Applicability-End -->
 
 <!-- BandwidthThrottlingStartTime-OmaUri-Begin -->
@@ -158,7 +158,7 @@ Consider using this setting to prevent BITS transfers from competing for network
 <!-- BandwidthThrottlingTransferRate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- BandwidthThrottlingTransferRate-Applicability-End -->
 
 <!-- BandwidthThrottlingTransferRate-OmaUri-Begin -->
@@ -224,7 +224,7 @@ Consider using this setting to prevent BITS transfers from competing for network
 <!-- CostedNetworkBehaviorBackgroundPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- CostedNetworkBehaviorBackgroundPriority-Applicability-End -->
 
 <!-- CostedNetworkBehaviorBackgroundPriority-OmaUri-Begin -->
@@ -317,7 +317,7 @@ For example, you can specify that background jobs are by default to transfer onl
 <!-- CostedNetworkBehaviorForegroundPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- CostedNetworkBehaviorForegroundPriority-Applicability-End -->
 
 <!-- CostedNetworkBehaviorForegroundPriority-OmaUri-Begin -->
@@ -410,7 +410,7 @@ For example, you can specify that background jobs are by default to transfer onl
 <!-- JobInactivityTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- JobInactivityTimeout-Applicability-End -->
 
 <!-- JobInactivityTimeout-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index fdfb7dee5d..03ee87d6ff 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -4,7 +4,7 @@ description: Learn more about the Bluetooth Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAdvertising-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowAdvertising-Applicability-End -->
 
 <!-- AllowAdvertising-OmaUri-Begin -->
@@ -75,7 +75,7 @@ Specifies whether the device can send out Bluetooth advertisements. If this isn'
 <!-- AllowDiscoverableMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDiscoverableMode-Applicability-End -->
 
 <!-- AllowDiscoverableMode-OmaUri-Begin -->
@@ -124,7 +124,7 @@ Specifies whether other Bluetooth-enabled devices can discover the device. If th
 <!-- AllowPrepairing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowPrepairing-Applicability-End -->
 
 <!-- AllowPrepairing-OmaUri-Begin -->
@@ -173,7 +173,7 @@ Specifies whether to allow specific bundled Bluetooth peripherals to automatical
 <!-- AllowPromptedProximalConnections-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowPromptedProximalConnections-Applicability-End -->
 
 <!-- AllowPromptedProximalConnections-OmaUri-Begin -->
@@ -222,7 +222,7 @@ This policy allows the IT admin to block users on these managed devices from usi
 <!-- LocalDeviceName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- LocalDeviceName-Applicability-End -->
 
 <!-- LocalDeviceName-OmaUri-Begin -->
@@ -261,7 +261,7 @@ Sets the local Bluetooth device name. If this is set, the value that it's set to
 <!-- ServicesAllowedList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ServicesAllowedList-Applicability-End -->
 
 <!-- ServicesAllowedList-OmaUri-Begin -->
@@ -301,7 +301,7 @@ Set a list of allowable services and profiles. String hex formatted array of Blu
 <!-- SetMinimumEncryptionKeySize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- SetMinimumEncryptionKeySize-Applicability-End -->
 
 <!-- SetMinimumEncryptionKeySize-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 8baca30d66..16d4f87720 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -4,7 +4,7 @@ description: Learn more about the Browser Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowAddressBarDropdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowAddressBarDropdown-Applicability-End -->
 
 <!-- AllowAddressBarDropdown-OmaUri-Begin -->
@@ -102,7 +102,7 @@ This policy setting lets you decide whether the Address bar drop-down functional
 <!-- AllowAutofill-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAutofill-Applicability-End -->
 
 <!-- AllowAutofill-OmaUri-Begin -->
@@ -185,7 +185,7 @@ To verify AllowAutofill is set to 0 (not allowed):
 <!-- AllowBrowser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowBrowser-Applicability-End -->
 
 <!-- AllowBrowser-OmaUri-Begin -->
@@ -238,7 +238,7 @@ This policy is deprecated.
 <!-- AllowConfigurationUpdateForBooksLibrary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowConfigurationUpdateForBooksLibrary-Applicability-End -->
 
 <!-- AllowConfigurationUpdateForBooksLibrary-OmaUri-Begin -->
@@ -291,7 +291,7 @@ This policy setting lets you decide whether Microsoft Edge can automatically upd
 <!-- AllowCookies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowCookies-Applicability-End -->
 
 <!-- AllowCookies-OmaUri-Begin -->
@@ -376,7 +376,7 @@ To verify AllowCookies is set to 0 (not allowed):
 <!-- AllowDeveloperTools-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- AllowDeveloperTools-Applicability-End -->
 
 <!-- AllowDeveloperTools-OmaUri-Begin -->
@@ -447,7 +447,7 @@ This policy setting lets you decide whether F12 Developer Tools are available on
 <!-- AllowDoNotTrack-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDoNotTrack-Applicability-End -->
 
 <!-- AllowDoNotTrack-OmaUri-Begin -->
@@ -527,7 +527,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
 <!-- AllowExtensions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowExtensions-Applicability-End -->
 
 <!-- AllowExtensions-OmaUri-Begin -->
@@ -598,7 +598,7 @@ This setting lets you decide whether employees can load extensions in Microsoft
 <!-- AllowFlash-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowFlash-Applicability-End -->
 
 <!-- AllowFlash-OmaUri-Begin -->
@@ -669,7 +669,7 @@ This setting lets you decide whether employees can run Adobe Flash in Microsoft
 <!-- AllowFlashClickToRun-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowFlashClickToRun-Applicability-End -->
 
 <!-- AllowFlashClickToRun-OmaUri-Begin -->
@@ -738,7 +738,7 @@ Sites get onto the auto-allowed list based on user feedback, specifically by how
 <!-- AllowFullScreenMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowFullScreenMode-Applicability-End -->
 
 <!-- AllowFullScreenMode-OmaUri-Begin -->
@@ -809,7 +809,7 @@ If disabled, full-screen mode is unavailable for use in Microsoft Edge.
 <!-- AllowInPrivate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- AllowInPrivate-Applicability-End -->
 
 <!-- AllowInPrivate-OmaUri-Begin -->
@@ -880,7 +880,7 @@ This policy setting lets you decide whether employees can browse using InPrivate
 <!-- AllowMicrosoftCompatibilityList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowMicrosoftCompatibilityList-Applicability-End -->
 
 <!-- AllowMicrosoftCompatibilityList-OmaUri-Begin -->
@@ -951,7 +951,7 @@ This policy setting lets you decide whether to use the Microsoft Compatibility L
 <!-- AllowPasswordManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- AllowPasswordManager-Applicability-End -->
 
 <!-- AllowPasswordManager-OmaUri-Begin -->
@@ -1029,7 +1029,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
 <!-- AllowPopups-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowPopups-Applicability-End -->
 
 <!-- AllowPopups-OmaUri-Begin -->
@@ -1107,7 +1107,7 @@ To verify AllowPopups is set to 0 (not allowed):
 <!-- AllowPrelaunch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowPrelaunch-Applicability-End -->
 
 <!-- AllowPrelaunch-OmaUri-Begin -->
@@ -1177,7 +1177,7 @@ If you prevent pre-launch, Microsoft Edge won't pre-launch during Windows sign i
 <!-- AllowPrinting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowPrinting-Applicability-End -->
 
 <!-- AllowPrinting-OmaUri-Begin -->
@@ -1248,7 +1248,7 @@ If disabled, printing isn't allowed.
 <!-- AllowSavingHistory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowSavingHistory-Applicability-End -->
 
 <!-- AllowSavingHistory-OmaUri-Begin -->
@@ -1319,7 +1319,7 @@ If disabled, the browsing history stops saving and isn't visible in the History
 <!-- AllowSearchEngineCustomization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowSearchEngineCustomization-Applicability-End -->
 
 <!-- AllowSearchEngineCustomization-OmaUri-Begin -->
@@ -1396,7 +1396,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
 <!-- AllowSearchSuggestionsinAddressBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSearchSuggestionsinAddressBar-Applicability-End -->
 
 <!-- AllowSearchSuggestionsinAddressBar-OmaUri-Begin -->
@@ -1469,7 +1469,7 @@ This policy setting lets you decide whether search suggestions appear in the Add
 <!-- AllowSideloadingOfExtensions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowSideloadingOfExtensions-Applicability-End -->
 
 <!-- AllowSideloadingOfExtensions-OmaUri-Begin -->
@@ -1550,7 +1550,7 @@ Related policies:
 <!-- AllowSmartScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSmartScreen-Applicability-End -->
 
 <!-- AllowSmartScreen-OmaUri-Begin -->
@@ -1628,7 +1628,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 <!-- AllowTabPreloading-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowTabPreloading-Applicability-End -->
 
 <!-- AllowTabPreloading-OmaUri-Begin -->
@@ -1698,7 +1698,7 @@ If you prevent preloading, Microsoft Edge won't load the Start or New Tab page d
 <!-- AllowWebContentOnNewTabPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowWebContentOnNewTabPage-Applicability-End -->
 
 <!-- AllowWebContentOnNewTabPage-OmaUri-Begin -->
@@ -1771,7 +1771,7 @@ This policy setting lets you configure what appears when Microsoft Edge opens a
 <!-- AlwaysEnableBooksLibrary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AlwaysEnableBooksLibrary-Applicability-End -->
 
 <!-- AlwaysEnableBooksLibrary-OmaUri-Begin -->
@@ -1842,7 +1842,7 @@ This policy setting helps you to decide whether to make the Books tab visible, r
 <!-- ClearBrowsingDataOnExit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ClearBrowsingDataOnExit-Applicability-End -->
 
 <!-- ClearBrowsingDataOnExit-OmaUri-Begin -->
@@ -1920,7 +1920,7 @@ To verify whether browsing data is cleared on exit (ClearBrowsingDataOnExit is s
 <!-- ConfigureAdditionalSearchEngines-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ConfigureAdditionalSearchEngines-Applicability-End -->
 
 <!-- ConfigureAdditionalSearchEngines-OmaUri-Begin -->
@@ -1987,7 +1987,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
 <!-- ConfigureFavoritesBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureFavoritesBar-Applicability-End -->
 
 <!-- ConfigureFavoritesBar-OmaUri-Begin -->
@@ -2060,7 +2060,7 @@ If not configured, the favorites bar is hidden but is visible on the Start and N
 <!-- ConfigureHomeButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureHomeButton-Applicability-End -->
 
 <!-- ConfigureHomeButton-OmaUri-Begin -->
@@ -2152,7 +2152,7 @@ Related policies:
 <!-- ConfigureKioskMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureKioskMode-Applicability-End -->
 
 <!-- ConfigureKioskMode-OmaUri-Begin -->
@@ -2232,7 +2232,7 @@ If enabled and set to 1:
 <!-- ConfigureKioskResetAfterIdleTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureKioskResetAfterIdleTimeout-Applicability-End -->
 
 <!-- ConfigureKioskResetAfterIdleTimeout-OmaUri-Begin -->
@@ -2299,7 +2299,7 @@ If you don't configure Microsoft Edge in assigned access, then this policy doesn
 <!-- ConfigureOpenMicrosoftEdgeWith-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureOpenMicrosoftEdgeWith-Applicability-End -->
 
 <!-- ConfigureOpenMicrosoftEdgeWith-OmaUri-Begin -->
@@ -2393,7 +2393,7 @@ Related policies:
 <!-- ConfigureTelemetryForMicrosoft365Analytics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureTelemetryForMicrosoft365Analytics-Applicability-End -->
 
 <!-- ConfigureTelemetryForMicrosoft365Analytics-OmaUri-Begin -->
@@ -2465,7 +2465,7 @@ Default setting: Disabled or not configured (no data collected or sent)
 <!-- DisableLockdownOfStartPages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableLockdownOfStartPages-Applicability-End -->
 
 <!-- DisableLockdownOfStartPages-OmaUri-Begin -->
@@ -2545,7 +2545,7 @@ Related policy:
 <!-- EnableExtendedBooksTelemetry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableExtendedBooksTelemetry-Applicability-End -->
 
 <!-- EnableExtendedBooksTelemetry-OmaUri-Begin -->
@@ -2616,7 +2616,7 @@ This policy setting lets you decide how much data to send to Microsoft about the
 <!-- EnterpriseModeSiteList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- EnterpriseModeSiteList-Applicability-End -->
 
 <!-- EnterpriseModeSiteList-OmaUri-Begin -->
@@ -2677,7 +2677,7 @@ This policy setting lets you configure whether to use Enterprise Mode and the En
 <!-- EnterpriseSiteListServiceUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EnterpriseSiteListServiceUrl-Applicability-End -->
 
 <!-- EnterpriseSiteListServiceUrl-OmaUri-Begin -->
@@ -2720,7 +2720,7 @@ Important. Discontinued in Windows 10, version 1511. Use the Browser/EnterpriseM
 <!-- FirstRunURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- FirstRunURL-Applicability-End -->
 
 <!-- FirstRunURL-OmaUri-Begin -->
@@ -2764,7 +2764,7 @@ Configure first run URL.
 <!-- HomePages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HomePages-Applicability-End -->
 
 <!-- HomePages-OmaUri-Begin -->
@@ -2842,7 +2842,7 @@ Related policy:
 <!-- LockdownFavorites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LockdownFavorites-Applicability-End -->
 
 <!-- LockdownFavorites-OmaUri-Begin -->
@@ -2917,7 +2917,7 @@ Don't enable both this setting and the Keep favorites in sync between Internet E
 <!-- PreventAccessToAboutFlagsInMicrosoftEdge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PreventAccessToAboutFlagsInMicrosoftEdge-Applicability-End -->
 
 <!-- PreventAccessToAboutFlagsInMicrosoftEdge-OmaUri-Begin -->
@@ -2988,7 +2988,7 @@ This policy setting lets you decide whether employees can access the about:flags
 <!-- PreventCertErrorOverrides-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- PreventCertErrorOverrides-Applicability-End -->
 
 <!-- PreventCertErrorOverrides-OmaUri-Begin -->
@@ -3059,7 +3059,7 @@ If disabled or not configured, overriding certificate errors are allowed.
 <!-- PreventFirstRunPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventFirstRunPage-Applicability-End -->
 
 <!-- PreventFirstRunPage-OmaUri-Begin -->
@@ -3130,7 +3130,7 @@ This policy setting lets you decide whether employees see Microsoft's First Run
 <!-- PreventLiveTileDataCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventLiveTileDataCollection-Applicability-End -->
 
 <!-- PreventLiveTileDataCollection-OmaUri-Begin -->
@@ -3201,7 +3201,7 @@ This policy lets you decide whether Microsoft Edge can gather Live Tile metadata
 <!-- PreventSmartScreenPromptOverride-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- PreventSmartScreenPromptOverride-Applicability-End -->
 
 <!-- PreventSmartScreenPromptOverride-OmaUri-Begin -->
@@ -3272,7 +3272,7 @@ This policy setting lets you decide whether employees can override the Windows D
 <!-- PreventSmartScreenPromptOverrideForFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- PreventSmartScreenPromptOverrideForFiles-Applicability-End -->
 
 <!-- PreventSmartScreenPromptOverrideForFiles-OmaUri-Begin -->
@@ -3343,7 +3343,7 @@ This policy setting lets you decide whether employees can override the Windows D
 <!-- PreventTurningOffRequiredExtensions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- PreventTurningOffRequiredExtensions-Applicability-End -->
 
 <!-- PreventTurningOffRequiredExtensions-OmaUri-Begin -->
@@ -3413,7 +3413,7 @@ Related Documents:
 <!-- PreventUsingLocalHostIPAddressForWebRTC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- PreventUsingLocalHostIPAddressForWebRTC-Applicability-End -->
 
 <!-- PreventUsingLocalHostIPAddressForWebRTC-OmaUri-Begin -->
@@ -3484,7 +3484,7 @@ This policy setting lets you decide whether an employee's LocalHost IP address s
 <!-- ProvisionFavorites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ProvisionFavorites-Applicability-End -->
 
 <!-- ProvisionFavorites-OmaUri-Begin -->
@@ -3556,7 +3556,7 @@ To define a default list of favorites:
 <!-- SendIntranetTraffictoInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- SendIntranetTraffictoInternetExplorer-Applicability-End -->
 
 <!-- SendIntranetTraffictoInternetExplorer-OmaUri-Begin -->
@@ -3627,7 +3627,7 @@ This policy setting lets you decide whether your intranet sites should all open
 <!-- SetDefaultSearchEngine-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetDefaultSearchEngine-Applicability-End -->
 
 <!-- SetDefaultSearchEngine-OmaUri-Begin -->
@@ -3702,7 +3702,7 @@ Employees can change the default search engine at any time, unless you disable t
 <!-- SetHomeButtonURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- SetHomeButtonURL-Applicability-End -->
 
 <!-- SetHomeButtonURL-OmaUri-Begin -->
@@ -3765,7 +3765,7 @@ Related policy: Configure Home Button.
 <!-- SetNewTabPageURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- SetNewTabPageURL-Applicability-End -->
 
 <!-- SetNewTabPageURL-OmaUri-Begin -->
@@ -3830,7 +3830,7 @@ Related policy: Allow web content on New Tab page.
 <!-- ShowMessageWhenOpeningSitesInInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ShowMessageWhenOpeningSitesInInternetExplorer-Applicability-End -->
 
 <!-- ShowMessageWhenOpeningSitesInInternetExplorer-OmaUri-Begin -->
@@ -3909,7 +3909,7 @@ Related policies:
 <!-- SyncFavoritesBetweenIEAndMicrosoftEdge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SyncFavoritesBetweenIEAndMicrosoftEdge-Applicability-End -->
 
 <!-- SyncFavoritesBetweenIEAndMicrosoftEdge-OmaUri-Begin -->
@@ -3988,7 +3988,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 <!-- UnlockHomeButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- UnlockHomeButton-Applicability-End -->
 
 <!-- UnlockHomeButton-OmaUri-Begin -->
@@ -4066,7 +4066,7 @@ Related policy:
 <!-- UseSharedFolderForBooks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- UseSharedFolderForBooks-Applicability-End -->
 
 <!-- UseSharedFolderForBooks-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 8de9d8b270..3f89630a72 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -4,7 +4,7 @@ description: Learn more about the Camera Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowCamera-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowCamera-Applicability-End -->
 
 <!-- AllowCamera-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 02503b881b..1e98fdc8f5 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -4,7 +4,7 @@ description: Learn more about the Cellular Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- LetAppsAccessCellularData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LetAppsAccessCellularData-Applicability-End -->
 
 <!-- LetAppsAccessCellularData-OmaUri-Begin -->
@@ -115,7 +115,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCellularData_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LetAppsAccessCellularData_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCellularData_ForceAllowTheseApps-OmaUri-Begin -->
@@ -180,7 +180,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCellularData_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LetAppsAccessCellularData_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCellularData_ForceDenyTheseApps-OmaUri-Begin -->
@@ -245,7 +245,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCellularData_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LetAppsAccessCellularData_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCellularData_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -310,7 +310,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- ShowAppCellularAccessUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ShowAppCellularAccessUI-Applicability-End -->
 
 <!-- ShowAppCellularAccessUI-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-clouddesktop.md b/windows/client-management/mdm/policy-csp-clouddesktop.md
index 0eecfa5c99..6fbb9672f7 100644
--- a/windows/client-management/mdm/policy-csp-clouddesktop.md
+++ b/windows/client-management/mdm/policy-csp-clouddesktop.md
@@ -4,7 +4,7 @@ description: Learn more about the CloudDesktop Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- BootToCloudMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- BootToCloudMode-Applicability-End -->
 
 <!-- BootToCloudMode-OmaUri-Begin -->
@@ -71,6 +71,69 @@ This policy allows the user to configure the boot to cloud mode. Boot to Cloud m
 
 <!-- BootToCloudMode-End -->
 
+<!-- SetMaxConnectionTimeout-Begin -->
+## SetMaxConnectionTimeout
+
+<!-- SetMaxConnectionTimeout-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.22631.2050] |
+<!-- SetMaxConnectionTimeout-Applicability-End -->
+
+<!-- SetMaxConnectionTimeout-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/CloudDesktop/SetMaxConnectionTimeout
+```
+<!-- SetMaxConnectionTimeout-OmaUri-End -->
+
+<!-- SetMaxConnectionTimeout-Description-Begin -->
+<!-- Description-Source-DDF -->
+IT admins can use this policy to set the max connection timeout. The connection timeout decides the max wait time for connecting to Cloud PC after sign in. The default max value is 5 min. For best user experience, it's recommended to continue with the default timeout of 5 min. Update only if it takes more than 5 min to connect to the Cloud PC in your organization.
+<!-- SetMaxConnectionTimeout-Description-End -->
+
+<!-- SetMaxConnectionTimeout-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SetMaxConnectionTimeout-Editable-End -->
+
+<!-- SetMaxConnectionTimeout-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 5 |
+<!-- SetMaxConnectionTimeout-DFProperties-End -->
+
+<!-- SetMaxConnectionTimeout-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 5 (Default) | 5 min. |
+| 6 | 6 min. |
+| 7 | 7 min. |
+| 8 | 8 min. |
+| 9 | 9 min. |
+| 10 | 10 min. |
+| 11 | 11 min. |
+| 12 | 12 min. |
+| 13 | 13 min. |
+| 14 | 14 min. |
+| 15 | 15 min. |
+| 16 | 16 min. |
+| 17 | 17 min. |
+| 18 | 18 min. |
+| 19 | 19 min. |
+| 20 | 20 min. |
+<!-- SetMaxConnectionTimeout-AllowedValues-End -->
+
+<!-- SetMaxConnectionTimeout-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- SetMaxConnectionTimeout-Examples-End -->
+
+<!-- SetMaxConnectionTimeout-End -->
+
 <!-- CloudDesktop-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- CloudDesktop-CspMoreInfo-End -->
diff --git a/windows/client-management/mdm/policy-csp-cloudpc.md b/windows/client-management/mdm/policy-csp-cloudpc.md
deleted file mode 100644
index dd52780e9a..0000000000
--- a/windows/client-management/mdm/policy-csp-cloudpc.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: CloudPC Policy CSP
-description: Learn more about the CloudPC Area in Policy CSP
-author: vinaypamnani-msft
-manager: aaroncz
-ms.author: vinpa
-ms.date: 12/27/2022
-ms.localizationpriority: medium
-ms.prod: windows-client
-ms.technology: itpro-manage
-ms.topic: reference
----
-
-<!-- Auto-Generated CSP Document -->
-
-<!-- CloudPC-Begin -->
-# Policy CSP - CloudPC
-
-<!-- CloudPC-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- CloudPC-Editable-End -->
-
-<!-- CloudPCConfiguration-Begin -->
-## CloudPCConfiguration
-
-<!-- CloudPCConfiguration-Applicability-Begin -->
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-<!-- CloudPCConfiguration-Applicability-End -->
-
-<!-- CloudPCConfiguration-OmaUri-Begin -->
-```Device
-./Device/Vendor/MSFT/Policy/Config/CloudPC/CloudPCConfiguration
-```
-<!-- CloudPCConfiguration-OmaUri-End -->
-
-<!-- CloudPCConfiguration-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy is used by IT admin to set the configuration mode of cloud PC.
-<!-- CloudPCConfiguration-Description-End -->
-
-<!-- CloudPCConfiguration-Editable-Begin -->
-<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- CloudPCConfiguration-Editable-End -->
-
-<!-- CloudPCConfiguration-DFProperties-Begin -->
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value  | 0 |
-<!-- CloudPCConfiguration-DFProperties-End -->
-
-<!-- CloudPCConfiguration-AllowedValues-Begin -->
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Fast Switching Configuration. |
-| 1 | Boot to cloud PC Configuration. |
-<!-- CloudPCConfiguration-AllowedValues-End -->
-
-<!-- CloudPCConfiguration-Examples-Begin -->
-<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- CloudPCConfiguration-Examples-End -->
-
-<!-- CloudPCConfiguration-End -->
-
-<!-- CloudPC-CspMoreInfo-Begin -->
-<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
-<!-- CloudPC-CspMoreInfo-End -->
-
-<!-- CloudPC-End -->
-
-## Related articles
-
-[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 0ba1dc7cfe..7e0a5b1426 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -4,7 +4,7 @@ description: Learn more about the Connectivity Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowBluetooth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowBluetooth-Applicability-End -->
 
 <!-- AllowBluetooth-OmaUri-Begin -->
@@ -65,7 +65,6 @@ Allows the user to enable Bluetooth or restrict access.
 | Value | Description |
 |:--|:--|
 | 0 | Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn Bluetooth on. |
-| 1 | Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. |
 | 2 (Default) | Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. |
 <!-- AllowBluetooth-AllowedValues-End -->
 
@@ -81,7 +80,7 @@ Allows the user to enable Bluetooth or restrict access.
 <!-- AllowCellularData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowCellularData-Applicability-End -->
 
 <!-- AllowCellularData-OmaUri-Begin -->
@@ -131,7 +130,7 @@ Allows the cellular data channel on the device. Device reboot isn't required to
 <!-- AllowCellularDataRoaming-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowCellularDataRoaming-Applicability-End -->
 
 <!-- AllowCellularDataRoaming-OmaUri-Begin -->
@@ -206,7 +205,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i
 <!-- AllowConnectedDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowConnectedDevices-Applicability-End -->
 
 <!-- AllowConnectedDevices-OmaUri-Begin -->
@@ -260,7 +259,7 @@ To validate, the enterprise can confirm by observing the roaming enable switch i
 <!-- AllowNFC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowNFC-Applicability-End -->
 
 <!-- AllowNFC-OmaUri-Begin -->
@@ -309,7 +308,7 @@ This policy is deprecated.
 <!-- AllowPhonePCLinking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowPhonePCLinking-Applicability-End -->
 
 <!-- AllowPhonePCLinking-OmaUri-Begin -->
@@ -383,7 +382,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
 <!-- AllowUSBConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowUSBConnection-Applicability-End -->
 
 <!-- AllowUSBConnection-OmaUri-Begin -->
@@ -434,7 +433,7 @@ Device that has previously opt-in to MMX will also stop showing on the device li
 <!-- AllowVPNOverCellular-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowVPNOverCellular-Applicability-End -->
 
 <!-- AllowVPNOverCellular-OmaUri-Begin -->
@@ -483,7 +482,7 @@ Specifies what type of underlying connections VPN is allowed to use. Most restri
 <!-- AllowVPNRoamingOverCellular-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowVPNRoamingOverCellular-Applicability-End -->
 
 <!-- AllowVPNRoamingOverCellular-OmaUri-Begin -->
@@ -532,7 +531,7 @@ Prevents the device from connecting to VPN when the device roams over cellular n
 <!-- DiablePrintingOverHTTP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DiablePrintingOverHTTP-Applicability-End -->
 
 <!-- DiablePrintingOverHTTP-OmaUri-Begin -->
@@ -598,7 +597,7 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi
 <!-- DisableDownloadingOfPrintDriversOverHTTP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableDownloadingOfPrintDriversOverHTTP-Applicability-End -->
 
 <!-- DisableDownloadingOfPrintDriversOverHTTP-OmaUri-Begin -->
@@ -662,7 +661,7 @@ To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
 <!-- DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards-Applicability-End -->
 
 <!-- DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards-OmaUri-Begin -->
@@ -725,7 +724,7 @@ See the documentation for the web publishing and online ordering wizards for mor
 <!-- DisallowNetworkConnectivityActiveTests-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisallowNetworkConnectivityActiveTests-Applicability-End -->
 
 <!-- DisallowNetworkConnectivityActiveTests-OmaUri-Begin -->
@@ -794,7 +793,7 @@ As part of determining the connectivity level, NCSI performs one of two active t
 <!-- HardenedUNCPaths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HardenedUNCPaths-Applicability-End -->
 
 <!-- HardenedUNCPaths-OmaUri-Begin -->
@@ -851,7 +850,7 @@ For more information, see [MS15-011: Vulnerability in Group Policy could allow r
 <!-- ProhibitInstallationAndConfigurationOfNetworkBridge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ProhibitInstallationAndConfigurationOfNetworkBridge-Applicability-End -->
 
 <!-- ProhibitInstallationAndConfigurationOfNetworkBridge-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 6c618bf585..485f675610 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -4,7 +4,7 @@ description: Learn more about the ControlPolicyConflict Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- MDMWinsOverGP-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MDMWinsOverGP-Applicability-End -->
 
 <!-- MDMWinsOverGP-OmaUri-Begin -->
@@ -44,7 +44,7 @@ If set to 1 then any MDM policy that's set that has an equivalent GP policy will
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 
 > [!NOTE]
-> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md).
+> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). Nor does it apply to the [Update Policy CSP](policy-csp-update.md) for managing Windows updates. 
 
 This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 6d56c65fbe..bf6c62f53a 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -4,7 +4,7 @@ description: Learn more about the CredentialProviders Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowPINLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPINLogon-Applicability-End -->
 
 <!-- AllowPINLogon-OmaUri-Begin -->
@@ -92,7 +92,7 @@ To configure Windows Hello for Business, use the Administrative Template policie
 <!-- BlockPicturePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- BlockPicturePassword-Applicability-End -->
 
 <!-- BlockPicturePassword-OmaUri-Begin -->
@@ -153,7 +153,7 @@ Note that the user's domain password will be cached in the system vault when usi
 <!-- DisableAutomaticReDeploymentCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableAutomaticReDeploymentCredentials-Applicability-End -->
 
 <!-- DisableAutomaticReDeploymentCredentials-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index 878f0f2aef..943113ee1d 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -4,7 +4,7 @@ description: Learn more about the CredentialsDelegation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- RemoteHostAllowsDelegationOfNonExportableCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- RemoteHostAllowsDelegationOfNonExportableCredentials-Applicability-End -->
 
 <!-- RemoteHostAllowsDelegationOfNonExportableCredentials-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 5cc00c3b0a..2fb7881948 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -4,7 +4,7 @@ description: Learn more about the CredentialsUI Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DisablePasswordReveal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisablePasswordReveal-Applicability-End -->
 
 <!-- DisablePasswordReveal-OmaUri-Begin -->
@@ -95,7 +95,7 @@ The policy applies to all Windows components and applications that use the Windo
 <!-- EnumerateAdministrators-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EnumerateAdministrators-Applicability-End -->
 
 <!-- EnumerateAdministrators-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 841ae0f1bd..a5874803b9 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -4,7 +4,7 @@ description: Learn more about the Cryptography Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,8 @@ ms.topic: reference
 <!-- Cryptography-Begin -->
 # Policy CSP - Cryptography
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- Cryptography-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Cryptography-Editable-End -->
@@ -26,7 +28,7 @@ ms.topic: reference
 <!-- AllowFipsAlgorithmPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowFipsAlgorithmPolicy-Applicability-End -->
 
 <!-- AllowFipsAlgorithmPolicy-OmaUri-Begin -->
@@ -78,13 +80,286 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy.
 
 <!-- AllowFipsAlgorithmPolicy-End -->
 
+<!-- ConfigureEllipticCurveCryptography-Begin -->
+## ConfigureEllipticCurveCryptography
+
+<!-- ConfigureEllipticCurveCryptography-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- ConfigureEllipticCurveCryptography-Applicability-End -->
+
+<!-- ConfigureEllipticCurveCryptography-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Cryptography/ConfigureEllipticCurveCryptography
+```
+<!-- ConfigureEllipticCurveCryptography-OmaUri-End -->
+
+<!-- ConfigureEllipticCurveCryptography-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
+
+- If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line)
+
+- If you disable or don't configure this policy setting, the default ECC curve order is used.
+
+Default Curve Order
+ 
+curve25519
+NistP256
+NistP384
+
+To See all the curves supported on the system, Use the following command:
+
+CertUtil.exe -DisplayEccCurve.
+<!-- ConfigureEllipticCurveCryptography-Description-End -->
+
+<!-- ConfigureEllipticCurveCryptography-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureEllipticCurveCryptography-Editable-End -->
+
+<!-- ConfigureEllipticCurveCryptography-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+<!-- ConfigureEllipticCurveCryptography-DFProperties-End -->
+
+<!-- ConfigureEllipticCurveCryptography-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SSLCurveOrder |
+| Friendly Name | ECC Curve Order |
+| Location | Computer Configuration |
+| Path | Network > SSL Configuration Settings |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 |
+| ADMX File Name | CipherSuiteOrder.admx |
+<!-- ConfigureEllipticCurveCryptography-GpMapping-End -->
+
+<!-- ConfigureEllipticCurveCryptography-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureEllipticCurveCryptography-Examples-End -->
+
+<!-- ConfigureEllipticCurveCryptography-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Begin -->
+## ConfigureSystemCryptographyForceStrongKeyProtection
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Applicability-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Cryptography/ConfigureSystemCryptographyForceStrongKeyProtection
+```
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-OmaUri-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Description-Begin -->
+<!-- Description-Source-DDF -->
+System cryptography: Force strong key protection for user keys stored on the computer. Last write wins.
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Description-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Editable-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 2 |
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-DFProperties-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-AllowedValues-Begin -->
+**Allowed values**:
+
+| Flag | Description |
+|:--|:--|
+| 8 | An app container has accessed a medium key that isn't strongly protected. For example, a key that's for user consent only, or is password or fingerprint protected. |
+| 2 (Default) | Force high protection. |
+| 1 | Display the strong key user interface as needed. |
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-AllowedValues-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-Examples-End -->
+
+<!-- ConfigureSystemCryptographyForceStrongKeyProtection-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-Begin -->
+## OverrideMinimumEnabledDTLSVersionClient
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- OverrideMinimumEnabledDTLSVersionClient-Applicability-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledDTLSVersionClient
+```
+<!-- OverrideMinimumEnabledDTLSVersionClient-OmaUri-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-Description-Begin -->
+<!-- Description-Source-DDF -->
+Override minimal enabled TLS version for client role. Last write wins.
+<!-- OverrideMinimumEnabledDTLSVersionClient-Description-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledDTLSVersionClient-Editable-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- OverrideMinimumEnabledDTLSVersionClient-DFProperties-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledDTLSVersionClient-Examples-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionClient-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-Begin -->
+## OverrideMinimumEnabledDTLSVersionServer
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- OverrideMinimumEnabledDTLSVersionServer-Applicability-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledDTLSVersionServer
+```
+<!-- OverrideMinimumEnabledDTLSVersionServer-OmaUri-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-Description-Begin -->
+<!-- Description-Source-DDF -->
+Override minimal enabled TLS version for server role. Last write wins.
+<!-- OverrideMinimumEnabledDTLSVersionServer-Description-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledDTLSVersionServer-Editable-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- OverrideMinimumEnabledDTLSVersionServer-DFProperties-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledDTLSVersionServer-Examples-End -->
+
+<!-- OverrideMinimumEnabledDTLSVersionServer-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-Begin -->
+## OverrideMinimumEnabledTLSVersionClient
+
+<!-- OverrideMinimumEnabledTLSVersionClient-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- OverrideMinimumEnabledTLSVersionClient-Applicability-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledTLSVersionClient
+```
+<!-- OverrideMinimumEnabledTLSVersionClient-OmaUri-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-Description-Begin -->
+<!-- Description-Source-DDF -->
+Override minimal enabled TLS version for client role. Last write wins.
+<!-- OverrideMinimumEnabledTLSVersionClient-Description-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledTLSVersionClient-Editable-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- OverrideMinimumEnabledTLSVersionClient-DFProperties-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledTLSVersionClient-Examples-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionClient-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-Begin -->
+## OverrideMinimumEnabledTLSVersionServer
+
+<!-- OverrideMinimumEnabledTLSVersionServer-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- OverrideMinimumEnabledTLSVersionServer-Applicability-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Cryptography/OverrideMinimumEnabledTLSVersionServer
+```
+<!-- OverrideMinimumEnabledTLSVersionServer-OmaUri-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-Description-Begin -->
+<!-- Description-Source-DDF -->
+Override minimal enabled TLS version for server role. Last write wins.
+<!-- OverrideMinimumEnabledTLSVersionServer-Description-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledTLSVersionServer-Editable-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- OverrideMinimumEnabledTLSVersionServer-DFProperties-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- OverrideMinimumEnabledTLSVersionServer-Examples-End -->
+
+<!-- OverrideMinimumEnabledTLSVersionServer-End -->
+
 <!-- TLSCipherSuites-Begin -->
 ## TLSCipherSuites
 
 <!-- TLSCipherSuites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- TLSCipherSuites-Applicability-End -->
 
 <!-- TLSCipherSuites-OmaUri-Begin -->
@@ -94,8 +369,14 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy.
 <!-- TLSCipherSuites-OmaUri-End -->
 
 <!-- TLSCipherSuites-Description-Begin -->
-<!-- Description-Source-DDF -->
-Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
+<!-- Description-Source-ADMX -->
+This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
+
+- If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
+
+- If you disable or don't configure this policy setting, default cipher suite order is used.
+
+Link for all the cipherSuites: <https://go.microsoft.com/fwlink/?LinkId=517265>
 <!-- TLSCipherSuites-Description-End -->
 
 <!-- TLSCipherSuites-Editable-Begin -->
@@ -112,6 +393,19 @@ Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is
 | Allowed Values | List (Delimiter: `;`) |
 <!-- TLSCipherSuites-DFProperties-End -->
 
+<!-- TLSCipherSuites-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SSLCipherSuiteOrder |
+| Friendly Name | SSL Cipher Suite Order |
+| Location | Computer Configuration |
+| Path | Network > SSL Configuration Settings |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 |
+| ADMX File Name | CipherSuiteOrder.admx |
+<!-- TLSCipherSuites-GpMapping-End -->
+
 <!-- TLSCipherSuites-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- TLSCipherSuites-Examples-End -->
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index eacbfd0997..591e62bd55 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -4,7 +4,7 @@ description: Learn more about the DataProtection Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowDirectMemoryAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDirectMemoryAccess-Applicability-End -->
 
 <!-- AllowDirectMemoryAccess-OmaUri-Begin -->
@@ -75,7 +75,7 @@ This policy setting allows you to block direct memory access (DMA) for all hot p
 <!-- LegacySelectiveWipeID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LegacySelectiveWipeID-Applicability-End -->
 
 <!-- LegacySelectiveWipeID-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 141857534d..3bb392662b 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -4,7 +4,7 @@ description: Learn more about the DataUsage Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SetCost3G-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetCost3G-Applicability-End -->
 
 <!-- SetCost3G-OmaUri-Begin -->
@@ -94,7 +94,7 @@ This policy setting configures the cost of 3G connections on the local machine.
 <!-- SetCost4G-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetCost4G-Applicability-End -->
 
 <!-- SetCost4G-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 43cdc9a4ee..7216ad6c03 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowArchiveScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowArchiveScanning-Applicability-End -->
 
 <!-- AllowArchiveScanning-OmaUri-Begin -->
@@ -95,7 +95,7 @@ This policy setting allows you to configure scans for malicious software and unw
 <!-- AllowBehaviorMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowBehaviorMonitoring-Applicability-End -->
 
 <!-- AllowBehaviorMonitoring-OmaUri-Begin -->
@@ -164,7 +164,7 @@ This policy setting allows you to configure behavior monitoring.
 <!-- AllowCloudProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowCloudProtection-Applicability-End -->
 
 <!-- AllowCloudProtection-OmaUri-Begin -->
@@ -246,7 +246,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 <!-- AllowEmailScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowEmailScanning-Applicability-End -->
 
 <!-- AllowEmailScanning-OmaUri-Begin -->
@@ -313,7 +313,7 @@ This policy setting allows you to configure e-mail scanning. When e-mail scannin
 <!-- AllowFullScanOnMappedNetworkDrives-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowFullScanOnMappedNetworkDrives-Applicability-End -->
 
 <!-- AllowFullScanOnMappedNetworkDrives-OmaUri-Begin -->
@@ -380,7 +380,7 @@ This policy setting allows you to configure scanning mapped network drives.
 <!-- AllowFullScanRemovableDriveScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowFullScanRemovableDriveScanning-Applicability-End -->
 
 <!-- AllowFullScanRemovableDriveScanning-OmaUri-Begin -->
@@ -444,10 +444,13 @@ This policy setting allows you to manage whether or not to scan for malicious so
 <!-- AllowIntrusionPreventionSystem-Begin -->
 ## AllowIntrusionPreventionSystem
 
+> [!NOTE]
+> This policy is deprecated and may be removed in a future release.
+
 <!-- AllowIntrusionPreventionSystem-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowIntrusionPreventionSystem-Applicability-End -->
 
 <!-- AllowIntrusionPreventionSystem-OmaUri-Begin -->
@@ -498,7 +501,7 @@ Allows or disallows Windows Defender Intrusion Prevention functionality.
 <!-- AllowIOAVProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowIOAVProtection-Applicability-End -->
 
 <!-- AllowIOAVProtection-OmaUri-Begin -->
@@ -567,7 +570,7 @@ This policy setting allows you to configure scanning for all downloaded files an
 <!-- AllowOnAccessProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowOnAccessProtection-Applicability-End -->
 
 <!-- AllowOnAccessProtection-OmaUri-Begin -->
@@ -636,7 +639,7 @@ This policy setting allows you to configure monitoring for file and program acti
 <!-- AllowRealtimeMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowRealtimeMonitoring-Applicability-End -->
 
 <!-- AllowRealtimeMonitoring-OmaUri-Begin -->
@@ -701,7 +704,7 @@ Allows or disallows Windows Defender Realtime Monitoring functionality.
 <!-- AllowScanningNetworkFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowScanningNetworkFiles-Applicability-End -->
 
 <!-- AllowScanningNetworkFiles-OmaUri-Begin -->
@@ -767,7 +770,7 @@ This policy setting allows you to configure real-time scanning for files that ar
 <!-- AllowScriptScanning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowScriptScanning-Applicability-End -->
 
 <!-- AllowScriptScanning-OmaUri-Begin -->
@@ -818,7 +821,7 @@ Allows or disallows Windows Defender Script Scanning functionality.
 <!-- AllowUserUIAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowUserUIAccess-Applicability-End -->
 
 <!-- AllowUserUIAccess-OmaUri-Begin -->
@@ -883,7 +886,7 @@ If you enable this setting AM UI won't be available to users.
 <!-- AttackSurfaceReductionOnlyExclusions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AttackSurfaceReductionOnlyExclusions-Applicability-End -->
 
 <!-- AttackSurfaceReductionOnlyExclusions-OmaUri-Begin -->
@@ -956,7 +959,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s
 <!-- AttackSurfaceReductionRules-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AttackSurfaceReductionRules-Applicability-End -->
 
 <!-- AttackSurfaceReductionRules-OmaUri-Begin -->
@@ -1055,7 +1058,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur
 <!-- AvgCPULoadFactor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AvgCPULoadFactor-Applicability-End -->
 
 <!-- AvgCPULoadFactor-OmaUri-Begin -->
@@ -1114,7 +1117,7 @@ This policy setting allows you to configure the maximum percentage CPU utilizati
 <!-- CheckForSignaturesBeforeRunningScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- CheckForSignaturesBeforeRunningScan-Applicability-End -->
 
 <!-- CheckForSignaturesBeforeRunningScan-OmaUri-Begin -->
@@ -1182,7 +1185,7 @@ This setting applies to scheduled scans, but it has no effect on scans initiated
 <!-- CloudBlockLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- CloudBlockLevel-Applicability-End -->
 
 <!-- CloudBlockLevel-OmaUri-Begin -->
@@ -1260,7 +1263,7 @@ Possible options are:
 <!-- CloudExtendedTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- CloudExtendedTimeout-Applicability-End -->
 
 <!-- CloudExtendedTimeout-OmaUri-Begin -->
@@ -1322,7 +1325,7 @@ For example, if the desired timeout is 60 seconds, specify 50 seconds in this se
 <!-- ControlledFolderAccessAllowedApplications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ControlledFolderAccessAllowedApplications-Applicability-End -->
 
 <!-- ControlledFolderAccessAllowedApplications-OmaUri-Begin -->
@@ -1396,7 +1399,7 @@ Default system folders are automatically guarded, but you can add folders in the
 <!-- ControlledFolderAccessProtectedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ControlledFolderAccessProtectedFolders-Applicability-End -->
 
 <!-- ControlledFolderAccessProtectedFolders-OmaUri-Begin -->
@@ -1472,7 +1475,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
 <!-- DaysToRetainCleanedMalware-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DaysToRetainCleanedMalware-Applicability-End -->
 
 <!-- DaysToRetainCleanedMalware-OmaUri-Begin -->
@@ -1531,7 +1534,7 @@ This policy setting defines the number of days items should be kept in the Quara
 <!-- DisableCatchupFullScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisableCatchupFullScan-Applicability-End -->
 
 <!-- DisableCatchupFullScan-OmaUri-Begin -->
@@ -1597,7 +1600,7 @@ This policy setting allows you to configure catch-up scans for scheduled full sc
 <!-- DisableCatchupQuickScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisableCatchupQuickScan-Applicability-End -->
 
 <!-- DisableCatchupQuickScan-OmaUri-Begin -->
@@ -1663,7 +1666,7 @@ This policy setting allows you to configure catch-up scans for scheduled quick s
 <!-- EnableControlledFolderAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- EnableControlledFolderAccess-Applicability-End -->
 
 <!-- EnableControlledFolderAccess-OmaUri-Begin -->
@@ -1764,6 +1767,8 @@ Same as Disabled.
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 | 2 | Audit Mode. |
+| 3 | Block disk modification only. |
+| 4 | Audit disk modification only. |
 <!-- EnableControlledFolderAccess-AllowedValues-End -->
 
 <!-- EnableControlledFolderAccess-GpMapping-Begin -->
@@ -1792,7 +1797,7 @@ Same as Disabled.
 <!-- EnableLowCPUPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- EnableLowCPUPriority-Applicability-End -->
 
 <!-- EnableLowCPUPriority-OmaUri-Begin -->
@@ -1858,7 +1863,7 @@ This policy setting allows you to enable or disable low CPU priority for schedul
 <!-- EnableNetworkProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- EnableNetworkProtection-Applicability-End -->
 
 <!-- EnableNetworkProtection-OmaUri-Begin -->
@@ -1936,7 +1941,7 @@ Same as Disabled.
 <!-- ExcludedExtensions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ExcludedExtensions-Applicability-End -->
 
 <!-- ExcludedExtensions-OmaUri-Begin -->
@@ -1992,7 +1997,7 @@ Allows an administrator to specify a list of file type extensions to ignore duri
 <!-- ExcludedPaths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ExcludedPaths-Applicability-End -->
 
 <!-- ExcludedPaths-OmaUri-Begin -->
@@ -2048,7 +2053,7 @@ Allows an administrator to specify a list of directory paths to ignore during a
 <!-- ExcludedProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ExcludedProcesses-Applicability-End -->
 
 <!-- ExcludedProcesses-OmaUri-Begin -->
@@ -2107,7 +2112,7 @@ Allows an administrator to specify a list of files opened by processes to ignore
 <!-- PUAProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PUAProtection-Applicability-End -->
 
 <!-- PUAProtection-OmaUri-Begin -->
@@ -2186,7 +2191,7 @@ Same as Disabled.
 <!-- RealTimeScanDirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- RealTimeScanDirection-Applicability-End -->
 
 <!-- RealTimeScanDirection-OmaUri-Begin -->
@@ -2264,7 +2269,7 @@ Any other value, or if the value doesn't exist, resolves to the default (0).
 <!-- ScanParameter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ScanParameter-Applicability-End -->
 
 <!-- ScanParameter-OmaUri-Begin -->
@@ -2334,7 +2339,7 @@ This policy setting allows you to specify the scan type to use during a schedule
 <!-- ScheduleQuickScanTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ScheduleQuickScanTime-Applicability-End -->
 
 <!-- ScheduleQuickScanTime-OmaUri-Begin -->
@@ -2393,7 +2398,7 @@ This policy setting allows you to specify the time of day at which to perform a
 <!-- ScheduleScanDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ScheduleScanDay-Applicability-End -->
 
 <!-- ScheduleScanDay-OmaUri-Begin -->
@@ -2471,7 +2476,7 @@ This setting can be configured with the following ordinal number values:
 <!-- ScheduleScanTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ScheduleScanTime-Applicability-End -->
 
 <!-- ScheduleScanTime-OmaUri-Begin -->
@@ -2530,7 +2535,7 @@ This policy setting allows you to specify the time of day at which to perform a
 <!-- SecurityIntelligenceLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SecurityIntelligenceLocation-Applicability-End -->
 
 <!-- SecurityIntelligenceLocation-OmaUri-Begin -->
@@ -2585,7 +2590,7 @@ If you disable or don't configure this setting, security intelligence will be re
 <!-- SignatureUpdateFallbackOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- SignatureUpdateFallbackOrder-Applicability-End -->
 
 <!-- SignatureUpdateFallbackOrder-OmaUri-Begin -->
@@ -2645,7 +2650,7 @@ For Example: `{ InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC }`
 <!-- SignatureUpdateFileSharesSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- SignatureUpdateFileSharesSources-Applicability-End -->
 
 <!-- SignatureUpdateFileSharesSources-OmaUri-Begin -->
@@ -2703,7 +2708,7 @@ This policy setting allows you to configure UNC file share sources for downloadi
 <!-- SignatureUpdateInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- SignatureUpdateInterval-Applicability-End -->
 
 <!-- SignatureUpdateInterval-OmaUri-Begin -->
@@ -2762,7 +2767,7 @@ This policy setting allows you to specify an interval at which to check for secu
 <!-- SubmitSamplesConsent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- SubmitSamplesConsent-Applicability-End -->
 
 <!-- SubmitSamplesConsent-OmaUri-Begin -->
@@ -2831,7 +2836,7 @@ Possible options are:
 <!-- ThreatSeverityDefaultAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ThreatSeverityDefaultAction-Applicability-End -->
 
 <!-- ThreatSeverityDefaultAction-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index d38b2f6b8f..2c24bd31ed 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -4,7 +4,7 @@ description: Learn more about the DeliveryOptimization Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- DOAbsoluteMaxCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DOAbsoluteMaxCacheSize-Applicability-End -->
 
 <!-- DOAbsoluteMaxCacheSize-OmaUri-Begin -->
@@ -87,7 +87,7 @@ The value 0 (zero) means "unlimited" cache; Delivery Optimization will clear the
 <!-- DOAllowVPNPeerCaching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DOAllowVPNPeerCaching-Applicability-End -->
 
 <!-- DOAllowVPNPeerCaching-OmaUri-Begin -->
@@ -150,7 +150,7 @@ Specifies whether the device is allowed to participate in Peer Caching while con
 <!-- DOCacheHost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DOCacheHost-Applicability-End -->
 
 <!-- DOCacheHost-OmaUri-Begin -->
@@ -208,7 +208,7 @@ One or more values can be added as either fully qualified domain names (FQDN) or
 <!-- DOCacheHostSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DOCacheHostSource-Applicability-End -->
 
 <!-- DOCacheHostSource-OmaUri-Begin -->
@@ -275,7 +275,7 @@ If this policy isn't configured, the client will attempt to automatically find a
 <!-- DODelayBackgroundDownloadFromHttp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DODelayBackgroundDownloadFromHttp-Applicability-End -->
 
 <!-- DODelayBackgroundDownloadFromHttp-OmaUri-Begin -->
@@ -336,7 +336,7 @@ The recommended value is 1 hour (3600).
 <!-- DODelayCacheServerFallbackBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DODelayCacheServerFallbackBackground-Applicability-End -->
 
 <!-- DODelayCacheServerFallbackBackground-OmaUri-Begin -->
@@ -391,7 +391,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT
 <!-- DODelayCacheServerFallbackForeground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DODelayCacheServerFallbackForeground-Applicability-End -->
 
 <!-- DODelayCacheServerFallbackForeground-OmaUri-Begin -->
@@ -446,7 +446,7 @@ Specifies the time in seconds to delay the fallback from Cache Server to the HTT
 <!-- DODelayForegroundDownloadFromHttp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DODelayForegroundDownloadFromHttp-Applicability-End -->
 
 <!-- DODelayForegroundDownloadFromHttp-OmaUri-Begin -->
@@ -507,7 +507,7 @@ The recommended value is 1 minute (60).
 <!-- DODisallowCacheServerDownloadsOnVPN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DODisallowCacheServerDownloadsOnVPN-Applicability-End -->
 
 <!-- DODisallowCacheServerDownloadsOnVPN-OmaUri-Begin -->
@@ -566,7 +566,7 @@ Disallow downloads from Microsoft Connected Cache servers when the device connec
 <!-- DODownloadMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DODownloadMode-Applicability-End -->
 
 <!-- DODownloadMode-OmaUri-Begin -->
@@ -635,7 +635,7 @@ Specifies the download method that Delivery Optimization can use in downloads of
 <!-- DOGroupId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DOGroupId-Applicability-End -->
 
 <!-- DOGroupId-OmaUri-Begin -->
@@ -692,7 +692,7 @@ Note this is a best effort optimization and shouldn't be relied on for an authen
 <!-- DOGroupIdSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DOGroupIdSource-Applicability-End -->
 
 <!-- DOGroupIdSource-OmaUri-Begin -->
@@ -761,7 +761,7 @@ Set this policy to restrict peer selection to a specific source. Available optio
 <!-- DOMaxBackgroundDownloadBandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DOMaxBackgroundDownloadBandwidth-Applicability-End -->
 
 <!-- DOMaxBackgroundDownloadBandwidth-OmaUri-Begin -->
@@ -818,7 +818,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
 <!-- DOMaxCacheAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DOMaxCacheAge-Applicability-End -->
 
 <!-- DOMaxCacheAge-OmaUri-Begin -->
@@ -873,7 +873,7 @@ Specifies the maximum time in seconds that each file is held in the Delivery Opt
 <!-- DOMaxCacheSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DOMaxCacheSize-Applicability-End -->
 
 <!-- DOMaxCacheSize-OmaUri-Begin -->
@@ -928,7 +928,7 @@ Specifies the maximum cache size that Delivery Optimization can utilize, as a pe
 <!-- DOMaxForegroundDownloadBandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- DOMaxForegroundDownloadBandwidth-Applicability-End -->
 
 <!-- DOMaxForegroundDownloadBandwidth-OmaUri-Begin -->
@@ -985,7 +985,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
 <!-- DOMinBackgroundQos-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DOMinBackgroundQos-Applicability-End -->
 
 <!-- DOMinBackgroundQos-OmaUri-Begin -->
@@ -1040,7 +1040,7 @@ Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/se
 <!-- DOMinBatteryPercentageAllowedToUpload-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DOMinBatteryPercentageAllowedToUpload-Applicability-End -->
 
 <!-- DOMinBatteryPercentageAllowedToUpload-OmaUri-Begin -->
@@ -1099,7 +1099,7 @@ The value 0 means "not-limited"; The cloud service set default value will be use
 <!-- DOMinDiskSizeAllowedToPeer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DOMinDiskSizeAllowedToPeer-Applicability-End -->
 
 <!-- DOMinDiskSizeAllowedToPeer-OmaUri-Begin -->
@@ -1159,7 +1159,7 @@ Recommended values: 64 GB to 256 GB.
 <!-- DOMinFileSizeToCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DOMinFileSizeToCache-Applicability-End -->
 
 <!-- DOMinFileSizeToCache-OmaUri-Begin -->
@@ -1214,7 +1214,7 @@ Specifies the minimum content file size in MB enabled to use Peer Caching. Recom
 <!-- DOMinRAMAllowedToPeer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DOMinRAMAllowedToPeer-Applicability-End -->
 
 <!-- DOMinRAMAllowedToPeer-OmaUri-Begin -->
@@ -1269,7 +1269,7 @@ Specifies the minimum RAM size in GB required to use Peer Caching. For example,
 <!-- DOModifyCacheDrive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DOModifyCacheDrive-Applicability-End -->
 
 <!-- DOModifyCacheDrive-OmaUri-Begin -->
@@ -1324,7 +1324,7 @@ By default, %SystemDrive% is used to store the cache. The drive location can be
 <!-- DOMonthlyUploadDataCap-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DOMonthlyUploadDataCap-Applicability-End -->
 
 <!-- DOMonthlyUploadDataCap-OmaUri-Begin -->
@@ -1379,7 +1379,7 @@ Specifies the maximum total bytes in GB that Delivery Optimization is allowed to
 <!-- DOPercentageMaxBackgroundBandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DOPercentageMaxBackgroundBandwidth-Applicability-End -->
 
 <!-- DOPercentageMaxBackgroundBandwidth-OmaUri-Begin -->
@@ -1438,7 +1438,7 @@ Downloads from LAN peers won't be throttled even when this policy is set.
 <!-- DOPercentageMaxForegroundBandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DOPercentageMaxForegroundBandwidth-Applicability-End -->
 
 <!-- DOPercentageMaxForegroundBandwidth-OmaUri-Begin -->
@@ -1495,7 +1495,7 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
 <!-- DORestrictPeerSelectionBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DORestrictPeerSelectionBy-Applicability-End -->
 
 <!-- DORestrictPeerSelectionBy-OmaUri-Begin -->
@@ -1574,7 +1574,7 @@ In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer
 <!-- DOSetHoursToLimitBackgroundDownloadBandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DOSetHoursToLimitBackgroundDownloadBandwidth-Applicability-End -->
 
 <!-- DOSetHoursToLimitBackgroundDownloadBandwidth-OmaUri-Begin -->
@@ -1628,7 +1628,7 @@ Specifies the maximum background download bandwidth that Delivery Optimization u
 <!-- DOSetHoursToLimitForegroundDownloadBandwidth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DOSetHoursToLimitForegroundDownloadBandwidth-Applicability-End -->
 
 <!-- DOSetHoursToLimitForegroundDownloadBandwidth-OmaUri-Begin -->
@@ -1687,7 +1687,7 @@ This policy allows an IT Admin to define the following details:
 <!-- DOVpnKeywords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DOVpnKeywords-Applicability-End -->
 
 <!-- DOVpnKeywords-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 82a49e6530..8c7fe07a3d 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -4,7 +4,7 @@ description: Learn more about the Desktop Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- PreventUserRedirectionOfProfileFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventUserRedirectionOfProfileFolders-Applicability-End -->
 
 <!-- PreventUserRedirectionOfProfileFolders-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-desktopappinstaller.md b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
index 8167513c1a..0e8a4f4777 100644
--- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md
+++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
@@ -4,7 +4,7 @@ description: Learn more about the DesktopAppInstaller Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- EnableAdditionalSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableAdditionalSources-Applicability-End -->
 
 <!-- EnableAdditionalSources-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy controls additional sources provided by the enterprise IT administra
 <!-- EnableAllowedSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableAllowedSources-Applicability-End -->
 
 <!-- EnableAllowedSources-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This policy controls additional sources allowed by the enterprise IT administrat
 <!-- EnableAppInstaller-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableAppInstaller-Applicability-End -->
 
 <!-- EnableAppInstaller-OmaUri-Begin -->
@@ -210,7 +210,7 @@ Users will still be able to execute the *winget* command. The default help will
 <!-- EnableBypassCertificatePinningForMicrosoftStore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableBypassCertificatePinningForMicrosoftStore-Applicability-End -->
 
 <!-- EnableBypassCertificatePinningForMicrosoftStore-OmaUri-Begin -->
@@ -260,7 +260,7 @@ Users will still be able to execute the *winget* command. The default help will
 <!-- EnableDefaultSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableDefaultSource-Applicability-End -->
 
 <!-- EnableDefaultSource-OmaUri-Begin -->
@@ -321,7 +321,7 @@ This policy controls the default source included with the [Windows Package Manag
 <!-- EnableExperimentalFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableExperimentalFeatures-Applicability-End -->
 
 <!-- EnableExperimentalFeatures-OmaUri-Begin -->
@@ -381,7 +381,7 @@ Experimental features are used during Windows Package Manager development cycle
 <!-- EnableHashOverride-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableHashOverride-Applicability-End -->
 
 <!-- EnableHashOverride-OmaUri-Begin -->
@@ -440,7 +440,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
 <!-- EnableLocalArchiveMalwareScanOverride-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableLocalArchiveMalwareScanOverride-Applicability-End -->
 
 <!-- EnableLocalArchiveMalwareScanOverride-OmaUri-Begin -->
@@ -490,7 +490,7 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
 <!-- EnableLocalManifestFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableLocalManifestFiles-Applicability-End -->
 
 <!-- EnableLocalManifestFiles-OmaUri-Begin -->
@@ -549,7 +549,7 @@ This policy controls whether users can install packages with local manifest file
 <!-- EnableMicrosoftStoreSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableMicrosoftStoreSource-Applicability-End -->
 
 <!-- EnableMicrosoftStoreSource-OmaUri-Begin -->
@@ -610,7 +610,7 @@ This policy controls the Microsoft Store source included with the [Windows Packa
 <!-- EnableMSAppInstallerProtocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableMSAppInstallerProtocol-Applicability-End -->
 
 <!-- EnableMSAppInstallerProtocol-OmaUri-Begin -->
@@ -669,7 +669,7 @@ This policy controls whether users can install packages from a website that's us
 <!-- EnableSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableSettings-Applicability-End -->
 
 <!-- EnableSettings-OmaUri-Begin -->
@@ -729,7 +729,7 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- SourceAutoUpdateInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- SourceAutoUpdateInterval-Applicability-End -->
 
 <!-- SourceAutoUpdateInterval-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 5f50a586ab..fe3ed53290 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceGuard Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- ConfigureSystemGuardLaunch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureSystemGuardLaunch-Applicability-End -->
 
 <!-- ConfigureSystemGuardLaunch-OmaUri-Begin -->
@@ -42,7 +42,7 @@ Secure Launch configuration: 0 - Unmanaged, configurable by Administrative user,
 
 <!-- ConfigureSystemGuardLaunch-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://www.microsoft.com/security/blog/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation) and [How a hardware-based root of trust helps protect Windows 10](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows).
+For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://www.microsoft.com/security/blog/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation) and [How a hardware-based root of trust helps protect Windows 10](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows).
 <!-- ConfigureSystemGuardLaunch-Editable-End -->
 
 <!-- ConfigureSystemGuardLaunch-DFProperties-Begin -->
@@ -91,7 +91,7 @@ For more information about System Guard, see [Introducing Windows Defender Syste
 <!-- EnableVirtualizationBasedSecurity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- EnableVirtualizationBasedSecurity-Applicability-End -->
 
 <!-- EnableVirtualizationBasedSecurity-OmaUri-Begin -->
@@ -154,7 +154,7 @@ Turns On Virtualization Based Security(VBS)
 <!-- LsaCfgFlags-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LsaCfgFlags-Applicability-End -->
 
 <!-- LsaCfgFlags-OmaUri-Begin -->
@@ -218,7 +218,7 @@ Credential Guard Configuration: 0 - Turns off CredentialGuard remotely if config
 <!-- RequirePlatformSecurityFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RequirePlatformSecurityFeatures-Applicability-End -->
 
 <!-- RequirePlatformSecurityFeatures-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index d895e28ed0..0f7c4c5589 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceHealthMonitoring Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowDeviceHealthMonitoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowDeviceHealthMonitoring-Applicability-End -->
 
 <!-- AllowDeviceHealthMonitoring-OmaUri-Begin -->
@@ -76,7 +76,7 @@ DeviceHealthMonitoring is an opt-in health monitoring connection between the dev
 <!-- ConfigDeviceHealthMonitoringScope-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigDeviceHealthMonitoringScope-Applicability-End -->
 
 <!-- ConfigDeviceHealthMonitoringScope-OmaUri-Begin -->
@@ -117,7 +117,7 @@ This policy is applicable only if the [AllowDeviceHealthMonitoring](#allowdevice
 <!-- ConfigDeviceHealthMonitoringServiceInstance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigDeviceHealthMonitoringServiceInstance-Applicability-End -->
 
 <!-- ConfigDeviceHealthMonitoringServiceInstance-OmaUri-Begin -->
@@ -157,7 +157,7 @@ If the device isn't opted-in to the DeviceHealthMonitoring service via the Allow
 <!-- ConfigDeviceHealthMonitoringUploadDestination-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigDeviceHealthMonitoringUploadDestination-Applicability-End -->
 
 <!-- ConfigDeviceHealthMonitoringUploadDestination-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 54c24ec458..dcf5e542ca 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceInstallation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowInstallationOfMatchingDeviceIDs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowInstallationOfMatchingDeviceIDs-Applicability-End -->
 
 <!-- AllowInstallationOfMatchingDeviceIDs-OmaUri-Begin -->
@@ -131,7 +131,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 <!-- AllowInstallationOfMatchingDeviceInstanceIDs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AllowInstallationOfMatchingDeviceInstanceIDs-Applicability-End -->
 
 <!-- AllowInstallationOfMatchingDeviceInstanceIDs-OmaUri-Begin -->
@@ -235,7 +235,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
 <!-- AllowInstallationOfMatchingDeviceSetupClasses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowInstallationOfMatchingDeviceSetupClasses-Applicability-End -->
 
 <!-- AllowInstallationOfMatchingDeviceSetupClasses-OmaUri-Begin -->
@@ -347,7 +347,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and
 <!-- EnableInstallationPolicyLayering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.256] and later <br> ✅ Windows 10, version 1809 [10.0.17763.2145] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1714] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1151] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.256] and later <br> ✅ Windows 10, version 1809 [10.0.17763.2145] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1714] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1151] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableInstallationPolicyLayering-Applicability-End -->
 
 <!-- EnableInstallationPolicyLayering-OmaUri-Begin -->
@@ -463,7 +463,7 @@ You can also change the evaluation order of device installation policy settings
 <!-- PreventDeviceMetadataFromNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- PreventDeviceMetadataFromNetwork-Applicability-End -->
 
 <!-- PreventDeviceMetadataFromNetwork-OmaUri-Begin -->
@@ -522,7 +522,7 @@ This policy setting allows you to prevent Windows from retrieving device metadat
 <!-- PreventInstallationOfDevicesNotDescribedByOtherPolicySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- PreventInstallationOfDevicesNotDescribedByOtherPolicySettings-Applicability-End -->
 
 <!-- PreventInstallationOfDevicesNotDescribedByOtherPolicySettings-OmaUri-Begin -->
@@ -621,7 +621,7 @@ You can also block installation by using a custom profile in Intune.
 <!-- PreventInstallationOfMatchingDeviceIDs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventInstallationOfMatchingDeviceIDs-Applicability-End -->
 
 <!-- PreventInstallationOfMatchingDeviceIDs-OmaUri-Begin -->
@@ -725,7 +725,7 @@ For example, this custom profile blocks installation and usage of USB devices wi
 <!-- PreventInstallationOfMatchingDeviceInstanceIDs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- PreventInstallationOfMatchingDeviceInstanceIDs-Applicability-End -->
 
 <!-- PreventInstallationOfMatchingDeviceInstanceIDs-OmaUri-Begin -->
@@ -836,7 +836,7 @@ To prevent installation of devices with matching device instance IDs by using cu
 <!-- PreventInstallationOfMatchingDeviceSetupClasses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventInstallationOfMatchingDeviceSetupClasses-Applicability-End -->
 
 <!-- PreventInstallationOfMatchingDeviceSetupClasses-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index c2c0ede75a..7b0d273a41 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -4,7 +4,7 @@ description: Learn more about the DeviceLock Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -32,7 +32,7 @@ ms.topic: reference
 <!-- AccountLockoutPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AccountLockoutPolicy-Applicability-End -->
 
 <!-- AccountLockoutPolicy-OmaUri-Begin -->
@@ -71,7 +71,7 @@ Account lockout threshold - This security setting determines the number of faile
 <!-- AllowAdministratorLockout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AllowAdministratorLockout-Applicability-End -->
 
 <!-- AllowAdministratorLockout-OmaUri-Begin -->
@@ -121,7 +121,7 @@ Allow Administrator account lockout This security setting determines whether the
 <!-- AllowIdleReturnWithoutPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowIdleReturnWithoutPassword-Applicability-End -->
 
 <!-- AllowIdleReturnWithoutPassword-OmaUri-Begin -->
@@ -176,7 +176,7 @@ Specifies whether the user must input a PIN or password when the device resumes
 <!-- AllowScreenTimeoutWhileLockedUserConfig-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowScreenTimeoutWhileLockedUserConfig-Applicability-End -->
 
 <!-- AllowScreenTimeoutWhileLockedUserConfig-OmaUri-Begin -->
@@ -225,7 +225,7 @@ Specifies whether to show a user-configurable setting to control the screen time
 <!-- AllowSimpleDevicePassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSimpleDevicePassword-Applicability-End -->
 
 <!-- AllowSimpleDevicePassword-OmaUri-Begin -->
@@ -279,7 +279,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
 <!-- AlphanumericDevicePasswordRequired-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AlphanumericDevicePasswordRequired-Applicability-End -->
 
 <!-- AlphanumericDevicePasswordRequired-OmaUri-Begin -->
@@ -336,7 +336,7 @@ Determines the type of PIN or password required. This policy only applies if the
 <!-- ClearTextPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ClearTextPassword-Applicability-End -->
 
 <!-- ClearTextPassword-OmaUri-Begin -->
@@ -387,7 +387,7 @@ This security setting determines whether the operating system stores passwords u
 <!-- DevicePasswordEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DevicePasswordEnabled-Applicability-End -->
 
 <!-- DevicePasswordEnabled-OmaUri-Begin -->
@@ -469,7 +469,7 @@ Specifies whether device lock is enabled.
 <!-- DevicePasswordExpiration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DevicePasswordExpiration-Applicability-End -->
 
 <!-- DevicePasswordExpiration-OmaUri-Begin -->
@@ -517,7 +517,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
 <!-- DevicePasswordHistory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- DevicePasswordHistory-Applicability-End -->
 
 <!-- DevicePasswordHistory-OmaUri-Begin -->
@@ -567,7 +567,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
 <!-- EnforceLockScreenAndLogonImage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EnforceLockScreenAndLogonImage-Applicability-End -->
 
 <!-- EnforceLockScreenAndLogonImage-OmaUri-Begin -->
@@ -606,7 +606,7 @@ Specifies the default lock screen and logon image shown when no user is signed i
 <!-- EnforceLockScreenProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EnforceLockScreenProvider-Applicability-End -->
 
 <!-- EnforceLockScreenProvider-OmaUri-Begin -->
@@ -644,7 +644,7 @@ Specifies the default lock screen and logon image shown when no user is signed i
 <!-- MaxDevicePasswordFailedAttempts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- MaxDevicePasswordFailedAttempts-Applicability-End -->
 
 <!-- MaxDevicePasswordFailedAttempts-OmaUri-Begin -->
@@ -689,7 +689,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!-- MaximumPasswordAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- MaximumPasswordAge-Applicability-End -->
 
 <!-- MaximumPasswordAge-OmaUri-Begin -->
@@ -742,7 +742,7 @@ This security setting determines the period of time (in days) that a password ca
 <!-- MaxInactivityTimeDeviceLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- MaxInactivityTimeDeviceLock-Applicability-End -->
 
 <!-- MaxInactivityTimeDeviceLock-OmaUri-Begin -->
@@ -789,7 +789,7 @@ On HoloLens, this timeout is controlled by the device's system sleep timeout, re
 <!-- MaxInactivityTimeDeviceLockWithExternalDisplay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- MaxInactivityTimeDeviceLockWithExternalDisplay-Applicability-End -->
 
 <!-- MaxInactivityTimeDeviceLockWithExternalDisplay-OmaUri-Begin -->
@@ -830,7 +830,7 @@ Sets the maximum timeout value for the external display.
 <!-- MinDevicePasswordComplexCharacters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- MinDevicePasswordComplexCharacters-Applicability-End -->
 
 <!-- MinDevicePasswordComplexCharacters-OmaUri-Begin -->
@@ -908,7 +908,7 @@ For more information about this policy, see [Exchange ActiveSync Policy Engine O
 <!-- MinDevicePasswordLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- MinDevicePasswordLength-Applicability-End -->
 
 <!-- MinDevicePasswordLength-OmaUri-Begin -->
@@ -979,7 +979,7 @@ The following example shows how to set the minimum password length to 4 characte
 <!-- MinimumPasswordAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- MinimumPasswordAge-Applicability-End -->
 
 <!-- MinimumPasswordAge-OmaUri-Begin -->
@@ -1029,7 +1029,7 @@ This security setting determines the period of time (in days) that a password mu
 <!-- PasswordComplexity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- PasswordComplexity-Applicability-End -->
 
 <!-- PasswordComplexity-OmaUri-Begin -->
@@ -1089,7 +1089,7 @@ Complexity requirements are enforced when passwords are changed or created.
 <!-- PasswordHistorySize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- PasswordHistorySize-Applicability-End -->
 
 <!-- PasswordHistorySize-OmaUri-Begin -->
@@ -1143,7 +1143,7 @@ This security setting determines the number of unique new passwords that have to
 <!-- PreventEnablingLockScreenCamera-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- PreventEnablingLockScreenCamera-Applicability-End -->
 
 <!-- PreventEnablingLockScreenCamera-OmaUri-Begin -->
@@ -1202,7 +1202,7 @@ If you enable this setting, users will no longer be able to enable or disable lo
 <!-- PreventLockScreenSlideShow-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventLockScreenSlideShow-Applicability-End -->
 
 <!-- PreventLockScreenSlideShow-OmaUri-Begin -->
@@ -1261,7 +1261,7 @@ If you enable this setting, users will no longer be able to modify slide show se
 <!-- ScreenTimeoutWhileLocked-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ScreenTimeoutWhileLocked-Applicability-End -->
 
 <!-- ScreenTimeoutWhileLocked-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 740ba29976..c716b41a63 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -4,7 +4,7 @@ description: Learn more about the Display Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- DisablePerProcessDpiForApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DisablePerProcessDpiForApps-Applicability-End -->
 
 <!-- DisablePerProcessDpiForApps-OmaUri-Begin -->
@@ -92,7 +92,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli
 <!-- EnablePerProcessDpi-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnablePerProcessDpi-Applicability-End -->
 
 <!-- EnablePerProcessDpi-OmaUri-Begin -->
@@ -183,7 +183,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli
 <!-- EnablePerProcessDpiForApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnablePerProcessDpiForApps-Applicability-End -->
 
 <!-- EnablePerProcessDpiForApps-OmaUri-Begin -->
@@ -249,7 +249,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli
 <!-- TurnOffGdiDPIScalingForApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TurnOffGdiDPIScalingForApps-Applicability-End -->
 
 <!-- TurnOffGdiDPIScalingForApps-OmaUri-Begin -->
@@ -327,7 +327,7 @@ To validate on Desktop, do the following tasks:
 <!-- TurnOnGdiDPIScalingForApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TurnOnGdiDPIScalingForApps-Applicability-End -->
 
 <!-- TurnOnGdiDPIScalingForApps-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 4d115aecee..0a9aa6d814 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -4,7 +4,7 @@ description: Learn more about the DmaGuard Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- DeviceEnumerationPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DeviceEnumerationPolicy-Applicability-End -->
 
 <!-- DeviceEnumerationPolicy-OmaUri-Begin -->
@@ -46,6 +46,8 @@ This policy is intended to provide more security against external DMA capable de
 
 Device memory sandboxing allows the OS to use the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access by the peripheral. In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it.
 
+This policy requires a system reboot to take effect.
+
 This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that can't be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, check the Kernel DMA Protection field in the Summary page of MSINFO32.exe.
 <!-- DeviceEnumerationPolicy-Editable-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
index 2960a6ecc4..ccc75b02bf 100644
--- a/windows/client-management/mdm/policy-csp-eap.md
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -4,7 +4,7 @@ description: Learn more about the Eap Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowTLS1_3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowTLS1_3-Applicability-End -->
 
 <!-- AllowTLS1_3-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index 9481c59de0..4ec2cef651 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -4,7 +4,7 @@ description: Learn more about the Education Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowGraphingCalculator-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AllowGraphingCalculator-Applicability-End -->
 
 <!-- AllowGraphingCalculator-OmaUri-Begin -->
@@ -93,7 +93,7 @@ This policy setting allows you to control whether graphing functionality is avai
 <!-- DefaultPrinterName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DefaultPrinterName-Applicability-End -->
 
 <!-- DefaultPrinterName-OmaUri-Begin -->
@@ -133,7 +133,7 @@ The policy value is expected to be the name (network host name) of an installed
 <!-- EnableEduThemes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableEduThemes-Applicability-End -->
 
 <!-- EnableEduThemes-OmaUri-Begin -->
@@ -186,7 +186,7 @@ This policy setting allows you to control whether EDU-specific theme packs are a
 <!-- IsEducationEnvironment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- IsEducationEnvironment-Applicability-End -->
 
 <!-- IsEducationEnvironment-OmaUri-Begin -->
@@ -235,7 +235,7 @@ This policy setting allows tenant to control whether to declare this OS as an ed
 <!-- PreventAddingNewPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- PreventAddingNewPrinters-Applicability-End -->
 
 <!-- PreventAddingNewPrinters-OmaUri-Begin -->
@@ -311,7 +311,7 @@ This setting doesn't delete printers that users have already added. However, if
 <!-- PrinterNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- PrinterNames-Applicability-End -->
 
 <!-- PrinterNames-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 3e576c5845..4005e29555 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -4,7 +4,7 @@ description: Learn more about the EnterpriseCloudPrint Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- CloudPrinterDiscoveryEndPoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- CloudPrinterDiscoveryEndPoint-Applicability-End -->
 
 <!-- CloudPrinterDiscoveryEndPoint-OmaUri-Begin -->
@@ -73,7 +73,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
 <!-- CloudPrintOAuthAuthority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- CloudPrintOAuthAuthority-Applicability-End -->
 
 <!-- CloudPrintOAuthAuthority-OmaUri-Begin -->
@@ -120,7 +120,7 @@ The default value is an empty string. Otherwise, the value should contain the UR
 <!-- CloudPrintOAuthClientId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- CloudPrintOAuthClientId-Applicability-End -->
 
 <!-- CloudPrintOAuthClientId-OmaUri-Begin -->
@@ -167,7 +167,7 @@ The default value is an empty string. Otherwise, the value should contain a GUID
 <!-- CloudPrintResourceId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- CloudPrintResourceId-Applicability-End -->
 
 <!-- CloudPrintResourceId-OmaUri-Begin -->
@@ -214,7 +214,7 @@ The default value is an empty string. Otherwise, the value should contain a URL.
 <!-- DiscoveryMaxPrinterLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DiscoveryMaxPrinterLimit-Applicability-End -->
 
 <!-- DiscoveryMaxPrinterLimit-OmaUri-Begin -->
@@ -256,7 +256,7 @@ This policy must target ./User, otherwise it fails.
 <!-- MopriaDiscoveryResourceId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- MopriaDiscoveryResourceId-Applicability-End -->
 
 <!-- MopriaDiscoveryResourceId-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 4de4b61de6..e97461a682 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -4,7 +4,7 @@ description: Learn more about the ErrorReporting Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CustomizeConsentSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- CustomizeConsentSettings-Applicability-End -->
 
 <!-- CustomizeConsentSettings-OmaUri-Begin -->
@@ -96,7 +96,7 @@ This policy setting determines the consent behavior of Windows Error Reporting f
 <!-- DisableWindowsErrorReporting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableWindowsErrorReporting-Applicability-End -->
 
 <!-- DisableWindowsErrorReporting-OmaUri-Begin -->
@@ -155,7 +155,7 @@ This policy setting turns off Windows Error Reporting, so that reports aren't co
 <!-- DisplayErrorNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisplayErrorNotification-Applicability-End -->
 
 <!-- DisplayErrorNotification-OmaUri-Begin -->
@@ -218,7 +218,7 @@ See also the Configure Error Reporting policy setting.
 <!-- DoNotSendAdditionalData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotSendAdditionalData-Applicability-End -->
 
 <!-- DoNotSendAdditionalData-OmaUri-Begin -->
@@ -277,7 +277,7 @@ This policy setting controls whether additional data in support of error reports
 <!-- PreventCriticalErrorDisplay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventCriticalErrorDisplay-Applicability-End -->
 
 <!-- PreventCriticalErrorDisplay-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 82a2f6c7de..ce940b762e 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -4,7 +4,7 @@ description: Learn more about the EventLogService Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ControlEventLogBehavior-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ControlEventLogBehavior-Applicability-End -->
 
 <!-- ControlEventLogBehavior-OmaUri-Begin -->
@@ -90,7 +90,7 @@ This policy setting controls Event Log behavior when the log file reaches its ma
 <!-- SpecifyMaximumFileSizeApplicationLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SpecifyMaximumFileSizeApplicationLog-Applicability-End -->
 
 <!-- SpecifyMaximumFileSizeApplicationLog-OmaUri-Begin -->
@@ -148,7 +148,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
 <!-- SpecifyMaximumFileSizeSecurityLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SpecifyMaximumFileSizeSecurityLog-Applicability-End -->
 
 <!-- SpecifyMaximumFileSizeSecurityLog-OmaUri-Begin -->
@@ -206,7 +206,7 @@ This policy setting specifies the maximum size of the log file in kilobytes.
 <!-- SpecifyMaximumFileSizeSystemLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SpecifyMaximumFileSizeSystemLog-Applicability-End -->
 
 <!-- SpecifyMaximumFileSizeSystemLog-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 98e5bc674b..aea8cbe4f0 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -4,7 +4,7 @@ description: Learn more about the Experience Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowClipboardHistory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowClipboardHistory-Applicability-End -->
 
 <!-- AllowClipboardHistory-OmaUri-Begin -->
@@ -107,7 +107,7 @@ Policy change takes effect immediately.
 <!-- AllowCopyPaste-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowCopyPaste-Applicability-End -->
 
 <!-- AllowCopyPaste-OmaUri-Begin -->
@@ -156,7 +156,7 @@ This policy is deprecated.
 <!-- AllowCortana-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowCortana-Applicability-End -->
 
 <!-- AllowCortana-OmaUri-Begin -->
@@ -225,7 +225,7 @@ When Cortana is off, users will still be able to use search to find things on th
 <!-- AllowDeviceDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDeviceDiscovery-Applicability-End -->
 
 <!-- AllowDeviceDiscovery-OmaUri-Begin -->
@@ -274,7 +274,7 @@ Allows users to turn on/off device discovery UX. When set to 0 , the projection
 <!-- AllowFindMyDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowFindMyDevice-Applicability-End -->
 
 <!-- AllowFindMyDevice-OmaUri-Begin -->
@@ -341,7 +341,7 @@ When Find My Device is off, the device and its location aren't registered and th
 <!-- AllowManualMDMUnenrollment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowManualMDMUnenrollment-Applicability-End -->
 
 <!-- AllowManualMDMUnenrollment-OmaUri-Begin -->
@@ -393,7 +393,7 @@ Specifies whether to allow the user to delete the workplace account using the wo
 <!-- AllowSaveAsOfOfficeFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowSaveAsOfOfficeFiles-Applicability-End -->
 
 <!-- AllowSaveAsOfOfficeFiles-OmaUri-Begin -->
@@ -442,7 +442,7 @@ This policy is deprecated.
 <!-- AllowScreenCapture-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowScreenCapture-Applicability-End -->
 
 <!-- AllowScreenCapture-OmaUri-Begin -->
@@ -485,6 +485,68 @@ Allow screen capture.
 
 <!-- AllowScreenCapture-End -->
 
+<!-- AllowScreenRecorder-Begin -->
+## AllowScreenRecorder
+
+<!-- AllowScreenRecorder-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- AllowScreenRecorder-Applicability-End -->
+
+<!-- AllowScreenRecorder-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/Experience/AllowScreenRecorder
+```
+<!-- AllowScreenRecorder-OmaUri-End -->
+
+<!-- AllowScreenRecorder-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to control whether screen recording functionality is available in the Windows Snipping Tool app.
+
+- If you disable this policy setting, screen recording functionality won't be accessible in the Windows Snipping Tool app.
+
+- If you enable or don't configure this policy setting, users will be able to access screen recording functionality.
+<!-- AllowScreenRecorder-Description-End -->
+
+<!-- AllowScreenRecorder-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowScreenRecorder-Editable-End -->
+
+<!-- AllowScreenRecorder-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowScreenRecorder-DFProperties-End -->
+
+<!-- AllowScreenRecorder-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+<!-- AllowScreenRecorder-AllowedValues-End -->
+
+<!-- AllowScreenRecorder-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowScreenRecorder |
+| Path | Programs > AT > WindowsComponents > SnippingTool |
+<!-- AllowScreenRecorder-GpMapping-End -->
+
+<!-- AllowScreenRecorder-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowScreenRecorder-Examples-End -->
+
+<!-- AllowScreenRecorder-End -->
+
 <!-- AllowSharingOfOfficeFiles-Begin -->
 ## AllowSharingOfOfficeFiles
 
@@ -494,7 +556,7 @@ Allow screen capture.
 <!-- AllowSharingOfOfficeFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowSharingOfOfficeFiles-Applicability-End -->
 
 <!-- AllowSharingOfOfficeFiles-OmaUri-Begin -->
@@ -543,7 +605,7 @@ This policy is deprecated.
 <!-- AllowSIMErrorDialogPromptWhenNoSIM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowSIMErrorDialogPromptWhenNoSIM-Applicability-End -->
 
 <!-- AllowSIMErrorDialogPromptWhenNoSIM-OmaUri-Begin -->
@@ -592,7 +654,7 @@ Allow SIM error dialog prompts when no SIM is inserted.
 <!-- AllowSpotlightCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowSpotlightCollection-Applicability-End -->
 
 <!-- AllowSpotlightCollection-OmaUri-Begin -->
@@ -655,7 +717,7 @@ The following list shows the supported values:
 <!-- AllowSyncMySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSyncMySettings-Applicability-End -->
 
 <!-- AllowSyncMySettings-OmaUri-Begin -->
@@ -704,7 +766,7 @@ Allows or disallows all Windows sync settings on the device. For information abo
 <!-- AllowTailoredExperiencesWithDiagnosticData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowTailoredExperiencesWithDiagnosticData-Applicability-End -->
 
 <!-- AllowTailoredExperiencesWithDiagnosticData-OmaUri-Begin -->
@@ -778,7 +840,7 @@ This policy allows you to prevent Windows from using diagnostic data to provide
 <!-- AllowTaskSwitcher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowTaskSwitcher-Applicability-End -->
 
 <!-- AllowTaskSwitcher-OmaUri-Begin -->
@@ -827,7 +889,7 @@ This policy is deprecated.
 <!-- AllowThirdPartySuggestionsInWindowsSpotlight-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowThirdPartySuggestionsInWindowsSpotlight-Applicability-End -->
 
 <!-- AllowThirdPartySuggestionsInWindowsSpotlight-OmaUri-Begin -->
@@ -894,7 +956,7 @@ Specifies whether to allow app and content suggestions from third-party software
 <!-- AllowVoiceRecording-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowVoiceRecording-Applicability-End -->
 
 <!-- AllowVoiceRecording-OmaUri-Begin -->
@@ -943,7 +1005,7 @@ This policy is deprecated.
 <!-- AllowWindowsConsumerFeatures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowWindowsConsumerFeatures-Applicability-End -->
 
 <!-- AllowWindowsConsumerFeatures-OmaUri-Begin -->
@@ -1007,7 +1069,7 @@ Prior to Windows 10, version 1803, this policy had User scope. This policy allow
 <!-- AllowWindowsSpotlight-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowWindowsSpotlight-Applicability-End -->
 
 <!-- AllowWindowsSpotlight-OmaUri-Begin -->
@@ -1074,7 +1136,7 @@ Specifies whether to turn off all Windows spotlight features at once.
 <!-- AllowWindowsSpotlightOnActionCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowWindowsSpotlightOnActionCenter-Applicability-End -->
 
 <!-- AllowWindowsSpotlightOnActionCenter-OmaUri-Begin -->
@@ -1142,7 +1204,7 @@ This policy allows administrators to prevent Windows spotlight notifications fro
 <!-- AllowWindowsSpotlightOnSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowWindowsSpotlightOnSettings-Applicability-End -->
 
 <!-- AllowWindowsSpotlightOnSettings-OmaUri-Begin -->
@@ -1205,7 +1267,7 @@ This policy allows IT admins to turn off Suggestions in Settings app. These sugg
 <!-- AllowWindowsSpotlightWindowsWelcomeExperience-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowWindowsSpotlightWindowsWelcomeExperience-Applicability-End -->
 
 <!-- AllowWindowsSpotlightWindowsWelcomeExperience-OmaUri-Begin -->
@@ -1273,7 +1335,7 @@ This policy setting lets you turn off the Windows spotlight Windows welcome expe
 <!-- AllowWindowsTips-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowWindowsTips-Applicability-End -->
 
 <!-- AllowWindowsTips-OmaUri-Begin -->
@@ -1340,7 +1402,7 @@ Enables or disables Windows Tips / soft landing.
 <!-- ConfigureChatIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureChatIcon-Applicability-End -->
 
 <!-- ConfigureChatIcon-OmaUri-Begin -->
@@ -1415,7 +1477,7 @@ This policy setting allows you to configure the Chat icon on the taskbar.
 <!-- ConfigureWindowsSpotlightOnLockScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ConfigureWindowsSpotlightOnLockScreen-Applicability-End -->
 
 <!-- ConfigureWindowsSpotlightOnLockScreen-OmaUri-Begin -->
@@ -1492,7 +1554,7 @@ Additionally, if you check the "Include content from Enterprise spotlight" check
 <!-- DisableCloudOptimizedContent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableCloudOptimizedContent-Applicability-End -->
 
 <!-- DisableCloudOptimizedContent-OmaUri-Begin -->
@@ -1559,7 +1621,7 @@ This policy setting lets you turn off cloud optimized content in all Windows exp
 <!-- DisableConsumerAccountStateContent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableConsumerAccountStateContent-Applicability-End -->
 
 <!-- DisableConsumerAccountStateContent-OmaUri-Begin -->
@@ -1626,7 +1688,7 @@ This policy setting lets you turn off cloud consumer account state content in al
 <!-- DisableTextTranslation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DisableTextTranslation-Applicability-End -->
 
 <!-- DisableTextTranslation-OmaUri-Begin -->
@@ -1675,7 +1737,7 @@ Allows Text Translation feature to be enabled/disabled.
 <!-- DoNotShowFeedbackNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DoNotShowFeedbackNotifications-Applicability-End -->
 
 <!-- DoNotShowFeedbackNotifications-OmaUri-Begin -->
@@ -1745,7 +1807,7 @@ This policy setting allows an organization to prevent its devices from showing f
 <!-- DoNotSyncBrowserSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DoNotSyncBrowserSettings-Applicability-End -->
 
 <!-- DoNotSyncBrowserSettings-OmaUri-Begin -->
@@ -1832,7 +1894,7 @@ _**Turn syncing off by default but don’t disable**_
 <!-- EnableOrganizationalMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- EnableOrganizationalMessages-Applicability-End -->
 
 <!-- EnableOrganizationalMessages-OmaUri-Begin -->
@@ -1881,7 +1943,7 @@ Organizational messages allow Administrators to deliver messages to their end us
 <!-- PreventUsersFromTurningOnBrowserSyncing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- PreventUsersFromTurningOnBrowserSyncing-Applicability-End -->
 
 <!-- PreventUsersFromTurningOnBrowserSyncing-OmaUri-Begin -->
@@ -1964,7 +2026,7 @@ _**Prevent syncing of browser settings and let users turn on syncing**_
 <!-- ShowLockOnUserTile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ShowLockOnUserTile-Applicability-End -->
 
 <!-- ShowLockOnUserTile-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 946ae4afdc..089a7066d9 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -4,7 +4,7 @@ description: Learn more about the ExploitGuard Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- ExploitProtectionSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ExploitProtectionSettings-Applicability-End -->
 
 <!-- ExploitProtectionSettings-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-federatedauthentication.md b/windows/client-management/mdm/policy-csp-federatedauthentication.md
index 535a19e772..c16129a3eb 100644
--- a/windows/client-management/mdm/policy-csp-federatedauthentication.md
+++ b/windows/client-management/mdm/policy-csp-federatedauthentication.md
@@ -4,7 +4,7 @@ description: Learn more about the FederatedAuthentication Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableWebSignInForPrimaryUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableWebSignInForPrimaryUser-Applicability-End -->
 
 <!-- EnableWebSignInForPrimaryUser-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index 2473c7db0c..75e9fb777f 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -4,7 +4,7 @@ description: Learn more about the FileExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowOptionToShowNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowOptionToShowNetwork-Applicability-End -->
 
 <!-- AllowOptionToShowNetwork-OmaUri-Begin -->
@@ -81,7 +81,7 @@ When the Network folder is restricted, give the user the option to enumerate and
 <!-- AllowOptionToShowThisPC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowOptionToShowThisPC-Applicability-End -->
 
 <!-- AllowOptionToShowThisPC-OmaUri-Begin -->
@@ -134,7 +134,7 @@ When This PC location is restricted, give the user the option to enumerate and n
 <!-- DisableGraphRecentItems-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DisableGraphRecentItems-Applicability-End -->
 
 <!-- DisableGraphRecentItems-OmaUri-Begin -->
@@ -145,7 +145,7 @@ When This PC location is restricted, give the user the option to enumerate and n
 
 <!-- DisableGraphRecentItems-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Turning off files from Office.com will prevent File Explorer from requesting recent cloud file metadata and displaying it in the Quick access view.
+Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, etc.
 <!-- DisableGraphRecentItems-Description-End -->
 
 <!-- DisableGraphRecentItems-Editable-Begin -->
@@ -167,8 +167,8 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
 
 | Value | Description |
 |:--|:--|
-| 0 (Default) | File Explorer will request cloud file metadata and display it in the Quick access view. |
-| 1 | File Explorer won't request cloud file metadata or display it in the Quick access view. |
+| 0 (Default) | File Explorer will request cloud file metadata and display it in the homepage and other views. |
+| 1 | File Explorer won't request cloud file metadata or display it in the homepage or other views. |
 <!-- DisableGraphRecentItems-AllowedValues-End -->
 
 <!-- DisableGraphRecentItems-GpMapping-Begin -->
@@ -177,7 +177,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
 | Name | Value |
 |:--|:--|
 | Name | DisableGraphRecentItems |
-| Friendly Name | Turn off files from Office.com in Quick access view |
+| Friendly Name | Turn off account-based insights, recent, favorite, and recommended files in File Explorer |
 | Location | Computer Configuration |
 | Path | WindowsComponents > File Explorer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
@@ -197,7 +197,7 @@ Turning off files from Office.com will prevent File Explorer from requesting rec
 <!-- SetAllowedFolderLocations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetAllowedFolderLocations-Applicability-End -->
 
 <!-- SetAllowedFolderLocations-OmaUri-Begin -->
@@ -254,7 +254,7 @@ A value that can represent one or more folder locations in File Explorer. If not
 <!-- SetAllowedStorageLocations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetAllowedStorageLocations-Applicability-End -->
 
 <!-- SetAllowedStorageLocations-OmaUri-Begin -->
@@ -313,7 +313,7 @@ A value that can represent one or more storage locations in File Explorer. If no
 <!-- TurnOffDataExecutionPreventionForExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TurnOffDataExecutionPreventionForExplorer-Applicability-End -->
 
 <!-- TurnOffDataExecutionPreventionForExplorer-OmaUri-Begin -->
@@ -368,7 +368,7 @@ Disabling data execution prevention can allow certain legacy plug-in application
 <!-- TurnOffHeapTerminationOnCorruption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TurnOffHeapTerminationOnCorruption-Applicability-End -->
 
 <!-- TurnOffHeapTerminationOnCorruption-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md
new file mode 100644
index 0000000000..57ec3f91e0
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-filesystem.md
@@ -0,0 +1,152 @@
+---
+title: FileSystem Policy CSP
+description: Learn more about the FileSystem Area in Policy CSP.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 08/30/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- FileSystem-Begin -->
+# Policy CSP - FileSystem
+
+[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+<!-- FileSystem-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- FileSystem-Editable-End -->
+
+<!-- DevDriveAttachPolicy-Begin -->
+## DevDriveAttachPolicy
+
+<!-- DevDriveAttachPolicy-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- DevDriveAttachPolicy-Applicability-End -->
+
+<!-- DevDriveAttachPolicy-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/FileSystem/DevDriveAttachPolicy
+```
+<!-- DevDriveAttachPolicy-OmaUri-End -->
+
+<!-- DevDriveAttachPolicy-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Dev drive is a drive optimized for performance considering developer scenarios and by default no file system filters are attached to it. Filters listed in this setting will be allowed to attach even on a dev drive.
+
+A reboot is required for this setting to take effect.
+<!-- DevDriveAttachPolicy-Description-End -->
+
+<!-- DevDriveAttachPolicy-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DevDriveAttachPolicy-Editable-End -->
+
+<!-- DevDriveAttachPolicy-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DevDriveAttachPolicy-DFProperties-End -->
+
+<!-- DevDriveAttachPolicy-AdmxBacked-Begin -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DevDriveAttachPolicy |
+| Friendly Name | Dev drive filter attach policy |
+| Location | Computer Configuration |
+| Path | System > Filesystem |
+| Registry Key Name | System\CurrentControlSet\Policies |
+| ADMX File Name | filtermanager.admx |
+<!-- DevDriveAttachPolicy-AdmxBacked-End -->
+
+<!-- DevDriveAttachPolicy-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DevDriveAttachPolicy-Examples-End -->
+
+<!-- DevDriveAttachPolicy-End -->
+
+<!-- EnableDevDrive-Begin -->
+## EnableDevDrive
+
+<!-- EnableDevDrive-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- EnableDevDrive-Applicability-End -->
+
+<!-- EnableDevDrive-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/FileSystem/EnableDevDrive
+```
+<!-- EnableDevDrive-OmaUri-End -->
+
+<!-- EnableDevDrive-Description-Begin -->
+<!-- Description-Source-ADMX -->
+Dev drive or developer volume is a volume optimized for performance of developer scenarios. A developer volume allows an administrator to choose file system filters that are attached on the volume.
+
+Disabling this setting will disallow creation of new developer volumes, existing developer volumes will mount as regular volumes.
+
+If this setting isn't configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a deveveloper volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.
+
+A reboot is required for this setting to take effect.
+<!-- EnableDevDrive-Description-End -->
+
+<!-- EnableDevDrive-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableDevDrive-Editable-End -->
+
+<!-- EnableDevDrive-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- EnableDevDrive-DFProperties-End -->
+
+<!-- EnableDevDrive-AdmxBacked-Begin -->
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableDevDrive |
+| Friendly Name | Enable dev drive |
+| Location | Computer Configuration |
+| Path | System > Filesystem |
+| Registry Key Name | System\CurrentControlSet\Policies |
+| Registry Value Name | FsEnableDevDrive |
+| ADMX File Name | refs.admx |
+<!-- EnableDevDrive-AdmxBacked-End -->
+
+<!-- EnableDevDrive-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableDevDrive-Examples-End -->
+
+<!-- EnableDevDrive-End -->
+
+<!-- FileSystem-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- FileSystem-CspMoreInfo-End -->
+
+<!-- FileSystem-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 3cbb9c950a..7be1ae616e 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -4,7 +4,7 @@ description: Learn more about the Games Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAdvancedGamingServices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowAdvancedGamingServices-Applicability-End -->
 
 <!-- AllowAdvancedGamingServices-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index c32d17ab4f..941b6ab1ce 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -4,7 +4,7 @@ description: Learn more about the Handwriting Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- PanelDefaultModeDocked-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- PanelDefaultModeDocked-Applicability-End -->
 
 <!-- PanelDefaultModeDocked-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 4129760b55..6584e6372b 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -4,7 +4,7 @@ description: Learn more about the HumanPresence Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ForceAllowDimWhenExternalDisplayConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ForceAllowDimWhenExternalDisplayConnected-Applicability-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-OmaUri-Begin -->
@@ -38,8 +38,8 @@ ms.topic: reference
 <!-- ForceAllowDimWhenExternalDisplayConnected-OmaUri-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-Description-Begin -->
-<!-- Description-Source-DDF -->
-Determines whether Allow Adaptive Dimming When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
+<!-- Description-Source-ADMX -->
+Determines whether Allow Adaptive Dimming When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceAllowDimWhenExternalDisplayConnected-Description-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-Editable-Begin -->
@@ -72,7 +72,12 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
 | Name | Value |
 |:--|:--|
 | Name | ForceAllowDimWhenExternalDisplayConnected |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Allow Dim When External Display Connected |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceAllowDimWhenExternalDisplayConnected |
+| ADMX File Name | Sensors.admx |
 <!-- ForceAllowDimWhenExternalDisplayConnected-GpMapping-End -->
 
 <!-- ForceAllowDimWhenExternalDisplayConnected-Examples-Begin -->
@@ -87,7 +92,7 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
 <!-- ForceAllowLockWhenExternalDisplayConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ForceAllowLockWhenExternalDisplayConnected-Applicability-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-OmaUri-Begin -->
@@ -97,8 +102,8 @@ Determines whether Allow Adaptive Dimming When External Display Connected checkb
 <!-- ForceAllowLockWhenExternalDisplayConnected-OmaUri-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-Description-Begin -->
-<!-- Description-Source-DDF -->
-Determines whether Allow Lock on Leave When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
+<!-- Description-Source-ADMX -->
+Determines whether Allow Lock on Leave When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceAllowLockWhenExternalDisplayConnected-Description-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-Editable-Begin -->
@@ -131,7 +136,12 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
 | Name | Value |
 |:--|:--|
 | Name | ForceAllowLockWhenExternalDisplayConnected |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Allow Lock When External Display Connected |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceAllowLockWhenExternalDisplayConnected |
+| ADMX File Name | Sensors.admx |
 <!-- ForceAllowLockWhenExternalDisplayConnected-GpMapping-End -->
 
 <!-- ForceAllowLockWhenExternalDisplayConnected-Examples-Begin -->
@@ -146,7 +156,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Applicability-End -->
 
 <!-- ForceAllowWakeWhenExternalDisplayConnected-OmaUri-Begin -->
@@ -156,7 +166,7 @@ Determines whether Allow Lock on Leave When External Display Connected checkbox
 <!-- ForceAllowWakeWhenExternalDisplayConnected-OmaUri-End -->
 
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 Determines whether Allow Wake on Approach When External Display Connected checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Description-End -->
 
@@ -190,7 +200,12 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
 | Name | Value |
 |:--|:--|
 | Name | ForceAllowWakeWhenExternalDisplayConnected |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Allow Wake When External Display Connected |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceAllowWakeWhenExternalDisplayConnected |
+| ADMX File Name | Sensors.admx |
 <!-- ForceAllowWakeWhenExternalDisplayConnected-GpMapping-End -->
 
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Examples-Begin -->
@@ -205,7 +220,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
 <!-- ForceDisableWakeWhenBatterySaverOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ForceDisableWakeWhenBatterySaverOn-Applicability-End -->
 
 <!-- ForceDisableWakeWhenBatterySaverOn-OmaUri-Begin -->
@@ -215,7 +230,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
 <!-- ForceDisableWakeWhenBatterySaverOn-OmaUri-End -->
 
 <!-- ForceDisableWakeWhenBatterySaverOn-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 Determines whether Disable Wake on Approach When Battery Saver On checkbox is forced checked/unchecked by the MDM policy. The user won't be able to change this setting and the checkbox in the UI will be greyed out.
 <!-- ForceDisableWakeWhenBatterySaverOn-Description-End -->
 
@@ -249,7 +264,12 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo
 | Name | Value |
 |:--|:--|
 | Name | ForceDisableWakeWhenBatterySaverOn |
-| Path | Sensors > AT > WindowsComponents > HumanPresence |
+| Friendly Name | Force Disable Wake When Battery Saver On |
+| Location | Computer Configuration |
+| Path | Windows Components > Human Presence |
+| Registry Key Name | Software\Policies\Microsoft\HumanPresence |
+| Registry Value Name | ForceDisableWakeWhenBatterySaverOn |
+| ADMX File Name | Sensors.admx |
 <!-- ForceDisableWakeWhenBatterySaverOn-GpMapping-End -->
 
 <!-- ForceDisableWakeWhenBatterySaverOn-Examples-Begin -->
@@ -264,7 +284,7 @@ Determines whether Disable Wake on Approach When Battery Saver On checkbox is fo
 <!-- ForceInstantDim-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceInstantDim-Applicability-End -->
 
 <!-- ForceInstantDim-OmaUri-Begin -->
@@ -328,7 +348,7 @@ This is a power saving feature that prolongs battery charge.
 <!-- ForceInstantLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceInstantLock-Applicability-End -->
 
 <!-- ForceInstantLock-OmaUri-Begin -->
@@ -392,7 +412,7 @@ Determines whether Lock on Leave is forced on/off by the MDM policy. The user wo
 <!-- ForceInstantWake-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceInstantWake-Applicability-End -->
 
 <!-- ForceInstantWake-OmaUri-Begin -->
@@ -456,7 +476,7 @@ Determines whether Wake On Arrival is forced on/off by the MDM policy. The user
 <!-- ForceLockTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ForceLockTimeout-Applicability-End -->
 
 <!-- ForceLockTimeout-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 048fcaf893..c0b5145841 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -4,7 +4,7 @@ description: Learn more about the InternetExplorer Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AddSearchProvider-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AddSearchProvider-Applicability-End -->
 
 <!-- AddSearchProvider-OmaUri-Begin -->
@@ -94,7 +94,7 @@ This policy setting allows you to add a specific list of search providers to the
 <!-- AllowActiveXFiltering-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowActiveXFiltering-Applicability-End -->
 
 <!-- AllowActiveXFiltering-OmaUri-Begin -->
@@ -157,7 +157,7 @@ This policy setting controls the ActiveX Filtering feature for websites that are
 <!-- AllowAddOnList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowAddOnList-Applicability-End -->
 
 <!-- AllowAddOnList-OmaUri-Begin -->
@@ -226,7 +226,7 @@ Value - A number indicating whether Internet Explorer should deny or allow the a
 <!-- AllowAutoComplete-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowAutoComplete-Applicability-End -->
 
 <!-- AllowAutoComplete-OmaUri-Begin -->
@@ -287,7 +287,7 @@ This AutoComplete feature can remember and suggest User names and passwords on F
 <!-- AllowCertificateAddressMismatchWarning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowCertificateAddressMismatchWarning-Applicability-End -->
 
 <!-- AllowCertificateAddressMismatchWarning-OmaUri-Begin -->
@@ -350,7 +350,7 @@ This policy setting allows you to turn on the certificate address mismatch secur
 <!-- AllowDeletingBrowsingHistoryOnExit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowDeletingBrowsingHistoryOnExit-Applicability-End -->
 
 <!-- AllowDeletingBrowsingHistoryOnExit-OmaUri-Begin -->
@@ -417,7 +417,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th
 <!-- AllowEnhancedProtectedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowEnhancedProtectedMode-Applicability-End -->
 
 <!-- AllowEnhancedProtectedMode-OmaUri-Begin -->
@@ -482,7 +482,7 @@ Enhanced Protected Mode provides additional protection against malicious website
 <!-- AllowEnhancedSuggestionsInAddressBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowEnhancedSuggestionsInAddressBar-Applicability-End -->
 
 <!-- AllowEnhancedSuggestionsInAddressBar-OmaUri-Begin -->
@@ -547,7 +547,7 @@ This policy setting allows Internet Explorer to provide enhanced suggestions as
 <!-- AllowEnterpriseModeFromToolsMenu-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowEnterpriseModeFromToolsMenu-Applicability-End -->
 
 <!-- AllowEnterpriseModeFromToolsMenu-OmaUri-Begin -->
@@ -609,7 +609,7 @@ If you disable or don't configure this policy setting, the menu option won't app
 <!-- AllowEnterpriseModeSiteList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowEnterpriseModeSiteList-Applicability-End -->
 
 <!-- AllowEnterpriseModeSiteList-OmaUri-Begin -->
@@ -671,7 +671,7 @@ This policy setting lets you specify where to find the list of websites you want
 <!-- AllowFallbackToSSL3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowFallbackToSSL3-Applicability-End -->
 
 <!-- AllowFallbackToSSL3-OmaUri-Begin -->
@@ -731,7 +731,7 @@ If you disable this policy, system defaults will be used.
 <!-- AllowInternetExplorer7PolicyList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowInternetExplorer7PolicyList-Applicability-End -->
 
 <!-- AllowInternetExplorer7PolicyList-OmaUri-Begin -->
@@ -793,7 +793,7 @@ This policy setting allows you to add specific sites that must be viewed in Inte
 <!-- AllowInternetExplorerStandardsMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowInternetExplorerStandardsMode-Applicability-End -->
 
 <!-- AllowInternetExplorerStandardsMode-OmaUri-Begin -->
@@ -858,7 +858,7 @@ This policy setting controls how Internet Explorer displays local intranet conte
 <!-- AllowInternetZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowInternetZoneTemplate-Applicability-End -->
 
 <!-- AllowInternetZoneTemplate-OmaUri-Begin -->
@@ -927,7 +927,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowIntranetZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowIntranetZoneTemplate-Applicability-End -->
 
 <!-- AllowIntranetZoneTemplate-OmaUri-Begin -->
@@ -996,7 +996,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLocalMachineZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowLocalMachineZoneTemplate-Applicability-End -->
 
 <!-- AllowLocalMachineZoneTemplate-OmaUri-Begin -->
@@ -1065,7 +1065,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLockedDownInternetZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowLockedDownInternetZoneTemplate-Applicability-End -->
 
 <!-- AllowLockedDownInternetZoneTemplate-OmaUri-Begin -->
@@ -1134,7 +1134,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLockedDownIntranetZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowLockedDownIntranetZoneTemplate-Applicability-End -->
 
 <!-- AllowLockedDownIntranetZoneTemplate-OmaUri-Begin -->
@@ -1203,7 +1203,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLockedDownLocalMachineZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowLockedDownLocalMachineZoneTemplate-Applicability-End -->
 
 <!-- AllowLockedDownLocalMachineZoneTemplate-OmaUri-Begin -->
@@ -1272,7 +1272,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLockedDownRestrictedSitesZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowLockedDownRestrictedSitesZoneTemplate-Applicability-End -->
 
 <!-- AllowLockedDownRestrictedSitesZoneTemplate-OmaUri-Begin -->
@@ -1341,7 +1341,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowOneWordEntry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowOneWordEntry-Applicability-End -->
 
 <!-- AllowOneWordEntry-OmaUri-Begin -->
@@ -1404,7 +1404,7 @@ This policy allows the user to go directly to an intranet site for a one-word en
 <!-- AllowSaveTargetAsInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- AllowSaveTargetAsInIEMode-Applicability-End -->
 
 <!-- AllowSaveTargetAsInIEMode-OmaUri-Begin -->
@@ -1483,7 +1483,7 @@ For more information, see <https://go.microsoft.com/fwlink/?linkid=2102115>
 <!-- AllowSiteToZoneAssignmentList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowSiteToZoneAssignmentList-Applicability-End -->
 
 <!-- AllowSiteToZoneAssignmentList-OmaUri-Begin -->
@@ -1580,7 +1580,7 @@ Value and index pairs in the SyncML example:
 <!-- AllowsLockedDownTrustedSitesZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowsLockedDownTrustedSitesZoneTemplate-Applicability-End -->
 
 <!-- AllowsLockedDownTrustedSitesZoneTemplate-OmaUri-Begin -->
@@ -1649,7 +1649,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowSoftwareWhenSignatureIsInvalid-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowSoftwareWhenSignatureIsInvalid-Applicability-End -->
 
 <!-- AllowSoftwareWhenSignatureIsInvalid-OmaUri-Begin -->
@@ -1714,7 +1714,7 @@ This policy setting allows you to manage whether software, such as ActiveX contr
 <!-- AllowsRestrictedSitesZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowsRestrictedSitesZoneTemplate-Applicability-End -->
 
 <!-- AllowsRestrictedSitesZoneTemplate-OmaUri-Begin -->
@@ -1783,7 +1783,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowSuggestedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowSuggestedSites-Applicability-End -->
 
 <!-- AllowSuggestedSites-OmaUri-Begin -->
@@ -1848,7 +1848,7 @@ This policy setting controls the Suggested Sites feature, which recommends websi
 <!-- AllowTrustedSitesZoneTemplate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowTrustedSitesZoneTemplate-Applicability-End -->
 
 <!-- AllowTrustedSitesZoneTemplate-OmaUri-Begin -->
@@ -1917,7 +1917,7 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- CheckServerCertificateRevocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- CheckServerCertificateRevocation-Applicability-End -->
 
 <!-- CheckServerCertificateRevocation-OmaUri-Begin -->
@@ -1982,7 +1982,7 @@ This policy setting allows you to manage whether Internet Explorer will check re
 <!-- CheckSignaturesOnDownloadedPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- CheckSignaturesOnDownloadedPrograms-Applicability-End -->
 
 <!-- CheckSignaturesOnDownloadedPrograms-OmaUri-Begin -->
@@ -2047,7 +2047,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di
 <!-- ConfigureEdgeRedirectChannel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- ConfigureEdgeRedirectChannel-Applicability-End -->
 
 <!-- ConfigureEdgeRedirectChannel-OmaUri-Begin -->
@@ -2337,7 +2337,7 @@ If the Windows Update for the next version of Microsoft Edge* or Microsoft Edge
 <!-- ConsistentMimeHandlingInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ConsistentMimeHandlingInternetExplorerProcesses-Applicability-End -->
 
 <!-- ConsistentMimeHandlingInternetExplorerProcesses-OmaUri-Begin -->
@@ -2403,7 +2403,7 @@ This policy setting determines whether Internet Explorer requires that all file-
 <!-- DisableActiveXVersionListAutoDownload-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DisableActiveXVersionListAutoDownload-Applicability-End -->
 
 <!-- DisableActiveXVersionListAutoDownload-OmaUri-Begin -->
@@ -2464,7 +2464,7 @@ For more information, see "Out-of-date ActiveX control blocking" in the Internet
 <!-- DisableBypassOfSmartScreenWarnings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableBypassOfSmartScreenWarnings-Applicability-End -->
 
 <!-- DisableBypassOfSmartScreenWarnings-OmaUri-Begin -->
@@ -2527,7 +2527,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc
 <!-- DisableBypassOfSmartScreenWarningsAboutUncommonFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableBypassOfSmartScreenWarningsAboutUncommonFiles-Applicability-End -->
 
 <!-- DisableBypassOfSmartScreenWarningsAboutUncommonFiles-OmaUri-Begin -->
@@ -2590,7 +2590,7 @@ This policy setting determines whether the user can bypass warnings from SmartSc
 <!-- DisableCompatView-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DisableCompatView-Applicability-End -->
 
 <!-- DisableCompatView-OmaUri-Begin -->
@@ -2653,7 +2653,7 @@ This policy setting controls the Compatibility View feature, which allows the us
 <!-- DisableConfiguringHistory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableConfiguringHistory-Applicability-End -->
 
 <!-- DisableConfiguringHistory-OmaUri-Begin -->
@@ -2716,7 +2716,7 @@ This setting specifies the number of days that Internet Explorer tracks views of
 <!-- DisableCrashDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableCrashDetection-Applicability-End -->
 
 <!-- DisableCrashDetection-OmaUri-Begin -->
@@ -2779,7 +2779,7 @@ This policy setting allows you to manage the crash detection feature of add-on M
 <!-- DisableCustomerExperienceImprovementProgramParticipation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableCustomerExperienceImprovementProgramParticipation-Applicability-End -->
 
 <!-- DisableCustomerExperienceImprovementProgramParticipation-OmaUri-Begin -->
@@ -2844,7 +2844,7 @@ This policy setting prevents the user from participating in the Customer Experie
 <!-- DisableDeletingUserVisitedWebsites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableDeletingUserVisitedWebsites-Applicability-End -->
 
 <!-- DisableDeletingUserVisitedWebsites-OmaUri-Begin -->
@@ -2911,7 +2911,7 @@ If the "Prevent access to Delete Browsing History" policy setting is enabled, th
 <!-- DisableEnclosureDownloading-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableEnclosureDownloading-Applicability-End -->
 
 <!-- DisableEnclosureDownloading-OmaUri-Begin -->
@@ -2974,7 +2974,7 @@ This policy setting prevents the user from having enclosures (file attachments)
 <!-- DisableEncryptionSupport-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableEncryptionSupport-Applicability-End -->
 
 <!-- DisableEncryptionSupport-OmaUri-Begin -->
@@ -3039,7 +3039,7 @@ This policy setting allows you to turn off support for Transport Layer Security
 <!-- DisableFeedsBackgroundSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DisableFeedsBackgroundSync-Applicability-End -->
 
 <!-- DisableFeedsBackgroundSync-OmaUri-Begin -->
@@ -3102,7 +3102,7 @@ This policy setting controls whether to have background synchronization for feed
 <!-- DisableFirstRunWizard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableFirstRunWizard-Applicability-End -->
 
 <!-- DisableFirstRunWizard-OmaUri-Begin -->
@@ -3170,7 +3170,7 @@ Starting with Windows 8, the "Welcome to Internet Explorer" webpage isn't availa
 <!-- DisableFlipAheadFeature-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableFlipAheadFeature-Applicability-End -->
 
 <!-- DisableFlipAheadFeature-OmaUri-Begin -->
@@ -3237,7 +3237,7 @@ Microsoft collects your browsing history to improve how flip ahead with page pre
 <!-- DisableGeolocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DisableGeolocation-Applicability-End -->
 
 <!-- DisableGeolocation-OmaUri-Begin -->
@@ -3302,7 +3302,7 @@ This policy setting allows you to disable browser geolocation support. This will
 <!-- DisableHomePageChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableHomePageChange-Applicability-End -->
 
 <!-- DisableHomePageChange-OmaUri-Begin -->
@@ -3361,7 +3361,7 @@ The Home page specified on the General tab of the Internet Options dialog box is
 <!-- DisableHTMLApplication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.1060] and later <br> ✅ Windows 10, version 1809 [10.0.17763.3460] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2060] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1030] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1060] and later <br> ✅ Windows 10, version 1809 [10.0.17763.3460] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2060] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1030] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DisableHTMLApplication-Applicability-End -->
 
 <!-- DisableHTMLApplication-OmaUri-Begin -->
@@ -3424,7 +3424,7 @@ This policy setting specifies if running the HTML Application (HTA file) is bloc
 <!-- DisableIgnoringCertificateErrors-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableIgnoringCertificateErrors-Applicability-End -->
 
 <!-- DisableIgnoringCertificateErrors-OmaUri-Begin -->
@@ -3487,7 +3487,7 @@ This policy setting prevents the user from ignoring Secure Sockets Layer/Transpo
 <!-- DisableInPrivateBrowsing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableInPrivateBrowsing-Applicability-End -->
 
 <!-- DisableInPrivateBrowsing-OmaUri-Begin -->
@@ -3554,7 +3554,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b
 <!-- DisableInternetExplorerApp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- DisableInternetExplorerApp-Applicability-End -->
 
 <!-- DisableInternetExplorerApp-OmaUri-Begin -->
@@ -3650,7 +3650,7 @@ If you disable, or don't configure this policy, all sites are opened using the c
 <!-- DisableProcessesInEnhancedProtectedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableProcessesInEnhancedProtectedMode-Applicability-End -->
 
 <!-- DisableProcessesInEnhancedProtectedMode-OmaUri-Begin -->
@@ -3718,7 +3718,7 @@ This policy setting determines whether Internet Explorer 11 uses 64-bit processe
 <!-- DisableProxyChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableProxyChange-Applicability-End -->
 
 <!-- DisableProxyChange-OmaUri-Begin -->
@@ -3781,7 +3781,7 @@ This policy setting specifies if a user can change proxy settings.
 <!-- DisableSearchProviderChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableSearchProviderChange-Applicability-End -->
 
 <!-- DisableSearchProviderChange-OmaUri-Begin -->
@@ -3844,7 +3844,7 @@ This policy setting prevents the user from changing the default search provider
 <!-- DisableSecondaryHomePageChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableSecondaryHomePageChange-Applicability-End -->
 
 <!-- DisableSecondaryHomePageChange-OmaUri-Begin -->
@@ -3909,7 +3909,7 @@ Secondary home pages are the default Web pages that Internet Explorer loads in s
 <!-- DisableSecuritySettingsCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableSecuritySettingsCheck-Applicability-End -->
 
 <!-- DisableSecuritySettingsCheck-OmaUri-Begin -->
@@ -3972,7 +3972,7 @@ This policy setting turns off the Security Settings Check feature, which checks
 <!-- DisableUpdateCheck-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableUpdateCheck-Applicability-End -->
 
 <!-- DisableUpdateCheck-OmaUri-Begin -->
@@ -4033,7 +4033,7 @@ This policy is intended to help the administrator maintain version control for I
 <!-- DisableWebAddressAutoComplete-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DisableWebAddressAutoComplete-Applicability-End -->
 
 <!-- DisableWebAddressAutoComplete-OmaUri-Begin -->
@@ -4098,7 +4098,7 @@ This AutoComplete feature suggests possible matches when users are entering Web
 <!-- DoNotAllowActiveXControlsInProtectedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DoNotAllowActiveXControlsInProtectedMode-Applicability-End -->
 
 <!-- DoNotAllowActiveXControlsInProtectedMode-OmaUri-Begin -->
@@ -4165,7 +4165,7 @@ When Enhanced Protected Mode is enabled, and a user encounters a website that at
 <!-- DoNotAllowUsersToAddSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotAllowUsersToAddSites-Applicability-End -->
 
 <!-- DoNotAllowUsersToAddSites-OmaUri-Begin -->
@@ -4231,7 +4231,7 @@ Also, see the "Security zones: Use only machine settings" policy.
 <!-- DoNotAllowUsersToChangePolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotAllowUsersToChangePolicies-Applicability-End -->
 
 <!-- DoNotAllowUsersToChangePolicies-OmaUri-Begin -->
@@ -4297,7 +4297,7 @@ Also, see the "Security zones: Use only machine settings" policy.
 <!-- DoNotBlockOutdatedActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotBlockOutdatedActiveXControls-Applicability-End -->
 
 <!-- DoNotBlockOutdatedActiveXControls-OmaUri-Begin -->
@@ -4362,7 +4362,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- DoNotBlockOutdatedActiveXControlsOnSpecificDomains-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotBlockOutdatedActiveXControlsOnSpecificDomains-Applicability-End -->
 
 <!-- DoNotBlockOutdatedActiveXControlsOnSpecificDomains-OmaUri-Begin -->
@@ -4432,7 +4432,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- EnableExtendedIEModeHotkeys-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.143] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1474] and later <br> ✅ Windows 10, version 2004 [10.0.19041.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.143] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1474] and later <br> ✅ Windows 10, version 2004 [10.0.19041.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableExtendedIEModeHotkeys-Applicability-End -->
 
 <!-- EnableExtendedIEModeHotkeys-OmaUri-Begin -->
@@ -4497,7 +4497,7 @@ For more information, see <https://go.microsoft.com/fwlink/?linkid=2102115>
 <!-- EnableGlobalWindowListInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.558] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1566] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.558] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1566] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.527] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableGlobalWindowListInIEMode-Applicability-End -->
 
 <!-- EnableGlobalWindowListInIEMode-OmaUri-Begin -->
@@ -4565,7 +4565,7 @@ To learn more about disabling Internet Explorer 11 as a standalone browser, see
 <!-- IncludeAllLocalSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IncludeAllLocalSites-Applicability-End -->
 
 <!-- IncludeAllLocalSites-OmaUri-Begin -->
@@ -4630,7 +4630,7 @@ This policy setting controls whether local sites which aren't explicitly mapped
 <!-- IncludeAllNetworkPaths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IncludeAllNetworkPaths-Applicability-End -->
 
 <!-- IncludeAllNetworkPaths-OmaUri-Begin -->
@@ -4695,7 +4695,7 @@ This policy setting controls whether URLs representing UNCs are mapped into the
 <!-- InternetZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- InternetZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -4759,7 +4759,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- InternetZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- InternetZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -4823,7 +4823,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- InternetZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- InternetZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -4885,7 +4885,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- InternetZoneAllowCopyPasteViaScript-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowCopyPasteViaScript-Applicability-End -->
 
 <!-- InternetZoneAllowCopyPasteViaScript-OmaUri-Begin -->
@@ -4951,7 +4951,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe
 <!-- InternetZoneAllowDragAndDropCopyAndPasteFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowDragAndDropCopyAndPasteFiles-Applicability-End -->
 
 <!-- InternetZoneAllowDragAndDropCopyAndPasteFiles-OmaUri-Begin -->
@@ -5015,7 +5015,7 @@ This policy setting allows you to manage whether users can drag files or copy an
 <!-- InternetZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowFontDownloads-Applicability-End -->
 
 <!-- InternetZoneAllowFontDownloads-OmaUri-Begin -->
@@ -5081,7 +5081,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- InternetZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- InternetZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -5145,7 +5145,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- InternetZoneAllowLoadingOfXAMLFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowLoadingOfXAMLFiles-Applicability-End -->
 
 <!-- InternetZoneAllowLoadingOfXAMLFiles-OmaUri-Begin -->
@@ -5209,7 +5209,7 @@ This policy setting allows you to manage the loading of Extensible Application M
 <!-- InternetZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- InternetZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -5273,7 +5273,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls-Applicability-End -->
 
 <!-- InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls-OmaUri-Begin -->
@@ -5335,7 +5335,7 @@ This policy setting controls whether or not the user is prompted to allow Active
 <!-- InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl-Applicability-End -->
 
 <!-- InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl-OmaUri-Begin -->
@@ -5397,7 +5397,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A
 <!-- InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls-Applicability-End -->
 
 <!-- InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls-OmaUri-Begin -->
@@ -5461,7 +5461,7 @@ This policy setting determines whether a page can control embedded WebBrowser co
 <!-- InternetZoneAllowScriptInitiatedWindows-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowScriptInitiatedWindows-Applicability-End -->
 
 <!-- InternetZoneAllowScriptInitiatedWindows-OmaUri-Begin -->
@@ -5525,7 +5525,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up
 <!-- InternetZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowScriptlets-Applicability-End -->
 
 <!-- InternetZoneAllowScriptlets-OmaUri-Begin -->
@@ -5589,7 +5589,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- InternetZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- InternetZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -5656,7 +5656,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- InternetZoneAllowUpdatesToStatusBarViaScript-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneAllowUpdatesToStatusBarViaScript-Applicability-End -->
 
 <!-- InternetZoneAllowUpdatesToStatusBarViaScript-OmaUri-Begin -->
@@ -5718,7 +5718,7 @@ This policy setting allows you to manage whether script is allowed to update the
 <!-- InternetZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- InternetZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -5782,7 +5782,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- InternetZoneAllowVBScriptToRunInInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- InternetZoneAllowVBScriptToRunInInternetExplorer-Applicability-End -->
 
 <!-- InternetZoneAllowVBScriptToRunInInternetExplorer-OmaUri-Begin -->
@@ -5848,7 +5848,7 @@ If you don't configure or disable this policy setting, VBScript is prevented fro
 <!-- InternetZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-End -->
 
 <!-- InternetZoneDoNotRunAntimalwareAgainstActiveXControls-OmaUri-Begin -->
@@ -5912,7 +5912,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra
 <!-- InternetZoneDownloadSignedActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneDownloadSignedActiveXControls-Applicability-End -->
 
 <!-- InternetZoneDownloadSignedActiveXControls-OmaUri-Begin -->
@@ -5976,7 +5976,7 @@ This policy setting allows you to manage whether users may download signed Activ
 <!-- InternetZoneDownloadUnsignedActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneDownloadUnsignedActiveXControls-Applicability-End -->
 
 <!-- InternetZoneDownloadUnsignedActiveXControls-OmaUri-Begin -->
@@ -6040,7 +6040,7 @@ This policy setting allows you to manage whether users may download unsigned Act
 <!-- InternetZoneEnableCrossSiteScriptingFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneEnableCrossSiteScriptingFilter-Applicability-End -->
 
 <!-- InternetZoneEnableCrossSiteScriptingFilter-OmaUri-Begin -->
@@ -6102,7 +6102,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d
 <!-- InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows-Applicability-End -->
 
 <!-- InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows-OmaUri-Begin -->
@@ -6168,7 +6168,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or don't
 <!-- InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows-Applicability-End -->
 
 <!-- InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows-OmaUri-Begin -->
@@ -6234,7 +6234,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting
 <!-- InternetZoneEnableMIMESniffing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneEnableMIMESniffing-Applicability-End -->
 
 <!-- InternetZoneEnableMIMESniffing-OmaUri-Begin -->
@@ -6298,7 +6298,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o
 <!-- InternetZoneEnableProtectedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneEnableProtectedMode-Applicability-End -->
 
 <!-- InternetZoneEnableProtectedMode-OmaUri-Begin -->
@@ -6362,7 +6362,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p
 <!-- InternetZoneIncludeLocalPathWhenUploadingFilesToServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneIncludeLocalPathWhenUploadingFilesToServer-Applicability-End -->
 
 <!-- InternetZoneIncludeLocalPathWhenUploadingFilesToServer-OmaUri-Begin -->
@@ -6426,7 +6426,7 @@ This policy setting controls whether or not local path information is sent when
 <!-- InternetZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- InternetZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -6492,7 +6492,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- InternetZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneJavaPermissions-Applicability-End -->
 
 <!-- InternetZoneJavaPermissions-OmaUri-Begin -->
@@ -6562,7 +6562,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- InternetZoneLaunchingApplicationsAndFilesInIFRAME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneLaunchingApplicationsAndFilesInIFRAME-Applicability-End -->
 
 <!-- InternetZoneLaunchingApplicationsAndFilesInIFRAME-OmaUri-Begin -->
@@ -6626,7 +6626,7 @@ This policy setting allows you to manage whether applications may be run and fil
 <!-- InternetZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneLogonOptions-Applicability-End -->
 
 <!-- InternetZoneLogonOptions-OmaUri-Begin -->
@@ -6698,7 +6698,7 @@ Automatic logon with current user name and password to attempt logon using Windo
 <!-- InternetZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- InternetZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- InternetZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -6762,7 +6762,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode-Applicability-End -->
 
 <!-- InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode-OmaUri-Begin -->
@@ -6826,7 +6826,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles-Applicability-End -->
 
 <!-- InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles-OmaUri-Begin -->
@@ -6890,7 +6890,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m
 <!-- InternetZoneUsePopupBlocker-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InternetZoneUsePopupBlocker-Applicability-End -->
 
 <!-- InternetZoneUsePopupBlocker-OmaUri-Begin -->
@@ -6954,7 +6954,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear.
 <!-- IntranetZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- IntranetZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -7018,7 +7018,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- IntranetZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- IntranetZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -7082,7 +7082,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- IntranetZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- IntranetZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -7144,7 +7144,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- IntranetZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowFontDownloads-Applicability-End -->
 
 <!-- IntranetZoneAllowFontDownloads-OmaUri-Begin -->
@@ -7210,7 +7210,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- IntranetZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- IntranetZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -7274,7 +7274,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- IntranetZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- IntranetZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -7338,7 +7338,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- IntranetZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowScriptlets-Applicability-End -->
 
 <!-- IntranetZoneAllowScriptlets-OmaUri-Begin -->
@@ -7402,7 +7402,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- IntranetZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- IntranetZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -7469,7 +7469,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- IntranetZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- IntranetZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -7533,7 +7533,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- IntranetZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- IntranetZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-End -->
 
 <!-- IntranetZoneDoNotRunAntimalwareAgainstActiveXControls-OmaUri-Begin -->
@@ -7597,7 +7597,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra
 <!-- IntranetZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- IntranetZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -7663,7 +7663,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- IntranetZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- IntranetZoneJavaPermissions-Applicability-End -->
 
 <!-- IntranetZoneJavaPermissions-OmaUri-Begin -->
@@ -7733,7 +7733,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- IntranetZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IntranetZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- IntranetZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -7797,7 +7797,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- JScriptReplacement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- JScriptReplacement-Applicability-End -->
 
 <!-- JScriptReplacement-OmaUri-Begin -->
@@ -7862,7 +7862,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS
 <!-- KeepIntranetSitesInInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- KeepIntranetSitesInInternetExplorer-Applicability-End -->
 
 <!-- KeepIntranetSitesInInternetExplorer-OmaUri-Begin -->
@@ -7957,7 +7957,7 @@ For more info about how to use this policy together with other related policies
 <!-- LocalMachineZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- LocalMachineZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -8021,7 +8021,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- LocalMachineZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- LocalMachineZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -8085,7 +8085,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- LocalMachineZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- LocalMachineZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -8147,7 +8147,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- LocalMachineZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowFontDownloads-Applicability-End -->
 
 <!-- LocalMachineZoneAllowFontDownloads-OmaUri-Begin -->
@@ -8213,7 +8213,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- LocalMachineZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- LocalMachineZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -8277,7 +8277,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- LocalMachineZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- LocalMachineZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -8341,7 +8341,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- LocalMachineZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowScriptlets-Applicability-End -->
 
 <!-- LocalMachineZoneAllowScriptlets-OmaUri-Begin -->
@@ -8405,7 +8405,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- LocalMachineZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- LocalMachineZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -8472,7 +8472,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- LocalMachineZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- LocalMachineZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -8536,7 +8536,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-End -->
 
 <!-- LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls-OmaUri-Begin -->
@@ -8600,7 +8600,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra
 <!-- LocalMachineZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- LocalMachineZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -8666,7 +8666,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- LocalMachineZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LocalMachineZoneJavaPermissions-Applicability-End -->
 
 <!-- LocalMachineZoneJavaPermissions-OmaUri-Begin -->
@@ -8736,7 +8736,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LocalMachineZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LocalMachineZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- LocalMachineZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -8800,7 +8800,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- LockedDownInternetZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -8864,7 +8864,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -8928,7 +8928,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -8990,7 +8990,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- LockedDownInternetZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowFontDownloads-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowFontDownloads-OmaUri-Begin -->
@@ -9056,7 +9056,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- LockedDownInternetZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -9120,7 +9120,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- LockedDownInternetZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -9184,7 +9184,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- LockedDownInternetZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowScriptlets-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowScriptlets-OmaUri-Begin -->
@@ -9248,7 +9248,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- LockedDownInternetZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -9315,7 +9315,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- LockedDownInternetZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- LockedDownInternetZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -9379,7 +9379,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- LockedDownInternetZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- LockedDownInternetZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -9445,7 +9445,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- LockedDownInternetZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LockedDownInternetZoneJavaPermissions-Applicability-End -->
 
 <!-- LockedDownInternetZoneJavaPermissions-OmaUri-Begin -->
@@ -9515,7 +9515,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LockedDownInternetZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownInternetZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- LockedDownInternetZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -9579,7 +9579,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- LockedDownIntranetJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LockedDownIntranetJavaPermissions-Applicability-End -->
 
 <!-- LockedDownIntranetJavaPermissions-OmaUri-Begin -->
@@ -9649,7 +9649,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LockedDownIntranetZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -9713,7 +9713,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -9777,7 +9777,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -9839,7 +9839,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- LockedDownIntranetZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowFontDownloads-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowFontDownloads-OmaUri-Begin -->
@@ -9905,7 +9905,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- LockedDownIntranetZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -9969,7 +9969,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- LockedDownIntranetZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -10033,7 +10033,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- LockedDownIntranetZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowScriptlets-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowScriptlets-OmaUri-Begin -->
@@ -10097,7 +10097,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- LockedDownIntranetZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -10164,7 +10164,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- LockedDownIntranetZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- LockedDownIntranetZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -10228,7 +10228,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- LockedDownIntranetZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- LockedDownIntranetZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -10294,7 +10294,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- LockedDownIntranetZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownIntranetZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- LockedDownIntranetZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -10358,7 +10358,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- LockedDownLocalMachineZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -10422,7 +10422,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -10486,7 +10486,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -10548,7 +10548,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- LockedDownLocalMachineZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowFontDownloads-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowFontDownloads-OmaUri-Begin -->
@@ -10614,7 +10614,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- LockedDownLocalMachineZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -10678,7 +10678,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -10742,7 +10742,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- LockedDownLocalMachineZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowScriptlets-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowScriptlets-OmaUri-Begin -->
@@ -10806,7 +10806,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- LockedDownLocalMachineZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -10873,7 +10873,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- LockedDownLocalMachineZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -10937,7 +10937,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- LockedDownLocalMachineZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -11003,7 +11003,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- LockedDownLocalMachineZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LockedDownLocalMachineZoneJavaPermissions-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneJavaPermissions-OmaUri-Begin -->
@@ -11073,7 +11073,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LockedDownLocalMachineZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownLocalMachineZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- LockedDownLocalMachineZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -11137,7 +11137,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- LockedDownRestrictedSitesZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -11201,7 +11201,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -11265,7 +11265,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -11327,7 +11327,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- LockedDownRestrictedSitesZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowFontDownloads-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowFontDownloads-OmaUri-Begin -->
@@ -11393,7 +11393,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- LockedDownRestrictedSitesZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -11457,7 +11457,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -11521,7 +11521,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- LockedDownRestrictedSitesZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowScriptlets-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowScriptlets-OmaUri-Begin -->
@@ -11585,7 +11585,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- LockedDownRestrictedSitesZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -11652,7 +11652,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- LockedDownRestrictedSitesZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -11716,7 +11716,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -11782,7 +11782,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- LockedDownRestrictedSitesZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LockedDownRestrictedSitesZoneJavaPermissions-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneJavaPermissions-OmaUri-Begin -->
@@ -11852,7 +11852,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LockedDownRestrictedSitesZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownRestrictedSitesZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- LockedDownRestrictedSitesZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -11916,7 +11916,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- LockedDownTrustedSitesZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -11980,7 +11980,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -12044,7 +12044,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -12106,7 +12106,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- LockedDownTrustedSitesZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowFontDownloads-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowFontDownloads-OmaUri-Begin -->
@@ -12172,7 +12172,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- LockedDownTrustedSitesZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -12236,7 +12236,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -12300,7 +12300,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- LockedDownTrustedSitesZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowScriptlets-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowScriptlets-OmaUri-Begin -->
@@ -12364,7 +12364,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- LockedDownTrustedSitesZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -12431,7 +12431,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- LockedDownTrustedSitesZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -12495,7 +12495,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -12561,7 +12561,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- LockedDownTrustedSitesZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LockedDownTrustedSitesZoneJavaPermissions-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneJavaPermissions-OmaUri-Begin -->
@@ -12631,7 +12631,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LockedDownTrustedSitesZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LockedDownTrustedSitesZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- LockedDownTrustedSitesZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -12695,7 +12695,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- MimeSniffingSafetyFeatureInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- MimeSniffingSafetyFeatureInternetExplorerProcesses-Applicability-End -->
 
 <!-- MimeSniffingSafetyFeatureInternetExplorerProcesses-OmaUri-Begin -->
@@ -12759,7 +12759,7 @@ This policy setting determines whether Internet Explorer MIME sniffing will prev
 <!-- MKProtocolSecurityRestrictionInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- MKProtocolSecurityRestrictionInternetExplorerProcesses-Applicability-End -->
 
 <!-- MKProtocolSecurityRestrictionInternetExplorerProcesses-OmaUri-Begin -->
@@ -12823,7 +12823,7 @@ The MK Protocol Security Restriction policy setting reduces attack surface area
 <!-- NewTabDefaultPage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- NewTabDefaultPage-Applicability-End -->
 
 <!-- NewTabDefaultPage-OmaUri-Begin -->
@@ -12885,7 +12885,7 @@ This policy setting allows you to specify what's displayed when the user opens a
 <!-- NotificationBarInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- NotificationBarInternetExplorerProcesses-Applicability-End -->
 
 <!-- NotificationBarInternetExplorerProcesses-OmaUri-Begin -->
@@ -12949,7 +12949,7 @@ This policy setting allows you to manage whether the Notification bar is display
 <!-- PreventManagingSmartScreenFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- PreventManagingSmartScreenFilter-Applicability-End -->
 
 <!-- PreventManagingSmartScreenFilter-OmaUri-Begin -->
@@ -13011,7 +13011,7 @@ This policy setting prevents the user from managing SmartScreen Filter, which wa
 <!-- PreventPerUserInstallationOfActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- PreventPerUserInstallationOfActiveXControls-Applicability-End -->
 
 <!-- PreventPerUserInstallationOfActiveXControls-OmaUri-Begin -->
@@ -13074,7 +13074,7 @@ This policy setting allows you to prevent the installation of ActiveX controls o
 <!-- ProtectionFromZoneElevationInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ProtectionFromZoneElevationInternetExplorerProcesses-Applicability-End -->
 
 <!-- ProtectionFromZoneElevationInternetExplorerProcesses-OmaUri-Begin -->
@@ -13138,7 +13138,7 @@ Internet Explorer places restrictions on each Web page it opens. The restriction
 <!-- RemoveRunThisTimeButtonForOutdatedActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RemoveRunThisTimeButtonForOutdatedActiveXControls-Applicability-End -->
 
 <!-- RemoveRunThisTimeButtonForOutdatedActiveXControls-OmaUri-Begin -->
@@ -13203,7 +13203,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T
 <!-- ResetZoomForDialogInIEMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.261] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1832] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1266] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.282] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.261] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1832] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1266] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.282] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ResetZoomForDialogInIEMode-Applicability-End -->
 
 <!-- ResetZoomForDialogInIEMode-OmaUri-Begin -->
@@ -13268,7 +13268,7 @@ For more information, see <https://go.microsoft.com/fwlink/?linkid=2102115>
 <!-- RestrictActiveXInstallInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictActiveXInstallInternetExplorerProcesses-Applicability-End -->
 
 <!-- RestrictActiveXInstallInternetExplorerProcesses-OmaUri-Begin -->
@@ -13332,7 +13332,7 @@ This policy setting enables blocking of ActiveX control installation prompts for
 <!-- RestrictedSitesZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -13396,7 +13396,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- RestrictedSitesZoneAllowActiveScripting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowActiveScripting-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowActiveScripting-OmaUri-Begin -->
@@ -13460,7 +13460,7 @@ This policy setting allows you to manage whether script code on pages in the zon
 <!-- RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -13524,7 +13524,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -13586,7 +13586,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- RestrictedSitesZoneAllowBinaryAndScriptBehaviors-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowBinaryAndScriptBehaviors-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowBinaryAndScriptBehaviors-OmaUri-Begin -->
@@ -13650,7 +13650,7 @@ This policy setting allows you to manage dynamic binary and script behaviors: co
 <!-- RestrictedSitesZoneAllowCopyPasteViaScript-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowCopyPasteViaScript-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowCopyPasteViaScript-OmaUri-Begin -->
@@ -13716,7 +13716,7 @@ If you select Prompt in the drop-down box, users are queried as to whether to pe
 <!-- RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles-OmaUri-Begin -->
@@ -13780,7 +13780,7 @@ This policy setting allows you to manage whether users can drag files or copy an
 <!-- RestrictedSitesZoneAllowFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowFileDownloads-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowFileDownloads-OmaUri-Begin -->
@@ -13844,7 +13844,7 @@ This policy setting allows you to manage whether file downloads are permitted fr
 <!-- RestrictedSitesZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowFontDownloads-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowFontDownloads-OmaUri-Begin -->
@@ -13910,7 +13910,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- RestrictedSitesZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -13974,7 +13974,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- RestrictedSitesZoneAllowLoadingOfXAMLFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowLoadingOfXAMLFiles-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowLoadingOfXAMLFiles-OmaUri-Begin -->
@@ -14038,7 +14038,7 @@ This policy setting allows you to manage the loading of Extensible Application M
 <!-- RestrictedSitesZoneAllowMETAREFRESH-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowMETAREFRESH-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowMETAREFRESH-OmaUri-Begin -->
@@ -14102,7 +14102,7 @@ This policy setting allows you to manage whether a user's browser can be redirec
 <!-- RestrictedSitesZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -14166,7 +14166,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls-OmaUri-Begin -->
@@ -14228,7 +14228,7 @@ This policy setting controls whether or not the user is prompted to allow Active
 <!-- RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl-OmaUri-Begin -->
@@ -14290,7 +14290,7 @@ This policy setting controls whether or not the user is allowed to run the TDC A
 <!-- RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls-OmaUri-Begin -->
@@ -14354,7 +14354,7 @@ This policy setting determines whether a page can control embedded WebBrowser co
 <!-- RestrictedSitesZoneAllowScriptInitiatedWindows-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowScriptInitiatedWindows-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowScriptInitiatedWindows-OmaUri-Begin -->
@@ -14418,7 +14418,7 @@ This policy setting allows you to manage restrictions on script-initiated pop-up
 <!-- RestrictedSitesZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowScriptlets-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowScriptlets-OmaUri-Begin -->
@@ -14482,7 +14482,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- RestrictedSitesZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -14549,7 +14549,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- RestrictedSitesZoneAllowUpdatesToStatusBarViaScript-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneAllowUpdatesToStatusBarViaScript-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowUpdatesToStatusBarViaScript-OmaUri-Begin -->
@@ -14611,7 +14611,7 @@ This policy setting allows you to manage whether script is allowed to update the
 <!-- RestrictedSitesZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -14675,7 +14675,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer-Applicability-End -->
 
 <!-- RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer-OmaUri-Begin -->
@@ -14741,7 +14741,7 @@ If you don't configure or disable this policy setting, VBScript is prevented fro
 <!-- RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls-OmaUri-Begin -->
@@ -14805,7 +14805,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra
 <!-- RestrictedSitesZoneDownloadSignedActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneDownloadSignedActiveXControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneDownloadSignedActiveXControls-OmaUri-Begin -->
@@ -14869,7 +14869,7 @@ This policy setting allows you to manage whether users may download signed Activ
 <!-- RestrictedSitesZoneDownloadUnsignedActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneDownloadUnsignedActiveXControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneDownloadUnsignedActiveXControls-OmaUri-Begin -->
@@ -14933,7 +14933,7 @@ This policy setting allows you to manage whether users may download unsigned Act
 <!-- RestrictedSitesZoneEnableCrossSiteScriptingFilter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneEnableCrossSiteScriptingFilter-Applicability-End -->
 
 <!-- RestrictedSitesZoneEnableCrossSiteScriptingFilter-OmaUri-Begin -->
@@ -14995,7 +14995,7 @@ This policy controls whether or not the Cross-Site Scripting (XSS) Filter will d
 <!-- RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows-Applicability-End -->
 
 <!-- RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows-OmaUri-Begin -->
@@ -15061,7 +15061,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy or don't
 <!-- RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows-Applicability-End -->
 
 <!-- RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows-OmaUri-Begin -->
@@ -15127,7 +15127,7 @@ In Internet Explorer 9 and earlier versions, if you disable this policy setting
 <!-- RestrictedSitesZoneEnableMIMESniffing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneEnableMIMESniffing-Applicability-End -->
 
 <!-- RestrictedSitesZoneEnableMIMESniffing-OmaUri-Begin -->
@@ -15191,7 +15191,7 @@ This policy setting allows you to manage MIME sniffing for file promotion from o
 <!-- RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer-Applicability-End -->
 
 <!-- RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer-OmaUri-Begin -->
@@ -15255,7 +15255,7 @@ This policy setting controls whether or not local path information is sent when
 <!-- RestrictedSitesZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- RestrictedSitesZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -15321,7 +15321,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- RestrictedSitesZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneJavaPermissions-Applicability-End -->
 
 <!-- RestrictedSitesZoneJavaPermissions-OmaUri-Begin -->
@@ -15391,7 +15391,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME-Applicability-End -->
 
 <!-- RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME-OmaUri-Begin -->
@@ -15455,7 +15455,7 @@ This policy setting allows you to manage whether applications may be run and fil
 <!-- RestrictedSitesZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneLogonOptions-Applicability-End -->
 
 <!-- RestrictedSitesZoneLogonOptions-OmaUri-Begin -->
@@ -15527,7 +15527,7 @@ Automatic logon with current user name and password to attempt logon using Windo
 <!-- RestrictedSitesZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictedSitesZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- RestrictedSitesZoneNavigateWindowsAndFrames-OmaUri-Begin -->
@@ -15591,7 +15591,7 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- RestrictedSitesZoneRunActiveXControlsAndPlugins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneRunActiveXControlsAndPlugins-Applicability-End -->
 
 <!-- RestrictedSitesZoneRunActiveXControlsAndPlugins-OmaUri-Begin -->
@@ -15657,7 +15657,7 @@ If you selected Prompt in the drop-down box, users are asked to choose whether t
 <!-- RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode-Applicability-End -->
 
 <!-- RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode-OmaUri-Begin -->
@@ -15721,7 +15721,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting-Applicability-End -->
 
 <!-- RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting-OmaUri-Begin -->
@@ -15787,7 +15787,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t
 <!-- RestrictedSitesZoneScriptingOfJavaApplets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneScriptingOfJavaApplets-Applicability-End -->
 
 <!-- RestrictedSitesZoneScriptingOfJavaApplets-OmaUri-Begin -->
@@ -15853,7 +15853,7 @@ If you select Prompt in the drop-down box, users are queried to choose whether t
 <!-- RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles-Applicability-End -->
 
 <!-- RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles-OmaUri-Begin -->
@@ -15917,7 +15917,7 @@ This policy setting controls whether or not the "Open File - Security Warning" m
 <!-- RestrictedSitesZoneTurnOnProtectedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneTurnOnProtectedMode-Applicability-End -->
 
 <!-- RestrictedSitesZoneTurnOnProtectedMode-OmaUri-Begin -->
@@ -15981,7 +15981,7 @@ This policy setting allows you to turn on Protected Mode. Protected Mode helps p
 <!-- RestrictedSitesZoneUsePopupBlocker-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictedSitesZoneUsePopupBlocker-Applicability-End -->
 
 <!-- RestrictedSitesZoneUsePopupBlocker-OmaUri-Begin -->
@@ -16045,7 +16045,7 @@ This policy setting allows you to manage whether unwanted pop-up windows appear.
 <!-- RestrictFileDownloadInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- RestrictFileDownloadInternetExplorerProcesses-Applicability-End -->
 
 <!-- RestrictFileDownloadInternetExplorerProcesses-OmaUri-Begin -->
@@ -16109,7 +16109,7 @@ This policy setting enables blocking of file download prompts that aren't user i
 <!-- ScriptedWindowSecurityRestrictionsInternetExplorerProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ScriptedWindowSecurityRestrictionsInternetExplorerProcesses-Applicability-End -->
 
 <!-- ScriptedWindowSecurityRestrictionsInternetExplorerProcesses-OmaUri-Begin -->
@@ -16173,7 +16173,7 @@ Internet Explorer allows scripts to programmatically open, resize, and repositio
 <!-- SearchProviderList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SearchProviderList-Applicability-End -->
 
 <!-- SearchProviderList-OmaUri-Begin -->
@@ -16239,7 +16239,7 @@ This policy setting allows you to restrict the search providers that appear in t
 <!-- SecurityZonesUseOnlyMachineSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- SecurityZonesUseOnlyMachineSettings-Applicability-End -->
 
 <!-- SecurityZonesUseOnlyMachineSettings-OmaUri-Begin -->
@@ -16302,7 +16302,7 @@ Also, see the "Security zones: Don't allow users to change policies" policy.
 <!-- SendSitesNotInEnterpriseSiteListToEdge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1350] and later <br> ✅ Windows 10, version 2004 [10.0.19041.789] and later |
 <!-- SendSitesNotInEnterpriseSiteListToEdge-Applicability-End -->
 
 <!-- SendSitesNotInEnterpriseSiteListToEdge-OmaUri-Begin -->
@@ -16393,7 +16393,7 @@ Disabling, or not configuring this setting, opens all sites based on the current
 <!-- SpecifyUseOfActiveXInstallerService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyUseOfActiveXInstallerService-Applicability-End -->
 
 <!-- SpecifyUseOfActiveXInstallerService-OmaUri-Begin -->
@@ -16456,7 +16456,7 @@ This policy setting allows you to specify how ActiveX controls are installed.
 <!-- TrustedSitesZoneAllowAccessToDataSources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowAccessToDataSources-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowAccessToDataSources-OmaUri-Begin -->
@@ -16520,7 +16520,7 @@ This policy setting allows you to manage whether Internet Explorer can access da
 <!-- TrustedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowAutomaticPromptingForActiveXControls-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowAutomaticPromptingForActiveXControls-OmaUri-Begin -->
@@ -16584,7 +16584,7 @@ This policy setting manages whether users will be automatically prompted for Act
 <!-- TrustedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowAutomaticPromptingForFileDownloads-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowAutomaticPromptingForFileDownloads-OmaUri-Begin -->
@@ -16646,7 +16646,7 @@ This policy setting determines whether users will be prompted for non user-initi
 <!-- TrustedSitesZoneAllowFontDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowFontDownloads-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowFontDownloads-OmaUri-Begin -->
@@ -16712,7 +16712,7 @@ This policy setting allows you to manage whether pages of the zone may download
 <!-- TrustedSitesZoneAllowLessPrivilegedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowLessPrivilegedSites-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowLessPrivilegedSites-OmaUri-Begin -->
@@ -16776,7 +16776,7 @@ This policy setting allows you to manage whether Web sites from less privileged
 <!-- TrustedSitesZoneAllowNETFrameworkReliantComponents-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowNETFrameworkReliantComponents-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowNETFrameworkReliantComponents-OmaUri-Begin -->
@@ -16840,7 +16840,7 @@ This policy setting allows you to manage whether . NET Framework components that
 <!-- TrustedSitesZoneAllowScriptlets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowScriptlets-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowScriptlets-OmaUri-Begin -->
@@ -16904,7 +16904,7 @@ This policy setting allows you to manage whether the user can run scriptlets.
 <!-- TrustedSitesZoneAllowSmartScreenIE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowSmartScreenIE-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowSmartScreenIE-OmaUri-Begin -->
@@ -16971,7 +16971,7 @@ This policy setting controls whether SmartScreen Filter scans pages in this zone
 <!-- TrustedSitesZoneAllowUserDataPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneAllowUserDataPersistence-Applicability-End -->
 
 <!-- TrustedSitesZoneAllowUserDataPersistence-OmaUri-Begin -->
@@ -17035,7 +17035,7 @@ This policy setting allows you to manage the preservation of information in the
 <!-- TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls-Applicability-End -->
 
 <!-- TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls-OmaUri-Begin -->
@@ -17099,7 +17099,7 @@ This policy setting determines whether Internet Explorer runs antimalware progra
 <!-- TrustedSitesZoneInitializeAndScriptActiveXControls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneInitializeAndScriptActiveXControls-Applicability-End -->
 
 <!-- TrustedSitesZoneInitializeAndScriptActiveXControls-OmaUri-Begin -->
@@ -17165,7 +17165,7 @@ This policy setting allows you to manage ActiveX controls not marked as safe.
 <!-- TrustedSitesZoneJavaPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- TrustedSitesZoneJavaPermissions-Applicability-End -->
 
 <!-- TrustedSitesZoneJavaPermissions-OmaUri-Begin -->
@@ -17235,7 +17235,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- TrustedSitesZoneNavigateWindowsAndFrames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- TrustedSitesZoneNavigateWindowsAndFrames-Applicability-End -->
 
 <!-- TrustedSitesZoneNavigateWindowsAndFrames-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 3368906aa4..cb861e1a11 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -4,7 +4,7 @@ description: Learn more about the Kerberos Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowForestSearchOrder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowForestSearchOrder-Applicability-End -->
 
 <!-- AllowForestSearchOrder-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting defines the list of trusting forests that the Kerberos clien
 <!-- CloudKerberosTicketRetrievalEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- CloudKerberosTicketRetrievalEnabled-Applicability-End -->
 
 <!-- CloudKerberosTicketRetrievalEnabled-OmaUri-Begin -->
@@ -154,7 +154,7 @@ This policy setting allows retrieving the Azure AD Kerberos Ticket Granting Tick
 <!-- KerberosClientSupportsClaimsCompoundArmor-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- KerberosClientSupportsClaimsCompoundArmor-Applicability-End -->
 
 <!-- KerberosClientSupportsClaimsCompoundArmor-OmaUri-Begin -->
@@ -213,7 +213,7 @@ This policy setting controls whether a device will request claims and compound a
 <!-- PKInitHashAlgorithmConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- PKInitHashAlgorithmConfiguration-Applicability-End -->
 
 <!-- PKInitHashAlgorithmConfiguration-OmaUri-Begin -->
@@ -290,7 +290,7 @@ Events generated by this configuration: 205, 206, 207, 208.
 <!-- PKInitHashAlgorithmSHA1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- PKInitHashAlgorithmSHA1-Applicability-End -->
 
 <!-- PKInitHashAlgorithmSHA1-OmaUri-Begin -->
@@ -363,7 +363,7 @@ If you don't configure this policy, the SHA1 algorithm will assume the **Default
 <!-- PKInitHashAlgorithmSHA256-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- PKInitHashAlgorithmSHA256-Applicability-End -->
 
 <!-- PKInitHashAlgorithmSHA256-OmaUri-Begin -->
@@ -436,7 +436,7 @@ If you don't configure this policy, the SHA256 algorithm will assume the **Defau
 <!-- PKInitHashAlgorithmSHA384-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- PKInitHashAlgorithmSHA384-Applicability-End -->
 
 <!-- PKInitHashAlgorithmSHA384-OmaUri-Begin -->
@@ -509,7 +509,7 @@ If you don't configure this policy, the SHA384 algorithm will assume the **Defau
 <!-- PKInitHashAlgorithmSHA512-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- PKInitHashAlgorithmSHA512-Applicability-End -->
 
 <!-- PKInitHashAlgorithmSHA512-OmaUri-Begin -->
@@ -582,7 +582,7 @@ If you don't configure this policy, the SHA512 algorithm will assume the **Defau
 <!-- RequireKerberosArmoring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RequireKerberosArmoring-Applicability-End -->
 
 <!-- RequireKerberosArmoring-OmaUri-Begin -->
@@ -647,7 +647,7 @@ This policy setting controls whether a computer requires that Kerberos message e
 <!-- RequireStrictKDCValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RequireStrictKDCValidation-Applicability-End -->
 
 <!-- RequireStrictKDCValidation-OmaUri-Begin -->
@@ -706,7 +706,7 @@ This policy setting controls the Kerberos client's behavior in validating the KD
 <!-- SetMaximumContextTokenSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetMaximumContextTokenSize-Applicability-End -->
 
 <!-- SetMaximumContextTokenSize-OmaUri-Begin -->
@@ -770,7 +770,7 @@ The size of the context token buffer determines the maximum size of SSPI context
 <!-- UPNNameHints-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- UPNNameHints-Applicability-End -->
 
 <!-- UPNNameHints-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index 28662221fb..957c1a280e 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -4,7 +4,7 @@ description: Learn more about the KioskBrowser Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- BlockedUrlExceptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- BlockedUrlExceptions-Applicability-End -->
 
 <!-- BlockedUrlExceptions-OmaUri-Begin -->
@@ -72,7 +72,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This is
 <!-- BlockedUrls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- BlockedUrls-Applicability-End -->
 
 <!-- BlockedUrls-OmaUri-Begin -->
@@ -118,7 +118,7 @@ List of blocked website URLs (with wildcard support). This is used to configure
 <!-- DefaultURL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DefaultURL-Applicability-End -->
 
 <!-- DefaultURL-OmaUri-Begin -->
@@ -163,7 +163,7 @@ Configures the default URL kiosk browsers to navigate on launch and restart.
 <!-- EnableEndSessionButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableEndSessionButton-Applicability-End -->
 
 <!-- EnableEndSessionButton-OmaUri-Begin -->
@@ -217,7 +217,7 @@ When the policy is enabled, the Kiosk Browser app shows a button to reset the br
 <!-- EnableHomeButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableHomeButton-Applicability-End -->
 
 <!-- EnableHomeButton-OmaUri-Begin -->
@@ -272,7 +272,7 @@ Enable/disable kiosk browser's home button.
 <!-- EnableNavigationButtons-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableNavigationButtons-Applicability-End -->
 
 <!-- EnableNavigationButtons-OmaUri-Begin -->
@@ -327,7 +327,7 @@ Enable/disable kiosk browser's navigation buttons (forward/back).
 <!-- RestartOnIdleTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- RestartOnIdleTime-Applicability-End -->
 
 <!-- RestartOnIdleTime-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 45c8c19788..4c0d5e7b6e 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -4,7 +4,7 @@ description: Learn more about the LanmanWorkstation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableInsecureGuestLogons-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableInsecureGuestLogons-Applicability-End -->
 
 <!-- EnableInsecureGuestLogons-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 430bd00cd2..27405e9ef7 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -4,7 +4,7 @@ description: Learn more about the Licensing Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowWindowsEntitlementReactivation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowWindowsEntitlementReactivation-Applicability-End -->
 
 <!-- AllowWindowsEntitlementReactivation-OmaUri-Begin -->
@@ -95,7 +95,7 @@ Policy Options:
 <!-- DisallowKMSClientOnlineAVSValidation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisallowKMSClientOnlineAVSValidation-Applicability-End -->
 
 <!-- DisallowKMSClientOnlineAVSValidation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 3a0caa4237..9e5011246e 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -4,7 +4,7 @@ description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CS
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- Accounts_BlockMicrosoftAccounts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Accounts_BlockMicrosoftAccounts-Applicability-End -->
 
 <!-- Accounts_BlockMicrosoftAccounts-OmaUri-Begin -->
@@ -89,7 +89,7 @@ This policy setting prevents users from adding new Microsoft accounts on this co
 <!-- Accounts_EnableAdministratorAccountStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Accounts_EnableAdministratorAccountStatus-Applicability-End -->
 
 <!-- Accounts_EnableAdministratorAccountStatus-OmaUri-Begin -->
@@ -150,7 +150,7 @@ This security setting determines whether the local Administrator account is enab
 <!-- Accounts_EnableGuestAccountStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Accounts_EnableGuestAccountStatus-Applicability-End -->
 
 <!-- Accounts_EnableGuestAccountStatus-OmaUri-Begin -->
@@ -211,7 +211,7 @@ This security setting determines if the Guest account is enabled or disabled. De
 <!-- Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly-Applicability-End -->
 
 <!-- Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly-OmaUri-Begin -->
@@ -275,7 +275,7 @@ Accounts: Limit local account use of blank passwords to console logon only This
 <!-- Accounts_RenameAdministratorAccount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Accounts_RenameAdministratorAccount-Applicability-End -->
 
 <!-- Accounts_RenameAdministratorAccount-OmaUri-Begin -->
@@ -324,7 +324,7 @@ Accounts: Rename administrator account This security setting determines whether
 <!-- Accounts_RenameGuestAccount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Accounts_RenameGuestAccount-Applicability-End -->
 
 <!-- Accounts_RenameGuestAccount-OmaUri-Begin -->
@@ -373,7 +373,7 @@ Accounts: Rename guest account This security setting determines whether a differ
 <!-- Devices_AllowedToFormatAndEjectRemovableMedia-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Devices_AllowedToFormatAndEjectRemovableMedia-Applicability-End -->
 
 <!-- Devices_AllowedToFormatAndEjectRemovableMedia-OmaUri-Begin -->
@@ -422,7 +422,7 @@ Devices: Allowed to format and eject removable media This security setting deter
 <!-- Devices_AllowUndockWithoutHavingToLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Devices_AllowUndockWithoutHavingToLogon-Applicability-End -->
 
 <!-- Devices_AllowUndockWithoutHavingToLogon-OmaUri-Begin -->
@@ -483,7 +483,7 @@ Devices: Allow undock without having to log on This security setting determines
 <!-- Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters-Applicability-End -->
 
 <!-- Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters-OmaUri-Begin -->
@@ -545,7 +545,7 @@ Devices: Prevent users from installing printer drivers when connecting to shared
 <!-- Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly-Applicability-End -->
 
 <!-- Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly-OmaUri-Begin -->
@@ -594,7 +594,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
 <!-- InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked-Applicability-End -->
 
 <!-- InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked-OmaUri-Begin -->
@@ -654,7 +654,7 @@ Interactive Logon:Display user information when the session is locked User displ
 <!-- InteractiveLogon_DoNotDisplayLastSignedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_DoNotDisplayLastSignedIn-Applicability-End -->
 
 <!-- InteractiveLogon_DoNotDisplayLastSignedIn-OmaUri-Begin -->
@@ -712,7 +712,7 @@ Interactive logon: Don't display last signed-in This security setting determines
 <!-- InteractiveLogon_DoNotDisplayUsernameAtSignIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_DoNotDisplayUsernameAtSignIn-Applicability-End -->
 
 <!-- InteractiveLogon_DoNotDisplayUsernameAtSignIn-OmaUri-Begin -->
@@ -770,7 +770,7 @@ Interactive logon: Don't display username at sign-in This security setting deter
 <!-- InteractiveLogon_DoNotRequireCTRLALTDEL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_DoNotRequireCTRLALTDEL-Applicability-End -->
 
 <!-- InteractiveLogon_DoNotRequireCTRLALTDEL-OmaUri-Begin -->
@@ -828,7 +828,7 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w
 <!-- InteractiveLogon_MachineInactivityLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_MachineInactivityLimit-Applicability-End -->
 
 <!-- InteractiveLogon_MachineInactivityLimit-OmaUri-Begin -->
@@ -881,7 +881,7 @@ Valid values: From 0 to 599940, where the value is the amount of inactivity time
 <!-- InteractiveLogon_MessageTextForUsersAttemptingToLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_MessageTextForUsersAttemptingToLogOn-Applicability-End -->
 
 <!-- InteractiveLogon_MessageTextForUsersAttemptingToLogOn-OmaUri-Begin -->
@@ -930,7 +930,7 @@ Interactive logon: Message text for users attempting to log on This security set
 <!-- InteractiveLogon_MessageTitleForUsersAttemptingToLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- InteractiveLogon_MessageTitleForUsersAttemptingToLogOn-Applicability-End -->
 
 <!-- InteractiveLogon_MessageTitleForUsersAttemptingToLogOn-OmaUri-Begin -->
@@ -978,7 +978,7 @@ Interactive logon: Message title for users attempting to log on This security se
 <!-- InteractiveLogon_SmartCardRemovalBehavior-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- InteractiveLogon_SmartCardRemovalBehavior-Applicability-End -->
 
 <!-- InteractiveLogon_SmartCardRemovalBehavior-OmaUri-Begin -->
@@ -1041,7 +1041,7 @@ Interactive logon: Smart card removal behavior This security setting determines
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsAlways-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsAlways-Applicability-End -->
 
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsAlways-OmaUri-Begin -->
@@ -1109,7 +1109,7 @@ Microsoft network client: Digitally sign communications (always) This security s
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees-Applicability-End -->
 
 <!-- MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees-OmaUri-Begin -->
@@ -1174,7 +1174,7 @@ Microsoft network client: Digitally sign communications (if server agrees) This
 <!-- MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers-Applicability-End -->
 
 <!-- MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers-OmaUri-Begin -->
@@ -1232,7 +1232,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM
 <!-- MicrosoftNetworkServer_DigitallySignCommunicationsAlways-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MicrosoftNetworkServer_DigitallySignCommunicationsAlways-Applicability-End -->
 
 <!-- MicrosoftNetworkServer_DigitallySignCommunicationsAlways-OmaUri-Begin -->
@@ -1300,7 +1300,7 @@ Microsoft network server: Digitally sign communications (always) This security s
 <!-- MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees-Applicability-End -->
 
 <!-- MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees-OmaUri-Begin -->
@@ -1365,7 +1365,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
 <!-- NetworkAccess_AllowAnonymousSIDOrNameTranslation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- NetworkAccess_AllowAnonymousSIDOrNameTranslation-Applicability-End -->
 
 <!-- NetworkAccess_AllowAnonymousSIDOrNameTranslation-OmaUri-Begin -->
@@ -1427,7 +1427,7 @@ Network access: Allow anonymous SID/name translation This policy setting determi
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts-Applicability-End -->
 
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts-OmaUri-Begin -->
@@ -1488,7 +1488,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts This security
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares-Applicability-End -->
 
 <!-- NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares-OmaUri-Begin -->
@@ -1546,7 +1546,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi
 <!-- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares-Applicability-End -->
 
 <!-- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares-OmaUri-Begin -->
@@ -1604,7 +1604,7 @@ Network access: Restrict anonymous access to Named Pipes and Shares When enabled
 <!-- NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM-Applicability-End -->
 
 <!-- NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM-OmaUri-Begin -->
@@ -1652,7 +1652,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy
 <!-- NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM-Applicability-End -->
 
 <!-- NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM-OmaUri-Begin -->
@@ -1719,7 +1719,7 @@ Network security: Allow Local System to use computer identity for NTLM This poli
 <!-- NetworkSecurity_AllowPKU2UAuthenticationRequests-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- NetworkSecurity_AllowPKU2UAuthenticationRequests-Applicability-End -->
 
 <!-- NetworkSecurity_AllowPKU2UAuthenticationRequests-OmaUri-Begin -->
@@ -1780,7 +1780,7 @@ Network security: Allow PKU2U authentication requests to this computer to use on
 <!-- NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange-Applicability-End -->
 
 <!-- NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange-OmaUri-Begin -->
@@ -1841,7 +1841,7 @@ Network security: Don't store LAN Manager hash value on next password change Thi
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Applicability-End -->
 
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-OmaUri-Begin -->
@@ -1902,7 +1902,7 @@ Network security: Force logoff when logon hours expire This security setting det
 <!-- NetworkSecurity_LANManagerAuthenticationLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_LANManagerAuthenticationLevel-Applicability-End -->
 
 <!-- NetworkSecurity_LANManagerAuthenticationLevel-OmaUri-Begin -->
@@ -1967,7 +1967,7 @@ Network security LAN Manager authentication level This security setting determin
 <!-- NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients-Applicability-End -->
 
 <!-- NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients-OmaUri-Begin -->
@@ -2027,7 +2027,7 @@ Network security: Minimum session security for NTLM SSP based (including secure
 <!-- NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers-Applicability-End -->
 
 <!-- NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers-OmaUri-Begin -->
@@ -2087,7 +2087,7 @@ Network security: Minimum session security for NTLM SSP based (including secure
 <!-- NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication-Applicability-End -->
 
 <!-- NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication-OmaUri-Begin -->
@@ -2140,7 +2140,7 @@ Network security: Restrict NTLM: Add remote server exceptions for NTLM authentic
 <!-- NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic-Applicability-End -->
 
 <!-- NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic-OmaUri-Begin -->
@@ -2202,7 +2202,7 @@ Network security: Restrict NTLM: Audit Incoming NTLM Traffic This policy setting
 <!-- NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic-Applicability-End -->
 
 <!-- NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic-OmaUri-Begin -->
@@ -2264,7 +2264,7 @@ Network security: Restrict NTLM: Incoming NTLM traffic This policy setting allow
 <!-- NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers-Applicability-End -->
 
 <!-- NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers-OmaUri-Begin -->
@@ -2326,7 +2326,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po
 <!-- Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn-Applicability-End -->
 
 <!-- Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn-OmaUri-Begin -->
@@ -2384,7 +2384,7 @@ Shutdown: Allow system to be shut down without having to log on This security se
 <!-- Shutdown_ClearVirtualMemoryPageFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Shutdown_ClearVirtualMemoryPageFile-Applicability-End -->
 
 <!-- Shutdown_ClearVirtualMemoryPageFile-OmaUri-Begin -->
@@ -2442,7 +2442,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-Applicability-End -->
 
 <!-- UserAccountControl_AllowUIAccessApplicationsToPromptForElevation-OmaUri-Begin -->
@@ -2500,7 +2500,7 @@ User Account Control: Allow UIAccess applications to prompt for elevation withou
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-Applicability-End -->
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForAdministrators-OmaUri-Begin -->
@@ -2565,7 +2565,7 @@ User Account Control: Behavior of the elevation prompt for administrators in Adm
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-Applicability-End -->
 
 <!-- UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers-OmaUri-Begin -->
@@ -2624,7 +2624,7 @@ User Account Control: Behavior of the elevation prompt for standard users This p
 <!-- UserAccountControl_DetectApplicationInstallationsAndPromptForElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_DetectApplicationInstallationsAndPromptForElevation-Applicability-End -->
 
 <!-- UserAccountControl_DetectApplicationInstallationsAndPromptForElevation-OmaUri-Begin -->
@@ -2682,7 +2682,7 @@ User Account Control: Detect application installations and prompt for elevation
 <!-- UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated-Applicability-End -->
 
 <!-- UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated-OmaUri-Begin -->
@@ -2740,7 +2740,7 @@ User Account Control: Only elevate executable files that are signed and validate
 <!-- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations-Applicability-End -->
 
 <!-- UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations-OmaUri-Begin -->
@@ -2798,7 +2798,7 @@ User Account Control: Only elevate UIAccess applications that are installed in s
 <!-- UserAccountControl_RunAllAdministratorsInAdminApprovalMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_RunAllAdministratorsInAdminApprovalMode-Applicability-End -->
 
 <!-- UserAccountControl_RunAllAdministratorsInAdminApprovalMode-OmaUri-Begin -->
@@ -2859,7 +2859,7 @@ User Account Control: Turn on Admin Approval Mode This policy setting controls t
 <!-- UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation-Applicability-End -->
 
 <!-- UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation-OmaUri-Begin -->
@@ -2917,7 +2917,7 @@ User Account Control: Switch to the secure desktop when prompting for elevation
 <!-- UserAccountControl_UseAdminApprovalMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_UseAdminApprovalMode-Applicability-End -->
 
 <!-- UserAccountControl_UseAdminApprovalMode-OmaUri-Begin -->
@@ -2975,7 +2975,7 @@ User Account Control: Use Admin Approval Mode for the built-in Administrator acc
 <!-- UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations-Applicability-End -->
 
 <!-- UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index de3dcc67d2..678047a74c 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -4,7 +4,7 @@ description: Learn more about the LocalUsersAndGroups Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- Configure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Configure-Applicability-End -->
 
 <!-- Configure-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 401457470e..f7afb94964 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -4,7 +4,7 @@ description: Learn more about the LockDown Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowEdgeSwipe-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowEdgeSwipe-Applicability-End -->
 
 <!-- AllowEdgeSwipe-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-lsa.md b/windows/client-management/mdm/policy-csp-lsa.md
index 0cbc03d1cb..3359d00d6a 100644
--- a/windows/client-management/mdm/policy-csp-lsa.md
+++ b/windows/client-management/mdm/policy-csp-lsa.md
@@ -4,7 +4,7 @@ description: Learn more about the LocalSecurityAuthority Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowCustomSSPsAPs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- AllowCustomSSPsAPs-Applicability-End -->
 
 <!-- AllowCustomSSPsAPs-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A
 <!-- ConfigureLsaProtectedProcess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureLsaProtectedProcess-Applicability-End -->
 
 <!-- ConfigureLsaProtectedProcess-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index e705032c66..e3a20f4341 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -4,7 +4,7 @@ description: Learn more about the Maps Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowOfflineMapsDownloadOverMeteredConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowOfflineMapsDownloadOverMeteredConnection-Applicability-End -->
 
 <!-- AllowOfflineMapsDownloadOverMeteredConnection-OmaUri-Begin -->
@@ -76,7 +76,7 @@ Allows the download and update of map data over metered connections. After the p
 <!-- EnableOfflineMapsAutoUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EnableOfflineMapsAutoUpdate-Applicability-End -->
 
 <!-- EnableOfflineMapsAutoUpdate-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
index 0ad94279f0..5c6eedf729 100644
--- a/windows/client-management/mdm/policy-csp-memorydump.md
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -4,7 +4,7 @@ description: Learn more about the MemoryDump Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowCrashDump-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowCrashDump-Applicability-End -->
 
 <!-- AllowCrashDump-OmaUri-Begin -->
@@ -75,7 +75,7 @@ This policy setting decides if crash dump collection on the machine is allowed o
 <!-- AllowLiveDump-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowLiveDump-Applicability-End -->
 
 <!-- AllowLiveDump-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index e4c4f04b6a..f0b04e92b7 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -4,7 +4,7 @@ description: Learn more about the Messaging Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowMessageSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowMessageSync-Applicability-End -->
 
 <!-- AllowMessageSync-OmaUri-Begin -->
@@ -91,7 +91,7 @@ Disable this feature to avoid information being stored on servers outside of you
 <!-- AllowMMS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowMMS-Applicability-End -->
 
 <!-- AllowMMS-OmaUri-Begin -->
@@ -140,7 +140,7 @@ This policy setting allows you to enable or disable the sending and receiving ce
 <!-- AllowRCS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowRCS-Applicability-End -->
 
 <!-- AllowRCS-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 6bf3263e8a..ecefad6b6c 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -18,6 +18,8 @@ ms.topic: reference
 
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- MixedReality-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 These policies are only supported on [Microsoft HoloLens 2](/hololens/hololens2-hardware). They're not supported on HoloLens (first gen) Development Edition or HoloLens (first gen) Commercial Suite devices.
@@ -29,7 +31,7 @@ These policies are only supported on [Microsoft HoloLens 2](/hololens/hololens2-
 <!-- AADGroupMembershipCacheValidityInDays-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AADGroupMembershipCacheValidityInDays-Applicability-End -->
 
 <!-- AADGroupMembershipCacheValidityInDays-OmaUri-Begin -->
@@ -83,7 +85,7 @@ Steps to use this policy correctly:
 <!-- AllowCaptivePortalBeforeLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- AllowCaptivePortalBeforeLogon-Applicability-End -->
 
 <!-- AllowCaptivePortalBeforeLogon-OmaUri-Begin -->
@@ -133,7 +135,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us
 <!-- AllowLaunchUriInSingleAppKiosk-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- AllowLaunchUriInSingleAppKiosk-Applicability-End -->
 
 <!-- AllowLaunchUriInSingleAppKiosk-OmaUri-Begin -->
@@ -185,7 +187,7 @@ For more information on the Launcher API, see [Launcher Class (Windows.System) -
 <!-- AutoLogonUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- AutoLogonUser-Applicability-End -->
 
 <!-- AutoLogonUser-OmaUri-Begin -->
@@ -234,7 +236,7 @@ On a device where you configure this policy, the user specified in the policy ne
 <!-- AutomaticDisplayAdjustment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- AutomaticDisplayAdjustment-Applicability-End -->
 
 <!-- AutomaticDisplayAdjustment-OmaUri-Begin -->
@@ -283,7 +285,7 @@ This policy controls if the HoloLens displays will be automatically adjusted for
 <!-- BrightnessButtonDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- BrightnessButtonDisabled-Applicability-End -->
 
 <!-- BrightnessButtonDisabled-OmaUri-Begin -->
@@ -332,7 +334,7 @@ This policy setting controls if pressing the brightness button changes the brigh
 <!-- ConfigureMovingPlatform-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- ConfigureMovingPlatform-Applicability-End -->
 
 <!-- ConfigureMovingPlatform-OmaUri-Begin -->
@@ -383,7 +385,7 @@ For more information, see [Moving platform mode on low dynamic motion moving pla
 <!-- ConfigureNtpClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- ConfigureNtpClient-Applicability-End -->
 
 <!-- ConfigureNtpClient-OmaUri-Begin -->
@@ -488,13 +490,117 @@ The following XML string is an example of the value for this policy:
 
 <!-- ConfigureNtpClient-End -->
 
+<!-- ConfigureSharedAccount-Begin -->
+## ConfigureSharedAccount
+
+<!-- ConfigureSharedAccount-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- ConfigureSharedAccount-Applicability-End -->
+
+<!-- ConfigureSharedAccount-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/ConfigureSharedAccount
+```
+<!-- ConfigureSharedAccount-OmaUri-End -->
+
+<!-- ConfigureSharedAccount-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy specifies the configuration for Shared Accounts on the device. Shared Accounts are AAD accounts that are deployed to the device by an IT admin and can be used by anyone with physical access to the device. These accounts excel in deployments where the HoloLens device is used like a tool shared between multiple people and it doesn't matter which account is used to access AAD resources. Because these accounts can be signed in without requiring the user to provide credentials, you should ensure that these devices are physically secure, with access granted only to authorized personnel. You should also lock down these accounts to only have access to the required resources.
+<!-- ConfigureSharedAccount-Description-End -->
+
+<!-- ConfigureSharedAccount-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- ConfigureSharedAccount-Editable-End -->
+
+<!-- ConfigureSharedAccount-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- ConfigureSharedAccount-DFProperties-End -->
+
+<!-- ConfigureSharedAccount-AllowedValues-Begin -->
+**Allowed values**:
+
+<br>
+<details>
+  <summary>Expand to see schema XML</summary>
+
+```xml
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <xsd:element name="SharedAccountConfiguration">
+    <xsd:complexType mixed="true">
+      <xsd:sequence>
+        <xsd:element minOccurs="1" maxOccurs="1" name="SharedAccount">
+          <xsd:complexType>
+            <xsd:sequence>
+              <xsd:choice>
+                <xsd:element name="IssuerThumbprint">
+                  <xsd:simpleType>
+                    <xsd:restriction base="xsd:string">
+                      <xsd:maxLength value="40" />
+                    </xsd:restriction>
+                  </xsd:simpleType>
+                </xsd:element>
+                <xsd:element name="IssuerName">
+                  <xsd:simpleType>
+                    <xsd:restriction base="xsd:string">
+                      <xsd:maxLength value="512" />
+                    </xsd:restriction>
+                  </xsd:simpleType>
+                </xsd:element>
+              </xsd:choice>
+              <xsd:element minOccurs="0" maxOccurs="1" name="EkuOidRequirements">
+                <xsd:complexType>
+                  <xsd:sequence>
+                    <xsd:element maxOccurs="5" name="Oid">
+                      <xsd:simpleType>
+                        <xsd:restriction base="xsd:string">
+                          <xsd:maxLength value="100" />
+                        </xsd:restriction>
+                      </xsd:simpleType>
+                    </xsd:element>
+                  </xsd:sequence>
+                </xsd:complexType>
+              </xsd:element>
+              <xsd:element minOccurs="0" maxOccurs="1" name="AutoLogon">
+                <xsd:complexType>
+                  <xsd:simpleContent>
+                    <xsd:extension base="xsd:string">
+                      <xsd:attribute name="forced" type="xsd:boolean" />
+                    </xsd:extension>
+                  </xsd:simpleContent>
+                </xsd:complexType>
+              </xsd:element>
+            </xsd:sequence>
+          </xsd:complexType>
+        </xsd:element>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+</xsd:schema>
+```
+
+</details>
+<!-- ConfigureSharedAccount-AllowedValues-End -->
+
+<!-- ConfigureSharedAccount-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- ConfigureSharedAccount-Examples-End -->
+
+<!-- ConfigureSharedAccount-End -->
+
 <!-- DisallowNetworkConnectivityPassivePolling-Begin -->
 ## DisallowNetworkConnectivityPassivePolling
 
 <!-- DisallowNetworkConnectivityPassivePolling-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- DisallowNetworkConnectivityPassivePolling-Applicability-End -->
 
 <!-- DisallowNetworkConnectivityPassivePolling-OmaUri-Begin -->
@@ -538,13 +644,160 @@ Windows Network Connectivity Status Indicator may get a false positive internet-
 
 <!-- DisallowNetworkConnectivityPassivePolling-End -->
 
+<!-- EnableStartMenuSingleHandGesture-Begin -->
+## EnableStartMenuSingleHandGesture
+
+<!-- EnableStartMenuSingleHandGesture-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- EnableStartMenuSingleHandGesture-Applicability-End -->
+
+<!-- EnableStartMenuSingleHandGesture-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuSingleHandGesture
+```
+<!-- EnableStartMenuSingleHandGesture-OmaUri-End -->
+
+<!-- EnableStartMenuSingleHandGesture-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting controls if pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu is enabled or not.
+<!-- EnableStartMenuSingleHandGesture-Description-End -->
+
+<!-- EnableStartMenuSingleHandGesture-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableStartMenuSingleHandGesture-Editable-End -->
+
+<!-- EnableStartMenuSingleHandGesture-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- EnableStartMenuSingleHandGesture-DFProperties-End -->
+
+<!-- EnableStartMenuSingleHandGesture-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Don't allow pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu. |
+| 1 (Default) | Allow pinching your thumb and index finger, while looking at the Start icon on your wrist, to open the Start menu. |
+<!-- EnableStartMenuSingleHandGesture-AllowedValues-End -->
+
+<!-- EnableStartMenuSingleHandGesture-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableStartMenuSingleHandGesture-Examples-End -->
+
+<!-- EnableStartMenuSingleHandGesture-End -->
+
+<!-- EnableStartMenuVoiceCommand-Begin -->
+## EnableStartMenuVoiceCommand
+
+<!-- EnableStartMenuVoiceCommand-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- EnableStartMenuVoiceCommand-Applicability-End -->
+
+<!-- EnableStartMenuVoiceCommand-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuVoiceCommand
+```
+<!-- EnableStartMenuVoiceCommand-OmaUri-End -->
+
+<!-- EnableStartMenuVoiceCommand-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting controls if using voice commands to open the Start menu is enabled or not.
+<!-- EnableStartMenuVoiceCommand-Description-End -->
+
+<!-- EnableStartMenuVoiceCommand-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableStartMenuVoiceCommand-Editable-End -->
+
+<!-- EnableStartMenuVoiceCommand-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- EnableStartMenuVoiceCommand-DFProperties-End -->
+
+<!-- EnableStartMenuVoiceCommand-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Using voice commands to open the Start menu is disabled. |
+| 1 (Default) | Using voice commands to open the Start menu is enabled. |
+<!-- EnableStartMenuVoiceCommand-AllowedValues-End -->
+
+<!-- EnableStartMenuVoiceCommand-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableStartMenuVoiceCommand-Examples-End -->
+
+<!-- EnableStartMenuVoiceCommand-End -->
+
+<!-- EnableStartMenuWristTap-Begin -->
+## EnableStartMenuWristTap
+
+<!-- EnableStartMenuWristTap-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- EnableStartMenuWristTap-Applicability-End -->
+
+<!-- EnableStartMenuWristTap-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/EnableStartMenuWristTap
+```
+<!-- EnableStartMenuWristTap-OmaUri-End -->
+
+<!-- EnableStartMenuWristTap-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting controls if tapping the Star icon on your wrist to open the Start menu is enabled or not.
+<!-- EnableStartMenuWristTap-Description-End -->
+
+<!-- EnableStartMenuWristTap-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableStartMenuWristTap-Editable-End -->
+
+<!-- EnableStartMenuWristTap-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- EnableStartMenuWristTap-DFProperties-End -->
+
+<!-- EnableStartMenuWristTap-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Don't allow tapping the Start icon on your wrist to open the Start menu. |
+| 1 (Default) | Allow tapping the Start icon on your wrist to open the Start menu. |
+<!-- EnableStartMenuWristTap-AllowedValues-End -->
+
+<!-- EnableStartMenuWristTap-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- EnableStartMenuWristTap-Examples-End -->
+
+<!-- EnableStartMenuWristTap-End -->
+
 <!-- EyeTrackingCalibrationPrompt-Begin -->
 ## EyeTrackingCalibrationPrompt
 
 <!-- EyeTrackingCalibrationPrompt-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- EyeTrackingCalibrationPrompt-Applicability-End -->
 
 <!-- EyeTrackingCalibrationPrompt-OmaUri-Begin -->
@@ -593,7 +846,7 @@ This policy controls when a new person uses HoloLens device, if HoloLens should
 <!-- FallbackDiagnostics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- FallbackDiagnostics-Applicability-End -->
 
 <!-- FallbackDiagnostics-OmaUri-Begin -->
@@ -643,7 +896,7 @@ This policy setting controls, when and if diagnostic logs can be collected using
 <!-- HeadTrackingMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- HeadTrackingMode-Applicability-End -->
 
 <!-- HeadTrackingMode-OmaUri-Begin -->
@@ -690,7 +943,7 @@ This policy configures behavior of HUP to determine, which algorithm to use for
 <!-- ManualDownDirectionDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- ManualDownDirectionDisabled-Applicability-End -->
 
 <!-- ManualDownDirectionDisabled-OmaUri-Begin -->
@@ -740,7 +993,7 @@ When the system automatically determines the down direction, it's using the meas
 <!-- MicrophoneDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- MicrophoneDisabled-Applicability-End -->
 
 <!-- MicrophoneDisabled-OmaUri-Begin -->
@@ -789,7 +1042,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not
 <!-- NtpClientEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- NtpClientEnabled-Applicability-End -->
 
 <!-- NtpClientEnabled-OmaUri-Begin -->
@@ -852,13 +1105,160 @@ The following example XML string shows the value to enable this policy:
 
 <!-- NtpClientEnabled-End -->
 
+<!-- PreferLogonAsOtherUser-Begin -->
+## PreferLogonAsOtherUser
+
+<!-- PreferLogonAsOtherUser-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- PreferLogonAsOtherUser-Applicability-End -->
+
+<!-- PreferLogonAsOtherUser-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/PreferLogonAsOtherUser
+```
+<!-- PreferLogonAsOtherUser-OmaUri-End -->
+
+<!-- PreferLogonAsOtherUser-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy configures whether the Sign-In App should prefer showing Other User panel to user.
+<!-- PreferLogonAsOtherUser-Description-End -->
+
+<!-- PreferLogonAsOtherUser-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- PreferLogonAsOtherUser-Editable-End -->
+
+<!-- PreferLogonAsOtherUser-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- PreferLogonAsOtherUser-DFProperties-End -->
+
+<!-- PreferLogonAsOtherUser-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- PreferLogonAsOtherUser-AllowedValues-End -->
+
+<!-- PreferLogonAsOtherUser-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- PreferLogonAsOtherUser-Examples-End -->
+
+<!-- PreferLogonAsOtherUser-End -->
+
+<!-- RequireStartIconHold-Begin -->
+## RequireStartIconHold
+
+<!-- RequireStartIconHold-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- RequireStartIconHold-Applicability-End -->
+
+<!-- RequireStartIconHold-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/RequireStartIconHold
+```
+<!-- RequireStartIconHold-OmaUri-End -->
+
+<!-- RequireStartIconHold-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting controls if it's require that the Start icon to be pressed for 2 seconds to open the Start menu.
+<!-- RequireStartIconHold-Description-End -->
+
+<!-- RequireStartIconHold-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- RequireStartIconHold-Editable-End -->
+
+<!-- RequireStartIconHold-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- RequireStartIconHold-DFProperties-End -->
+
+<!-- RequireStartIconHold-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Don't require the Start icon to be pressed for 2 seconds. |
+| 1 | Require the Start icon to be pressed for 2 seconds. |
+<!-- RequireStartIconHold-AllowedValues-End -->
+
+<!-- RequireStartIconHold-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- RequireStartIconHold-Examples-End -->
+
+<!-- RequireStartIconHold-End -->
+
+<!-- RequireStartIconVisible-Begin -->
+## RequireStartIconVisible
+
+<!-- RequireStartIconVisible-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- RequireStartIconVisible-Applicability-End -->
+
+<!-- RequireStartIconVisible-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/MixedReality/RequireStartIconVisible
+```
+<!-- RequireStartIconVisible-OmaUri-End -->
+
+<!-- RequireStartIconVisible-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting controls if it's required that the Start icon to be looked at when you tap it to open the Start menu.
+<!-- RequireStartIconVisible-Description-End -->
+
+<!-- RequireStartIconVisible-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- RequireStartIconVisible-Editable-End -->
+
+<!-- RequireStartIconVisible-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- RequireStartIconVisible-DFProperties-End -->
+
+<!-- RequireStartIconVisible-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Don't require the Start icon to be looked at when you tap it. |
+| 1 | Require the Start icon to be looked at when you tap it. |
+<!-- RequireStartIconVisible-AllowedValues-End -->
+
+<!-- RequireStartIconVisible-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- RequireStartIconVisible-Examples-End -->
+
+<!-- RequireStartIconVisible-End -->
+
 <!-- SkipCalibrationDuringSetup-Begin -->
 ## SkipCalibrationDuringSetup
 
 <!-- SkipCalibrationDuringSetup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- SkipCalibrationDuringSetup-Applicability-End -->
 
 <!-- SkipCalibrationDuringSetup-OmaUri-Begin -->
@@ -909,7 +1309,7 @@ This policy configures whether the device will take the user through the eye tra
 <!-- SkipTrainingDuringSetup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- SkipTrainingDuringSetup-Applicability-End -->
 
 <!-- SkipTrainingDuringSetup-OmaUri-Begin -->
@@ -959,7 +1359,7 @@ It skips the training experience of interactions with the hummingbird and Start
 <!-- VisitorAutoLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ [10.0.20348] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348] and later |
 <!-- VisitorAutoLogon-Applicability-End -->
 
 <!-- VisitorAutoLogon-OmaUri-Begin -->
@@ -1008,7 +1408,7 @@ This policy controls whether a visitor user will be automatically logged in. Vis
 <!-- VolumeButtonDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- VolumeButtonDisabled-Applicability-End -->
 
 <!-- VolumeButtonDisabled-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 9223a88620..eaf592f322 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -4,7 +4,7 @@ description: Learn more about the MSSecurityGuide Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ApplyUACRestrictionsToLocalAccountsOnNetworkLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ApplyUACRestrictionsToLocalAccountsOnNetworkLogon-Applicability-End -->
 
 <!-- ApplyUACRestrictionsToLocalAccountsOnNetworkLogon-OmaUri-Begin -->
@@ -78,7 +78,7 @@ ms.topic: reference
 <!-- ConfigureSMBV1ClientDriver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureSMBV1ClientDriver-Applicability-End -->
 
 <!-- ConfigureSMBV1ClientDriver-OmaUri-Begin -->
@@ -128,7 +128,7 @@ ms.topic: reference
 <!-- ConfigureSMBV1Server-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureSMBV1Server-Applicability-End -->
 
 <!-- ConfigureSMBV1Server-OmaUri-Begin -->
@@ -178,7 +178,7 @@ ms.topic: reference
 <!-- EnableStructuredExceptionHandlingOverwriteProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableStructuredExceptionHandlingOverwriteProtection-Applicability-End -->
 
 <!-- EnableStructuredExceptionHandlingOverwriteProtection-OmaUri-Begin -->
@@ -228,7 +228,7 @@ ms.topic: reference
 <!-- TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications-Applicability-End -->
 
 <!-- TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications-OmaUri-Begin -->
@@ -278,7 +278,7 @@ ms.topic: reference
 <!-- WDigestAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- WDigestAuthentication-Applicability-End -->
 
 <!-- WDigestAuthentication-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 11890d1e1f..a34a41ff94 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -4,7 +4,7 @@ description: Learn more about the MSSLegacy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-Applicability-End -->
 
 <!-- AllowICMPRedirectsToOverrideOSPFGeneratedRoutes-OmaUri-Begin -->
@@ -79,7 +79,7 @@ Allow ICMP redirects to override OSPF generated routes.
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-Applicability-End -->
 
 <!-- AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers-OmaUri-Begin -->
@@ -130,7 +130,7 @@ Allow the computer to ignore NetBIOS name release requests except from WINS serv
 <!-- IPSourceRoutingProtectionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- IPSourceRoutingProtectionLevel-Applicability-End -->
 
 <!-- IPSourceRoutingProtectionLevel-OmaUri-Begin -->
@@ -181,7 +181,7 @@ IP source routing protection level (protects against packet spoofing).
 <!-- IPv6SourceRoutingProtectionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- IPv6SourceRoutingProtectionLevel-Applicability-End -->
 
 <!-- IPv6SourceRoutingProtectionLevel-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index bd5f22db3a..c12b74e90f 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -4,7 +4,7 @@ description: Learn more about the Multitasking Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- BrowserAltTabBlowout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BrowserAltTabBlowout-Applicability-End -->
 
 <!-- BrowserAltTabBlowout-OmaUri-Begin -->
@@ -37,9 +37,9 @@ ms.topic: reference
 
 <!-- BrowserAltTabBlowout-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This setting controls the inclusion of Microsoft Edge tabs into Alt+Tab.
+This setting controls the inclusion of app tabs into Alt+Tab.
 
-This can be set to show all tabs, the most recent 3 or 5 tabs, or no tabs from Microsoft Edge.
+This can be set to show the most recent 3, 5 or 20 tabs, or no tabs from apps.
 
 If this is set to show "Open windows only", the whole feature will be disabled.
 <!-- BrowserAltTabBlowout-Description-End -->
@@ -82,7 +82,7 @@ This policy only applies to the Alt+Tab switcher. When the policy isn't enabled,
 | Name | Value |
 |:--|:--|
 | Name | BrowserAltTabBlowout |
-| Friendly Name | Configure the inclusion of Microsoft Edge tabs into Alt-Tab |
+| Friendly Name | Configure the inclusion of app tabs into Alt-Tab |
 | Element Name | Pressing Alt + Tab shows. |
 | Location | User Configuration |
 | Path | Windows Components > Multitasking |
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 372eef8d37..dd7b76de61 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -4,7 +4,7 @@ description: Learn more about the NetworkIsolation Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnterpriseCloudResources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EnterpriseCloudResources-Applicability-End -->
 
 <!-- EnterpriseCloudResources-OmaUri-Begin -->
@@ -90,7 +90,7 @@ For more information see: <https://go.microsoft.com/fwlink/p/?LinkId=234043>
 <!-- EnterpriseInternalProxyServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- EnterpriseInternalProxyServers-Applicability-End -->
 
 <!-- EnterpriseInternalProxyServers-OmaUri-Begin -->
@@ -156,7 +156,7 @@ For more information see: <https://go.microsoft.com/fwlink/p/?LinkId=234043>
 <!-- EnterpriseIPRange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- EnterpriseIPRange-Applicability-End -->
 
 <!-- EnterpriseIPRange-OmaUri-Begin -->
@@ -234,7 +234,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 <!-- EnterpriseIPRangesAreAuthoritative-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EnterpriseIPRangesAreAuthoritative-Applicability-End -->
 
 <!-- EnterpriseIPRangesAreAuthoritative-OmaUri-Begin -->
@@ -305,7 +305,7 @@ For more information see: <https://go.microsoft.com/fwlink/p/?LinkId=234043>
 <!-- EnterpriseNetworkDomainNames-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- EnterpriseNetworkDomainNames-Applicability-End -->
 
 <!-- EnterpriseNetworkDomainNames-OmaUri-Begin -->
@@ -353,7 +353,7 @@ For more information, see the following APIs:
 <!-- EnterpriseProxyServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- EnterpriseProxyServers-Applicability-End -->
 
 <!-- EnterpriseProxyServers-OmaUri-Begin -->
@@ -417,7 +417,7 @@ For more information see: <https://go.microsoft.com/fwlink/p/?LinkId=234043>
 <!-- EnterpriseProxyServersAreAuthoritative-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- EnterpriseProxyServersAreAuthoritative-Applicability-End -->
 
 <!-- EnterpriseProxyServersAreAuthoritative-OmaUri-Begin -->
@@ -488,7 +488,7 @@ For more information see: <https://go.microsoft.com/fwlink/p/?LinkId=234043>
 <!-- NeutralResources-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- NeutralResources-Applicability-End -->
 
 <!-- NeutralResources-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index d911d882c5..ecc77167b9 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -4,7 +4,7 @@ description: Learn more about the NetworkListManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowedTlsAuthenticationEndpoints-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- AllowedTlsAuthenticationEndpoints-Applicability-End -->
 
 <!-- AllowedTlsAuthenticationEndpoints-OmaUri-Begin -->
@@ -37,7 +37,7 @@ ms.topic: reference
 
 <!-- AllowedTlsAuthenticationEndpoints-Description-Begin -->
 <!-- Description-Source-DDF -->
-List of URLs (seperated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
+List of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
 <!-- AllowedTlsAuthenticationEndpoints-Description-End -->
 
 <!-- AllowedTlsAuthenticationEndpoints-Editable-Begin -->
@@ -79,7 +79,7 @@ Invoke-WebRequest -Uri https://nls.corp.contoso.com -Method get -UseBasicParsing
 <!-- ConfiguredTlsAuthenticationNetworkName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- ConfiguredTlsAuthenticationNetworkName-Applicability-End -->
 
 <!-- ConfiguredTlsAuthenticationNetworkName-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
index d6ebc245a3..c22d8a9bfa 100644
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -4,7 +4,7 @@ description: Learn more about the NewsAndInterests Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowNewsAndInterests-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowNewsAndInterests-Applicability-End -->
 
 <!-- AllowNewsAndInterests-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 65ea9ad54a..1f7b42377a 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -4,7 +4,7 @@ description: Learn more about the Notifications Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,17 +16,90 @@ ms.topic: reference
 <!-- Notifications-Begin -->
 # Policy CSP - Notifications
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- Notifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Notifications-Editable-End -->
 
+<!-- DisableAccountNotifications-Begin -->
+## DisableAccountNotifications
+
+<!-- DisableAccountNotifications-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+<!-- DisableAccountNotifications-Applicability-End -->
+
+<!-- DisableAccountNotifications-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/Notifications/DisableAccountNotifications
+```
+<!-- DisableAccountNotifications-OmaUri-End -->
+
+<!-- DisableAccountNotifications-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile).
+
+Notifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription.
+
+- If you enable this policy setting, Windows won't send account related notifications for local and MSA users to the user tile in Start.
+
+- If you disable or don't configure this policy setting, Windows will send account related notifications for local and MSA users to the user tile in Start.
+
+No reboots or service restarts are required for this policy setting to take effect.
+<!-- DisableAccountNotifications-Description-End -->
+
+<!-- DisableAccountNotifications-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisableAccountNotifications-Editable-End -->
+
+<!-- DisableAccountNotifications-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisableAccountNotifications-DFProperties-End -->
+
+<!-- DisableAccountNotifications-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- DisableAccountNotifications-AllowedValues-End -->
+
+<!-- DisableAccountNotifications-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DisableAccountNotifications |
+| Friendly Name | Turn off account notifications in Start |
+| Location | User Configuration |
+| Path | Windows Components > Account Notifications |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AccountNotifications |
+| Registry Value Name | DisableAccountNotifications |
+| ADMX File Name | AccountNotifications.admx |
+<!-- DisableAccountNotifications-GpMapping-End -->
+
+<!-- DisableAccountNotifications-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DisableAccountNotifications-Examples-End -->
+
+<!-- DisableAccountNotifications-End -->
+
 <!-- DisallowCloudNotification-Begin -->
 ## DisallowCloudNotification
 
 <!-- DisallowCloudNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DisallowCloudNotification-Applicability-End -->
 
 <!-- DisallowCloudNotification-OmaUri-Begin -->
@@ -108,7 +181,7 @@ To validate the configuration:
 <!-- DisallowNotificationMirroring-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisallowNotificationMirroring-Applicability-End -->
 
 <!-- DisallowNotificationMirroring-OmaUri-Begin -->
@@ -179,7 +252,7 @@ This feature can be turned off by apps that don't want to participate in notific
 <!-- DisallowTileNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DisallowTileNotification-Applicability-End -->
 
 <!-- DisallowTileNotification-OmaUri-Begin -->
@@ -248,7 +321,7 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- EnableExpandedToastNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1620] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1620] and later |
 <!-- EnableExpandedToastNotifications-Applicability-End -->
 
 <!-- EnableExpandedToastNotifications-OmaUri-Begin -->
@@ -258,12 +331,16 @@ No reboots or service restarts are required for this policy setting to take effe
 <!-- EnableExpandedToastNotifications-OmaUri-End -->
 
 <!-- EnableExpandedToastNotifications-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 This policy setting turns on multiple expanded toast notifications in action center.
 
 - If you enable this policy setting, the first three notifications of each application will be expanded by default in action center.
 
-- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center. Windows 10 only. This will be immediately deprecated for Windows 11. No reboots or service restarts are required for this policy setting to take effect.
+- If you disable or don't configure this policy setting, only the first notification of each application will be expanded by default in action center.
+
+Windows 10 only. This will be immediately deprecated for Windows 11.
+
+No reboots or service restarts are required for this policy setting to take effect.
 <!-- EnableExpandedToastNotifications-Description-End -->
 
 <!-- EnableExpandedToastNotifications-Editable-Begin -->
@@ -295,7 +372,12 @@ This policy setting turns on multiple expanded toast notifications in action cen
 | Name | Value |
 |:--|:--|
 | Name | ExpandedToastNotifications |
-| Path | WPN > AT > StartMenu > NotificationsCategory |
+| Friendly Name | Turn on multiple expanded toast notifications in action center |
+| Location | User Configuration |
+| Path | Start Menu and Taskbar > Notifications |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications |
+| Registry Value Name | EnableExpandedToastNotifications |
+| ADMX File Name | WPN.admx |
 <!-- EnableExpandedToastNotifications-GpMapping-End -->
 
 <!-- EnableExpandedToastNotifications-Examples-Begin -->
@@ -310,7 +392,7 @@ This policy setting turns on multiple expanded toast notifications in action cen
 <!-- WnsEndpoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WnsEndpoint-Applicability-End -->
 
 <!-- WnsEndpoint-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index 1df08d3e35..a48e9dd24b 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -4,7 +4,7 @@ description: Learn more about the Power Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowHibernate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowHibernate-Applicability-End -->
 
 <!-- AllowHibernate-OmaUri-Begin -->
@@ -77,7 +77,7 @@ This policy setting decides if hibernate on the machine is allowed or not. Suppo
 <!-- AllowStandbyStatesWhenSleepingOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowStandbyStatesWhenSleepingOnBattery-Applicability-End -->
 
 <!-- AllowStandbyStatesWhenSleepingOnBattery-OmaUri-Begin -->
@@ -136,7 +136,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta
 <!-- AllowStandbyWhenSleepingPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowStandbyWhenSleepingPluggedIn-Applicability-End -->
 
 <!-- AllowStandbyWhenSleepingPluggedIn-OmaUri-Begin -->
@@ -195,7 +195,7 @@ This policy setting manages whether or not Windows is allowed to use standby sta
 <!-- DisplayOffTimeoutOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisplayOffTimeoutOnBattery-Applicability-End -->
 
 <!-- DisplayOffTimeoutOnBattery-OmaUri-Begin -->
@@ -255,7 +255,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- DisplayOffTimeoutPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisplayOffTimeoutPluggedIn-Applicability-End -->
 
 <!-- DisplayOffTimeoutPluggedIn-OmaUri-Begin -->
@@ -315,7 +315,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- EnergySaverBatteryThresholdOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- EnergySaverBatteryThresholdOnBattery-Applicability-End -->
 
 <!-- EnergySaverBatteryThresholdOnBattery-OmaUri-Begin -->
@@ -374,7 +374,7 @@ This policy setting allows you to specify battery charge level at which Energy S
 <!-- EnergySaverBatteryThresholdPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- EnergySaverBatteryThresholdPluggedIn-Applicability-End -->
 
 <!-- EnergySaverBatteryThresholdPluggedIn-OmaUri-Begin -->
@@ -433,7 +433,7 @@ This policy setting allows you to specify battery charge level at which Energy S
 <!-- HibernateTimeoutOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- HibernateTimeoutOnBattery-Applicability-End -->
 
 <!-- HibernateTimeoutOnBattery-OmaUri-Begin -->
@@ -493,7 +493,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- HibernateTimeoutPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- HibernateTimeoutPluggedIn-Applicability-End -->
 
 <!-- HibernateTimeoutPluggedIn-OmaUri-Begin -->
@@ -553,7 +553,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- RequirePasswordWhenComputerWakesOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RequirePasswordWhenComputerWakesOnBattery-Applicability-End -->
 
 <!-- RequirePasswordWhenComputerWakesOnBattery-OmaUri-Begin -->
@@ -612,7 +612,7 @@ This policy setting specifies whether or not the user is prompted for a password
 <!-- RequirePasswordWhenComputerWakesPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RequirePasswordWhenComputerWakesPluggedIn-Applicability-End -->
 
 <!-- RequirePasswordWhenComputerWakesPluggedIn-OmaUri-Begin -->
@@ -671,7 +671,7 @@ This policy setting specifies whether or not the user is prompted for a password
 <!-- SelectLidCloseActionOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SelectLidCloseActionOnBattery-Applicability-End -->
 
 <!-- SelectLidCloseActionOnBattery-OmaUri-Begin -->
@@ -747,7 +747,7 @@ Possible actions include:
 <!-- SelectLidCloseActionPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SelectLidCloseActionPluggedIn-Applicability-End -->
 
 <!-- SelectLidCloseActionPluggedIn-OmaUri-Begin -->
@@ -823,7 +823,7 @@ Possible actions include:
 <!-- SelectPowerButtonActionOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SelectPowerButtonActionOnBattery-Applicability-End -->
 
 <!-- SelectPowerButtonActionOnBattery-OmaUri-Begin -->
@@ -899,7 +899,7 @@ Possible actions include:
 <!-- SelectPowerButtonActionPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SelectPowerButtonActionPluggedIn-Applicability-End -->
 
 <!-- SelectPowerButtonActionPluggedIn-OmaUri-Begin -->
@@ -975,7 +975,7 @@ Possible actions include:
 <!-- SelectSleepButtonActionOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SelectSleepButtonActionOnBattery-Applicability-End -->
 
 <!-- SelectSleepButtonActionOnBattery-OmaUri-Begin -->
@@ -1051,7 +1051,7 @@ Possible actions include:
 <!-- SelectSleepButtonActionPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SelectSleepButtonActionPluggedIn-Applicability-End -->
 
 <!-- SelectSleepButtonActionPluggedIn-OmaUri-Begin -->
@@ -1127,7 +1127,7 @@ Possible actions include:
 <!-- StandbyTimeoutOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- StandbyTimeoutOnBattery-Applicability-End -->
 
 <!-- StandbyTimeoutOnBattery-OmaUri-Begin -->
@@ -1187,7 +1187,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- StandbyTimeoutPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- StandbyTimeoutPluggedIn-Applicability-End -->
 
 <!-- StandbyTimeoutPluggedIn-OmaUri-Begin -->
@@ -1247,7 +1247,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- TurnOffHybridSleepOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- TurnOffHybridSleepOnBattery-Applicability-End -->
 
 <!-- TurnOffHybridSleepOnBattery-OmaUri-Begin -->
@@ -1314,7 +1314,7 @@ This policy setting allows you to turn off hybrid sleep.
 <!-- TurnOffHybridSleepPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- TurnOffHybridSleepPluggedIn-Applicability-End -->
 
 <!-- TurnOffHybridSleepPluggedIn-OmaUri-Begin -->
@@ -1381,7 +1381,7 @@ This policy setting allows you to turn off hybrid sleep.
 <!-- UnattendedSleepTimeoutOnBattery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- UnattendedSleepTimeoutOnBattery-Applicability-End -->
 
 <!-- UnattendedSleepTimeoutOnBattery-OmaUri-Begin -->
@@ -1442,7 +1442,7 @@ If the user has configured a slide show to run on the lock screen when the machi
 <!-- UnattendedSleepTimeoutPluggedIn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- UnattendedSleepTimeoutPluggedIn-Applicability-End -->
 
 <!-- UnattendedSleepTimeoutPluggedIn-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 0236d23909..10b73e98be 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -4,7 +4,7 @@ description: Learn more about the Printers Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ApprovedUsbPrintDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApprovedUsbPrintDevices-Applicability-End -->
 
 <!-- ApprovedUsbPrintDevices-OmaUri-Begin -->
@@ -87,7 +87,7 @@ The format of this setting is `<vid>/<pid>[,<vid>/<pid>]`.
 <!-- ApprovedUsbPrintDevicesUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ApprovedUsbPrintDevicesUser-Applicability-End -->
 
 <!-- ApprovedUsbPrintDevicesUser-OmaUri-Begin -->
@@ -146,7 +146,7 @@ The format of this setting is `<vid>/<pid>[,<vid>/<pid>]`.
 <!-- ConfigureCopyFilesPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureCopyFilesPolicy-Applicability-End -->
 
 <!-- ConfigureCopyFilesPolicy-OmaUri-Begin -->
@@ -215,7 +215,7 @@ The following are the supported values:
 <!-- ConfigureDriverValidationLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureDriverValidationLevel-Applicability-End -->
 
 <!-- ConfigureDriverValidationLevel-OmaUri-Begin -->
@@ -296,7 +296,7 @@ The following are the supported values:
 <!-- ConfigureIppPageCountsPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureIppPageCountsPolicy-Applicability-End -->
 
 <!-- ConfigureIppPageCountsPolicy-OmaUri-Begin -->
@@ -361,7 +361,7 @@ The following are the supported values:
 <!-- ConfigureRedirectionGuardPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureRedirectionGuardPolicy-Applicability-End -->
 
 <!-- ConfigureRedirectionGuardPolicy-OmaUri-Begin -->
@@ -432,7 +432,7 @@ The following are the supported values:
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-Applicability-End -->
 
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-OmaUri-Begin -->
@@ -482,7 +482,7 @@ The following are the supported values:
 <!-- ConfigureRpcConnectionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureRpcConnectionPolicy-Applicability-End -->
 
 <!-- ConfigureRpcConnectionPolicy-OmaUri-Begin -->
@@ -551,7 +551,7 @@ If you disable or don't configure this policy setting, the above defaults will b
 <!-- ConfigureRpcListenerPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureRpcListenerPolicy-Applicability-End -->
 
 <!-- ConfigureRpcListenerPolicy-OmaUri-Begin -->
@@ -620,7 +620,7 @@ If you disable or don't configure this policy setting, the above defaults will b
 <!-- ConfigureRpcTcpPort-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ConfigureRpcTcpPort-Applicability-End -->
 
 <!-- ConfigureRpcTcpPort-OmaUri-Begin -->
@@ -682,7 +682,7 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
 <!-- EnableDeviceControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableDeviceControl-Applicability-End -->
 
 <!-- EnableDeviceControl-OmaUri-Begin -->
@@ -743,7 +743,7 @@ By default, there are no restrictions to printing based on connection type or pr
 <!-- EnableDeviceControlUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableDeviceControlUser-Applicability-End -->
 
 <!-- EnableDeviceControlUser-OmaUri-Begin -->
@@ -804,7 +804,7 @@ By default, there are no restrictions to printing based on connection type or pr
 <!-- ManageDriverExclusionList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ManageDriverExclusionList-Applicability-End -->
 
 <!-- ManageDriverExclusionList-OmaUri-Begin -->
@@ -864,7 +864,7 @@ If you disable or don't configure this policy setting, the registry key and valu
 <!-- PointAndPrintRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PointAndPrintRestrictions-Applicability-End -->
 
 <!-- PointAndPrintRestrictions-OmaUri-Begin -->
@@ -947,7 +947,7 @@ This policy setting controls the client Point and Print behavior, including the
 <!-- PointAndPrintRestrictions_User-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PointAndPrintRestrictions_User-Applicability-End -->
 
 <!-- PointAndPrintRestrictions_User-OmaUri-Begin -->
@@ -1030,7 +1030,7 @@ This policy setting controls the client Point and Print behavior, including the
 <!-- PublishPrinters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PublishPrinters-Applicability-End -->
 
 <!-- PublishPrinters-OmaUri-Begin -->
@@ -1092,7 +1092,7 @@ Determines whether the computer's shared printers can be published in Active Dir
 <!-- RestrictDriverInstallationToAdministrators-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- RestrictDriverInstallationToAdministrators-Applicability-End -->
 
 <!-- RestrictDriverInstallationToAdministrators-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 28175d1f22..b272736200 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,8 @@ ms.topic: reference
 <!-- Privacy-Begin -->
 # Policy CSP - Privacy
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- Privacy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Privacy-Editable-End -->
@@ -26,7 +28,7 @@ ms.topic: reference
 <!-- AllowAutoAcceptPairingAndPrivacyConsentPrompts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowAutoAcceptPairingAndPrivacyConsentPrompts-Applicability-End -->
 
 <!-- AllowAutoAcceptPairingAndPrivacyConsentPrompts-OmaUri-Begin -->
@@ -78,7 +80,7 @@ Allows or disallows the automatic acceptance of the pairing and privacy user con
 <!-- AllowCrossDeviceClipboard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowCrossDeviceClipboard-Applicability-End -->
 
 <!-- AllowCrossDeviceClipboard-OmaUri-Begin -->
@@ -149,7 +151,7 @@ Most restrictive value is `0` to not allow cross-device clipboard.
 <!-- AllowInputPersonalization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowInputPersonalization-Applicability-End -->
 
 <!-- AllowInputPersonalization-OmaUri-Begin -->
@@ -222,7 +224,7 @@ The most restrictive value is `0` to not allow speech services.
 <!-- DisableAdvertisingId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisableAdvertisingId-Applicability-End -->
 
 <!-- DisableAdvertisingId-OmaUri-Begin -->
@@ -290,7 +292,7 @@ This policy setting turns off the advertising ID, preventing apps from using the
 <!-- DisablePrivacyExperience-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisablePrivacyExperience-Applicability-End -->
 
 <!-- DisablePrivacyExperience-OmaUri-Begin -->
@@ -363,7 +365,7 @@ In some managed environments, the privacy settings may be set by other policies.
 <!-- EnableActivityFeed-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- EnableActivityFeed-Applicability-End -->
 
 <!-- EnableActivityFeed-OmaUri-Begin -->
@@ -432,7 +434,7 @@ Policy change takes effect immediately.
 <!-- LetAppsAccessAccountInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessAccountInfo-Applicability-End -->
 
 <!-- LetAppsAccessAccountInfo-OmaUri-Begin -->
@@ -510,7 +512,7 @@ The most restrictive value is `2` to deny apps access to account information.
 <!-- LetAppsAccessAccountInfo_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessAccountInfo_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessAccountInfo_ForceAllowTheseApps-OmaUri-Begin -->
@@ -575,7 +577,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessAccountInfo_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessAccountInfo_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessAccountInfo_ForceDenyTheseApps-OmaUri-Begin -->
@@ -640,7 +642,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessAccountInfo_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessAccountInfo_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessAccountInfo_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -705,7 +707,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessBackgroundSpatialPerception-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- LetAppsAccessBackgroundSpatialPerception-Applicability-End -->
 
 <!-- LetAppsAccessBackgroundSpatialPerception-OmaUri-Begin -->
@@ -757,7 +759,7 @@ This policy setting specifies whether Windows apps can access the movement of th
 <!-- LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps-OmaUri-Begin -->
@@ -799,7 +801,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
 <!-- LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessBackgroundSpatialPerception_ForceDenyTheseApps-OmaUri-Begin -->
@@ -842,7 +844,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
 <!-- LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessBackgroundSpatialPerception_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -885,7 +887,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
 <!-- LetAppsAccessCalendar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCalendar-Applicability-End -->
 
 <!-- LetAppsAccessCalendar-OmaUri-Begin -->
@@ -963,7 +965,7 @@ The most restrictive value is `2` to deny apps access to the calendar.
 <!-- LetAppsAccessCalendar_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCalendar_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCalendar_ForceAllowTheseApps-OmaUri-Begin -->
@@ -1028,7 +1030,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCalendar_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCalendar_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCalendar_ForceDenyTheseApps-OmaUri-Begin -->
@@ -1093,7 +1095,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCalendar_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCalendar_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCalendar_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -1158,7 +1160,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCallHistory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCallHistory-Applicability-End -->
 
 <!-- LetAppsAccessCallHistory-OmaUri-Begin -->
@@ -1236,7 +1238,7 @@ The most restrictive value is `2` to deny apps access to call history.
 <!-- LetAppsAccessCallHistory_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCallHistory_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCallHistory_ForceAllowTheseApps-OmaUri-Begin -->
@@ -1301,7 +1303,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCallHistory_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCallHistory_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCallHistory_ForceDenyTheseApps-OmaUri-Begin -->
@@ -1366,7 +1368,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCallHistory_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCallHistory_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCallHistory_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -1431,7 +1433,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCamera-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCamera-Applicability-End -->
 
 <!-- LetAppsAccessCamera-OmaUri-Begin -->
@@ -1509,7 +1511,7 @@ The most restrictive value is `2` to deny apps access to the camera.
 <!-- LetAppsAccessCamera_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCamera_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCamera_ForceAllowTheseApps-OmaUri-Begin -->
@@ -1574,7 +1576,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCamera_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCamera_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCamera_ForceDenyTheseApps-OmaUri-Begin -->
@@ -1639,7 +1641,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessCamera_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessCamera_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessCamera_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -1704,7 +1706,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessContacts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessContacts-Applicability-End -->
 
 <!-- LetAppsAccessContacts-OmaUri-Begin -->
@@ -1782,7 +1784,7 @@ The most restrictive value is `2` to deny apps access to contacts.
 <!-- LetAppsAccessContacts_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessContacts_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessContacts_ForceAllowTheseApps-OmaUri-Begin -->
@@ -1847,7 +1849,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessContacts_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessContacts_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessContacts_ForceDenyTheseApps-OmaUri-Begin -->
@@ -1912,7 +1914,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessContacts_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessContacts_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessContacts_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -1977,7 +1979,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessEmail-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessEmail-Applicability-End -->
 
 <!-- LetAppsAccessEmail-OmaUri-Begin -->
@@ -2055,7 +2057,7 @@ The most restrictive value is `2` to deny apps access to email.
 <!-- LetAppsAccessEmail_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessEmail_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessEmail_ForceAllowTheseApps-OmaUri-Begin -->
@@ -2120,7 +2122,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessEmail_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessEmail_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessEmail_ForceDenyTheseApps-OmaUri-Begin -->
@@ -2185,7 +2187,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessEmail_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessEmail_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessEmail_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -2250,7 +2252,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGazeInput-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LetAppsAccessGazeInput-Applicability-End -->
 
 <!-- LetAppsAccessGazeInput-OmaUri-Begin -->
@@ -2291,7 +2293,7 @@ This policy setting specifies whether Windows apps can access the eye tracker.
 <!-- LetAppsAccessGazeInput_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LetAppsAccessGazeInput_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGazeInput_ForceAllowTheseApps-OmaUri-Begin -->
@@ -2331,7 +2333,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
 <!-- LetAppsAccessGazeInput_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LetAppsAccessGazeInput_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGazeInput_ForceDenyTheseApps-OmaUri-Begin -->
@@ -2371,7 +2373,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed
 <!-- LetAppsAccessGazeInput_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LetAppsAccessGazeInput_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGazeInput_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -2411,7 +2413,7 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
 <!-- LetAppsAccessGraphicsCaptureProgrammatic-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureProgrammatic-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureProgrammatic-OmaUri-Begin -->
@@ -2477,7 +2479,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_ForceAllowTheseApps-OmaUri-Begin -->
@@ -2542,7 +2544,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_ForceDenyTheseApps-OmaUri-Begin -->
@@ -2607,7 +2609,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureProgrammatic_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -2672,7 +2674,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder-OmaUri-Begin -->
@@ -2739,7 +2741,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps-OmaUri-Begin -->
@@ -2804,7 +2806,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps-OmaUri-Begin -->
@@ -2869,7 +2871,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -2934,7 +2936,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.25000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
 <!-- LetAppsAccessHumanPresence-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence-OmaUri-Begin -->
@@ -2944,8 +2946,20 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy setting specifies whether Windows apps can access the human presence sensor.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence-Description-End -->
 
 <!-- LetAppsAccessHumanPresence-Editable-Begin -->
@@ -2978,8 +2992,12 @@ This policy setting specifies whether Windows apps can access the human presence
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_Enum |
+| Friendly Name | Let Windows apps access presence sensing |
+| Element Name | Default for all apps. |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence-Examples-Begin -->
@@ -2994,7 +3012,7 @@ This policy setting specifies whether Windows apps can access the human presence
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.25000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-OmaUri-Begin -->
@@ -3004,8 +3022,20 @@ This policy setting specifies whether Windows apps can access the human presence
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Description-Begin -->
-<!-- Description-Source-DDF -->
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the human presence sensor. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Description-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Editable-Begin -->
@@ -3028,8 +3058,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_ForceAllowTheseApps_List |
+| Friendly Name | Let Windows apps access presence sensing |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Examples-Begin -->
@@ -3044,7 +3077,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.25000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-OmaUri-Begin -->
@@ -3054,8 +3087,20 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Description-Begin -->
-<!-- Description-Source-DDF -->
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the human presence sensor. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Description-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Editable-Begin -->
@@ -3078,8 +3123,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_ForceDenyTheseApps_List |
+| Friendly Name | Let Windows apps access presence sensing |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Examples-Begin -->
@@ -3094,7 +3142,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.25000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -3104,8 +3152,20 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-OmaUri-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Description-Begin -->
-<!-- Description-Source-DDF -->
-List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the human presence privacy setting for the listed apps. This setting overrides the default LetAppsAccessHumanPresence policy setting for the specified apps.
+<!-- Description-Source-ADMX -->
+This policy setting specifies whether Windows apps can access presence sensing.
+
+You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. You can get the Package Family Name for an app by using the Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting.
+
+If you choose the "User is in control" option, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If you choose the "Force Allow" option, Windows apps are allowed to access presence sensing and employees in your organization can't change it.
+
+If you choose the "Force Deny" option, Windows apps aren't allowed to access presence sensing and employees in your organization can't change it.
+
+If you disable or don't configure this policy setting, employees in your organization can decide whether Windows apps can access presence sensing by using Settings > Privacy on the device.
+
+If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Description-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Editable-Begin -->
@@ -3128,8 +3188,11 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessHumanPresence |
-| Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
-| Element Name | LetAppsAccessHumanPresence_UserInControlOfTheseApps_List |
+| Friendly Name | Let Windows apps access presence sensing |
+| Location | Computer Configuration |
+| Path | Windows Components > App Privacy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\AppPrivacy |
+| ADMX File Name | AppPrivacy.admx |
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-GpMapping-End -->
 
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Examples-Begin -->
@@ -3144,7 +3207,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. The u
 <!-- LetAppsAccessLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessLocation-Applicability-End -->
 
 <!-- LetAppsAccessLocation-OmaUri-Begin -->
@@ -3222,7 +3285,7 @@ The most restrictive value is `2` to deny apps access to the device's location.
 <!-- LetAppsAccessLocation_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessLocation_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessLocation_ForceAllowTheseApps-OmaUri-Begin -->
@@ -3287,7 +3350,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessLocation_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessLocation_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessLocation_ForceDenyTheseApps-OmaUri-Begin -->
@@ -3352,7 +3415,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessLocation_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessLocation_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessLocation_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -3417,7 +3480,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMessaging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMessaging-Applicability-End -->
 
 <!-- LetAppsAccessMessaging-OmaUri-Begin -->
@@ -3495,7 +3558,7 @@ The most restrictive value is `2` to deny apps access to messaging.
 <!-- LetAppsAccessMessaging_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMessaging_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMessaging_ForceAllowTheseApps-OmaUri-Begin -->
@@ -3560,7 +3623,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMessaging_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMessaging_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMessaging_ForceDenyTheseApps-OmaUri-Begin -->
@@ -3625,7 +3688,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMessaging_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMessaging_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMessaging_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -3690,7 +3753,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMicrophone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMicrophone-Applicability-End -->
 
 <!-- LetAppsAccessMicrophone-OmaUri-Begin -->
@@ -3768,7 +3831,7 @@ The most restrictive value is `2` to deny apps access to the microphone.
 <!-- LetAppsAccessMicrophone_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMicrophone_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMicrophone_ForceAllowTheseApps-OmaUri-Begin -->
@@ -3833,7 +3896,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMicrophone_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMicrophone_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMicrophone_ForceDenyTheseApps-OmaUri-Begin -->
@@ -3898,7 +3961,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMicrophone_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMicrophone_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMicrophone_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -3963,7 +4026,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMotion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMotion-Applicability-End -->
 
 <!-- LetAppsAccessMotion-OmaUri-Begin -->
@@ -4041,7 +4104,7 @@ The most restrictive value is `2` to deny apps access to motion data.
 <!-- LetAppsAccessMotion_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMotion_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMotion_ForceAllowTheseApps-OmaUri-Begin -->
@@ -4106,7 +4169,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMotion_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMotion_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMotion_ForceDenyTheseApps-OmaUri-Begin -->
@@ -4171,7 +4234,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessMotion_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessMotion_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessMotion_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -4236,7 +4299,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessNotifications-Applicability-End -->
 
 <!-- LetAppsAccessNotifications-OmaUri-Begin -->
@@ -4314,7 +4377,7 @@ The most restrictive value is `2` to deny apps access to notifications.
 <!-- LetAppsAccessNotifications_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessNotifications_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessNotifications_ForceAllowTheseApps-OmaUri-Begin -->
@@ -4379,7 +4442,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessNotifications_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessNotifications_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessNotifications_ForceDenyTheseApps-OmaUri-Begin -->
@@ -4444,7 +4507,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessNotifications_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessNotifications_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessNotifications_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -4509,7 +4572,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessPhone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessPhone-Applicability-End -->
 
 <!-- LetAppsAccessPhone-OmaUri-Begin -->
@@ -4587,7 +4650,7 @@ The most restrictive value is `2` to deny apps access to make phone calls.
 <!-- LetAppsAccessPhone_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessPhone_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessPhone_ForceAllowTheseApps-OmaUri-Begin -->
@@ -4652,7 +4715,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessPhone_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessPhone_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessPhone_ForceDenyTheseApps-OmaUri-Begin -->
@@ -4717,7 +4780,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessPhone_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessPhone_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessPhone_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -4782,7 +4845,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessRadios-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessRadios-Applicability-End -->
 
 <!-- LetAppsAccessRadios-OmaUri-Begin -->
@@ -4860,7 +4923,7 @@ The most restrictive value is `2` to deny apps access to control radios.
 <!-- LetAppsAccessRadios_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessRadios_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessRadios_ForceAllowTheseApps-OmaUri-Begin -->
@@ -4925,7 +4988,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessRadios_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessRadios_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessRadios_ForceDenyTheseApps-OmaUri-Begin -->
@@ -4990,7 +5053,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessRadios_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessRadios_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessRadios_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -5055,7 +5118,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTasks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessTasks-Applicability-End -->
 
 <!-- LetAppsAccessTasks-OmaUri-Begin -->
@@ -5122,7 +5185,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTasks_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessTasks_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessTasks_ForceAllowTheseApps-OmaUri-Begin -->
@@ -5187,7 +5250,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTasks_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessTasks_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessTasks_ForceDenyTheseApps-OmaUri-Begin -->
@@ -5252,7 +5315,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTasks_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsAccessTasks_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessTasks_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -5317,7 +5380,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTrustedDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessTrustedDevices-Applicability-End -->
 
 <!-- LetAppsAccessTrustedDevices-OmaUri-Begin -->
@@ -5395,7 +5458,7 @@ The most restrictive value is `2` to deny apps access trusted devices.
 <!-- LetAppsAccessTrustedDevices_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessTrustedDevices_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessTrustedDevices_ForceAllowTheseApps-OmaUri-Begin -->
@@ -5460,7 +5523,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTrustedDevices_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessTrustedDevices_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessTrustedDevices_ForceDenyTheseApps-OmaUri-Begin -->
@@ -5525,7 +5588,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessTrustedDevices_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsAccessTrustedDevices_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsAccessTrustedDevices_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -5590,7 +5653,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsActivateWithVoice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- LetAppsActivateWithVoice-Applicability-End -->
 
 <!-- LetAppsActivateWithVoice-OmaUri-Begin -->
@@ -5664,7 +5727,7 @@ This policy is applied to Windows apps and Cortana.
 <!-- LetAppsActivateWithVoiceAboveLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- LetAppsActivateWithVoiceAboveLock-Applicability-End -->
 
 <!-- LetAppsActivateWithVoiceAboveLock-OmaUri-Begin -->
@@ -5738,7 +5801,7 @@ This policy is applied to Windows apps and Cortana. It takes precedence of the "
 <!-- LetAppsGetDiagnosticInfo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsGetDiagnosticInfo-Applicability-End -->
 
 <!-- LetAppsGetDiagnosticInfo-OmaUri-Begin -->
@@ -5816,7 +5879,7 @@ The most restrictive value is `2` to deny apps access to diagnostic data.
 <!-- LetAppsGetDiagnosticInfo_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsGetDiagnosticInfo_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsGetDiagnosticInfo_ForceAllowTheseApps-OmaUri-Begin -->
@@ -5881,7 +5944,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsGetDiagnosticInfo_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsGetDiagnosticInfo_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsGetDiagnosticInfo_ForceDenyTheseApps-OmaUri-Begin -->
@@ -5946,7 +6009,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsGetDiagnosticInfo_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsGetDiagnosticInfo_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsGetDiagnosticInfo_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -6011,7 +6074,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsRunInBackground-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsRunInBackground-Applicability-End -->
 
 <!-- LetAppsRunInBackground-OmaUri-Begin -->
@@ -6091,7 +6154,7 @@ The most restrictive value is `2` to deny apps from running in the background.
 <!-- LetAppsRunInBackground_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsRunInBackground_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsRunInBackground_ForceAllowTheseApps-OmaUri-Begin -->
@@ -6156,7 +6219,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsRunInBackground_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsRunInBackground_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsRunInBackground_ForceDenyTheseApps-OmaUri-Begin -->
@@ -6221,7 +6284,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsRunInBackground_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- LetAppsRunInBackground_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsRunInBackground_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -6286,7 +6349,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsSyncWithDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsSyncWithDevices-Applicability-End -->
 
 <!-- LetAppsSyncWithDevices-OmaUri-Begin -->
@@ -6364,7 +6427,7 @@ The most restrictive value is `2` to deny apps syncing with devices.
 <!-- LetAppsSyncWithDevices_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsSyncWithDevices_ForceAllowTheseApps-Applicability-End -->
 
 <!-- LetAppsSyncWithDevices_ForceAllowTheseApps-OmaUri-Begin -->
@@ -6429,7 +6492,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsSyncWithDevices_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsSyncWithDevices_ForceDenyTheseApps-Applicability-End -->
 
 <!-- LetAppsSyncWithDevices_ForceDenyTheseApps-OmaUri-Begin -->
@@ -6494,7 +6557,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsSyncWithDevices_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- LetAppsSyncWithDevices_UserInControlOfTheseApps-Applicability-End -->
 
 <!-- LetAppsSyncWithDevices_UserInControlOfTheseApps-OmaUri-Begin -->
@@ -6559,7 +6622,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- PublishUserActivities-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- PublishUserActivities-Applicability-End -->
 
 <!-- PublishUserActivities-OmaUri-Begin -->
@@ -6630,7 +6693,7 @@ For more information, see [Windows activity history and your privacy](https://su
 <!-- UploadUserActivities-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- UploadUserActivities-Applicability-End -->
 
 <!-- UploadUserActivities-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index e241740d64..fa85c9cec4 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteAssistance Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- CustomizeWarningMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- CustomizeWarningMessages-Applicability-End -->
 
 <!-- CustomizeWarningMessages-OmaUri-Begin -->
@@ -93,7 +93,7 @@ The "Display warning message before connecting" policy setting allows you to spe
 <!-- SessionLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SessionLogging-Applicability-End -->
 
 <!-- SessionLogging-OmaUri-Begin -->
@@ -154,7 +154,7 @@ This policy setting allows you to turn logging on or off. Log files are located
 <!-- SolicitedRemoteAssistance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SolicitedRemoteAssistance-Applicability-End -->
 
 <!-- SolicitedRemoteAssistance-OmaUri-Begin -->
@@ -223,7 +223,7 @@ The "Select the method for sending email invitations" setting specifies which em
 <!-- UnsolicitedRemoteAssistance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- UnsolicitedRemoteAssistance-Applicability-End -->
 
 <!-- UnsolicitedRemoteAssistance-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index de30e58549..ff6dc5d401 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteDesktop Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AutoSubscription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1370] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1370] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1370] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1370] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1370] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1370] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1370] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1370] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AutoSubscription-Applicability-End -->
 
 <!-- AutoSubscription-OmaUri-Begin -->
@@ -84,7 +84,7 @@ To automatically subscribe to [Azure Virtual Desktop](/azure/virtual-desktop/ove
 <!-- LoadAadCredKeyFromProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LoadAadCredKeyFromProfile-Applicability-End -->
 
 <!-- LoadAadCredKeyFromProfile-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 44e7a1f931..dd8a3fc532 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteDesktopServices Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowUsersToConnectRemotely-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowUsersToConnectRemotely-Applicability-End -->
 
 <!-- AllowUsersToConnectRemotely-OmaUri-Begin -->
@@ -93,7 +93,7 @@ You can limit the number of users who can connect simultaneously by configuring
 <!-- ClientConnectionEncryptionLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ClientConnectionEncryptionLevel-Applicability-End -->
 
 <!-- ClientConnectionEncryptionLevel-OmaUri-Begin -->
@@ -161,7 +161,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DoNotAllowDriveRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotAllowDriveRedirection-Applicability-End -->
 
 <!-- DoNotAllowDriveRedirection-OmaUri-Begin -->
@@ -224,7 +224,7 @@ By default, an RD Session Host server maps client drives automatically upon conn
 <!-- DoNotAllowPasswordSaving-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DoNotAllowPasswordSaving-Applicability-End -->
 
 <!-- DoNotAllowPasswordSaving-OmaUri-Begin -->
@@ -283,7 +283,7 @@ Controls whether passwords can be saved on this computer from Remote Desktop Con
 <!-- DoNotAllowWebAuthnRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DoNotAllowWebAuthnRedirection-Applicability-End -->
 
 <!-- DoNotAllowWebAuthnRedirection-OmaUri-Begin -->
@@ -344,7 +344,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- PromptForPasswordUponConnection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PromptForPasswordUponConnection-Applicability-End -->
 
 <!-- PromptForPasswordUponConnection-OmaUri-Begin -->
@@ -409,7 +409,7 @@ By default, Remote Desktop Services allows users to automatically log on by ente
 <!-- RequireSecureRPCCommunication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RequireSecureRPCCommunication-Applicability-End -->
 
 <!-- RequireSecureRPCCommunication-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index f4e0321dcb..1a0bbae405 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteManagement Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowBasicAuthentication_Client-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowBasicAuthentication_Client-Applicability-End -->
 
 <!-- AllowBasicAuthentication_Client-OmaUri-Begin -->
@@ -87,7 +87,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- AllowBasicAuthentication_Service-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowBasicAuthentication_Service-Applicability-End -->
 
 <!-- AllowBasicAuthentication_Service-OmaUri-Begin -->
@@ -146,7 +146,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- AllowCredSSPAuthenticationClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowCredSSPAuthenticationClient-Applicability-End -->
 
 <!-- AllowCredSSPAuthenticationClient-OmaUri-Begin -->
@@ -205,7 +205,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- AllowCredSSPAuthenticationService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowCredSSPAuthenticationService-Applicability-End -->
 
 <!-- AllowCredSSPAuthenticationService-OmaUri-Begin -->
@@ -264,7 +264,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- AllowRemoteServerManagement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowRemoteServerManagement-Applicability-End -->
 
 <!-- AllowRemoteServerManagement-OmaUri-Begin -->
@@ -336,7 +336,7 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3. FFE:FFFF:7654:
 <!-- AllowUnencryptedTraffic_Client-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowUnencryptedTraffic_Client-Applicability-End -->
 
 <!-- AllowUnencryptedTraffic_Client-OmaUri-Begin -->
@@ -395,7 +395,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- AllowUnencryptedTraffic_Service-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowUnencryptedTraffic_Service-Applicability-End -->
 
 <!-- AllowUnencryptedTraffic_Service-OmaUri-Begin -->
@@ -454,7 +454,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- DisallowDigestAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisallowDigestAuthentication-Applicability-End -->
 
 <!-- DisallowDigestAuthentication-OmaUri-Begin -->
@@ -513,7 +513,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- DisallowNegotiateAuthenticationClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisallowNegotiateAuthenticationClient-Applicability-End -->
 
 <!-- DisallowNegotiateAuthenticationClient-OmaUri-Begin -->
@@ -572,7 +572,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- DisallowNegotiateAuthenticationService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisallowNegotiateAuthenticationService-Applicability-End -->
 
 <!-- DisallowNegotiateAuthenticationService-OmaUri-Begin -->
@@ -631,7 +631,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- DisallowStoringOfRunAsCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisallowStoringOfRunAsCredentials-Applicability-End -->
 
 <!-- DisallowStoringOfRunAsCredentials-OmaUri-Begin -->
@@ -692,7 +692,7 @@ If you enable and then disable this policy setting,any values that were previous
 <!-- SpecifyChannelBindingTokenHardeningLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyChannelBindingTokenHardeningLevel-Applicability-End -->
 
 <!-- SpecifyChannelBindingTokenHardeningLevel-OmaUri-Begin -->
@@ -757,7 +757,7 @@ If HardeningLevel is set to None, all requests are accepted (though they aren't
 <!-- TrustedHosts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- TrustedHosts-Applicability-End -->
 
 <!-- TrustedHosts-OmaUri-Begin -->
@@ -816,7 +816,7 @@ This policy setting allows you to manage whether the Windows Remote Management (
 <!-- TurnOnCompatibilityHTTPListener-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- TurnOnCompatibilityHTTPListener-Applicability-End -->
 
 <!-- TurnOnCompatibilityHTTPListener-OmaUri-Begin -->
@@ -879,7 +879,7 @@ A listener might be automatically created on port 80 to ensure backward compatib
 <!-- TurnOnCompatibilityHTTPSListener-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- TurnOnCompatibilityHTTPSListener-Applicability-End -->
 
 <!-- TurnOnCompatibilityHTTPSListener-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 80c58897c8..c939be5ef0 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteProcedureCall Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- RestrictUnauthenticatedRPCClients-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RestrictUnauthenticatedRPCClients-Applicability-End -->
 
 <!-- RestrictUnauthenticatedRPCClients-OmaUri-Begin -->
@@ -99,7 +99,7 @@ This policy setting impacts all RPC applications. In a domain environment this p
 <!-- RPCEndpointMapperClientAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- RPCEndpointMapperClientAuthentication-Applicability-End -->
 
 <!-- RPCEndpointMapperClientAuthentication-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 44a9a553c4..95deedc15b 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteShell Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowRemoteShellAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowRemoteShellAccess-Applicability-End -->
 
 <!-- AllowRemoteShellAccess-OmaUri-Begin -->
@@ -87,7 +87,7 @@ If you set this policy to 'disabled', new remote shell connections are rejected
 <!-- MaxConcurrentUsers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- MaxConcurrentUsers-Applicability-End -->
 
 <!-- MaxConcurrentUsers-OmaUri-Begin -->
@@ -147,7 +147,7 @@ The value can be any number from 1 to 100.
 <!-- SpecifyIdleTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyIdleTimeout-Applicability-End -->
 
 <!-- SpecifyIdleTimeout-OmaUri-Begin -->
@@ -207,7 +207,7 @@ Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 mi
 <!-- SpecifyMaxMemory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyMaxMemory-Applicability-End -->
 
 <!-- SpecifyMaxMemory-OmaUri-Begin -->
@@ -267,7 +267,7 @@ Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, whic
 <!-- SpecifyMaxProcesses-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyMaxProcesses-Applicability-End -->
 
 <!-- SpecifyMaxProcesses-OmaUri-Begin -->
@@ -325,7 +325,7 @@ This policy setting configures the maximum number of processes a remote shell is
 <!-- SpecifyMaxRemoteShells-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyMaxRemoteShells-Applicability-End -->
 
 <!-- SpecifyMaxRemoteShells-OmaUri-Begin -->
@@ -385,7 +385,7 @@ Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of s
 <!-- SpecifyShellTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- SpecifyShellTimeout-Applicability-End -->
 
 <!-- SpecifyShellTimeout-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 2cdf2bb1cc..69710b569d 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -4,7 +4,7 @@ description: Learn more about the RestrictedGroups Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -31,7 +31,7 @@ ms.topic: reference
 <!-- ConfigureGroupMembership-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureGroupMembership-Applicability-End -->
 
 <!-- ConfigureGroupMembership-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 550fbeae03..472bb62d54 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -4,7 +4,7 @@ description: Learn more about the Search Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowCloudSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowCloudSearch-Applicability-End -->
 
 <!-- AllowCloudSearch-OmaUri-Begin -->
@@ -91,7 +91,7 @@ Allow search and Cortana to search cloud sources like OneDrive and SharePoint.
 <!-- AllowCortanaInAAD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowCortanaInAAD-Applicability-End -->
 
 <!-- AllowCortanaInAAD-OmaUri-Begin -->
@@ -154,7 +154,7 @@ Allow the cortana opt-in page during windows setup out of the box experience.
 <!-- AllowFindMyFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowFindMyFiles-Applicability-End -->
 
 <!-- AllowFindMyFiles-OmaUri-Begin -->
@@ -214,7 +214,7 @@ This policy controls whether the user can configure search to *Find My Files* mo
 <!-- AllowIndexingEncryptedStoresOrItems-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowIndexingEncryptedStoresOrItems-Applicability-End -->
 
 <!-- AllowIndexingEncryptedStoresOrItems-OmaUri-Begin -->
@@ -293,7 +293,7 @@ The most restrictive value is `0` to not allow indexing of encrypted items.
 <!-- AllowSearchHighlights-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- AllowSearchHighlights-Applicability-End -->
 
 <!-- AllowSearchHighlights-OmaUri-Begin -->
@@ -355,7 +355,7 @@ Disabling this setting turns off search highlights in the start menu search box
 <!-- AllowSearchToUseLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSearchToUseLocation-Applicability-End -->
 
 <!-- AllowSearchToUseLocation-OmaUri-Begin -->
@@ -422,7 +422,7 @@ The most restrictive value is `0` to not allow search to use location.
 <!-- AllowStoringImagesFromVisionSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowStoringImagesFromVisionSearch-Applicability-End -->
 
 <!-- AllowStoringImagesFromVisionSearch-OmaUri-Begin -->
@@ -471,7 +471,7 @@ This policy has been deprecated.
 <!-- AllowUsingDiacritics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowUsingDiacritics-Applicability-End -->
 
 <!-- AllowUsingDiacritics-OmaUri-Begin -->
@@ -545,7 +545,7 @@ The most restrictive value is `0` to not allow the use of diacritics.
 <!-- AllowWindowsIndexer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowWindowsIndexer-Applicability-End -->
 
 <!-- AllowWindowsIndexer-OmaUri-Begin -->
@@ -586,7 +586,7 @@ Allow Windows indexer. Value type is integer.
 <!-- AlwaysUseAutoLangDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AlwaysUseAutoLangDetection-Applicability-End -->
 
 <!-- AlwaysUseAutoLangDetection-OmaUri-Begin -->
@@ -655,7 +655,7 @@ The most restrictive value is `0` to now allow automatic language detection.
 <!-- ConfigureSearchOnTaskbarMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ConfigureSearchOnTaskbarMode-Applicability-End -->
 
 <!-- ConfigureSearchOnTaskbarMode-OmaUri-Begin -->
@@ -730,7 +730,7 @@ This policy setting allows you to configure search on the taskbar.
 <!-- DisableBackoff-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisableBackoff-Applicability-End -->
 
 <!-- DisableBackoff-OmaUri-Begin -->
@@ -793,7 +793,7 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c
 <!-- DisableRemovableDriveIndexing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisableRemovableDriveIndexing-Applicability-End -->
 
 <!-- DisableRemovableDriveIndexing-OmaUri-Begin -->
@@ -860,7 +860,7 @@ This policy setting configures whether or not locations on removable drives can
 <!-- DisableSearch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DisableSearch-Applicability-End -->
 
 <!-- DisableSearch-OmaUri-Begin -->
@@ -926,7 +926,7 @@ This policy setting configures whether or not locations on removable drives can
 <!-- DoNotUseWebResults-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DoNotUseWebResults-Applicability-End -->
 
 <!-- DoNotUseWebResults-OmaUri-Begin -->
@@ -995,7 +995,7 @@ This policy setting allows you to control whether or not Search can perform quer
 <!-- PreventIndexingLowDiskSpaceMB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PreventIndexingLowDiskSpaceMB-Applicability-End -->
 
 <!-- PreventIndexingLowDiskSpaceMB-OmaUri-Begin -->
@@ -1057,7 +1057,7 @@ Enabling this policy prevents indexing from continuing after less than the speci
 <!-- PreventRemoteQueries-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PreventRemoteQueries-Applicability-End -->
 
 <!-- PreventRemoteQueries-OmaUri-Begin -->
@@ -1123,7 +1123,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus
 <!-- SafeSearchPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- SafeSearchPermissions-Applicability-End -->
 
 <!-- SafeSearchPermissions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index e4f0dfb401..f29783c6d0 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -4,7 +4,7 @@ description: Learn more about the Security Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAddProvisioningPackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAddProvisioningPackage-Applicability-End -->
 
 <!-- AllowAddProvisioningPackage-OmaUri-Begin -->
@@ -78,7 +78,7 @@ Specifies whether to allow the runtime configuration agent to install provisioni
 <!-- AllowManualRootCertificateInstallation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowManualRootCertificateInstallation-Applicability-End -->
 
 <!-- AllowManualRootCertificateInstallation-OmaUri-Begin -->
@@ -127,7 +127,7 @@ This policy is deprecated.
 <!-- AllowRemoveProvisioningPackage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowRemoveProvisioningPackage-Applicability-End -->
 
 <!-- AllowRemoveProvisioningPackage-OmaUri-Begin -->
@@ -179,7 +179,7 @@ Specifies whether to allow the runtime configuration agent to remove provisionin
 <!-- AntiTheftMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AntiTheftMode-Applicability-End -->
 
 <!-- AntiTheftMode-OmaUri-Begin -->
@@ -228,7 +228,7 @@ This policy is deprecated.
 <!-- ClearTPMIfNotReady-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ClearTPMIfNotReady-Applicability-End -->
 
 <!-- ClearTPMIfNotReady-OmaUri-Begin -->
@@ -291,7 +291,7 @@ This policy setting configures the system to prompt the user to clear the TPM if
 <!-- ConfigureWindowsPasswords-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureWindowsPasswords-Applicability-End -->
 
 <!-- ConfigureWindowsPasswords-OmaUri-Begin -->
@@ -343,7 +343,7 @@ Configures the use of passwords for Windows features.
 <!-- PreventAutomaticDeviceEncryptionForAzureADJoinedDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PreventAutomaticDeviceEncryptionForAzureADJoinedDevices-Applicability-End -->
 
 <!-- PreventAutomaticDeviceEncryptionForAzureADJoinedDevices-OmaUri-Begin -->
@@ -394,7 +394,7 @@ For more information, see [BitLocker Device Encryption](/windows/security/inform
 <!-- RecoveryEnvironmentAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- RecoveryEnvironmentAuthentication-Applicability-End -->
 
 <!-- RecoveryEnvironmentAuthentication-OmaUri-Begin -->
@@ -469,7 +469,7 @@ The following table shows what behavior is expected for the policy settings with
 <!-- RequireDeviceEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- RequireDeviceEncryption-Applicability-End -->
 
 <!-- RequireDeviceEncryption-OmaUri-Begin -->
@@ -518,7 +518,7 @@ Allows enterprise to turn on internal storage encryption. Most restricted value
 <!-- RequireProvisioningPackageSignature-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- RequireProvisioningPackageSignature-Applicability-End -->
 
 <!-- RequireProvisioningPackageSignature-OmaUri-Begin -->
@@ -567,7 +567,7 @@ Specifies whether provisioning packages must have a certificate signed by a devi
 <!-- RequireRetrieveHealthCertificateOnBoot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- RequireRetrieveHealthCertificateOnBoot-Applicability-End -->
 
 <!-- RequireRetrieveHealthCertificateOnBoot-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 9154d2d243..73dbb1343a 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -4,7 +4,7 @@ description: Learn more about the ServiceControlManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- SvchostProcessMitigation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- SvchostProcessMitigation-Applicability-End -->
 
 <!-- SvchostProcessMitigation-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 8ed5d9c722..9f5437e695 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -4,7 +4,7 @@ description: Learn more about the Settings Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAutoPlay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAutoPlay-Applicability-End -->
 
 <!-- AllowAutoPlay-OmaUri-Begin -->
@@ -78,7 +78,7 @@ Allows the user to change Auto Play settings.
 <!-- AllowDataSense-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDataSense-Applicability-End -->
 
 <!-- AllowDataSense-OmaUri-Begin -->
@@ -130,7 +130,7 @@ Allows the user to change Data Sense settings.
 <!-- AllowDateTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowDateTime-Applicability-End -->
 
 <!-- AllowDateTime-OmaUri-Begin -->
@@ -179,7 +179,7 @@ Allows the user to change date and time settings.
 <!-- AllowEditDeviceName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowEditDeviceName-Applicability-End -->
 
 <!-- AllowEditDeviceName-OmaUri-Begin -->
@@ -228,7 +228,7 @@ Allows the user to edit the device name.
 <!-- AllowLanguage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowLanguage-Applicability-End -->
 
 <!-- AllowLanguage-OmaUri-Begin -->
@@ -277,7 +277,7 @@ Allows the user to change the language settings.
 <!-- AllowOnlineTips-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowOnlineTips-Applicability-End -->
 
 <!-- AllowOnlineTips-OmaUri-Begin -->
@@ -342,7 +342,7 @@ If disabled, Settings won't contact Microsoft content services to retrieve tips
 <!-- AllowPowerSleep-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowPowerSleep-Applicability-End -->
 
 <!-- AllowPowerSleep-OmaUri-Begin -->
@@ -391,7 +391,7 @@ Allows the user to change power and sleep settings.
 <!-- AllowRegion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowRegion-Applicability-End -->
 
 <!-- AllowRegion-OmaUri-Begin -->
@@ -440,7 +440,7 @@ Allows the user to change the region settings.
 <!-- AllowSignInOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowSignInOptions-Applicability-End -->
 
 <!-- AllowSignInOptions-OmaUri-Begin -->
@@ -489,7 +489,7 @@ Allows the user to change sign-in options.
 <!-- AllowVPN-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowVPN-Applicability-End -->
 
 <!-- AllowVPN-OmaUri-Begin -->
@@ -538,7 +538,7 @@ Allows the user to change VPN settings.
 <!-- AllowWorkplace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowWorkplace-Applicability-End -->
 
 <!-- AllowWorkplace-OmaUri-Begin -->
@@ -587,7 +587,7 @@ Allows user to change workplace settings.
 <!-- AllowYourAccount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowYourAccount-Applicability-End -->
 
 <!-- AllowYourAccount-OmaUri-Begin -->
@@ -636,7 +636,7 @@ Allows user to change account settings.
 <!-- ConfigureTaskbarCalendar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ConfigureTaskbarCalendar-Applicability-End -->
 
 <!-- ConfigureTaskbarCalendar-OmaUri-Begin -->
@@ -707,7 +707,7 @@ By default, the calendar is set according to the locale of the operating system,
 <!-- PageVisibilityList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PageVisibilityList-Applicability-End -->
 
 <!-- PageVisibilityList-OmaUri-Begin -->
@@ -735,15 +735,15 @@ showonly:about;bluetooth.
 Example: to specify that only the Bluetooth page (which has URI ms-settings:bluetooth) should be hidden:
 
 hide:bluetooth.
-
-The availability of per-user support is documented here: <https://go.microsoft.com/fwlink/?linkid=2102995>
 <!-- PageVisibilityList-Description-End -->
 
 <!-- PageVisibilityList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-
 For more information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
 
+> [!WARNING]
+> In Windows 11, version 22H2 and later, when you configure this policy to hide any pages that contain `quietmoments` in the URI (for example, `ms-settings:quietmomentsgame`), the Notifications page under System category is hidden.
+
 To validate this policy, use the following steps:
 
 1. In the Settings app, open **System** and verify that the **About** page is visible and accessible.
diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md
index af01fa3e6c..954bbaeaf2 100644
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@@ -4,7 +4,7 @@ description: Learn more about the SettingsSync Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- DisableAccessibilitySettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DisableAccessibilitySettingSync-Applicability-End -->
 
 <!-- DisableAccessibilitySettingSync-OmaUri-Begin -->
@@ -91,7 +91,7 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 <!-- DisableLanguageSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DisableLanguageSettingSync-Applicability-End -->
 
 <!-- DisableLanguageSettingSync-OmaUri-Begin -->
@@ -101,7 +101,14 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 <!-- DisableLanguageSettingSync-OmaUri-End -->
 
 <!-- DisableLanguageSettingSync-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
+Prevent the "language preferences" group from syncing to and from this PC. This turns off and disables the "languages preferences" group on the "Windows backup" settings page in PC settings.
+
+If you enable this policy setting, the "language preferences", group won't be synced.
+
+Use the option "Allow users to turn language preferences syncing on" so that syncing is turned off by default but not disabled.
+
+If you don't set or disable this setting, syncing of the "language preferences" group is on by default and configurable by the user.
 <!-- DisableLanguageSettingSync-Description-End -->
 
 <!-- DisableLanguageSettingSync-Editable-Begin -->
@@ -118,7 +125,6 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 <!-- DisableLanguageSettingSync-DFProperties-End -->
 
 <!-- DisableLanguageSettingSync-AdmxBacked-Begin -->
-<!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 
 **ADMX mapping**:
@@ -126,6 +132,11 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 | Name | Value |
 |:--|:--|
 | Name | DisableLanguageSettingSync |
+| Friendly Name | Do not sync language preferences settings |
+| Location | Computer Configuration |
+| Path | Windows Components > Sync your settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows\SettingSync |
+| Registry Value Name | DisableLanguageSettingSync |
 | ADMX File Name | SettingSync.admx |
 <!-- DisableLanguageSettingSync-AdmxBacked-End -->
 
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 65fcee902c..a59c0981e8 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -4,7 +4,7 @@ description: Learn more about the SmartScreen Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableAppInstallControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EnableAppInstallControl-Applicability-End -->
 
 <!-- EnableAppInstallControl-OmaUri-Begin -->
@@ -105,7 +105,7 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot
 <!-- EnableSmartScreenInShell-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EnableSmartScreenInShell-Applicability-End -->
 
 <!-- EnableSmartScreenInShell-OmaUri-Begin -->
@@ -183,7 +183,7 @@ Some information is sent to Microsoft about files and programs run on PCs with t
 <!-- PreventOverrideForFilesInShell-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PreventOverrideForFilesInShell-Applicability-End -->
 
 <!-- PreventOverrideForFilesInShell-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index 58eef7e770..bf6e6f78d4 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -4,7 +4,7 @@ description: Learn more about the Speech Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowSpeechModelUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowSpeechModelUpdate-Applicability-End -->
 
 <!-- AllowSpeechModelUpdate-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index a4e21ea68d..a62fd83d3f 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -4,7 +4,7 @@ description: Learn more about the Start Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowPinnedFolderDocuments-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderDocuments-Applicability-End -->
 
 <!-- AllowPinnedFolderDocuments-OmaUri-Begin -->
@@ -76,7 +76,7 @@ This policy controls the visibility of the Documents shortcut on the Start menu.
 <!-- AllowPinnedFolderDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderDownloads-Applicability-End -->
 
 <!-- AllowPinnedFolderDownloads-OmaUri-Begin -->
@@ -126,7 +126,7 @@ This policy controls the visibility of the Downloads shortcut on the Start menu.
 <!-- AllowPinnedFolderFileExplorer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderFileExplorer-Applicability-End -->
 
 <!-- AllowPinnedFolderFileExplorer-OmaUri-Begin -->
@@ -176,7 +176,7 @@ This policy controls the visibility of the File Explorer shortcut on the Start m
 <!-- AllowPinnedFolderHomeGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderHomeGroup-Applicability-End -->
 
 <!-- AllowPinnedFolderHomeGroup-OmaUri-Begin -->
@@ -226,7 +226,7 @@ This policy controls the visibility of the HomeGroup shortcut on the Start menu.
 <!-- AllowPinnedFolderMusic-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderMusic-Applicability-End -->
 
 <!-- AllowPinnedFolderMusic-OmaUri-Begin -->
@@ -276,7 +276,7 @@ This policy controls the visibility of the Music shortcut on the Start menu. The
 <!-- AllowPinnedFolderNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderNetwork-Applicability-End -->
 
 <!-- AllowPinnedFolderNetwork-OmaUri-Begin -->
@@ -326,7 +326,7 @@ This policy controls the visibility of the Network shortcut on the Start menu. T
 <!-- AllowPinnedFolderPersonalFolder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderPersonalFolder-Applicability-End -->
 
 <!-- AllowPinnedFolderPersonalFolder-OmaUri-Begin -->
@@ -376,7 +376,7 @@ This policy controls the visibility of the PersonalFolder shortcut on the Start
 <!-- AllowPinnedFolderPictures-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderPictures-Applicability-End -->
 
 <!-- AllowPinnedFolderPictures-OmaUri-Begin -->
@@ -426,7 +426,7 @@ This policy controls the visibility of the Pictures shortcut on the Start menu.
 <!-- AllowPinnedFolderSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderSettings-Applicability-End -->
 
 <!-- AllowPinnedFolderSettings-OmaUri-Begin -->
@@ -476,7 +476,7 @@ This policy controls the visibility of the Settings shortcut on the Start menu.
 <!-- AllowPinnedFolderVideos-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowPinnedFolderVideos-Applicability-End -->
 
 <!-- AllowPinnedFolderVideos-OmaUri-Begin -->
@@ -526,7 +526,7 @@ This policy controls the visibility of the Videos shortcut on the Start menu. Th
 <!-- ConfigureStartPins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureStartPins-Applicability-End -->
 
 <!-- ConfigureStartPins-OmaUri-Begin -->
@@ -584,7 +584,7 @@ This string policy takes a JSON file named `LayoutModification.json`. The file e
 <!-- DisableContextMenus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DisableContextMenus-Applicability-End -->
 
 <!-- DisableContextMenus-OmaUri-Begin -->
@@ -653,7 +653,7 @@ If you enable this policy, then invocations of context menus within the Start Me
 <!-- DisableControlCenter-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DisableControlCenter-Applicability-End -->
 
 <!-- DisableControlCenter-OmaUri-Begin -->
@@ -721,7 +721,7 @@ A reboot is required for this policy setting to take effect.
 <!-- DisableEditingQuickSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- DisableEditingQuickSettings-Applicability-End -->
 
 <!-- DisableEditingQuickSettings-OmaUri-Begin -->
@@ -787,7 +787,7 @@ A reboot is required for this policy setting to take effect.
 <!-- ForceStartSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ForceStartSize-Applicability-End -->
 
 <!-- ForceStartSize-OmaUri-Begin -->
@@ -859,7 +859,7 @@ If there's a policy configuration conflict, the latest configuration request is
 <!-- HideAppList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideAppList-Applicability-End -->
 
 <!-- HideAppList-OmaUri-Begin -->
@@ -931,7 +931,7 @@ To validate this policy, do the following steps:
 <!-- HideChangeAccountSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideChangeAccountSettings-Applicability-End -->
 
 <!-- HideChangeAccountSettings-OmaUri-Begin -->
@@ -974,13 +974,75 @@ Enabling this policy hides "Change account settings" from appearing in the user
 
 <!-- HideChangeAccountSettings-End -->
 
+<!-- HideCopilotButton-Begin -->
+## HideCopilotButton
+
+<!-- HideCopilotButton-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
+<!-- HideCopilotButton-Applicability-End -->
+
+<!-- HideCopilotButton-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/Start/HideCopilotButton
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Start/HideCopilotButton
+```
+<!-- HideCopilotButton-OmaUri-End -->
+
+<!-- HideCopilotButton-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting allows you to hide the Copilot button on the Taskbar. If you enable this policy setting, the Copilot button will be hidden and the Settings toggle will be disabled.
+<!-- HideCopilotButton-Description-End -->
+
+<!-- HideCopilotButton-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- HideCopilotButton-Editable-End -->
+
+<!-- HideCopilotButton-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- HideCopilotButton-DFProperties-End -->
+
+<!-- HideCopilotButton-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Copilot button shown. |
+| 1 | Copilot button hidden. |
+<!-- HideCopilotButton-AllowedValues-End -->
+
+<!-- HideCopilotButton-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | HideCopilotButton |
+| Path | Taskbar > AT > StartMenu |
+<!-- HideCopilotButton-GpMapping-End -->
+
+<!-- HideCopilotButton-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- HideCopilotButton-Examples-End -->
+
+<!-- HideCopilotButton-End -->
+
 <!-- HideFrequentlyUsedApps-Begin -->
 ## HideFrequentlyUsedApps
 
 <!-- HideFrequentlyUsedApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideFrequentlyUsedApps-Applicability-End -->
 
 <!-- HideFrequentlyUsedApps-OmaUri-Begin -->
@@ -1062,7 +1124,7 @@ To validate this policy, do the following steps:
 <!-- HideHibernate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideHibernate-Applicability-End -->
 
 <!-- HideHibernate-OmaUri-Begin -->
@@ -1114,7 +1176,7 @@ Enabling this policy hides "Hibernate" from appearing in the power button in the
 <!-- HideLock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideLock-Applicability-End -->
 
 <!-- HideLock-OmaUri-Begin -->
@@ -1164,7 +1226,7 @@ Enabling this policy hides "Lock" from appearing in the user tile in the start m
 <!-- HidePeopleBar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- HidePeopleBar-Applicability-End -->
 
 <!-- HidePeopleBar-OmaUri-Begin -->
@@ -1229,7 +1291,7 @@ If you enable this policy the people icon will be removed from the taskbar, the
 <!-- HidePowerButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HidePowerButton-Applicability-End -->
 
 <!-- HidePowerButton-OmaUri-Begin -->
@@ -1281,7 +1343,7 @@ Enabling this policy hides the power button from appearing in the start menu.
 <!-- HideRecentJumplists-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideRecentJumplists-Applicability-End -->
 
 <!-- HideRecentJumplists-OmaUri-Begin -->
@@ -1349,7 +1411,7 @@ To validate this policy, do the following steps:
 <!-- HideRecentlyAddedApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideRecentlyAddedApps-Applicability-End -->
 
 <!-- HideRecentlyAddedApps-OmaUri-Begin -->
@@ -1430,7 +1492,7 @@ To validate this policy, do the following steps:
 <!-- HideRecommendedPersonalizedSites-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- HideRecommendedPersonalizedSites-Applicability-End -->
 
 <!-- HideRecommendedPersonalizedSites-OmaUri-Begin -->
@@ -1444,8 +1506,8 @@ To validate this policy, do the following steps:
 <!-- HideRecommendedPersonalizedSites-OmaUri-End -->
 
 <!-- HideRecommendedPersonalizedSites-Description-Begin -->
-<!-- Description-Source-DDF -->
-This policy setting allows you to hide the personalized websites in the recommended section of the Start Menu. If you enable this policy setting, the Start Menu will no longer show personalized website recommendations in the recommended section of the start menu.
+<!-- Description-Source-ADMX -->
+Remove Personalized Website Recommendations from the Recommended section in the Start Menu.
 <!-- HideRecommendedPersonalizedSites-Description-End -->
 
 <!-- HideRecommendedPersonalizedSites-Editable-Begin -->
@@ -1477,7 +1539,12 @@ This policy setting allows you to hide the personalized websites in the recommen
 | Name | Value |
 |:--|:--|
 | Name | HideRecommendedPersonalizedSites |
-| Path | StartMenu > AT > StartMenu |
+| Friendly Name | Remove Personalized Website Recommendations from the Recommended section in the Start Menu |
+| Location | Computer and User Configuration |
+| Path | Start Menu and Taskbar |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
+| Registry Value Name | HideRecommendedPersonalizedSites |
+| ADMX File Name | StartMenu.admx |
 <!-- HideRecommendedPersonalizedSites-GpMapping-End -->
 
 <!-- HideRecommendedPersonalizedSites-Examples-Begin -->
@@ -1492,7 +1559,7 @@ This policy setting allows you to hide the personalized websites in the recommen
 <!-- HideRecommendedSection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- HideRecommendedSection-Applicability-End -->
 
 <!-- HideRecommendedSection-OmaUri-Begin -->
@@ -1561,7 +1628,7 @@ If you enable this policy setting, the Start Menu will no longer show the sectio
 <!-- HideRestart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideRestart-Applicability-End -->
 
 <!-- HideRestart-OmaUri-Begin -->
@@ -1610,7 +1677,7 @@ Enabling this policy hides "Restart/Update and restart" from appearing in the po
 <!-- HideShutDown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideShutDown-Applicability-End -->
 
 <!-- HideShutDown-OmaUri-Begin -->
@@ -1659,7 +1726,7 @@ Enabling this policy hides "Shut down/Update and shut down" from appearing in th
 <!-- HideSignOut-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideSignOut-Applicability-End -->
 
 <!-- HideSignOut-OmaUri-Begin -->
@@ -1709,7 +1776,7 @@ Enabling this policy hides "Sign out" from appearing in the user tile in the sta
 <!-- HideSleep-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideSleep-Applicability-End -->
 
 <!-- HideSleep-OmaUri-Begin -->
@@ -1758,7 +1825,7 @@ Enabling this policy hides "Sleep" from appearing in the power button in the sta
 <!-- HideSwitchAccount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideSwitchAccount-Applicability-End -->
 
 <!-- HideSwitchAccount-OmaUri-Begin -->
@@ -1807,7 +1874,7 @@ Enabling this policy hides "Switch account" from appearing in the user tile in t
 <!-- HideTaskViewButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- HideTaskViewButton-Applicability-End -->
 
 <!-- HideTaskViewButton-OmaUri-Begin -->
@@ -1876,7 +1943,7 @@ If you enable this policy setting, the TaskView button will be hidden and the Se
 <!-- HideUserTile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideUserTile-Applicability-End -->
 
 <!-- HideUserTile-OmaUri-Begin -->
@@ -1928,7 +1995,7 @@ Enabling this policy hides the user tile from appearing in the start menu.
 <!-- ImportEdgeAssets-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ImportEdgeAssets-Applicability-End -->
 
 <!-- ImportEdgeAssets-OmaUri-Begin -->
@@ -1984,7 +2051,7 @@ To validate this policy, do the following steps:
 <!-- NoPinningToTaskbar-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- NoPinningToTaskbar-Applicability-End -->
 
 <!-- NoPinningToTaskbar-OmaUri-Begin -->
@@ -2045,7 +2112,7 @@ To validate this policy, do the following steps:
 <!-- ShowOrHideMostUsedApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ShowOrHideMostUsedApps-Applicability-End -->
 
 <!-- ShowOrHideMostUsedApps-OmaUri-Begin -->
@@ -2120,7 +2187,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window
 <!-- SimplifyQuickSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- SimplifyQuickSettings-Applicability-End -->
 
 <!-- SimplifyQuickSettings-OmaUri-Begin -->
@@ -2186,7 +2253,7 @@ Note configuring this policy to "Show" or "Hide" on supported versions of Window
 <!-- StartLayout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- StartLayout-Applicability-End -->
 
 <!-- StartLayout-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-stickers.md b/windows/client-management/mdm/policy-csp-stickers.md
index 204d831614..9f2e6a4f60 100644
--- a/windows/client-management/mdm/policy-csp-stickers.md
+++ b/windows/client-management/mdm/policy-csp-stickers.md
@@ -4,7 +4,7 @@ description: Learn more about the Stickers Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableStickers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ✅ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableStickers-Applicability-End -->
 
 <!-- EnableStickers-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index 18fc7fc7db..3e241acee7 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -4,7 +4,7 @@ description: Learn more about the Storage Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- AllowDiskHealthModelUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowDiskHealthModelUpdates-Applicability-End -->
 
 <!-- AllowDiskHealthModelUpdates-OmaUri-Begin -->
@@ -103,7 +103,7 @@ Same as Enabled.
 <!-- AllowStorageSenseGlobal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowStorageSenseGlobal-Applicability-End -->
 
 <!-- AllowStorageSenseGlobal-OmaUri-Begin -->
@@ -178,7 +178,7 @@ By default, Storage Sense is turned off until the user runs into low disk space
 <!-- AllowStorageSenseTemporaryFilesCleanup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowStorageSenseTemporaryFilesCleanup-Applicability-End -->
 
 <!-- AllowStorageSenseTemporaryFilesCleanup-OmaUri-Begin -->
@@ -255,7 +255,7 @@ By default, Storage Sense will delete the user's temporary files. Users can conf
 <!-- ConfigStorageSenseCloudContentDehydrationThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigStorageSenseCloudContentDehydrationThreshold-Applicability-End -->
 
 <!-- ConfigStorageSenseCloudContentDehydrationThreshold-OmaUri-Begin -->
@@ -321,7 +321,7 @@ By default, Storage Sense won't dehydrate any cloud-backed content. Users can co
 <!-- ConfigStorageSenseDownloadsCleanupThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigStorageSenseDownloadsCleanupThreshold-Applicability-End -->
 
 <!-- ConfigStorageSenseDownloadsCleanupThreshold-OmaUri-Begin -->
@@ -387,7 +387,7 @@ By default, Storage Sense won't delete files in the user's Downloads folder. Use
 <!-- ConfigStorageSenseGlobalCadence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigStorageSenseGlobalCadence-Applicability-End -->
 
 <!-- ConfigStorageSenseGlobalCadence-OmaUri-Begin -->
@@ -458,7 +458,7 @@ Use the following integer values for the supported options:
 <!-- ConfigStorageSenseRecycleBinCleanupThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigStorageSenseRecycleBinCleanupThreshold-Applicability-End -->
 
 <!-- ConfigStorageSenseRecycleBinCleanupThreshold-OmaUri-Begin -->
@@ -524,7 +524,7 @@ By default, Storage Sense will delete files in the user's Recycle Bin that have
 <!-- EnhancedStorageDevices-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EnhancedStorageDevices-Applicability-End -->
 
 <!-- EnhancedStorageDevices-OmaUri-Begin -->
@@ -583,7 +583,7 @@ This policy setting configures whether or not Windows will activate an Enhanced
 <!-- RemovableDiskDenyWriteAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- RemovableDiskDenyWriteAccess-Applicability-End -->
 
 <!-- RemovableDiskDenyWriteAccess-OmaUri-Begin -->
@@ -652,7 +652,7 @@ This policy setting denies write access to removable disks.
 <!-- WPDDevicesDenyReadAccessPerDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevicesDenyReadAccessPerDevice-Applicability-End -->
 
 <!-- WPDDevicesDenyReadAccessPerDevice-OmaUri-Begin -->
@@ -722,7 +722,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an
 <!-- WPDDevicesDenyReadAccessPerUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevicesDenyReadAccessPerUser-Applicability-End -->
 
 <!-- WPDDevicesDenyReadAccessPerUser-OmaUri-Begin -->
@@ -792,7 +792,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an
 <!-- WPDDevicesDenyWriteAccessPerDevice-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevicesDenyWriteAccessPerDevice-Applicability-End -->
 
 <!-- WPDDevicesDenyWriteAccessPerDevice-OmaUri-Begin -->
@@ -862,7 +862,7 @@ To enable this policy, the minimum OS requirement is Windows 10, version 1809 an
 <!-- WPDDevicesDenyWriteAccessPerUser-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- WPDDevicesDenyWriteAccessPerUser-Applicability-End -->
 
 <!-- WPDDevicesDenyWriteAccessPerUser-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 3675d15cfb..20532820a0 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -4,7 +4,7 @@ description: Learn more about the System Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- AllowBuildPreview-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowBuildPreview-Applicability-End -->
 
 <!-- AllowBuildPreview-OmaUri-Begin -->
@@ -100,7 +100,7 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage
 <!-- AllowCommercialDataPipeline-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowCommercialDataPipeline-Applicability-End -->
 
 <!-- AllowCommercialDataPipeline-OmaUri-Begin -->
@@ -111,6 +111,8 @@ This policy is only supported up to Windows 10, Version 1703. Please use 'Manage
 
 <!-- AllowCommercialDataPipeline-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 AllowCommercialDataPipeline configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -120,7 +122,7 @@ To enable this behavior:
 
 Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device.
 
-If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing".
+If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at <https://go.microsoft.com/fwlink/?LinkId=521839> unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing'.
 
 See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 <!-- AllowCommercialDataPipeline-Description-End -->
@@ -130,8 +132,8 @@ See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for i
 > [!NOTE]
 > Configuring this setting doesn't affect the operation of optional analytics processor services like Desktop Analytics and Windows Update for Business reports.
 
-> [!IMPORTANT]
-> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> [!NOTE]
+> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Enable Windows diagnostic data processor configuration](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration).
 <!-- AllowCommercialDataPipeline-Editable-End -->
 
 <!-- AllowCommercialDataPipeline-DFProperties-Begin -->
@@ -178,7 +180,7 @@ See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for i
 <!-- AllowDesktopAnalyticsProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowDesktopAnalyticsProcessing-Applicability-End -->
 
 <!-- AllowDesktopAnalyticsProcessing-OmaUri-Begin -->
@@ -189,6 +191,8 @@ See the documentation at <https://go.microsoft.com/fwlink/?linkid=2011107> for i
 
 <!-- AllowDesktopAnalyticsProcessing-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -206,8 +210,8 @@ This setting has no effect on devices unless they're properly enrolled in Deskto
 
 <!-- AllowDesktopAnalyticsProcessing-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!IMPORTANT]
-> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> [!NOTE]
+> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Enable Windows diagnostic data processor configuration](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration).
 <!-- AllowDesktopAnalyticsProcessing-Editable-End -->
 
 <!-- AllowDesktopAnalyticsProcessing-DFProperties-Begin -->
@@ -254,7 +258,7 @@ This setting has no effect on devices unless they're properly enrolled in Deskto
 <!-- AllowDeviceNameInDiagnosticData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowDeviceNameInDiagnosticData-Applicability-End -->
 
 <!-- AllowDeviceNameInDiagnosticData-OmaUri-Begin -->
@@ -318,7 +322,7 @@ If you disable or don't configure this policy setting, then device name won't be
 <!-- AllowEmbeddedMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowEmbeddedMode-Applicability-End -->
 
 <!-- AllowEmbeddedMode-OmaUri-Begin -->
@@ -367,7 +371,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri
 <!-- AllowExperimentation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowExperimentation-Applicability-End -->
 
 <!-- AllowExperimentation-OmaUri-Begin -->
@@ -419,7 +423,7 @@ Specifies whether set general purpose device to be in embedded mode. Most restri
 <!-- AllowFontProviders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowFontProviders-Applicability-End -->
 
 <!-- AllowFontProviders-OmaUri-Begin -->
@@ -494,7 +498,7 @@ This setting is used by lower-level components for text display and fond handlin
 <!-- AllowLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowLocation-Applicability-End -->
 
 <!-- AllowLocation-OmaUri-Begin -->
@@ -558,7 +562,7 @@ Specifies whether to allow app access to the Location service. Most restricted v
 <!-- AllowMicrosoftManagedDesktopProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowMicrosoftManagedDesktopProcessing-Applicability-End -->
 
 <!-- AllowMicrosoftManagedDesktopProcessing-OmaUri-Begin -->
@@ -578,8 +582,8 @@ This setting has no effect on devices unless they're properly enrolled in Micros
 
 <!-- AllowMicrosoftManagedDesktopProcessing-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!IMPORTANT]
-> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> [!NOTE]
+> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Enable Windows diagnostic data processor configuration](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration).
 <!-- AllowMicrosoftManagedDesktopProcessing-Editable-End -->
 
 <!-- AllowMicrosoftManagedDesktopProcessing-DFProperties-Begin -->
@@ -613,7 +617,7 @@ This setting has no effect on devices unless they're properly enrolled in Micros
 <!-- AllowStorageCard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowStorageCard-Applicability-End -->
 
 <!-- AllowStorageCard-OmaUri-Begin -->
@@ -662,7 +666,7 @@ Controls whether the user is allowed to use the storage card for device storage.
 <!-- AllowTelemetry-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowTelemetry-Applicability-End -->
 
 <!-- AllowTelemetry-OmaUri-Begin -->
@@ -687,9 +691,8 @@ By configuring this policy setting you can adjust what diagnostic data is collec
 
 If you disable or don't configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app.
 
-Note:
-
-The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings.
+> [!NOTE]
+> The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings.
 <!-- AllowTelemetry-Description-End -->
 
 <!-- AllowTelemetry-Editable-Begin -->
@@ -741,7 +744,7 @@ The "Configure diagnostic data opt-in settings user interface" group policy can
 <!-- AllowUpdateComplianceProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowUpdateComplianceProcessing-Applicability-End -->
 
 <!-- AllowUpdateComplianceProcessing-OmaUri-Begin -->
@@ -752,6 +755,8 @@ The "Configure diagnostic data opt-in settings user interface" group policy can
 
 <!-- AllowUpdateComplianceProcessing-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -769,8 +774,8 @@ If you disable or don't configure this policy setting, devices won't appear in U
 
 <!-- AllowUpdateComplianceProcessing-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!IMPORTANT]
-> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> [!NOTE]
+> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Enable Windows diagnostic data processor configuration](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration).
 <!-- AllowUpdateComplianceProcessing-Editable-End -->
 
 <!-- AllowUpdateComplianceProcessing-DFProperties-Begin -->
@@ -817,7 +822,7 @@ If you disable or don't configure this policy setting, devices won't appear in U
 <!-- AllowUserToResetPhone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowUserToResetPhone-Applicability-End -->
 
 <!-- AllowUserToResetPhone-OmaUri-Begin -->
@@ -866,7 +871,7 @@ Specifies whether to allow the user to factory reset the device by using control
 <!-- AllowWUfBCloudProcessing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowWUfBCloudProcessing-Applicability-End -->
 
 <!-- AllowWUfBCloudProcessing-OmaUri-Begin -->
@@ -877,6 +882,8 @@ Specifies whether to allow the user to factory reset the device by using control
 
 <!-- AllowWUfBCloudProcessing-Description-Begin -->
 <!-- Description-Source-ADMX -->
+This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
+
 This policy setting configures an Azure Active Directory joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 
 To enable this behavior:
@@ -893,8 +900,8 @@ If you disable or don't configure this policy setting, devices enrolled to the W
 
 <!-- AllowWUfBCloudProcessing-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!IMPORTANT]
-> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
+> [!NOTE]
+> Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see [Enable Windows diagnostic data processor configuration](/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration).
 <!-- AllowWUfBCloudProcessing-Editable-End -->
 
 <!-- AllowWUfBCloudProcessing-DFProperties-Begin -->
@@ -941,7 +948,7 @@ If you disable or don't configure this policy setting, devices enrolled to the W
 <!-- BootStartDriverInitialization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- BootStartDriverInitialization-Applicability-End -->
 
 <!-- BootStartDriverInitialization-OmaUri-Begin -->
@@ -1010,7 +1017,7 @@ If your malware detection application doesn't include an Early Launch Antimalwar
 <!-- ConfigureMicrosoft365UploadEndpoint-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- ConfigureMicrosoft365UploadEndpoint-Applicability-End -->
 
 <!-- ConfigureMicrosoft365UploadEndpoint-OmaUri-Begin -->
@@ -1067,7 +1074,7 @@ The value for this setting will be provided by Microsoft as part of the onboardi
 <!-- ConfigureTelemetryOptInChangeNotification-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureTelemetryOptInChangeNotification-Applicability-End -->
 
 <!-- ConfigureTelemetryOptInChangeNotification-OmaUri-Begin -->
@@ -1133,7 +1140,7 @@ If you set this policy setting to "Enable diagnostic data change notifications"
 <!-- ConfigureTelemetryOptInSettingsUx-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureTelemetryOptInSettingsUx-Applicability-End -->
 
 <!-- ConfigureTelemetryOptInSettingsUx-OmaUri-Begin -->
@@ -1150,9 +1157,8 @@ If you set this policy setting to "Disable diagnostic data opt-in settings", dia
 
 If you don't configure this policy setting, or you set it to "Enable diagnostic data opt-in settings", end users can change the device diagnostic settings in the Settings app.
 
-Note:
-
-To set a limit on the amount of diagnostic data that's sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting.
+> [!NOTE]
+> To set a limit on the amount of diagnostic data that's sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting.
 <!-- ConfigureTelemetryOptInSettingsUx-Description-End -->
 
 <!-- ConfigureTelemetryOptInSettingsUx-Editable-Begin -->
@@ -1203,7 +1209,7 @@ To set a limit on the amount of diagnostic data that's sent to Microsoft by your
 <!-- DisableDeviceDelete-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisableDeviceDelete-Applicability-End -->
 
 <!-- DisableDeviceDelete-OmaUri-Begin -->
@@ -1269,7 +1275,7 @@ This policy setting controls whether the Delete diagnostic data button is enable
 <!-- DisableDiagnosticDataViewer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisableDiagnosticDataViewer-Applicability-End -->
 
 <!-- DisableDiagnosticDataViewer-OmaUri-Begin -->
@@ -1335,7 +1341,7 @@ This policy setting controls whether users can enable and launch the Diagnostic
 <!-- DisableDirectXDatabaseUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- DisableDirectXDatabaseUpdate-Applicability-End -->
 
 <!-- DisableDirectXDatabaseUpdate-OmaUri-Begin -->
@@ -1393,7 +1399,7 @@ This group policy allows control over whether the DirectX Database Updater task
 <!-- DisableEnterpriseAuthProxy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableEnterpriseAuthProxy-Applicability-End -->
 
 <!-- DisableEnterpriseAuthProxy-OmaUri-Begin -->
@@ -1455,7 +1461,7 @@ This policy setting blocks the Connected User Experience and Telemetry service f
 <!-- DisableOneDriveFileSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableOneDriveFileSync-Applicability-End -->
 
 <!-- DisableOneDriveFileSync-OmaUri-Begin -->
@@ -1532,7 +1538,7 @@ This policy setting lets you prevent apps and features from working with files o
 <!-- DisableOneSettingsDownloads-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableOneSettingsDownloads-Applicability-End -->
 
 <!-- DisableOneSettingsDownloads-OmaUri-Begin -->
@@ -1598,7 +1604,7 @@ This policy setting controls whether Windows attempts to connect with the OneSet
 <!-- DisableSystemRestore-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableSystemRestore-Applicability-End -->
 
 <!-- DisableSystemRestore-OmaUri-Begin -->
@@ -1663,7 +1669,7 @@ Also, see the "Turn off System Restore configuration" policy setting. If the "Tu
 <!-- EnableOneSettingsAuditing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableOneSettingsAuditing-Applicability-End -->
 
 <!-- EnableOneSettingsAuditing-OmaUri-Begin -->
@@ -1729,7 +1735,7 @@ This policy setting controls whether Windows records attempts to connect with th
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Applicability-End -->
 
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-OmaUri-Begin -->
@@ -1778,7 +1784,7 @@ Diagnostic files created when a feedback is filed in the Feedback Hub app will a
 <!-- HideUnsupportedHardwareNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- HideUnsupportedHardwareNotifications-Applicability-End -->
 
 <!-- HideUnsupportedHardwareNotifications-OmaUri-Begin -->
@@ -1845,7 +1851,7 @@ This policy controls messages which are shown when Windows is running on a devic
 <!-- LimitDiagnosticLogCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LimitDiagnosticLogCollection-Applicability-End -->
 
 <!-- LimitDiagnosticLogCollection-OmaUri-Begin -->
@@ -1911,7 +1917,7 @@ If you disable or don't configure this policy setting, we may occasionally colle
 <!-- LimitDumpCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LimitDumpCollection-Applicability-End -->
 
 <!-- LimitDumpCollection-OmaUri-Begin -->
@@ -1977,7 +1983,7 @@ If you disable or don't configure this policy setting, we may occasionally colle
 <!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- LimitEnhancedDiagnosticDataWindowsAnalytics-Applicability-End -->
 
 <!-- LimitEnhancedDiagnosticDataWindowsAnalytics-OmaUri-Begin -->
@@ -2051,7 +2057,7 @@ If you disable or don't configure this policy setting, diagnostic data collectio
 <!-- TelemetryProxy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- TelemetryProxy-Applicability-End -->
 
 <!-- TelemetryProxy-OmaUri-Begin -->
@@ -2108,7 +2114,7 @@ The format for this setting is `<server>`:`<port>`
 <!-- TurnOffFileHistory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- TurnOffFileHistory-Applicability-End -->
 
 <!-- TurnOffFileHistory-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 86d77f042f..1ba198008c 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -4,7 +4,7 @@ description: Learn more about the SystemServices Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- ConfigureHomeGroupListenerServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureHomeGroupListenerServiceStartupMode-Applicability-End -->
 
 <!-- ConfigureHomeGroupListenerServiceStartupMode-OmaUri-Begin -->
@@ -76,7 +76,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureHomeGroupProviderServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureHomeGroupProviderServiceStartupMode-Applicability-End -->
 
 <!-- ConfigureHomeGroupProviderServiceStartupMode-OmaUri-Begin -->
@@ -126,7 +126,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureXboxAccessoryManagementServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureXboxAccessoryManagementServiceStartupMode-Applicability-End -->
 
 <!-- ConfigureXboxAccessoryManagementServiceStartupMode-OmaUri-Begin -->
@@ -185,7 +185,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureXboxLiveAuthManagerServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureXboxLiveAuthManagerServiceStartupMode-Applicability-End -->
 
 <!-- ConfigureXboxLiveAuthManagerServiceStartupMode-OmaUri-Begin -->
@@ -244,7 +244,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureXboxLiveGameSaveServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureXboxLiveGameSaveServiceStartupMode-Applicability-End -->
 
 <!-- ConfigureXboxLiveGameSaveServiceStartupMode-OmaUri-Begin -->
@@ -303,7 +303,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureXboxLiveNetworkingServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureXboxLiveNetworkingServiceStartupMode-Applicability-End -->
 
 <!-- ConfigureXboxLiveNetworkingServiceStartupMode-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index e98120e09d..9882cd2083 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -4,7 +4,7 @@ description: Learn more about the TaskManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowEndTask-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AllowEndTask-Applicability-End -->
 
 <!-- AllowEndTask-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 04de59a638..61603da719 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -4,7 +4,7 @@ description: Learn more about the TaskScheduler Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableXboxGameSaveTask-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableXboxGameSaveTask-Applicability-End -->
 
 <!-- EnableXboxGameSaveTask-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
index d5880e8a2f..32c6595782 100644
--- a/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
+++ b/windows/client-management/mdm/policy-csp-tenantdefinedtelemetry.md
@@ -4,7 +4,7 @@ description: Learn more about the TenantDefinedTelemetry Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- CustomTelemetryId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ✅ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- CustomTelemetryId-Applicability-End -->
 
 <!-- CustomTelemetryId-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
index 423c7eb410..694ac12553 100644
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@@ -4,7 +4,7 @@ description: Learn more about the TenantRestrictions Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ConfigureTenantRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20348.320] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1320] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1320] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1320] and later <br> ✅ Windows 10, version 21H2 [10.0.19044] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.320] and later <br> ✅ Windows 10, version 2004 [10.0.19041.1320] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1320] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1320] and later <br> ✅ Windows 10, version 21H2 [10.0.19044] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureTenantRestrictions-Applicability-End -->
 
 <!-- ConfigureTenantRestrictions-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 7e5bd5f9ea..49037f5600 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -4,7 +4,7 @@ description: Learn more about the TextInput Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowHardwareKeyboardTextSuggestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowHardwareKeyboardTextSuggestions-Applicability-End -->
 
 <!-- AllowHardwareKeyboardTextSuggestions-OmaUri-Begin -->
@@ -75,7 +75,7 @@ Placeholder only. Don't use in production environment.
 <!-- AllowIMELogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowIMELogging-Applicability-End -->
 
 <!-- AllowIMELogging-OmaUri-Begin -->
@@ -124,7 +124,7 @@ Allows the user to turn on and off the logging for incorrect conversion and savi
 <!-- AllowIMENetworkAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowIMENetworkAccess-Applicability-End -->
 
 <!-- AllowIMENetworkAccess-OmaUri-Begin -->
@@ -173,7 +173,7 @@ Allows the user to turn on Open Extended Dictionary, Internet search integration
 <!-- AllowInputPanel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowInputPanel-Applicability-End -->
 
 <!-- AllowInputPanel-OmaUri-Begin -->
@@ -222,7 +222,7 @@ Allows the IT admin to disable the touch/handwriting keyboard on Windows. Most r
 <!-- AllowJapaneseIMESurrogatePairCharacters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowJapaneseIMESurrogatePairCharacters-Applicability-End -->
 
 <!-- AllowJapaneseIMESurrogatePairCharacters-OmaUri-Begin -->
@@ -271,7 +271,7 @@ Allows the Japanese IME surrogate pair characters. Most restricted value is 0.
 <!-- AllowJapaneseIVSCharacters-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowJapaneseIVSCharacters-Applicability-End -->
 
 <!-- AllowJapaneseIVSCharacters-OmaUri-Begin -->
@@ -320,7 +320,7 @@ Allows Japanese Ideographic Variation Sequence (IVS) characters. Most restricted
 <!-- AllowJapaneseNonPublishingStandardGlyph-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowJapaneseNonPublishingStandardGlyph-Applicability-End -->
 
 <!-- AllowJapaneseNonPublishingStandardGlyph-OmaUri-Begin -->
@@ -369,7 +369,7 @@ Allows the Japanese non-publishing standard glyph. Most restricted value is 0.
 <!-- AllowJapaneseUserDictionary-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowJapaneseUserDictionary-Applicability-End -->
 
 <!-- AllowJapaneseUserDictionary-OmaUri-Begin -->
@@ -418,7 +418,7 @@ Allows the Japanese user dictionary. Most restricted value is 0.
 <!-- AllowKeyboardTextSuggestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowKeyboardTextSuggestions-Applicability-End -->
 
 <!-- AllowKeyboardTextSuggestions-OmaUri-Begin -->
@@ -472,7 +472,7 @@ To validate that text prediction is disabled on Windows 10 for desktop, do the f
 <!-- AllowLanguageFeaturesUninstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowLanguageFeaturesUninstall-Applicability-End -->
 
 <!-- AllowLanguageFeaturesUninstall-OmaUri-Begin -->
@@ -535,7 +535,7 @@ When this policy setting is enabled, some language features (such as handwriting
 <!-- AllowLinguisticDataCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowLinguisticDataCollection-Applicability-End -->
 
 <!-- AllowLinguisticDataCollection-OmaUri-Begin -->
@@ -598,7 +598,7 @@ This policy setting controls the ability to send inking and typing data to Micro
 <!-- AllowTextInputSuggestionUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowTextInputSuggestionUpdate-Applicability-End -->
 
 <!-- AllowTextInputSuggestionUpdate-OmaUri-Begin -->
@@ -647,7 +647,7 @@ Allows the user to turn on or off the automatic downloading of newer versions of
 <!-- ConfigureJapaneseIMEVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ConfigureJapaneseIMEVersion-Applicability-End -->
 
 <!-- ConfigureJapaneseIMEVersion-OmaUri-Begin -->
@@ -722,7 +722,7 @@ This Policy setting applies only to Microsoft Japanese IME.
 <!-- ConfigureKoreanIMEVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureKoreanIMEVersion-Applicability-End -->
 
 <!-- ConfigureKoreanIMEVersion-OmaUri-Begin -->
@@ -788,7 +788,7 @@ This Policy setting applies only to Microsoft Korean IME.
 <!-- ConfigureSimplifiedChineseIMEVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ConfigureSimplifiedChineseIMEVersion-Applicability-End -->
 
 <!-- ConfigureSimplifiedChineseIMEVersion-OmaUri-Begin -->
@@ -863,7 +863,7 @@ This Policy setting applies only to Microsoft Simplified Chinese IME.
 <!-- ConfigureTraditionalChineseIMEVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- ConfigureTraditionalChineseIMEVersion-Applicability-End -->
 
 <!-- ConfigureTraditionalChineseIMEVersion-OmaUri-Begin -->
@@ -938,7 +938,7 @@ This Policy setting applies only to Microsoft Traditional Chinese IME.
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-Applicability-End -->
 
 <!-- EnableTouchKeyboardAutoInvokeInDesktopMode-OmaUri-Begin -->
@@ -988,7 +988,7 @@ This policy allows the IT admin to control whether the touch keyboard should sho
 <!-- ExcludeJapaneseIMEExceptJIS0208-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ExcludeJapaneseIMEExceptJIS0208-Applicability-End -->
 
 <!-- ExcludeJapaneseIMEExceptJIS0208-OmaUri-Begin -->
@@ -1037,7 +1037,7 @@ Allows the users to restrict character code range of conversion by setting the c
 <!-- ExcludeJapaneseIMEExceptJIS0208andEUDC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ExcludeJapaneseIMEExceptJIS0208andEUDC-Applicability-End -->
 
 <!-- ExcludeJapaneseIMEExceptJIS0208andEUDC-OmaUri-Begin -->
@@ -1086,7 +1086,7 @@ Allows the users to restrict character code range of conversion by setting the c
 <!-- ExcludeJapaneseIMEExceptShiftJIS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ExcludeJapaneseIMEExceptShiftJIS-Applicability-End -->
 
 <!-- ExcludeJapaneseIMEExceptShiftJIS-OmaUri-Begin -->
@@ -1135,7 +1135,7 @@ Allows the users to restrict character code range of conversion by setting the c
 <!-- ForceTouchKeyboardDockedState-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ForceTouchKeyboardDockedState-Applicability-End -->
 
 <!-- ForceTouchKeyboardDockedState-OmaUri-Begin -->
@@ -1185,7 +1185,7 @@ Specifies the touch keyboard is always docked. When this policy is set to enable
 <!-- TouchKeyboardDictationButtonAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardDictationButtonAvailability-Applicability-End -->
 
 <!-- TouchKeyboardDictationButtonAvailability-OmaUri-Begin -->
@@ -1235,7 +1235,7 @@ Specifies whether the dictation input button is enabled or disabled for the touc
 <!-- TouchKeyboardEmojiButtonAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardEmojiButtonAvailability-Applicability-End -->
 
 <!-- TouchKeyboardEmojiButtonAvailability-OmaUri-Begin -->
@@ -1285,7 +1285,7 @@ Specifies whether the emoji button is enabled or disabled for the touch keyboard
 <!-- TouchKeyboardFullModeAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardFullModeAvailability-Applicability-End -->
 
 <!-- TouchKeyboardFullModeAvailability-OmaUri-Begin -->
@@ -1335,7 +1335,7 @@ Specifies whether the full keyboard mode is enabled or disabled for the touch ke
 <!-- TouchKeyboardHandwritingModeAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardHandwritingModeAvailability-Applicability-End -->
 
 <!-- TouchKeyboardHandwritingModeAvailability-OmaUri-Begin -->
@@ -1385,7 +1385,7 @@ Specifies whether the handwriting input panel is enabled or disabled. When this
 <!-- TouchKeyboardNarrowModeAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardNarrowModeAvailability-Applicability-End -->
 
 <!-- TouchKeyboardNarrowModeAvailability-OmaUri-Begin -->
@@ -1435,7 +1435,7 @@ Specifies whether the narrow keyboard mode is enabled or disabled for the touch
 <!-- TouchKeyboardSplitModeAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardSplitModeAvailability-Applicability-End -->
 
 <!-- TouchKeyboardSplitModeAvailability-OmaUri-Begin -->
@@ -1485,7 +1485,7 @@ Specifies whether the split keyboard mode is enabled or disabled for the touch k
 <!-- TouchKeyboardWideModeAvailability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TouchKeyboardWideModeAvailability-Applicability-End -->
 
 <!-- TouchKeyboardWideModeAvailability-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 1243feb131..216139ba2a 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -4,7 +4,7 @@ description: Learn more about the TimeLanguageSettings Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -29,7 +29,7 @@ ms.topic: reference
 <!-- AllowSet24HourClock-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowSet24HourClock-Applicability-End -->
 
 <!-- AllowSet24HourClock-OmaUri-Begin -->
@@ -78,7 +78,7 @@ This policy is deprecated.
 <!-- BlockCleanupOfUnusedPreinstalledLangPacks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- BlockCleanupOfUnusedPreinstalledLangPacks-Applicability-End -->
 
 <!-- BlockCleanupOfUnusedPreinstalledLangPacks-OmaUri-Begin -->
@@ -145,7 +145,7 @@ This policy setting controls whether the LPRemove task will run to clean up lang
 <!-- ConfigureTimeZone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigureTimeZone-Applicability-End -->
 
 <!-- ConfigureTimeZone-OmaUri-Begin -->
@@ -186,7 +186,7 @@ Specifies the time zone to be applied to the device. This is the standard Window
 <!-- MachineUILanguageOverwrite-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- MachineUILanguageOverwrite-Applicability-End -->
 
 <!-- MachineUILanguageOverwrite-OmaUri-Begin -->
@@ -253,7 +253,7 @@ This policy setting controls which UI language is used for computers with more t
 <!-- RestrictLanguagePacksAndFeaturesInstall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RestrictLanguagePacksAndFeaturesInstall-Applicability-End -->
 
 <!-- RestrictLanguagePacksAndFeaturesInstall-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index a2c178b25b..05a793d534 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -4,7 +4,7 @@ description: Learn more about the Troubleshooting Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowRecommendations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowRecommendations-Applicability-End -->
 
 <!-- AllowRecommendations-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index c98ee3f492..cf9c04b176 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/28/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -29,6 +29,7 @@ Update CSP policies are listed below based on the group policy area:
   - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
 - [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
   - [AllowNonMicrosoftSignedUpdate](#allownonmicrosoftsignedupdate)
+  - [AllowOptionalContent](#allowoptionalcontent)
   - [AutomaticMaintenanceWakeUp](#automaticmaintenancewakeup)
   - [BranchReadinessLevel](#branchreadinesslevel)
   - [DeferFeatureUpdatesPeriodInDays](#deferfeatureupdatesperiodindays)
@@ -112,7 +113,7 @@ Update CSP policies are listed below based on the group policy area:
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Applicability-End -->
 
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-OmaUri-Begin -->
@@ -171,7 +172,7 @@ When enabled, devices won't automatically restart outside of active hours until
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Applicability-End -->
 
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-OmaUri-Begin -->
@@ -232,7 +233,7 @@ When enabled, devices won't automatically restart outside of active hours until
 <!-- AllowNonMicrosoftSignedUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowNonMicrosoftSignedUpdate-Applicability-End -->
 
 <!-- AllowNonMicrosoftSignedUpdate-OmaUri-Begin -->
@@ -275,13 +276,73 @@ Allows the IT admin to manage whether Automatic Updates accepts updates signed b
 
 <!-- AllowNonMicrosoftSignedUpdate-End -->
 
+<!-- AllowOptionalContent-Begin -->
+### AllowOptionalContent
+
+<!-- AllowOptionalContent-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+<!-- AllowOptionalContent-Applicability-End -->
+
+<!-- AllowOptionalContent-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/AllowOptionalContent
+```
+<!-- AllowOptionalContent-OmaUri-End -->
+
+<!-- AllowOptionalContent-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy enables devices to get offered optional updates and users interact with the 'Get the latest updates as soon as they're available' toggle on the Windows Update Settings page.
+<!-- AllowOptionalContent-Description-End -->
+
+<!-- AllowOptionalContent-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowOptionalContent-Editable-End -->
+
+<!-- AllowOptionalContent-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- AllowOptionalContent-DFProperties-End -->
+
+<!-- AllowOptionalContent-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Don't receive optional updates. |
+| 1 | Automatically receive optional updates (including CFRs). |
+| 2 | Automatically receive optional updates. |
+| 3 | Users can select which optional updates to receive. |
+<!-- AllowOptionalContent-AllowedValues-End -->
+
+<!-- AllowOptionalContent-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowOptionalContent |
+| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+<!-- AllowOptionalContent-GpMapping-End -->
+
+<!-- AllowOptionalContent-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- AllowOptionalContent-Examples-End -->
+
+<!-- AllowOptionalContent-End -->
+
 <!-- AutomaticMaintenanceWakeUp-Begin -->
 ### AutomaticMaintenanceWakeUp
 
 <!-- AutomaticMaintenanceWakeUp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AutomaticMaintenanceWakeUp-Applicability-End -->
 
 <!-- AutomaticMaintenanceWakeUp-OmaUri-Begin -->
@@ -350,7 +411,7 @@ The maintenance wakeup policy specifies if Automatic Maintenance should make a w
 <!-- BranchReadinessLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- BranchReadinessLevel-Applicability-End -->
 
 <!-- BranchReadinessLevel-OmaUri-Begin -->
@@ -393,6 +454,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you
 | 16 (Default) | {0x10} - Semi-annual Channel (Targeted). Device gets all applicable feature updates from Semi-annual Channel (Targeted). |
 | 32 | 2 {0x20} - Semi-annual Channel. Device gets feature updates from Semi-annual Channel. (*Only applicable to releases prior to 1903, for all releases 1903 and after the Semi-annual Channel and Semi-annual Channel (Targeted) into a single Semi-annual Channel with a value of 16). |
 | 64 | {0x40} - Release Preview of Quality Updates Only. |
+| 128 | {0x80} - Canary Channel. |
 <!-- BranchReadinessLevel-AllowedValues-End -->
 
 <!-- BranchReadinessLevel-GpMapping-Begin -->
@@ -420,7 +482,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you
 <!-- DeferFeatureUpdatesPeriodInDays-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DeferFeatureUpdatesPeriodInDays-Applicability-End -->
 
 <!-- DeferFeatureUpdatesPeriodInDays-OmaUri-Begin -->
@@ -479,7 +541,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you
 <!-- DeferQualityUpdatesPeriodInDays-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DeferQualityUpdatesPeriodInDays-Applicability-End -->
 
 <!-- DeferQualityUpdatesPeriodInDays-OmaUri-Begin -->
@@ -542,7 +604,7 @@ If you disable or don't configure this policy, Windows Update won't alter its be
 <!-- DisableWUfBSafeguards-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1490] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1110] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1110] and later <br> ✅ Windows 10, version 2004 [10.0.19041.546] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1490] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1110] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1110] and later <br> ✅ Windows 10, version 2004 [10.0.19041.546] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DisableWUfBSafeguards-Applicability-End -->
 
 <!-- DisableWUfBSafeguards-OmaUri-Begin -->
@@ -601,7 +663,7 @@ IT admins can, if necessary, opt devices out of safeguard protections using this
 <!-- ExcludeWUDriversInQualityUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ExcludeWUDriversInQualityUpdate-Applicability-End -->
 
 <!-- ExcludeWUDriversInQualityUpdate-OmaUri-Begin -->
@@ -666,7 +728,7 @@ If you disable or don't configure this policy, Windows Update will include updat
 <!-- ManagePreviewBuilds-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ManagePreviewBuilds-Applicability-End -->
 
 <!-- ManagePreviewBuilds-OmaUri-Begin -->
@@ -750,7 +812,7 @@ If you disable or don't configure this policy, Windows Update won't offer you an
 <!-- PauseFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PauseFeatureUpdates-Applicability-End -->
 
 <!-- PauseFeatureUpdates-OmaUri-Begin -->
@@ -818,7 +880,7 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you
 <!-- PauseFeatureUpdatesStartTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PauseFeatureUpdatesStartTime-Applicability-End -->
 
 <!-- PauseFeatureUpdatesStartTime-OmaUri-Begin -->
@@ -871,7 +933,7 @@ Specifies the date and time when the IT admin wants to start pausing the Feature
 <!-- PauseQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PauseQualityUpdates-Applicability-End -->
 
 <!-- PauseQualityUpdates-OmaUri-Begin -->
@@ -943,7 +1005,7 @@ If you disable or don't configure this policy, Windows Update won't alter its be
 <!-- PauseQualityUpdatesStartTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PauseQualityUpdatesStartTime-Applicability-End -->
 
 <!-- PauseQualityUpdatesStartTime-OmaUri-Begin -->
@@ -998,7 +1060,7 @@ Specifies the date and time when the IT admin wants to start pausing the Quality
 <!-- ProductVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ProductVersion-Applicability-End -->
 
 <!-- ProductVersion-OmaUri-Begin -->
@@ -1066,7 +1128,7 @@ Supported value type is a string containing a Windows product. For example, "Win
 <!-- TargetReleaseVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134.1488] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 10, version 1909 [10.0.18363.836] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134.1488] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1217] and later <br> ✅ Windows 10, version 1903 [10.0.18362.836] and later <br> ✅ Windows 10, version 1909 [10.0.18363.836] and later <br> ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- TargetReleaseVersion-Applicability-End -->
 
 <!-- TargetReleaseVersion-OmaUri-Begin -->
@@ -1130,7 +1192,7 @@ Supported value type is a string containing Windows version number. For example,
 <!-- AllowUpdateService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowUpdateService-Applicability-End -->
 
 <!-- AllowUpdateService-OmaUri-Begin -->
@@ -1195,7 +1257,7 @@ Specifies whether the device could use Microsoft Update, Windows Server Update S
 <!-- DetectionFrequency-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DetectionFrequency-Applicability-End -->
 
 <!-- DetectionFrequency-OmaUri-Begin -->
@@ -1267,7 +1329,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240.18818] and later <br> ✅ Windows 10, version 1607 [10.0.14393.4169] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2108] and later <br> ✅ Windows 10, version 1709 [10.0.16299.2166] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1967] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1697] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1316] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1316] and later <br> ✅ Windows 10, version 2004 [10.0.19041.746] and later <br> ✅ Windows 10, version 2009 [10.0.19042.746] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240.18818] and later <br> ✅ Windows 10, version 1607 [10.0.14393.4169] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2108] and later <br> ✅ Windows 10, version 1709 [10.0.16299.2166] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1967] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1697] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1316] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1316] and later <br> ✅ Windows 10, version 2004 [10.0.19041.746] and later <br> ✅ Windows 10, version 2009 [10.0.19042.746] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-Applicability-End -->
 
 <!-- DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection-OmaUri-Begin -->
@@ -1331,7 +1393,7 @@ This policy should be enabled only when [UpdateServiceUrl](#updateserviceurl) is
 <!-- FillEmptyContentUrls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- FillEmptyContentUrls-Applicability-End -->
 
 <!-- FillEmptyContentUrls-OmaUri-Begin -->
@@ -1397,7 +1459,7 @@ Allows Windows Update Agent to determine the download URL when it's missing from
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForDriverUpdates-OmaUri-Begin -->
@@ -1466,7 +1528,7 @@ Configure this policy to specify whether to receive **Windows Driver Updates** f
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForFeatureUpdates-OmaUri-Begin -->
@@ -1535,7 +1597,7 @@ Configure this policy to specify whether to receive **Windows Feature Updates**
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForOtherUpdates-OmaUri-Begin -->
@@ -1604,7 +1666,7 @@ Configure this policy to specify whether to receive **Other Updates** from Windo
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-Applicability-End -->
 
 <!-- SetPolicyDrivenUpdateSourceForQualityUpdates-OmaUri-Begin -->
@@ -1673,7 +1735,7 @@ Configure this policy to specify whether to receive **Windows Quality Updates**
 <!-- SetProxyBehaviorForUpdateDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240.18696] and later <br> ✅ Windows 10, version 1607 [10.0.14393.3930] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2500] and later <br> ✅ Windows 10, version 1709 [10.0.16299.2107] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1726] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1457] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1082] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1082] and later <br> ✅ Windows 10, version 2004 [10.0.19041.508] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240.18696] and later <br> ✅ Windows 10, version 1607 [10.0.14393.3930] and later <br> ✅ Windows 10, version 1703 [10.0.15063.2500] and later <br> ✅ Windows 10, version 1709 [10.0.16299.2107] and later <br> ✅ Windows 10, version 1803 [10.0.17134.1726] and later <br> ✅ Windows 10, version 1809 [10.0.17763.1457] and later <br> ✅ Windows 10, version 1903 [10.0.18362.1082] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1082] and later <br> ✅ Windows 10, version 2004 [10.0.19041.508] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- SetProxyBehaviorForUpdateDetection-Applicability-End -->
 
 <!-- SetProxyBehaviorForUpdateDetection-OmaUri-Begin -->
@@ -1741,7 +1803,7 @@ This policy setting doesn't impact those customers who have, per Microsoft recom
 <!-- UpdateServiceUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- UpdateServiceUrl-Applicability-End -->
 
 <!-- UpdateServiceUrl-OmaUri-Begin -->
@@ -1816,7 +1878,7 @@ The following list shows the supported values:
 <!-- UpdateServiceUrlAlternate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- UpdateServiceUrlAlternate-Applicability-End -->
 
 <!-- UpdateServiceUrlAlternate-OmaUri-Begin -->
@@ -1874,7 +1936,7 @@ Specifies an alternate intranet server to host updates from Microsoft Update. Yo
 <!-- ActiveHoursEnd-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ActiveHoursEnd-Applicability-End -->
 
 <!-- ActiveHoursEnd-OmaUri-Begin -->
@@ -1942,7 +2004,7 @@ Note that the default max active hours range is 18 hours from the active hours s
 <!-- ActiveHoursMaxRange-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ActiveHoursMaxRange-Applicability-End -->
 
 <!-- ActiveHoursMaxRange-OmaUri-Begin -->
@@ -2001,7 +2063,7 @@ If you disable or don't configure this policy, the default max active hours rang
 <!-- ActiveHoursStart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- ActiveHoursStart-Applicability-End -->
 
 <!-- ActiveHoursStart-OmaUri-Begin -->
@@ -2069,7 +2131,7 @@ Note that the default max active hours range is 18 hours from the active hours s
 <!-- AllowAutoUpdate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAutoUpdate-Applicability-End -->
 
 <!-- AllowAutoUpdate-OmaUri-Begin -->
@@ -2079,41 +2141,8 @@ Note that the default max active hours range is 18 hours from the active hours s
 <!-- AllowAutoUpdate-OmaUri-End -->
 
 <!-- AllowAutoUpdate-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to manage automatic update behavior to scan, download, and install updates. Important. This option should be used only for systems under regulatory compliance, as you won't get security updates as well. If the policy isn't configured, end-users get the default behavior (Auto install and restart).
 <!-- AllowAutoUpdate-Description-End -->
 
 <!-- AllowAutoUpdate-Editable-Begin -->
@@ -2169,7 +2198,7 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- AllowAutoWindowsUpdateDownloadOverMeteredNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowAutoWindowsUpdateDownloadOverMeteredNetwork-Applicability-End -->
 
 <!-- AllowAutoWindowsUpdateDownloadOverMeteredNetwork-OmaUri-Begin -->
@@ -2235,7 +2264,7 @@ This policy is accessible through the Update setting in the user interface or Gr
 <!-- AllowMUUpdateService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowMUUpdateService-Applicability-End -->
 
 <!-- AllowMUUpdateService-OmaUri-Begin -->
@@ -2245,41 +2274,8 @@ This policy is accessible through the Update setting in the user interface or Gr
 <!-- AllowMUUpdateService-OmaUri-End -->
 
 <!-- AllowMUUpdateService-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
 <!-- AllowMUUpdateService-Description-End -->
 
 <!-- AllowMUUpdateService-Editable-Begin -->
@@ -2338,7 +2334,7 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- AllowTemporaryEnterpriseFeatureControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621.1344] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.1344] and later |
 <!-- AllowTemporaryEnterpriseFeatureControl-Applicability-End -->
 
 <!-- AllowTemporaryEnterpriseFeatureControl-OmaUri-Begin -->
@@ -2409,7 +2405,7 @@ Features introduced via servicing (outside of the annual feature update) are off
 <!-- ConfigureDeadlineForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigureDeadlineForFeatureUpdates-Applicability-End -->
 
 <!-- ConfigureDeadlineForFeatureUpdates-OmaUri-Begin -->
@@ -2426,7 +2422,9 @@ Number of days before feature updates are installed on devices automatically reg
 <!-- ConfigureDeadlineForFeatureUpdates-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
+> 
+> - After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
+> - When this policy is used, the download, installation, and reboot settings from [Update/AllowAutoUpdate](#allowautoupdate) are ignored.
 <!-- ConfigureDeadlineForFeatureUpdates-Editable-End -->
 
 <!-- ConfigureDeadlineForFeatureUpdates-DFProperties-Begin -->
@@ -2466,7 +2464,7 @@ Number of days before feature updates are installed on devices automatically reg
 <!-- ConfigureDeadlineForQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigureDeadlineForQualityUpdates-Applicability-End -->
 
 <!-- ConfigureDeadlineForQualityUpdates-OmaUri-Begin -->
@@ -2483,7 +2481,9 @@ Number of days before quality updates are installed on devices automatically reg
 <!-- ConfigureDeadlineForQualityUpdates-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
-> After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
+> 
+> - After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule.
+> - When this policy is used, the download, installation, and reboot settings from [Update/AllowAutoUpdate](#allowautoupdate) are ignored.
 <!-- ConfigureDeadlineForQualityUpdates-Editable-End -->
 
 <!-- ConfigureDeadlineForQualityUpdates-DFProperties-Begin -->
@@ -2523,7 +2523,7 @@ Number of days before quality updates are installed on devices automatically reg
 <!-- ConfigureDeadlineGracePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigureDeadlineGracePeriod-Applicability-End -->
 
 <!-- ConfigureDeadlineGracePeriod-OmaUri-Begin -->
@@ -2578,7 +2578,7 @@ Minimum number of days from update installation until restarts occur automatical
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763.1852] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1474] and later <br> ✅ Windows 10, version 2004 [10.0.19041.906] and later <br> ✅ Windows 10, version 2009 [10.0.19042.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763.1852] and later <br> ✅ Windows 10, version 1909 [10.0.18363.1474] and later <br> ✅ Windows 10, version 2004 [10.0.19041.906] and later <br> ✅ Windows 10, version 2009 [10.0.19042.906] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-Applicability-End -->
 
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-OmaUri-Begin -->
@@ -2633,7 +2633,7 @@ Minimum number of days from update installation until restarts occur automatical
 <!-- ConfigureDeadlineNoAutoReboot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigureDeadlineNoAutoReboot-Applicability-End -->
 
 <!-- ConfigureDeadlineNoAutoReboot-OmaUri-Begin -->
@@ -2696,7 +2696,7 @@ When enabled, devices won't automatically restart outside of active hours until
 <!-- ConfigureFeatureUpdateUninstallPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ConfigureFeatureUpdateUninstallPeriod-Applicability-End -->
 
 <!-- ConfigureFeatureUpdateUninstallPeriod-OmaUri-Begin -->
@@ -2737,7 +2737,7 @@ Enable enterprises/IT admin to configure feature update uninstall period.
 <!-- NoUpdateNotificationsDuringActiveHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- NoUpdateNotificationsDuringActiveHours-Applicability-End -->
 
 <!-- NoUpdateNotificationsDuringActiveHours-OmaUri-Begin -->
@@ -2810,7 +2810,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
 <!-- ScheduledInstallDay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ScheduledInstallDay-Applicability-End -->
 
 <!-- ScheduledInstallDay-OmaUri-Begin -->
@@ -2820,41 +2820,8 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
 <!-- ScheduledInstallDay-OmaUri-End -->
 
 <!-- ScheduledInstallDay-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to schedule the day of the update installation. The data type is a integer.
 <!-- ScheduledInstallDay-Description-End -->
 
 <!-- ScheduledInstallDay-Editable-Begin -->
@@ -2914,7 +2881,7 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- ScheduledInstallEveryWeek-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ScheduledInstallEveryWeek-Applicability-End -->
 
 <!-- ScheduledInstallEveryWeek-OmaUri-Begin -->
@@ -2924,41 +2891,8 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- ScheduledInstallEveryWeek-OmaUri-End -->
 
 <!-- ScheduledInstallEveryWeek-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to schedule the update installation on the every week. Value type is integer.
 <!-- ScheduledInstallEveryWeek-Description-End -->
 
 <!-- ScheduledInstallEveryWeek-Editable-Begin -->
@@ -3012,7 +2946,7 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- ScheduledInstallFirstWeek-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ScheduledInstallFirstWeek-Applicability-End -->
 
 <!-- ScheduledInstallFirstWeek-OmaUri-Begin -->
@@ -3022,41 +2956,8 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- ScheduledInstallFirstWeek-OmaUri-End -->
 
 <!-- ScheduledInstallFirstWeek-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer.
 <!-- ScheduledInstallFirstWeek-Description-End -->
 
 <!-- ScheduledInstallFirstWeek-Editable-Begin -->
@@ -3119,7 +3020,7 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallFourthWeek-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ScheduledInstallFourthWeek-Applicability-End -->
 
 <!-- ScheduledInstallFourthWeek-OmaUri-Begin -->
@@ -3129,41 +3030,8 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallFourthWeek-OmaUri-End -->
 
 <!-- ScheduledInstallFourthWeek-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer.
 <!-- ScheduledInstallFourthWeek-Description-End -->
 
 <!-- ScheduledInstallFourthWeek-Editable-Begin -->
@@ -3226,7 +3094,7 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallSecondWeek-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ScheduledInstallSecondWeek-Applicability-End -->
 
 <!-- ScheduledInstallSecondWeek-OmaUri-Begin -->
@@ -3236,41 +3104,8 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallSecondWeek-OmaUri-End -->
 
 <!-- ScheduledInstallSecondWeek-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer.
 <!-- ScheduledInstallSecondWeek-Description-End -->
 
 <!-- ScheduledInstallSecondWeek-Editable-Begin -->
@@ -3333,7 +3168,7 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallThirdWeek-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- ScheduledInstallThirdWeek-Applicability-End -->
 
 <!-- ScheduledInstallThirdWeek-OmaUri-Begin -->
@@ -3343,41 +3178,8 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallThirdWeek-OmaUri-End -->
 
 <!-- ScheduledInstallThirdWeek-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer.
 <!-- ScheduledInstallThirdWeek-Description-End -->
 
 <!-- ScheduledInstallThirdWeek-Editable-Begin -->
@@ -3440,7 +3242,7 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- ScheduledInstallTime-Applicability-End -->
 
 <!-- ScheduledInstallTime-OmaUri-Begin -->
@@ -3450,41 +3252,8 @@ These policies are not exclusive and can be used in any combination. Together wi
 <!-- ScheduledInstallTime-OmaUri-End -->
 
 <!-- ScheduledInstallTime-Description-Begin -->
-<!-- Description-Source-ADMX -->
-Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service.
-
-> [!NOTE]
-> This policy doesn't apply to %WINDOWS_ARM_VERSION_6_2%.
-
-This setting lets you specify whether automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Group Policy Setting:
-
-2 = Notify before downloading and installing any updates.
-
-When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
-
-3 = (Default setting) Download the updates automatically and notify when they're ready to be installed.
-
-Windows finds updates that apply to the computer and downloads them in the background (the user isn't notified or interrupted during this process). When the downloads are complete, users will be notified that they're ready to install. After going to Windows Update, users can install them.
-
-4 = Automatically download updates and install them on the schedule specified below.
-
-When "Automatic" is selected as the scheduled install time, Windows will automatically check, download, and install updates. The device will reboot as per Windows default settings unless configured by group policy. (Applies to Windows 10, version 1809 and higher)
-
-Specify the schedule using the options in the Group Policy Setting. For version 1709 and above, there is an additional choice of limiting updating to a weekly, bi-weekly, or monthly occurrence. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart).
-
-On %WINDOWS_CLIENT_VERSION_6_2% and later, you can set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the computer isn't in use and avoid doing so when the computer is running on battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for accidental data loss.
-
-5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. (This option hasn't been carried over to any Win 10 Versions)
-
-With this option, local administrators will be allowed to use the Windows Update control panel to select a configuration option of their choice. Local administrators won't be allowed to disable the configuration for Automatic Updates.
-
-7 = Notify for install and notify for restart. (Windows Server only)
-
-With this option from Windows Server 2016, applicable only to Server SKU devices, local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
-
-If the status for this policy is set to Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows Update using Start.
-
-If the status is set to Not Configured, use of Automatic Updates isn't specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
+<!-- Description-Source-DDF -->
+ the IT admin to schedule the time of the update installation. The data type is a integer. Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM. The default value is 3.
 <!-- ScheduledInstallTime-Description-End -->
 
 <!-- ScheduledInstallTime-Editable-Begin -->
@@ -3532,7 +3301,7 @@ If the status is set to Not Configured, use of Automatic Updates isn't specified
 <!-- SetDisablePauseUXAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- SetDisablePauseUXAccess-Applicability-End -->
 
 <!-- SetDisablePauseUXAccess-OmaUri-Begin -->
@@ -3597,7 +3366,7 @@ Once enabled user access to pause updates is removed.
 <!-- SetDisableUXWUAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- SetDisableUXWUAccess-Applicability-End -->
 
 <!-- SetDisableUXWUAccess-OmaUri-Begin -->
@@ -3662,7 +3431,7 @@ If you enable this setting user access to Windows Update scan, download and inst
 <!-- SetEDURestart-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetEDURestart-Applicability-End -->
 
 <!-- SetEDURestart-OmaUri-Begin -->
@@ -3735,7 +3504,7 @@ These settings are designed for education devices that remain in carts overnight
 <!-- UpdateNotificationLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- UpdateNotificationLevel-Applicability-End -->
 
 <!-- UpdateNotificationLevel-OmaUri-Begin -->
@@ -3809,7 +3578,7 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
 <!-- AutoRestartDeadlinePeriodInDays-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AutoRestartDeadlinePeriodInDays-Applicability-End -->
 
 <!-- AutoRestartDeadlinePeriodInDays-OmaUri-Begin -->
@@ -3874,7 +3643,7 @@ Enabling either of the following two policies will override the above policy:
 <!-- AutoRestartDeadlinePeriodInDaysForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- AutoRestartDeadlinePeriodInDaysForFeatureUpdates-Applicability-End -->
 
 <!-- AutoRestartDeadlinePeriodInDaysForFeatureUpdates-OmaUri-Begin -->
@@ -3939,7 +3708,7 @@ Enabling either of the following two policies will override the above policy:
 <!-- AutoRestartNotificationSchedule-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AutoRestartNotificationSchedule-Applicability-End -->
 
 <!-- AutoRestartNotificationSchedule-OmaUri-Begin -->
@@ -4009,7 +3778,7 @@ If you disable or don't configure this policy, the default period will be used.
 <!-- AutoRestartRequiredNotificationDismissal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AutoRestartRequiredNotificationDismissal-Applicability-End -->
 
 <!-- AutoRestartRequiredNotificationDismissal-OmaUri-Begin -->
@@ -4076,7 +3845,7 @@ If you disable or don't configure this policy, the default method will be used.
 <!-- DeferUpdatePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DeferUpdatePeriod-Applicability-End -->
 
 <!-- DeferUpdatePeriod-OmaUri-Begin -->
@@ -4163,7 +3932,7 @@ Other/can't defer:
 <!-- DeferUpgradePeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DeferUpgradePeriod-Applicability-End -->
 
 <!-- DeferUpgradePeriod-OmaUri-Begin -->
@@ -4220,7 +3989,7 @@ Allows IT Admins to specify additional upgrade delays for up to 8 months. Suppor
 <!-- DisableDualScan-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- DisableDualScan-Applicability-End -->
 
 <!-- DisableDualScan-OmaUri-Begin -->
@@ -4290,7 +4059,7 @@ If this policy is disabled or not configured, then the Windows Update client may
 <!-- EngagedRestartDeadline-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EngagedRestartDeadline-Applicability-End -->
 
 <!-- EngagedRestartDeadline-OmaUri-Begin -->
@@ -4360,7 +4129,7 @@ Enabling any of the following policies will override the above policy:
 <!-- EngagedRestartDeadlineForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- EngagedRestartDeadlineForFeatureUpdates-Applicability-End -->
 
 <!-- EngagedRestartDeadlineForFeatureUpdates-OmaUri-Begin -->
@@ -4430,7 +4199,7 @@ Enabling any of the following policies will override the above policy:
 <!-- EngagedRestartSnoozeSchedule-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EngagedRestartSnoozeSchedule-Applicability-End -->
 
 <!-- EngagedRestartSnoozeSchedule-OmaUri-Begin -->
@@ -4500,7 +4269,7 @@ Enabling any of the following policies will override the above policy:
 <!-- EngagedRestartSnoozeScheduleForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- EngagedRestartSnoozeScheduleForFeatureUpdates-Applicability-End -->
 
 <!-- EngagedRestartSnoozeScheduleForFeatureUpdates-OmaUri-Begin -->
@@ -4570,7 +4339,7 @@ Enabling any of the following policies will override the above policy:
 <!-- EngagedRestartTransitionSchedule-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- EngagedRestartTransitionSchedule-Applicability-End -->
 
 <!-- EngagedRestartTransitionSchedule-OmaUri-Begin -->
@@ -4640,7 +4409,7 @@ Enabling any of the following policies will override the above policy:
 <!-- EngagedRestartTransitionScheduleForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- EngagedRestartTransitionScheduleForFeatureUpdates-Applicability-End -->
 
 <!-- EngagedRestartTransitionScheduleForFeatureUpdates-OmaUri-Begin -->
@@ -4710,7 +4479,7 @@ Enabling any of the following policies will override the above policy:
 <!-- IgnoreMOAppDownloadLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IgnoreMOAppDownloadLimit-Applicability-End -->
 
 <!-- IgnoreMOAppDownloadLimit-OmaUri-Begin -->
@@ -4770,7 +4539,7 @@ To validate this policy:
 <!-- IgnoreMOUpdateDownloadLimit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- IgnoreMOUpdateDownloadLimit-Applicability-End -->
 
 <!-- IgnoreMOUpdateDownloadLimit-OmaUri-Begin -->
@@ -4830,7 +4599,7 @@ To validate this policy:
 <!-- PauseDeferrals-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- PauseDeferrals-Applicability-End -->
 
 <!-- PauseDeferrals-OmaUri-Begin -->
@@ -4891,7 +4660,7 @@ To validate this policy:
 <!-- PhoneUpdateRestrictions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- PhoneUpdateRestrictions-Applicability-End -->
 
 <!-- PhoneUpdateRestrictions-OmaUri-Begin -->
@@ -4932,7 +4701,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead.
 <!-- RequireDeferUpgrade-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- RequireDeferUpgrade-Applicability-End -->
 
 <!-- RequireDeferUpgrade-OmaUri-Begin -->
@@ -4993,7 +4762,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead.
 <!-- RequireUpdateApproval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- RequireUpdateApproval-Applicability-End -->
 
 <!-- RequireUpdateApproval-OmaUri-Begin -->
@@ -5044,7 +4813,7 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead.
 <!-- ScheduleImminentRestartWarning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ScheduleImminentRestartWarning-Applicability-End -->
 
 <!-- ScheduleImminentRestartWarning-OmaUri-Begin -->
@@ -5114,7 +4883,7 @@ If you disable or don't configure this policy, the default notification behavior
 <!-- ScheduleRestartWarning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- ScheduleRestartWarning-Applicability-End -->
 
 <!-- ScheduleRestartWarning-OmaUri-Begin -->
@@ -5186,7 +4955,7 @@ If you disable or don't configure this policy, the default notification behavior
 <!-- SetAutoRestartNotificationDisable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- SetAutoRestartNotificationDisable-Applicability-End -->
 
 <!-- SetAutoRestartNotificationDisable-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index a4df2c7458..f44eaf71c7 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -4,7 +4,7 @@ description: Learn more about the UserRights Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -112,7 +112,7 @@ For example, the following syntax grants user rights to a specific user or group
 <!-- AccessCredentialManagerAsTrustedCaller-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AccessCredentialManagerAsTrustedCaller-Applicability-End -->
 
 <!-- AccessCredentialManagerAsTrustedCaller-OmaUri-Begin -->
@@ -161,7 +161,7 @@ This user right is used by Credential Manager during Backup/Restore. No accounts
 <!-- AccessFromNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AccessFromNetwork-Applicability-End -->
 
 <!-- AccessFromNetwork-OmaUri-Begin -->
@@ -213,7 +213,7 @@ This user right determines which users and groups are allowed to connect to the
 <!-- ActAsPartOfTheOperatingSystem-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ActAsPartOfTheOperatingSystem-Applicability-End -->
 
 <!-- ActAsPartOfTheOperatingSystem-OmaUri-Begin -->
@@ -265,7 +265,7 @@ This user right allows a process to impersonate any user without authentication.
 <!-- AllowLocalLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- AllowLocalLogOn-Applicability-End -->
 
 <!-- AllowLocalLogOn-OmaUri-Begin -->
@@ -317,7 +317,7 @@ This user right determines which users can log on to the computer.
 <!-- BackupFilesAndDirectories-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- BackupFilesAndDirectories-Applicability-End -->
 
 <!-- BackupFilesAndDirectories-OmaUri-Begin -->
@@ -369,7 +369,7 @@ This user right determines which users can bypass file, directory, registry, and
 <!-- BypassTraverseChecking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- BypassTraverseChecking-Applicability-End -->
 
 <!-- BypassTraverseChecking-OmaUri-Begin -->
@@ -418,7 +418,7 @@ This user right determines which users can traverse directory trees even though
 <!-- ChangeSystemTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ChangeSystemTime-Applicability-End -->
 
 <!-- ChangeSystemTime-OmaUri-Begin -->
@@ -476,7 +476,7 @@ This user right determines which users and groups can change the time and date o
 <!-- ChangeTimeZone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ChangeTimeZone-Applicability-End -->
 
 <!-- ChangeTimeZone-OmaUri-Begin -->
@@ -525,7 +525,7 @@ This user right determines which users and groups can change the time zone used
 <!-- CreateGlobalObjects-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- CreateGlobalObjects-Applicability-End -->
 
 <!-- CreateGlobalObjects-OmaUri-Begin -->
@@ -577,7 +577,7 @@ This security setting determines whether users can create global objects that ar
 <!-- CreatePageFile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- CreatePageFile-Applicability-End -->
 
 <!-- CreatePageFile-OmaUri-Begin -->
@@ -626,7 +626,7 @@ This user right determines which users and groups can call an internal applicati
 <!-- CreatePermanentSharedObjects-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- CreatePermanentSharedObjects-Applicability-End -->
 
 <!-- CreatePermanentSharedObjects-OmaUri-Begin -->
@@ -675,7 +675,7 @@ This user right determines which accounts can be used by processes to create a d
 <!-- CreateSymbolicLinks-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- CreateSymbolicLinks-Applicability-End -->
 
 <!-- CreateSymbolicLinks-OmaUri-Begin -->
@@ -730,7 +730,7 @@ This user right determines if the user can create a symbolic link from the compu
 <!-- CreateToken-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- CreateToken-Applicability-End -->
 
 <!-- CreateToken-OmaUri-Begin -->
@@ -782,7 +782,7 @@ This user right determines which accounts can be used by processes to create a t
 <!-- DebugPrograms-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DebugPrograms-Applicability-End -->
 
 <!-- DebugPrograms-OmaUri-Begin -->
@@ -834,7 +834,7 @@ This user right determines which users can attach a debugger to any process or t
 <!-- DenyAccessFromNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DenyAccessFromNetwork-Applicability-End -->
 
 <!-- DenyAccessFromNetwork-OmaUri-Begin -->
@@ -883,7 +883,7 @@ This user right determines which users are prevented from accessing a computer o
 <!-- DenyLocalLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DenyLocalLogOn-Applicability-End -->
 
 <!-- DenyLocalLogOn-OmaUri-Begin -->
@@ -936,7 +936,7 @@ This security setting determines which service accounts are prevented from regis
 <!-- DenyLogOnAsBatchJob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DenyLogOnAsBatchJob-Applicability-End -->
 
 <!-- DenyLogOnAsBatchJob-OmaUri-Begin -->
@@ -985,7 +985,7 @@ This security setting determines which accounts are prevented from being able to
 <!-- DenyLogOnAsService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- DenyLogOnAsService-Applicability-End -->
 
 <!-- DenyLogOnAsService-OmaUri-Begin -->
@@ -1037,7 +1037,7 @@ Deny log on as a service -This security setting determines which service account
 <!-- DenyRemoteDesktopServicesLogOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DenyRemoteDesktopServicesLogOn-Applicability-End -->
 
 <!-- DenyRemoteDesktopServicesLogOn-OmaUri-Begin -->
@@ -1086,7 +1086,7 @@ This user right determines which users and groups are prohibited from logging on
 <!-- EnableDelegation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnableDelegation-Applicability-End -->
 
 <!-- EnableDelegation-OmaUri-Begin -->
@@ -1138,7 +1138,7 @@ This user right determines which users can set the Trusted for Delegation settin
 <!-- GenerateSecurityAudits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- GenerateSecurityAudits-Applicability-End -->
 
 <!-- GenerateSecurityAudits-OmaUri-Begin -->
@@ -1187,7 +1187,7 @@ This user right determines which accounts can be used by a process to add entrie
 <!-- ImpersonateClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ImpersonateClient-Applicability-End -->
 
 <!-- ImpersonateClient-OmaUri-Begin -->
@@ -1245,7 +1245,7 @@ Assigning this user right to a user allows programs running on behalf of that us
 <!-- IncreaseProcessWorkingSet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- IncreaseProcessWorkingSet-Applicability-End -->
 
 <!-- IncreaseProcessWorkingSet-OmaUri-Begin -->
@@ -1297,7 +1297,7 @@ Increase a process working set. This privilege determines which user accounts ca
 <!-- IncreaseSchedulingPriority-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- IncreaseSchedulingPriority-Applicability-End -->
 
 <!-- IncreaseSchedulingPriority-OmaUri-Begin -->
@@ -1351,7 +1351,7 @@ This user right determines which accounts can use a process with Write Property
 <!-- LoadUnloadDeviceDrivers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LoadUnloadDeviceDrivers-Applicability-End -->
 
 <!-- LoadUnloadDeviceDrivers-OmaUri-Begin -->
@@ -1403,7 +1403,7 @@ This user right determines which users can dynamically load and unload device dr
 <!-- LockMemory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- LockMemory-Applicability-End -->
 
 <!-- LockMemory-OmaUri-Begin -->
@@ -1452,7 +1452,7 @@ This user right determines which accounts can use a process to keep data in phys
 <!-- LogOnAsBatchJob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- LogOnAsBatchJob-Applicability-End -->
 
 <!-- LogOnAsBatchJob-OmaUri-Begin -->
@@ -1501,7 +1501,7 @@ This security setting allows a user to be logged-on by means of a batch-queue fa
 <!-- LogOnAsService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- LogOnAsService-Applicability-End -->
 
 <!-- LogOnAsService-OmaUri-Begin -->
@@ -1550,7 +1550,7 @@ This security setting allows a security principal to log on as a service. Servic
 <!-- ManageAuditingAndSecurityLog-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ManageAuditingAndSecurityLog-Applicability-End -->
 
 <!-- ManageAuditingAndSecurityLog-OmaUri-Begin -->
@@ -1599,7 +1599,7 @@ This user right determines which users can specify object access auditing option
 <!-- ManageVolume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ManageVolume-Applicability-End -->
 
 <!-- ManageVolume-OmaUri-Begin -->
@@ -1648,7 +1648,7 @@ This user right determines which users and groups can run maintenance tasks on a
 <!-- ModifyFirmwareEnvironment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ModifyFirmwareEnvironment-Applicability-End -->
 
 <!-- ModifyFirmwareEnvironment-OmaUri-Begin -->
@@ -1700,7 +1700,7 @@ This user right determines who can modify firmware environment values. Firmware
 <!-- ModifyObjectLabel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ModifyObjectLabel-Applicability-End -->
 
 <!-- ModifyObjectLabel-OmaUri-Begin -->
@@ -1749,7 +1749,7 @@ This user right determines which user accounts can modify the integrity label of
 <!-- ProfileSingleProcess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ProfileSingleProcess-Applicability-End -->
 
 <!-- ProfileSingleProcess-OmaUri-Begin -->
@@ -1798,7 +1798,7 @@ This user right determines which users can use performance monitoring tools to m
 <!-- ProfileSystemPerformance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ProfileSystemPerformance-Applicability-End -->
 
 <!-- ProfileSystemPerformance-OmaUri-Begin -->
@@ -1847,7 +1847,7 @@ This security setting determines which users can use performance monitoring tool
 <!-- RemoteShutdown-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- RemoteShutdown-Applicability-End -->
 
 <!-- RemoteShutdown-OmaUri-Begin -->
@@ -1896,7 +1896,7 @@ This user right determines which users are allowed to shut down a computer from
 <!-- ReplaceProcessLevelToken-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ReplaceProcessLevelToken-Applicability-End -->
 
 <!-- ReplaceProcessLevelToken-OmaUri-Begin -->
@@ -1945,7 +1945,7 @@ This security setting determines which user accounts can call the CreateProcessA
 <!-- RestoreFilesAndDirectories-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- RestoreFilesAndDirectories-Applicability-End -->
 
 <!-- RestoreFilesAndDirectories-OmaUri-Begin -->
@@ -1997,7 +1997,7 @@ This user right determines which users can bypass file, directory, registry, and
 <!-- ShutDownTheSystem-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ShutDownTheSystem-Applicability-End -->
 
 <!-- ShutDownTheSystem-OmaUri-Begin -->
@@ -2046,7 +2046,7 @@ This security setting determines which users who are logged-on locally to the co
 <!-- TakeOwnership-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TakeOwnership-Applicability-End -->
 
 <!-- TakeOwnership-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index fe7a0912dd..5c2fd4615b 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -4,7 +4,7 @@ description: Learn more about the VirtualizationBasedTechnology Area in Policy C
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- HypervisorEnforcedCodeIntegrity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- HypervisorEnforcedCodeIntegrity-Applicability-End -->
 
 <!-- HypervisorEnforcedCodeIntegrity-OmaUri-Begin -->
@@ -90,7 +90,7 @@ Hypervisor-Protected Code Integrity: 0 - Turns off Hypervisor-Protected Code Int
 <!-- RequireUEFIMemoryAttributesTable-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- RequireUEFIMemoryAttributesTable-Applicability-End -->
 
 <!-- RequireUEFIMemoryAttributesTable-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-webthreatdefense.md b/windows/client-management/mdm/policy-csp-webthreatdefense.md
index 6d04befd16..a5834287ac 100644
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@@ -4,7 +4,7 @@ description: Learn more about the WebThreatDefense Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/30/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- AutomaticDataCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AutomaticDataCollection-Applicability-End -->
 
 <!-- AutomaticDataCollection-OmaUri-Begin -->
@@ -40,8 +40,14 @@ ms.topic: reference
 <!-- AutomaticDataCollection-OmaUri-End -->
 
 <!-- AutomaticDataCollection-Description-Begin -->
-<!-- Description-Source-DDF -->
-Automatically collect website or app content when additional analysis is needed to help identify security threats.
+<!-- Description-Source-ADMX -->
+This policy setting determines whether Enhanced Phishing Protection can collect additional information-such as content displayed, sounds played, and application memory-when your users enter their work or school password into a suspicious website or app. This information is used only for security purposes and helps SmartScreen determine whether the website or app is malicious.
+
+- If you enable this policy setting, Enhanced Phishing Protection may automatically collect additional content for security analysis from a suspicious website or app when your users enter their work or school password into that website or app.
+
+- If you disable this policy setting, Enhanced Phishing Protection won't collect additional content for security analysis when your users enter their work or school password into a suspicious site or app.
+
+- If this policy isn't set, Enhanced Phishing Protection automatic data collection will honor the end user's settings.
 <!-- AutomaticDataCollection-Description-End -->
 
 <!-- AutomaticDataCollection-Editable-Begin -->
@@ -73,7 +79,12 @@ Automatically collect website or app content when additional analysis is needed
 | Name | Value |
 |:--|:--|
 | Name | AutomaticDataCollection |
-| Path | WebThreatDefense > AT > WindowsComponents > WebThreatDefense |
+| Friendly Name | Automatic Data Collection |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Defender SmartScreen > Enhanced Phishing Protection |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WTDS\Components |
+| Registry Value Name | CaptureThreatWindow |
+| ADMX File Name | WebThreatDefense.admx |
 <!-- AutomaticDataCollection-GpMapping-End -->
 
 <!-- AutomaticDataCollection-Examples-Begin -->
@@ -88,7 +99,7 @@ Automatically collect website or app content when additional analysis is needed
 <!-- NotifyMalicious-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- NotifyMalicious-Applicability-End -->
 
 <!-- NotifyMalicious-OmaUri-Begin -->
@@ -155,7 +166,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft
 <!-- NotifyPasswordReuse-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- NotifyPasswordReuse-Applicability-End -->
 
 <!-- NotifyPasswordReuse-OmaUri-Begin -->
@@ -222,7 +233,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft
 <!-- NotifyUnsafeApp-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- NotifyUnsafeApp-Applicability-End -->
 
 <!-- NotifyUnsafeApp-OmaUri-Begin -->
@@ -289,7 +300,7 @@ This policy setting determines whether Enhanced Phishing Protection in Microsoft
 <!-- ServiceEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- ServiceEnabled-Applicability-End -->
 
 <!-- ServiceEnabled-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 91b3d31ed2..0eb72b28a0 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -4,7 +4,7 @@ description: Learn more about the Wifi Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAutoConnectToWiFiSenseHotspots-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowAutoConnectToWiFiSenseHotspots-Applicability-End -->
 
 <!-- AllowAutoConnectToWiFiSenseHotspots-OmaUri-Begin -->
@@ -99,7 +99,7 @@ This policy setting determines whether users can enable the following WLAN setti
 <!-- AllowInternetSharing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowInternetSharing-Applicability-End -->
 
 <!-- AllowInternetSharing-OmaUri-Begin -->
@@ -182,7 +182,7 @@ By default, ICS is disabled when you create a remote access connection, but admi
 <!-- AllowManualWiFiConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowManualWiFiConfiguration-Applicability-End -->
 
 <!-- AllowManualWiFiConfiguration-OmaUri-Begin -->
@@ -234,7 +234,7 @@ Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
 <!-- AllowWFAQosManagementDSCPToUPMapping-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- AllowWFAQosManagementDSCPToUPMapping-Applicability-End -->
 
 <!-- AllowWFAQosManagementDSCPToUPMapping-OmaUri-Begin -->
@@ -284,7 +284,7 @@ Allow or disallow the device to use the DSCP to UP Mapping feature from the Wi-F
 <!-- AllowWFAQosManagementMSCS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | <!-- Not-Found --> |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | <!-- Not-Found --> |
 <!-- AllowWFAQosManagementMSCS-Applicability-End -->
 
 <!-- AllowWFAQosManagementMSCS-OmaUri-Begin -->
@@ -333,7 +333,7 @@ Allow or disallow the device to automatically request to enable Mirrored Stream
 <!-- AllowWiFi-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- AllowWiFi-Applicability-End -->
 
 <!-- AllowWiFi-OmaUri-Begin -->
@@ -382,7 +382,7 @@ Allow or disallow WiFi connection.
 <!-- AllowWiFiDirect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowWiFiDirect-Applicability-End -->
 
 <!-- AllowWiFiDirect-OmaUri-Begin -->
@@ -431,7 +431,7 @@ Allow WiFi Direct connection. .
 <!-- WLANScanMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- WLANScanMode-Applicability-End -->
 
 <!-- WLANScanMode-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
new file mode 100644
index 0000000000..5d7b09569f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -0,0 +1,100 @@
+---
+title: WindowsAI Policy CSP
+description: Learn more about the WindowsAI Area in Policy CSP.
+author: vinaypamnani-msft
+manager: aaroncz
+ms.author: vinpa
+ms.date: 08/30/2023
+ms.localizationpriority: medium
+ms.prod: windows-client
+ms.technology: itpro-manage
+ms.topic: reference
+---
+
+<!-- Auto-Generated CSP Document -->
+
+<!-- WindowsAI-Begin -->
+# Policy CSP - WindowsAI
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+<!-- WindowsAI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- WindowsAI-Editable-End -->
+
+<!-- TurnOffWindowsCopilot-Begin -->
+## TurnOffWindowsCopilot
+
+<!-- TurnOffWindowsCopilot-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25929.1000] |
+<!-- TurnOffWindowsCopilot-Applicability-End -->
+
+<!-- TurnOffWindowsCopilot-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/TurnOffWindowsCopilot
+```
+<!-- TurnOffWindowsCopilot-OmaUri-End -->
+
+<!-- TurnOffWindowsCopilot-Description-Begin -->
+<!-- Description-Source-ADMX -->
+This policy setting allows you to turn off Windows Copilot.
+
+- If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either.
+
+- If you disable or don't configure this policy setting, users will be able to use Copilot when it's available to them.
+<!-- TurnOffWindowsCopilot-Description-End -->
+
+<!-- TurnOffWindowsCopilot-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- TurnOffWindowsCopilot-Editable-End -->
+
+<!-- TurnOffWindowsCopilot-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- TurnOffWindowsCopilot-DFProperties-End -->
+
+<!-- TurnOffWindowsCopilot-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enable Copilot. |
+| 1 | Disable Copilot. |
+<!-- TurnOffWindowsCopilot-AllowedValues-End -->
+
+<!-- TurnOffWindowsCopilot-GpMapping-Begin -->
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | TurnOffWindowsCopilot |
+| Friendly Name | Turn off Windows Copilot |
+| Location | User Configuration |
+| Path | Windows Components > Windows Copilot |
+| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot |
+| Registry Value Name | TurnOffWindowsCopilot |
+| ADMX File Name | WindowsCopilot.admx |
+<!-- TurnOffWindowsCopilot-GpMapping-End -->
+
+<!-- TurnOffWindowsCopilot-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- TurnOffWindowsCopilot-Examples-End -->
+
+<!-- TurnOffWindowsCopilot-End -->
+
+<!-- WindowsAI-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- WindowsAI-CspMoreInfo-End -->
+
+<!-- WindowsAI-End -->
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 6836a98ead..6fc277fe8f 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsAutopilot Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- EnableAgilityPostEnrollment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- EnableAgilityPostEnrollment-Applicability-End -->
 
 <!-- EnableAgilityPostEnrollment-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index 0c20a2e6ea..3b1491564f 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsConnectionManager Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Applicability-End -->
 
 <!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 9f244c43bf..44ed4083ba 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsDefenderSecurityCenter Area in Policy C
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- CompanyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- CompanyName-Applicability-End -->
 
 <!-- CompanyName-OmaUri-Begin -->
@@ -91,7 +91,7 @@ Same as Disabled.
 <!-- DisableAccountProtectionUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DisableAccountProtectionUI-Applicability-End -->
 
 <!-- DisableAccountProtectionUI-OmaUri-Begin -->
@@ -166,7 +166,7 @@ Same as Disabled.
 <!-- DisableAppBrowserUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableAppBrowserUI-Applicability-End -->
 
 <!-- DisableAppBrowserUI-OmaUri-Begin -->
@@ -241,7 +241,7 @@ Same as Disabled.
 <!-- DisableClearTpmButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisableClearTpmButton-Applicability-End -->
 
 <!-- DisableClearTpmButton-OmaUri-Begin -->
@@ -316,7 +316,7 @@ Same as Disabled.
 <!-- DisableDeviceSecurityUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- DisableDeviceSecurityUI-Applicability-End -->
 
 <!-- DisableDeviceSecurityUI-OmaUri-Begin -->
@@ -391,7 +391,7 @@ Same as Disabled.
 <!-- DisableEnhancedNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableEnhancedNotifications-Applicability-End -->
 
 <!-- DisableEnhancedNotifications-OmaUri-Begin -->
@@ -468,7 +468,7 @@ Same as Disabled.
 <!-- DisableFamilyUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableFamilyUI-Applicability-End -->
 
 <!-- DisableFamilyUI-OmaUri-Begin -->
@@ -543,7 +543,7 @@ Same as Disabled.
 <!-- DisableHealthUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableHealthUI-Applicability-End -->
 
 <!-- DisableHealthUI-OmaUri-Begin -->
@@ -618,7 +618,7 @@ Same as Disabled.
 <!-- DisableNetworkUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableNetworkUI-Applicability-End -->
 
 <!-- DisableNetworkUI-OmaUri-Begin -->
@@ -693,7 +693,7 @@ Same as Disabled.
 <!-- DisableNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableNotifications-Applicability-End -->
 
 <!-- DisableNotifications-OmaUri-Begin -->
@@ -768,7 +768,7 @@ Same as Disabled.
 <!-- DisableTpmFirmwareUpdateWarning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- DisableTpmFirmwareUpdateWarning-Applicability-End -->
 
 <!-- DisableTpmFirmwareUpdateWarning-OmaUri-Begin -->
@@ -843,7 +843,7 @@ Same as Disabled.
 <!-- DisableVirusUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisableVirusUI-Applicability-End -->
 
 <!-- DisableVirusUI-OmaUri-Begin -->
@@ -918,7 +918,7 @@ Same as Disabled.
 <!-- DisallowExploitProtectionOverride-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- DisallowExploitProtectionOverride-Applicability-End -->
 
 <!-- DisallowExploitProtectionOverride-OmaUri-Begin -->
@@ -993,7 +993,7 @@ Same as Disabled.
 <!-- Email-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Email-Applicability-End -->
 
 <!-- Email-OmaUri-Begin -->
@@ -1060,7 +1060,7 @@ Same as Disabled.
 <!-- EnableCustomizedToasts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- EnableCustomizedToasts-Applicability-End -->
 
 <!-- EnableCustomizedToasts-OmaUri-Begin -->
@@ -1143,7 +1143,7 @@ Same as Disabled.
 <!-- EnableInAppCustomization-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- EnableInAppCustomization-Applicability-End -->
 
 <!-- EnableInAppCustomization-OmaUri-Begin -->
@@ -1224,7 +1224,7 @@ Same as Disabled.
 <!-- HideRansomwareDataRecovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- HideRansomwareDataRecovery-Applicability-End -->
 
 <!-- HideRansomwareDataRecovery-OmaUri-Begin -->
@@ -1299,7 +1299,7 @@ Same as Disabled.
 <!-- HideSecureBoot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- HideSecureBoot-Applicability-End -->
 
 <!-- HideSecureBoot-OmaUri-Begin -->
@@ -1374,7 +1374,7 @@ Same as Disabled.
 <!-- HideTPMTroubleshooting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- HideTPMTroubleshooting-Applicability-End -->
 
 <!-- HideTPMTroubleshooting-OmaUri-Begin -->
@@ -1449,7 +1449,7 @@ Same as Disabled.
 <!-- HideWindowsSecurityNotificationAreaControl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- HideWindowsSecurityNotificationAreaControl-Applicability-End -->
 
 <!-- HideWindowsSecurityNotificationAreaControl-OmaUri-Begin -->
@@ -1526,7 +1526,7 @@ Same as Disabled.
 <!-- Phone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Phone-Applicability-End -->
 
 <!-- Phone-OmaUri-Begin -->
@@ -1593,7 +1593,7 @@ Same as Disabled.
 <!-- URL-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- URL-Applicability-End -->
 
 <!-- URL-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 7f9cb85aff..a2608dd9a9 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsInkWorkspace Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowSuggestedAppsInWindowsInkWorkspace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowSuggestedAppsInWindowsInkWorkspace-Applicability-End -->
 
 <!-- AllowSuggestedAppsInWindowsInkWorkspace-OmaUri-Begin -->
@@ -89,7 +89,7 @@ Allow suggested apps in Windows Ink Workspace.
 <!-- AllowWindowsInkWorkspace-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowWindowsInkWorkspace-Applicability-End -->
 
 <!-- AllowWindowsInkWorkspace-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 544703e41a..6f0c889771 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsLogon Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -30,7 +30,7 @@ ms.topic: reference
 <!-- AllowAutomaticRestartSignOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- AllowAutomaticRestartSignOn-Applicability-End -->
 
 <!-- AllowAutomaticRestartSignOn-OmaUri-Begin -->
@@ -95,7 +95,7 @@ After enabling this policy, you can configure its settings through the ConfigAut
 <!-- ConfigAutomaticRestartSignOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- ConfigAutomaticRestartSignOn-Applicability-End -->
 
 <!-- ConfigAutomaticRestartSignOn-OmaUri-Begin -->
@@ -162,7 +162,7 @@ BitLocker is suspended during updates if:
 <!-- DisableLockScreenAppNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DisableLockScreenAppNotifications-Applicability-End -->
 
 <!-- DisableLockScreenAppNotifications-OmaUri-Begin -->
@@ -221,7 +221,7 @@ This policy setting allows you to prevent app notifications from appearing on th
 <!-- DontDisplayNetworkSelectionUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- DontDisplayNetworkSelectionUI-Applicability-End -->
 
 <!-- DontDisplayNetworkSelectionUI-OmaUri-Begin -->
@@ -306,7 +306,7 @@ Here's an example to enable this policy:
 <!-- EnableFirstLogonAnimation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
 <!-- EnableFirstLogonAnimation-Applicability-End -->
 
 <!-- EnableFirstLogonAnimation-OmaUri-Begin -->
@@ -378,7 +378,7 @@ This policy setting allows you to control whether users see the first sign-in an
 <!-- EnableMPRNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- EnableMPRNotifications-Applicability-End -->
 
 <!-- EnableMPRNotifications-OmaUri-Begin -->
@@ -437,7 +437,7 @@ This policy controls the configuration under which winlogon sends MPR notificati
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-Applicability-End -->
 
 <!-- EnumerateLocalUsersOnDomainJoinedComputers-OmaUri-Begin -->
@@ -496,7 +496,7 @@ This policy setting allows local users to be enumerated on domain-joined compute
 <!-- HideFastUserSwitching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- HideFastUserSwitching-Applicability-End -->
 
 <!-- HideFastUserSwitching-OmaUri-Begin -->
@@ -565,7 +565,7 @@ The locations that Switch User interface appear are in the Logon UI, the Start m
 <!-- OverrideShellProgram-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- OverrideShellProgram-Applicability-End -->
 
 <!-- OverrideShellProgram-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index b885c37d1a..2a3b6be557 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsPowerShell Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -28,7 +28,7 @@ ms.topic: reference
 <!-- TurnOnPowerShellScriptBlockLogging-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- TurnOnPowerShellScriptBlockLogging-Applicability-End -->
 
 <!-- TurnOnPowerShellScriptBlockLogging-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index c8b375b284..49f808e7e0 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsSandbox Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowAudioInput-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowAudioInput-Applicability-End -->
 
 <!-- AllowAudioInput-OmaUri-Begin -->
@@ -91,7 +91,7 @@ Note that there may be security implications of exposing host audio input to the
 <!-- AllowClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowClipboardRedirection-Applicability-End -->
 
 <!-- AllowClipboardRedirection-OmaUri-Begin -->
@@ -154,7 +154,7 @@ This policy setting enables or disables clipboard sharing with the sandbox.
 <!-- AllowNetworking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowNetworking-Applicability-End -->
 
 <!-- AllowNetworking-OmaUri-Begin -->
@@ -219,7 +219,7 @@ Note that enabling networking can expose untrusted applications to the internal
 <!-- AllowPrinterRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowPrinterRedirection-Applicability-End -->
 
 <!-- AllowPrinterRedirection-OmaUri-Begin -->
@@ -282,7 +282,7 @@ This policy setting enables or disables printer sharing from the host into the S
 <!-- AllowVGPU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowVGPU-Applicability-End -->
 
 <!-- AllowVGPU-OmaUri-Begin -->
@@ -347,7 +347,7 @@ Note that enabling virtualized GPU can potentially increase the attack surface o
 <!-- AllowVideoInput-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowVideoInput-Applicability-End -->
 
 <!-- AllowVideoInput-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index c60fc591ad..2d101d6563 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -4,7 +4,7 @@ description: Learn more about the WirelessDisplay Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
 <!-- AllowMdnsAdvertisement-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowMdnsAdvertisement-Applicability-End -->
 
 <!-- AllowMdnsAdvertisement-OmaUri-Begin -->
@@ -75,7 +75,7 @@ This policy setting allows you to turn off the Wireless Display multicast DNS se
 <!-- AllowMdnsDiscovery-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- AllowMdnsDiscovery-Applicability-End -->
 
 <!-- AllowMdnsDiscovery-OmaUri-Begin -->
@@ -124,7 +124,7 @@ This policy setting allows you to turn off discovering the display service adver
 <!-- AllowMovementDetectionOnInfrastructure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowMovementDetectionOnInfrastructure-Applicability-End -->
 
 <!-- AllowMovementDetectionOnInfrastructure-OmaUri-Begin -->
@@ -175,7 +175,7 @@ If you set it to 1, your PC will detect that you have moved and will automatical
 <!-- AllowPCReceiverToBeTCPServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowPCReceiverToBeTCPServer-Applicability-End -->
 
 <!-- AllowPCReceiverToBeTCPServer-OmaUri-Begin -->
@@ -226,7 +226,7 @@ If you set it to 1, your PC may receive the incoming projection as a TCP server.
 <!-- AllowPCSenderToBeTCPClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- AllowPCSenderToBeTCPClient-Applicability-End -->
 
 <!-- AllowPCSenderToBeTCPClient-OmaUri-Begin -->
@@ -277,7 +277,7 @@ If you set it to 1, your PC may start an outgoing projection as a TCP client.
 <!-- AllowProjectionFromPC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowProjectionFromPC-Applicability-End -->
 
 <!-- AllowProjectionFromPC-OmaUri-Begin -->
@@ -328,7 +328,7 @@ If you set it to 1, your PC can discover and project to other devices.
 <!-- AllowProjectionFromPCOverInfrastructure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowProjectionFromPCOverInfrastructure-Applicability-End -->
 
 <!-- AllowProjectionFromPCOverInfrastructure-OmaUri-Begin -->
@@ -379,7 +379,7 @@ If you set it to 1, your PC can discover and project to other devices over infra
 <!-- AllowProjectionToPC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- AllowProjectionToPC-Applicability-End -->
 
 <!-- AllowProjectionToPC-OmaUri-Begin -->
@@ -446,7 +446,7 @@ If you turn it off or don't configure it, your PC is discoverable and can be pro
 <!-- AllowProjectionToPCOverInfrastructure-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- AllowProjectionToPCOverInfrastructure-Applicability-End -->
 
 <!-- AllowProjectionToPCOverInfrastructure-OmaUri-Begin -->
@@ -497,7 +497,7 @@ If you set it to 1, your PC can be discoverable and can be projected to over inf
 <!-- AllowUserInputFromWirelessDisplayReceiver-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- AllowUserInputFromWirelessDisplayReceiver-Applicability-End -->
 
 <!-- AllowUserInputFromWirelessDisplayReceiver-OmaUri-Begin -->
@@ -546,7 +546,7 @@ Setting this policy controls whether or not the wireless display can send input-
 <!-- RequirePinForPairing-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- RequirePinForPairing-Applicability-End -->
 
 <!-- RequirePinForPairing-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/printerprovisioning-csp.md b/windows/client-management/mdm/printerprovisioning-csp.md
index 5ab140e5fc..bea685738c 100644
--- a/windows/client-management/mdm/printerprovisioning-csp.md
+++ b/windows/client-management/mdm/printerprovisioning-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the PrinterProvisioning CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -39,7 +39,7 @@ The following list shows the PrinterProvisioning configuration service provider
 <!-- User-UPPrinterInstalls-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-OmaUri-Begin -->
@@ -78,7 +78,7 @@ This setting will take the action on the specified user account to install or un
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-OmaUri-Begin -->
@@ -118,7 +118,7 @@ Identifies the Universal Print printer, by its Share ID, you wish to install on
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-CloudDeviceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-CloudDeviceID-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-CloudDeviceID-OmaUri-Begin -->
@@ -157,7 +157,7 @@ Identifies the Universal Print printer, by its Printer ID, you wish to install o
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-ErrorCode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-ErrorCode-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-ErrorCode-OmaUri-Begin -->
@@ -196,7 +196,7 @@ HRESULT of the last installation returned code.
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Install-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Install-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Install-OmaUri-Begin -->
@@ -235,7 +235,7 @@ Support async execute. Install Universal Print printer.
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-PrinterSharedName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-PrinterSharedName-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-PrinterSharedName-OmaUri-Begin -->
@@ -274,7 +274,7 @@ Identifies the Universal Print printer, by its Share Name, you wish to install o
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042.1806] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1806] and later <br> ✅ Windows 10, version 21H2 [10.0.19044.1806] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Status-Applicability-End -->
 
 <!-- User-UPPrinterInstalls-{PrinterSharedID}-Status-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/printerprovisioning-ddf-file.md b/windows/client-management/mdm/printerprovisioning-ddf-file.md
index 811b19bdc0..d7306bda75 100644
--- a/windows/client-management/mdm/printerprovisioning-ddf-file.md
+++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the P
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1806, 10.0.19043.1806, 10.0.19042.1806</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index b2fdf60bb4..f289a7e154 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Reboot CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,8 @@ ms.topic: reference
 <!-- Reboot-Begin -->
 # Reboot CSP
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- Reboot-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Reboot configuration service provider is used to configure reboot settings.
@@ -38,7 +40,7 @@ The following list shows the Reboot configuration service provider nodes:
 <!-- Device-RebootNow-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-RebootNow-Applicability-End -->
 
 <!-- Device-RebootNow-OmaUri-Begin -->
@@ -77,7 +79,7 @@ This node executes a reboot of the device. RebootNow triggers a reboot within 5
 <!-- Device-Schedule-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Schedule-Applicability-End -->
 
 <!-- Device-Schedule-OmaUri-Begin -->
@@ -116,7 +118,7 @@ The supported operation is Get.
 <!-- Device-Schedule-DailyRecurrent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Schedule-DailyRecurrent-Applicability-End -->
 
 <!-- Device-Schedule-DailyRecurrent-OmaUri-Begin -->
@@ -155,7 +157,7 @@ Value in ISO8601, time is required. Either setting DailyRecurrent or WeeklyRecur
 <!-- Device-Schedule-Single-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Schedule-Single-Applicability-End -->
 
 <!-- Device-Schedule-Single-OmaUri-Begin -->
@@ -194,7 +196,7 @@ Value in ISO8601, both the date and time are required. A reboot will be schedule
 <!-- Device-Schedule-WeeklyRecurrent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Schedule-WeeklyRecurrent-Applicability-End -->
 
 <!-- Device-Schedule-WeeklyRecurrent-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index 7771d079d3..c7de504eb0 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the R
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -171,8 +171,8 @@ The following XML file contains the device description framework (DDF) for the R
             <MIME />
           </DFType>
           <MSFT:Applicability>
-            <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
-            <MSFT:CspVersion>1.0</MSFT:CspVersion>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
           </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="None">
           </MSFT:AllowedValues>
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 94ada2240d..1b4a1c636d 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the RemoteWipe CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following list shows the RemoteWipe configuration service provider nodes:
 <!-- Device-AutomaticRedeployment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AutomaticRedeployment-Applicability-End -->
 
 <!-- Device-AutomaticRedeployment-OmaUri-Begin -->
@@ -85,7 +85,7 @@ Node for the Autopilot Reset operation.
 <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-Applicability-End -->
 
 <!-- Device-AutomaticRedeployment-doAutomaticRedeployment-OmaUri-Begin -->
@@ -124,7 +124,7 @@ Exec on this node triggers Autopilot Reset operation. This works like PC Reset,
 <!-- Device-AutomaticRedeployment-LastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AutomaticRedeployment-LastError-Applicability-End -->
 
 <!-- Device-AutomaticRedeployment-LastError-OmaUri-Begin -->
@@ -164,7 +164,7 @@ Error value, if any, associated with Automatic Redeployment operation (typically
 <!-- Device-AutomaticRedeployment-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-AutomaticRedeployment-Status-Applicability-End -->
 
 <!-- Device-AutomaticRedeployment-Status-OmaUri-Begin -->
@@ -204,7 +204,7 @@ Status value indicating current state of an Automatic Redeployment operation. 0:
 <!-- Device-doWipe-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-doWipe-Applicability-End -->
 
 <!-- Device-doWipe-OmaUri-Begin -->
@@ -244,7 +244,7 @@ A remote reset is equivalent to running **Reset this PC** > **Remove everything*
 <!-- Device-doWipeCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-doWipeCloud-Applicability-End -->
 
 <!-- Device-doWipeCloud-OmaUri-Begin -->
@@ -283,7 +283,7 @@ Exec on this node will perform a cloud-based remote wipe on the device. The retu
 <!-- Device-doWipeCloudPersistProvisionedData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-doWipeCloudPersistProvisionedData-Applicability-End -->
 
 <!-- Device-doWipeCloudPersistProvisionedData-OmaUri-Begin -->
@@ -322,7 +322,7 @@ Exec on this node will back up provisioning data to a persistent location and pe
 <!-- Device-doWipeCloudPersistUserData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-doWipeCloudPersistUserData-Applicability-End -->
 
 <!-- Device-doWipeCloudPersistUserData-OmaUri-Begin -->
@@ -361,7 +361,7 @@ Exec on this node will perform a cloud-based remote reset on the device and pers
 <!-- Device-doWipePersistProvisionedData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-doWipePersistProvisionedData-Applicability-End -->
 
 <!-- Device-doWipePersistProvisionedData-OmaUri-Begin -->
@@ -401,7 +401,7 @@ Provisioning packages are persisted in `%SystemDrive%\ProgramData\Microsoft\Prov
 <!-- Device-doWipePersistUserData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-doWipePersistUserData-Applicability-End -->
 
 <!-- Device-doWipePersistUserData-OmaUri-Begin -->
@@ -441,7 +441,7 @@ Exec on this node will perform a remote reset on the device and persist user acc
 <!-- Device-doWipeProtected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-doWipeProtected-Applicability-End -->
 
 <!-- Device-doWipeProtected-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index 44ad086f77..67664ef793 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the RootCATrustedCertificates CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -125,7 +125,7 @@ The following list shows the RootCATrustedCertificates configuration service pro
 <!-- Device-CA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-Applicability-End -->
 
 <!-- Device-CA-OmaUri-Begin -->
@@ -164,7 +164,7 @@ Node for CA certificates.
 <!-- Device-CA-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-OmaUri-Begin -->
@@ -204,7 +204,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- Device-CA-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -243,7 +243,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- Device-CA-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -282,7 +282,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- Device-CA-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -321,7 +321,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- Device-CA-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -360,7 +360,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- Device-CA-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -399,7 +399,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- Device-CA-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CA-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-CA-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -438,7 +438,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- Device-OemEsim-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-Applicability-End -->
 
 <!-- Device-OemEsim-OmaUri-Begin -->
@@ -477,7 +477,7 @@ Node for OEM eSIM certificates.
 <!-- Device-OemEsim-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-OmaUri-Begin -->
@@ -517,7 +517,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- Device-OemEsim-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -556,7 +556,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- Device-OemEsim-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -595,7 +595,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- Device-OemEsim-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -634,7 +634,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- Device-OemEsim-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -673,7 +673,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- Device-OemEsim-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -712,7 +712,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- Device-OemEsim-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-OemEsim-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-OemEsim-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -751,7 +751,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- Device-Root-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-Applicability-End -->
 
 <!-- Device-Root-OmaUri-Begin -->
@@ -790,7 +790,7 @@ Defines the certificate store that contains root, or self-signed certificates, i
 <!-- Device-Root-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-OmaUri-Begin -->
@@ -829,7 +829,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- Device-Root-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -869,7 +869,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- Device-Root-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -908,7 +908,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- Device-Root-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -947,7 +947,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- Device-Root-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -986,7 +986,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- Device-Root-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -1025,7 +1025,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- Device-Root-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Root-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-Root-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -1064,7 +1064,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- Device-TrustedPeople-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-Applicability-End -->
 
 <!-- Device-TrustedPeople-OmaUri-Begin -->
@@ -1103,7 +1103,7 @@ Node for trusted people certificates.
 <!-- Device-TrustedPeople-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-OmaUri-Begin -->
@@ -1143,7 +1143,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- Device-TrustedPeople-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -1182,7 +1182,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- Device-TrustedPeople-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -1221,7 +1221,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- Device-TrustedPeople-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -1260,7 +1260,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- Device-TrustedPeople-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -1299,7 +1299,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- Device-TrustedPeople-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -1338,7 +1338,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- Device-TrustedPeople-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPeople-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-TrustedPeople-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -1377,7 +1377,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- Device-TrustedPublisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-Applicability-End -->
 
 <!-- Device-TrustedPublisher-OmaUri-Begin -->
@@ -1416,7 +1416,7 @@ Node for trusted publisher certificates.
 <!-- Device-TrustedPublisher-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-OmaUri-Begin -->
@@ -1456,7 +1456,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- Device-TrustedPublisher-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -1495,7 +1495,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- Device-TrustedPublisher-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -1534,7 +1534,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- Device-TrustedPublisher-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -1573,7 +1573,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- Device-TrustedPublisher-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -1612,7 +1612,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- Device-TrustedPublisher-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -1651,7 +1651,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- Device-TrustedPublisher-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-TrustedPublisher-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-TrustedPublisher-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -1690,7 +1690,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- Device-UntrustedCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-OmaUri-Begin -->
@@ -1729,7 +1729,7 @@ Node for certificates that aren't trusted. IT admin can use this node to immedia
 <!-- Device-UntrustedCertificates-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-OmaUri-Begin -->
@@ -1769,7 +1769,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- Device-UntrustedCertificates-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -1808,7 +1808,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- Device-UntrustedCertificates-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -1847,7 +1847,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- Device-UntrustedCertificates-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -1886,7 +1886,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- Device-UntrustedCertificates-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -1925,7 +1925,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- Device-UntrustedCertificates-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -1964,7 +1964,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- Device-UntrustedCertificates-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-UntrustedCertificates-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- Device-UntrustedCertificates-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -2003,7 +2003,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- User-CA-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-Applicability-End -->
 
 <!-- User-CA-OmaUri-Begin -->
@@ -2042,7 +2042,7 @@ Node for CA certificates.
 <!-- User-CA-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-Applicability-End -->
 
 <!-- User-CA-{CertHash}-OmaUri-Begin -->
@@ -2082,7 +2082,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- User-CA-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- User-CA-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -2121,7 +2121,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- User-CA-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- User-CA-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -2160,7 +2160,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- User-CA-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- User-CA-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -2199,7 +2199,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- User-CA-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- User-CA-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -2238,7 +2238,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- User-CA-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- User-CA-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -2277,7 +2277,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- User-CA-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-CA-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- User-CA-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -2316,7 +2316,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- User-OemEsim-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-Applicability-End -->
 
 <!-- User-OemEsim-OmaUri-Begin -->
@@ -2355,7 +2355,7 @@ Node for OEM eSIM certificates.
 <!-- User-OemEsim-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-OmaUri-Begin -->
@@ -2395,7 +2395,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- User-OemEsim-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -2434,7 +2434,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- User-OemEsim-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -2473,7 +2473,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- User-OemEsim-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -2512,7 +2512,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- User-OemEsim-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -2551,7 +2551,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- User-OemEsim-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -2590,7 +2590,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- User-OemEsim-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-OemEsim-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- User-OemEsim-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -2629,7 +2629,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- User-TrustedPeople-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-Applicability-End -->
 
 <!-- User-TrustedPeople-OmaUri-Begin -->
@@ -2668,7 +2668,7 @@ Node for trusted people certificates.
 <!-- User-TrustedPeople-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-OmaUri-Begin -->
@@ -2708,7 +2708,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- User-TrustedPeople-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -2747,7 +2747,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- User-TrustedPeople-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -2786,7 +2786,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- User-TrustedPeople-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -2825,7 +2825,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- User-TrustedPeople-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -2864,7 +2864,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- User-TrustedPeople-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -2903,7 +2903,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- User-TrustedPeople-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPeople-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- User-TrustedPeople-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -2942,7 +2942,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- User-TrustedPublisher-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-Applicability-End -->
 
 <!-- User-TrustedPublisher-OmaUri-Begin -->
@@ -2981,7 +2981,7 @@ Node for trusted publisher certificates.
 <!-- User-TrustedPublisher-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-OmaUri-Begin -->
@@ -3021,7 +3021,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- User-TrustedPublisher-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -3060,7 +3060,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- User-TrustedPublisher-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -3099,7 +3099,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- User-TrustedPublisher-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -3138,7 +3138,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- User-TrustedPublisher-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -3177,7 +3177,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- User-TrustedPublisher-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -3216,7 +3216,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- User-TrustedPublisher-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-TrustedPublisher-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- User-TrustedPublisher-{CertHash}-ValidTo-OmaUri-Begin -->
@@ -3255,7 +3255,7 @@ Returns the expiration date of the certificate. Supported operation is Get. This
 <!-- User-UntrustedCertificates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-Applicability-End -->
 
 <!-- User-UntrustedCertificates-OmaUri-Begin -->
@@ -3294,7 +3294,7 @@ Node for certificates that aren't trusted. IT admin can use this node to immedia
 <!-- User-UntrustedCertificates-{CertHash}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-OmaUri-Begin -->
@@ -3334,7 +3334,7 @@ Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certifi
 <!-- User-UntrustedCertificates-{CertHash}-EncodedCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-EncodedCertificate-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-EncodedCertificate-OmaUri-Begin -->
@@ -3373,7 +3373,7 @@ Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string v
 <!-- User-UntrustedCertificates-{CertHash}-IssuedBy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-IssuedBy-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-IssuedBy-OmaUri-Begin -->
@@ -3412,7 +3412,7 @@ Returns the name of the certificate issuer. This is equivalent to the Issuer mem
 <!-- User-UntrustedCertificates-{CertHash}-IssuedTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-IssuedTo-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-IssuedTo-OmaUri-Begin -->
@@ -3451,7 +3451,7 @@ Returns the name of the certificate subject. This is equivalent to the Subject m
 <!-- User-UntrustedCertificates-{CertHash}-TemplateName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-TemplateName-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-TemplateName-OmaUri-Begin -->
@@ -3490,7 +3490,7 @@ Returns the certificate template name. Supported operation is Get.
 <!-- User-UntrustedCertificates-{CertHash}-ValidFrom-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-ValidFrom-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-ValidFrom-OmaUri-Begin -->
@@ -3529,7 +3529,7 @@ Returns the starting date of the certificate's validity. Supported operation is
 <!-- User-UntrustedCertificates-{CertHash}-ValidTo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- User-UntrustedCertificates-{CertHash}-ValidTo-Applicability-End -->
 
 <!-- User-UntrustedCertificates-{CertHash}-ValidTo-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index 14712bc288..bf1c7db754 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the R
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -1074,7 +1074,7 @@ The following XML file contains the device description framework (DDF) for the R
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index 6c9fbf4445..ce0d74fe63 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -1,82 +1,171 @@
 ---
 title: SecureAssessment CSP
-description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
-ms.reviewer:
+description: Learn more about the SecureAssessment CSP.
+author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 08/10/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- SecureAssessment-Begin -->
 # SecureAssessment CSP
 
-The table below shows the applicability of Windows:
+<!-- SecureAssessment-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- SecureAssessment-Editable-End -->
 
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+<!-- SecureAssessment-Tree-Begin -->
+The following list shows the SecureAssessment configuration service provider nodes:
 
-The SecureAssessment configuration service provider is used to provide configuration information for the secure assessment browser.
+- ./Vendor/MSFT/SecureAssessment
+  - [AllowScreenMonitoring](#allowscreenmonitoring)
+  - [AllowTextSuggestions](#allowtextsuggestions)
+  - [Assessments](#assessments)
+  - [LaunchURI](#launchuri)
+  - [RequirePrinting](#requireprinting)
+  - [TesterAccount](#testeraccount)
+<!-- SecureAssessment-Tree-End -->
 
-The following example shows the SecureAssessment configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+<!-- Device-AllowScreenMonitoring-Begin -->
+## AllowScreenMonitoring
+
+<!-- Device-AllowScreenMonitoring-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-AllowScreenMonitoring-Applicability-End -->
+
+<!-- Device-AllowScreenMonitoring-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/AllowScreenMonitoring
 ```
-./Vendor/MSFT
-SecureAssessment
-----LaunchURI
-----TesterAccount
-----AllowScreenMonitoring
-----RequirePrinting
-----AllowTextSuggestions
-----Assessments
+<!-- Device-AllowScreenMonitoring-OmaUri-End -->
+
+<!-- Device-AllowScreenMonitoring-Description-Begin -->
+<!-- Description-Source-DDF -->
+Indicates if screen monitoring is allowed by the app.
+<!-- Device-AllowScreenMonitoring-Description-End -->
+
+<!-- Device-AllowScreenMonitoring-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-AllowScreenMonitoring-Editable-End -->
+
+<!-- Device-AllowScreenMonitoring-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 0 |
+<!-- Device-AllowScreenMonitoring-DFProperties-End -->
+
+<!-- Device-AllowScreenMonitoring-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | Screen monitoring is allowed. |
+| 0 (Default) | Screen monitoring isn't allowed. |
+<!-- Device-AllowScreenMonitoring-AllowedValues-End -->
+
+<!-- Device-AllowScreenMonitoring-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-AllowScreenMonitoring-Examples-End -->
+
+<!-- Device-AllowScreenMonitoring-End -->
+
+<!-- Device-AllowTextSuggestions-Begin -->
+## AllowTextSuggestions
+
+<!-- Device-AllowTextSuggestions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-AllowTextSuggestions-Applicability-End -->
+
+<!-- Device-AllowTextSuggestions-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/AllowTextSuggestions
 ```
-<a href="" id="--vendor-msft-secureassessment"></a>**./Vendor/MSFT/SecureAssessment**
-The root node for the SecureAssessment configuration service provider.
+<!-- Device-AllowTextSuggestions-OmaUri-End -->
 
-The supported operation is Get.
+<!-- Device-AllowTextSuggestions-Description-Begin -->
+<!-- Description-Source-DDF -->
+Indicates if keyboard text suggestions are allowed by the app.
+<!-- Device-AllowTextSuggestions-Description-End -->
 
-<a href="" id="launchuri"></a>**LaunchURI**
-URI link to an assessment that's automatically loaded when the secure assessment browser is launched.
+<!-- Device-AllowTextSuggestions-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-AllowTextSuggestions-Editable-End -->
 
-The supported operations are Add, Delete, Get, and Replace.
+<!-- Device-AllowTextSuggestions-DFProperties-Begin -->
+**Description framework properties**:
 
-<a href="" id="testeraccount"></a>**TesterAccount**
-The user name of the test taking account.
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 0 |
+<!-- Device-AllowTextSuggestions-DFProperties-End -->
 
-- To specify a domain account, use domain\\user.
-- To specify an Azure Active Directory account, use username@tenant.com.
-- To specify a local account, use the username.
+<!-- Device-AllowTextSuggestions-AllowedValues-Begin -->
+**Allowed values**:
 
-The supported operations are Add, Delete, Get, and Replace.
+| Value | Description |
+|:--|:--|
+| 1 | Keyboard text suggestions are allowed. |
+| 0 (Default) | Keyboard text suggestions aren't allowed. |
+<!-- Device-AllowTextSuggestions-AllowedValues-End -->
 
-<a href="" id="allowscreenmonitoring"></a>**AllowScreenMonitoring**
-Added in Windows 10, version 1703. Boolean value that indicates whether screen capture is allowed by the app.
+<!-- Device-AllowTextSuggestions-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-AllowTextSuggestions-Examples-End -->
 
-Supported operations are Get and Replace.
+<!-- Device-AllowTextSuggestions-End -->
 
-<a href="" id="requireprinting"></a>**RequirePrinting**
-Added in Windows 10, version 1703. Boolean value that indicates whether printing is allowed by the app.
+<!-- Device-Assessments-Begin -->
+## Assessments
 
-Supported operations are Get and Replace.
+<!-- Device-Assessments-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.521] and later |
+<!-- Device-Assessments-Applicability-End -->
 
-<a href="" id="AllowTextSuggestions"></a>**AllowTextSuggestions**
-Added in Windows 10, version 1703. Boolean value that indicates whether keyboard text suggestions are allowed by the app.
+<!-- Device-Assessments-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/Assessments
+```
+<!-- Device-Assessments-OmaUri-End -->
 
-Supported operations are Get and Replace.
+<!-- Device-Assessments-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enables support for multiple assessments and for assessment grouping. The structure is specified by an XML.
+<!-- Device-Assessments-Description-End -->
 
-<a href="" id="Assessments"></a>**Assessments**
-Added in Windows 11, version 22H2. Enables support for multiple assessments. When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments.
+<!-- Device-Assessments-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+When configured, users can select from a list of assessments. The node accepts an XML string that represents the list of available assessments.
+<!-- Device-Assessments-Editable-End -->
 
-Supported operations are Add, Delete, Get and Replace.
+<!-- Device-Assessments-DFProperties-Begin -->
+**Description framework properties**:
 
-XML schema
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Device-Assessments-DFProperties-End -->
+
+<!-- Device-Assessments-AllowedValues-Begin -->
+**Allowed values**:
 
 ```xml
 <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
@@ -89,8 +178,8 @@ XML schema
               <xs:element name="Assessment" maxOccurs="unbounded" minOccurs="0">
                 <xs:complexType>
                   <xs:sequence>
-                    <xs:element type="xs:string" name="TestName"/>
-                    <xs:element type="xs:string" name="TestUri"/>
+                    <xs:element type="xs:string" name="TestName" />
+                    <xs:element type="xs:string" name="TestUri" />
                   </xs:sequence>
                 </xs:complexType>
               </xs:element>
@@ -102,8 +191,12 @@ XML schema
   </xs:element>
 </xs:schema>
 ```
+<!-- Device-Assessments-AllowedValues-End -->
+
+<!-- Device-Assessments-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+**Example**:
 
-Example:
 ```xml
 <?xml version="1.0" encoding="utf-16"?>
 <AssessmentsRoot xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -124,12 +217,144 @@ Example:
     </Assessments>
 </AssessmentsRoot>
 ```
+<!-- Device-Assessments-Examples-End -->
 
-## Related topics
+<!-- Device-Assessments-End -->
 
-[Set up Take a Test](/education/windows/take-a-test-multiple-pcs)
+<!-- Device-LaunchURI-Begin -->
+## LaunchURI
 
-[Configuration service provider reference](index.yml)
+<!-- Device-LaunchURI-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-LaunchURI-Applicability-End -->
 
+<!-- Device-LaunchURI-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/LaunchURI
+```
+<!-- Device-LaunchURI-OmaUri-End -->
 
+<!-- Device-LaunchURI-Description-Begin -->
+<!-- Description-Source-DDF -->
+Link to an assessment that's automatically loaded when the Secure Assessment Browser is launched.
+<!-- Device-LaunchURI-Description-End -->
 
+<!-- Device-LaunchURI-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-LaunchURI-Editable-End -->
+
+<!-- Device-LaunchURI-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Regular Expression: `System.Xml.XmlElement` |
+<!-- Device-LaunchURI-DFProperties-End -->
+
+<!-- Device-LaunchURI-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-LaunchURI-Examples-End -->
+
+<!-- Device-LaunchURI-End -->
+
+<!-- Device-RequirePrinting-Begin -->
+## RequirePrinting
+
+<!-- Device-RequirePrinting-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-RequirePrinting-Applicability-End -->
+
+<!-- Device-RequirePrinting-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/RequirePrinting
+```
+<!-- Device-RequirePrinting-OmaUri-End -->
+
+<!-- Device-RequirePrinting-Description-Begin -->
+<!-- Description-Source-DDF -->
+Indicates if printing is required by the app.
+<!-- Device-RequirePrinting-Description-End -->
+
+<!-- Device-RequirePrinting-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-RequirePrinting-Editable-End -->
+
+<!-- Device-RequirePrinting-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Get, Replace |
+| Default Value  | 1 |
+<!-- Device-RequirePrinting-DFProperties-End -->
+
+<!-- Device-RequirePrinting-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 (Default) | Printing is allowed. |
+| 0 | Printing isn't allowed. |
+<!-- Device-RequirePrinting-AllowedValues-End -->
+
+<!-- Device-RequirePrinting-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-RequirePrinting-Examples-End -->
+
+<!-- Device-RequirePrinting-End -->
+
+<!-- Device-TesterAccount-Begin -->
+## TesterAccount
+
+<!-- Device-TesterAccount-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
+<!-- Device-TesterAccount-Applicability-End -->
+
+<!-- Device-TesterAccount-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SecureAssessment/TesterAccount
+```
+<!-- Device-TesterAccount-OmaUri-End -->
+
+<!-- Device-TesterAccount-Description-Begin -->
+<!-- Description-Source-DDF -->
+The user name of the test taking account. To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.
+<!-- Device-TesterAccount-Description-End -->
+
+<!-- Device-TesterAccount-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-TesterAccount-Editable-End -->
+
+<!-- Device-TesterAccount-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Device-TesterAccount-DFProperties-End -->
+
+<!-- Device-TesterAccount-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-TesterAccount-Examples-End -->
+
+<!-- Device-TesterAccount-End -->
+
+<!-- SecureAssessment-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- SecureAssessment-CspMoreInfo-End -->
+
+<!-- SecureAssessment-End -->
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 57f576724e..b7e824c5f7 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -1,188 +1,278 @@
 ---
 title: SecureAssessment DDF file
-description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
-ms.reviewer:
+description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
+author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: reference
+ms.date: 07/06/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 12/05/2017
+ms.topic: reference
 ---
 
+<!-- Auto-Generated CSP Document -->
+
 # SecureAssessment DDF file
 
-This topic shows the OMA DM device description framework (DDF) for the **SecureAssessment** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
-
-The XML below is the current version for this CSP.
+The following XML file contains the device description framework (DDF) for the SecureAssessment configuration service provider.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
-  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
-  [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
   <VerDTD>1.2</VerDTD>
-      <Node>
-        <NodeName>SecureAssessment</NodeName>
-        <Path>./Vendor/MSFT</Path>
-        <DFProperties>
-          <AccessType>
-            <Get />
-          </AccessType>
-          <Description>Settings related to the configuration of the Secure Assessment Browser.</Description>
-          <DFFormat>
-            <node />
-          </DFFormat>
-          <Occurrence>
-            <One />
-          </Occurrence>
-          <Scope>
-            <Permanent />
-          </Scope>
-          <DFType>
-            <MIME>com.microsoft/1.1/MDM/SecureAssessment</MIME>
-          </DFType>
-        </DFProperties>
-        <Node>
-          <NodeName>LaunchURI</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Add />
-              <Delete />
-              <Get />
-              <Replace />
-            </AccessType>
-            <Description>Link to an assessment that's automatically loaded when the Secure Assessment Browser is launched.</Description>
-            <DFFormat>
-              <chr />
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <CaseSense>
-              <CIS />
-            </CaseSense>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>TesterAccount</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-              <Add />
-              <Delete />
-              <Replace />
-            </AccessType>
-            <Description>The user name of the test taking account.  To specify a domain account, use domain\user. To specify an Azure Active Directory account, use username@tenant.com. To specify a local account, use the username.</Description>
-            <DFFormat>
-              <chr />
-            </DFFormat>
-            <Occurrence>
-              <ZeroOrOne />
-            </Occurrence>
-            <Scope>
-              <Dynamic />
-            </Scope>
-            <CaseSense>
-              <CIS />
-            </CaseSense>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowScreenMonitoring</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-              <Replace />
-            </AccessType>
-            <DefaultValue>false</DefaultValue>
-            <Description>Indicates if screen monitoring is allowed by the app.</Description>
-            <DFFormat>
-              <bool />
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <CaseSense>
-              <CIS />
-            </CaseSense>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>RequirePrinting</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-              <Replace />
-            </AccessType>
-            <DefaultValue>false</DefaultValue>
-            <Description>Indicates if printing is required by the app.</Description>
-            <DFFormat>
-              <bool />
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <CaseSense>
-              <CIS />
-            </CaseSense>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-        <Node>
-          <NodeName>AllowTextSuggestions</NodeName>
-          <DFProperties>
-            <AccessType>
-              <Get />
-              <Replace />
-            </AccessType>
-            <DefaultValue>false</DefaultValue>
-            <Description>Indicates if keyboard text suggestions are allowed by the app.</Description>
-            <DFFormat>
-              <bool />
-            </DFFormat>
-            <Occurrence>
-              <One />
-            </Occurrence>
-            <Scope>
-              <Permanent />
-            </Scope>
-            <CaseSense>
-              <CIS />
-            </CaseSense>
-            <DFType>
-              <MIME>text/plain</MIME>
-            </DFType>
-          </DFProperties>
-        </Node>
-      </Node>
+  <MSFT:Diagnostics>
+  </MSFT:Diagnostics>
+  <Node>
+    <NodeName>SecureAssessment</NodeName>
+    <Path>./Vendor/MSFT</Path>
+    <DFProperties>
+      <AccessType>
+        <Get />
+      </AccessType>
+      <Description>Settings related to the configuration of the Secure Assessment Browser.</Description>
+      <DFFormat>
+        <node />
+      </DFFormat>
+      <Occurrence>
+        <One />
+      </Occurrence>
+      <Scope>
+        <Permanent />
+      </Scope>
+      <DFType>
+        <MIME />
+      </DFType>
+      <MSFT:Applicability>
+        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
+        <MSFT:CspVersion>1.0</MSFT:CspVersion>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+      </MSFT:Applicability>
+    </DFProperties>
+    <Node>
+      <NodeName>LaunchURI</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <Description>Link to an assessment that's automatically loaded when the Secure Assessment Browser is launched.</Description>
+        <DFFormat>
+          <chr />
+        </DFFormat>
+        <Occurrence>
+          <ZeroOrOne />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <MSFT:AllowedValues ValueType="RegEx">
+          <MSFT:Value><![CDATA[/^https?:\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/]]></MSFT:Value>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>TesterAccount</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <Description>The user name of the test taking account.  To specify a domain account, use domain\user. To specify an AAD account, use username@tenant.com. To specify a local account, use the username.</Description>
+        <DFFormat>
+          <chr />
+        </DFFormat>
+        <Occurrence>
+          <ZeroOrOne />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <MSFT:AllowedValues ValueType="None">
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>AllowScreenMonitoring</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>0</DefaultValue>
+        <Description>Indicates if screen monitoring is allowed by the app.</Description>
+        <DFFormat>
+          <int />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>Screen monitoring is allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Screen monitoring is not allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>RequirePrinting</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>1</DefaultValue>
+        <Description>Indicates if printing is required by the app.</Description>
+        <DFFormat>
+          <int />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>Printing is allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Printing is not allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>AllowTextSuggestions</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+          <Replace />
+        </AccessType>
+        <DefaultValue>0</DefaultValue>
+        <Description>Indicates if keyboard text suggestions are allowed by the app.</Description>
+        <DFFormat>
+          <int />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <CaseSense>
+          <CIS />
+        </CaseSense>
+        <MSFT:AllowedValues ValueType="ENUM">
+          <MSFT:Enum>
+            <MSFT:Value>1</MSFT:Value>
+            <MSFT:ValueDescription>Keyboard text suggestions are allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+          <MSFT:Enum>
+            <MSFT:Value>0</MSFT:Value>
+            <MSFT:ValueDescription>Keyboard text suggestions are not allowed</MSFT:ValueDescription>
+          </MSFT:Enum>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+    <Node>
+      <NodeName>Assessments</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Add />
+          <Delete />
+          <Get />
+          <Replace />
+        </AccessType>
+        <Description>Enables support for multiple assessments and for assessment grouping. The structure is specified by an XML.</Description>
+        <DFFormat>
+          <chr />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Dynamic />
+        </Scope>
+        <DFType>
+          <MIME />
+        </DFType>
+        <MSFT:Applicability>
+          <MSFT:OsBuildVersion>10.0.22621.521</MSFT:OsBuildVersion>
+        </MSFT:Applicability>
+        <MSFT:AllowedValues ValueType="XSD">
+          <MSFT:Value><![CDATA[
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <xs:element name="AssessmentsRoot">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="Assessments">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="Assessment" maxOccurs="unbounded" minOccurs="0">
+                <xs:complexType>
+                  <xs:sequence>
+                    <xs:element type="xs:string" name="TestName"/>
+                    <xs:element type="xs:string" name="TestUri"/>
+                  </xs:sequence>
+                </xs:complexType>
+              </xs:element>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>]]></MSFT:Value>
+        </MSFT:AllowedValues>
+      </DFProperties>
+    </Node>
+  </Node>
 </MgmtTree>
 ```
 
-## Related topics
+## Related articles
 
-[SecureAssessment CSP](secureassessment-csp.md)
+[SecureAssessment configuration service provider reference](secureassessment-csp.md)
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index efb7d39fed..f2446290ae 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the SharedPC CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -51,7 +51,7 @@ The following list shows the SharedPC configuration service provider nodes:
 <!-- Device-AccountModel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-AccountModel-Applicability-End -->
 
 <!-- Device-AccountModel-OmaUri-Begin -->
@@ -101,7 +101,7 @@ Configures which type of accounts are allowed to use the PC. Allowed values: 0 (
 <!-- Device-DeletionPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-DeletionPolicy-Applicability-End -->
 
 <!-- Device-DeletionPolicy-OmaUri-Begin -->
@@ -151,7 +151,7 @@ Configures when accounts will be deleted. Allowed values: 0 (delete immediately)
 <!-- Device-DiskLevelCaching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-DiskLevelCaching-Applicability-End -->
 
 <!-- Device-DiskLevelCaching-OmaUri-Begin -->
@@ -192,7 +192,7 @@ Stop deleting accounts when available disk space reaches this threshold, given a
 <!-- Device-DiskLevelDeletion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-DiskLevelDeletion-Applicability-End -->
 
 <!-- Device-DiskLevelDeletion-OmaUri-Begin -->
@@ -234,7 +234,7 @@ For example, if the DiskLevelCaching is set to 50 and the DiskLevelDeletion is s
 <!-- Device-EnableAccountManager-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-EnableAccountManager-Applicability-End -->
 
 <!-- Device-EnableAccountManager-OmaUri-Begin -->
@@ -283,7 +283,7 @@ Enable the account manager for shared PC mode. If used, this value must be set b
 <!-- Device-EnableSharedPCMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-EnableSharedPCMode-Applicability-End -->
 
 <!-- Device-EnableSharedPCMode-OmaUri-Begin -->
@@ -332,7 +332,7 @@ Setting this node to "true" triggers the action to configure a device to Shared
 <!-- Device-EnableSharedPCModeWithOneDriveSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-EnableSharedPCModeWithOneDriveSync-Applicability-End -->
 
 <!-- Device-EnableSharedPCModeWithOneDriveSync-OmaUri-Begin -->
@@ -381,7 +381,7 @@ Setting this node to "1" triggers the action to configure a device to Shared PC
 <!-- Device-EnableWindowsInsiderPreviewFlighting-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-EnableWindowsInsiderPreviewFlighting-Applicability-End -->
 
 <!-- Device-EnableWindowsInsiderPreviewFlighting-OmaUri-Begin -->
@@ -430,7 +430,7 @@ Setting this node to "1" enables Windows Insider Preview flighting and the abili
 <!-- Device-InactiveThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-InactiveThreshold-Applicability-End -->
 
 <!-- Device-InactiveThreshold-OmaUri-Begin -->
@@ -471,7 +471,7 @@ Accounts will start being deleted when they haven't been logged-on during the sp
 <!-- Device-KioskModeAUMID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-KioskModeAUMID-Applicability-End -->
 
 <!-- Device-KioskModeAUMID-OmaUri-Begin -->
@@ -510,7 +510,7 @@ Specifies the AUMID of the app to use with assigned access. If used, this value
 <!-- Device-KioskModeUserTileDisplayText-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-KioskModeUserTileDisplayText-Applicability-End -->
 
 <!-- Device-KioskModeUserTileDisplayText-OmaUri-Begin -->
@@ -549,7 +549,7 @@ Specifies the display text for the account shown on the sign-in screen which lau
 <!-- Device-MaintenanceStartTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-MaintenanceStartTime-Applicability-End -->
 
 <!-- Device-MaintenanceStartTime-OmaUri-Begin -->
@@ -590,7 +590,7 @@ Daily start time of maintenance hour. Given in minutes from midnight. Default is
 <!-- Device-MaxPageFileSizeMB-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-MaxPageFileSizeMB-Applicability-End -->
 
 <!-- Device-MaxPageFileSizeMB-OmaUri-Begin -->
@@ -631,7 +631,7 @@ Maximum size of the paging file in MB. Applies only to systems with less than 32
 <!-- Device-RestrictLocalStorage-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-RestrictLocalStorage-Applicability-End -->
 
 <!-- Device-RestrictLocalStorage-OmaUri-Begin -->
@@ -680,7 +680,7 @@ Restricts the user from using local storage. This node is optional. If used, thi
 <!-- Device-SetEduPolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-SetEduPolicies-Applicability-End -->
 
 <!-- Device-SetEduPolicies-OmaUri-Begin -->
@@ -730,7 +730,7 @@ A boolean value that specifies whether the policies for education environment ar
 <!-- Device-SetPowerPolicies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-SetPowerPolicies-Applicability-End -->
 
 <!-- Device-SetPowerPolicies-OmaUri-Begin -->
@@ -780,7 +780,7 @@ The default value is Not Configured and the effective power settings are determi
 <!-- Device-SignInOnResume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-SignInOnResume-Applicability-End -->
 
 <!-- Device-SignInOnResume-OmaUri-Begin -->
@@ -829,7 +829,7 @@ Require signing in on waking up from sleep. If used, this value must be set befo
 <!-- Device-SleepTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-SleepTimeout-Applicability-End -->
 
 <!-- Device-SleepTimeout-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 0fc3249c8c..d04d885895 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the S
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 26ba1214aa..90fb91e0bd 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the SUPL CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -89,7 +89,7 @@ The following list shows the SUPL configuration service provider nodes:
 <!-- Device-SUPL1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Applicability-End -->
 
 <!-- Device-SUPL1-OmaUri-Begin -->
@@ -128,7 +128,7 @@ Required for SUPL. Defines the account for the SUPL Enabled Terminal (SET) node.
 <!-- Device-SUPL1-Addr-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Addr-Applicability-End -->
 
 <!-- Device-SUPL1-Addr-OmaUri-Begin -->
@@ -170,7 +170,7 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a
 <!-- Device-SUPL1-AppID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-AppID-Applicability-End -->
 
 <!-- Device-SUPL1-AppID-OmaUri-Begin -->
@@ -209,7 +209,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on
 <!-- Device-SUPL1-Ext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-OmaUri-Begin -->
@@ -247,7 +247,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on
 <!-- Device-SUPL1-Ext-Microsoft-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-OmaUri-Begin -->
@@ -285,7 +285,7 @@ Required. The AppID for SUPL is automatically set to "ap0004". This is a read-on
 <!-- Device-SUPL1-Ext-Microsoft-FullVersion-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-SUPL1-Ext-Microsoft-FullVersion-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-FullVersion-OmaUri-Begin -->
@@ -326,7 +326,7 @@ Optional. Determines the full version (X. Y. Z where X, Y and Z are major versio
 <!-- Device-SUPL1-Ext-Microsoft-HighAccPositioningMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-HighAccPositioningMethod-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-HighAccPositioningMethod-OmaUri-Begin -->
@@ -381,7 +381,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob
 <!-- Device-SUPL1-Ext-Microsoft-LocMasterSwitchDependencyNII-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-LocMasterSwitchDependencyNII-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-LocMasterSwitchDependencyNII-OmaUri-Begin -->
@@ -449,7 +449,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor
 <!-- Device-SUPL1-Ext-Microsoft-MCCMNCPairs-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-MCCMNCPairs-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-MCCMNCPairs-OmaUri-Begin -->
@@ -491,7 +491,7 @@ For OMA DM, if the format for this node is incorrect then an entry will be ignor
 <!-- Device-SUPL1-Ext-Microsoft-NIDefaultTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-NIDefaultTimeout-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-NIDefaultTimeout-OmaUri-Begin -->
@@ -531,7 +531,7 @@ Optional. Time in seconds that the network-initiated location request is display
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-OmaUri-Begin -->
@@ -570,7 +570,7 @@ Required. Specifies the root certificate for the H-SLP server. Windows doesn't s
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Data-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Data-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Data-OmaUri-Begin -->
@@ -609,7 +609,7 @@ The base 64 encoded blob of the H-SLP root certificate.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Name-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate-Name-OmaUri-Begin -->
@@ -648,7 +648,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-OmaUri-Begin -->
@@ -687,7 +687,7 @@ Specifies the root certificate for the H-SLP server.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Data-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Data-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Data-OmaUri-Begin -->
@@ -726,7 +726,7 @@ The base 64 encoded blob of the H-SLP root certificate.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Name-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate2-Name-OmaUri-Begin -->
@@ -765,7 +765,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-OmaUri-Begin -->
@@ -804,7 +804,7 @@ Specifies the root certificate for the H-SLP server.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Data-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Data-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Data-OmaUri-Begin -->
@@ -843,7 +843,7 @@ The base 64 encoded blob of the H-SLP root certificate.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Name-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate3-Name-OmaUri-Begin -->
@@ -882,7 +882,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-OmaUri-Begin -->
@@ -921,7 +921,7 @@ Specifies the root certificate for the H-SLP server.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Data-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Data-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Data-OmaUri-Begin -->
@@ -960,7 +960,7 @@ The base 64 encoded blob of the H-SLP root certificate.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Name-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate4-Name-OmaUri-Begin -->
@@ -999,7 +999,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-OmaUri-Begin -->
@@ -1038,7 +1038,7 @@ Specifies the root certificate for the H-SLP server.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Data-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Data-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Data-OmaUri-Begin -->
@@ -1077,7 +1077,7 @@ The base 64 encoded blob of the H-SLP root certificate.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Name-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate5-Name-OmaUri-Begin -->
@@ -1116,7 +1116,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-OmaUri-Begin -->
@@ -1155,7 +1155,7 @@ Specifies the root certificate for the H-SLP server.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Data-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Data-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Data-OmaUri-Begin -->
@@ -1194,7 +1194,7 @@ The base 64 encoded blob of the H-SLP root certificate.
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Name-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-RootCertificate6-Name-OmaUri-Begin -->
@@ -1233,7 +1233,7 @@ Specifies the name of the H-SLP root certificate as a string, in the format name
 <!-- Device-SUPL1-Ext-Microsoft-ServerAccessInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-ServerAccessInterval-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-ServerAccessInterval-OmaUri-Begin -->
@@ -1273,7 +1273,7 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil
 <!-- Device-SUPL1-Ext-Microsoft-Version-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-SUPL1-Ext-Microsoft-Version-Applicability-End -->
 
 <!-- Device-SUPL1-Ext-Microsoft-Version-OmaUri-Begin -->
@@ -1314,7 +1314,7 @@ Optional. Determines the major version of the SUPL protocol to use. For SUPL 1.0
 <!-- Device-V2UPL1-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-Applicability-End -->
 
 <!-- Device-V2UPL1-OmaUri-Begin -->
@@ -1353,7 +1353,7 @@ Required for V2 UPL for CDMA. Specifies the account settings for user plane loca
 <!-- Device-V2UPL1-ApplicationTypeIndicator_MR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-ApplicationTypeIndicator_MR-Applicability-End -->
 
 <!-- Device-V2UPL1-ApplicationTypeIndicator_MR-OmaUri-Begin -->
@@ -1392,7 +1392,7 @@ Required. This value must always be set to 00000011.
 <!-- Device-V2UPL1-LocMasterSwitchDependencyNII-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-LocMasterSwitchDependencyNII-Applicability-End -->
 
 <!-- Device-V2UPL1-LocMasterSwitchDependencyNII-OmaUri-Begin -->
@@ -1441,7 +1441,7 @@ Optional. Boolean. Specifies whether the location toggle on the location screen
 <!-- Device-V2UPL1-MPC-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-MPC-Applicability-End -->
 
 <!-- Device-V2UPL1-MPC-OmaUri-Begin -->
@@ -1480,7 +1480,7 @@ Optional. The address of the mobile positioning center (MPC), in the format ipAd
 <!-- Device-V2UPL1-NIDefaultTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-NIDefaultTimeout-Applicability-End -->
 
 <!-- Device-V2UPL1-NIDefaultTimeout-OmaUri-Begin -->
@@ -1520,7 +1520,7 @@ Optional. Time in seconds that the network-initiated location request is display
 <!-- Device-V2UPL1-PDE-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-PDE-Applicability-End -->
 
 <!-- Device-V2UPL1-PDE-OmaUri-Begin -->
@@ -1559,7 +1559,7 @@ Optional. The address of the Position Determination Entity (PDE), in the format
 <!-- Device-V2UPL1-PositioningMethod_MR-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-PositioningMethod_MR-Applicability-End -->
 
 <!-- Device-V2UPL1-PositioningMethod_MR-OmaUri-Begin -->
@@ -1611,7 +1611,7 @@ Optional. Specifies the positioning method that the SUPL client will use for mob
 <!-- Device-V2UPL1-ServerAccessInterval-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1507 [10.0.10240] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1507 [10.0.10240] and later |
 <!-- Device-V2UPL1-ServerAccessInterval-Applicability-End -->
 
 <!-- Device-V2UPL1-ServerAccessInterval-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index af93e84137..6bb8f708d1 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 03/23/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -49,7 +49,7 @@ The following XML file contains the device description framework (DDF) for the S
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index dece9dcc5a..4c1b79cfc1 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the SurfaceHub CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -75,6 +75,7 @@ The following list shows the SurfaceHub configuration service provider nodes:
   - [Properties](#properties)
     - [AllowAutoProxyAuth](#propertiesallowautoproxyauth)
     - [AllowSessionResume](#propertiesallowsessionresume)
+    - [DefaultAutomaticFraming](#propertiesdefaultautomaticframing)
     - [DefaultVolume](#propertiesdefaultvolume)
     - [DisableSigninSuggestions](#propertiesdisablesigninsuggestions)
     - [DoNotShowMyMeetingsAndFiles](#propertiesdonotshowmymeetingsandfiles)
@@ -94,7 +95,7 @@ The following list shows the SurfaceHub configuration service provider nodes:
 <!-- Device-DeviceAccount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-Applicability-End -->
 
 <!-- Device-DeviceAccount-OmaUri-Begin -->
@@ -185,7 +186,7 @@ Node for setting device account information. A device account is a Microsoft Exc
 <!-- Device-DeviceAccount-CalendarSyncEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-CalendarSyncEnabled-Applicability-End -->
 
 <!-- Device-DeviceAccount-CalendarSyncEnabled-OmaUri-Begin -->
@@ -233,7 +234,7 @@ Specifies whether calendar sync and other Exchange server services is enabled.
 <!-- Device-DeviceAccount-DomainName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-DomainName-Applicability-End -->
 
 <!-- Device-DeviceAccount-DomainName-OmaUri-Begin -->
@@ -272,7 +273,7 @@ Domain of the device account when you are using Active Directory. To use a devic
 <!-- Device-DeviceAccount-Email-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-Email-Applicability-End -->
 
 <!-- Device-DeviceAccount-Email-OmaUri-Begin -->
@@ -311,7 +312,7 @@ Email address of the device account.
 <!-- Device-DeviceAccount-ErrorContext-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-ErrorContext-Applicability-End -->
 
 <!-- Device-DeviceAccount-ErrorContext-OmaUri-Begin -->
@@ -360,7 +361,7 @@ Possible error values:
 <!-- Device-DeviceAccount-ExchangeModernAuthEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.789] and later <br> ✅ Windows 10, version 2009 [10.0.19042.789] and later <br> ✅ Windows Insider Preview [99.9.9999] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.789] and later <br> ✅ Windows 10, version 2009 [10.0.19042.789] and later <br> ✅ Windows Insider Preview [99.9.9999] |
 <!-- Device-DeviceAccount-ExchangeModernAuthEnabled-Applicability-End -->
 
 <!-- Device-DeviceAccount-ExchangeModernAuthEnabled-OmaUri-Begin -->
@@ -409,7 +410,7 @@ Specifies whether Device Account calendar sync will attempt to use token-based M
 <!-- Device-DeviceAccount-ExchangeServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-ExchangeServer-Applicability-End -->
 
 <!-- Device-DeviceAccount-ExchangeServer-OmaUri-Begin -->
@@ -448,7 +449,7 @@ Exchange server of the device account. Normally, the device will try to auto-dis
 <!-- Device-DeviceAccount-Password-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-Password-Applicability-End -->
 
 <!-- Device-DeviceAccount-Password-OmaUri-Begin -->
@@ -487,7 +488,7 @@ Password for the device account. Get is allowed here, but will always return a b
 <!-- Device-DeviceAccount-PasswordRotationEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-PasswordRotationEnabled-Applicability-End -->
 
 <!-- Device-DeviceAccount-PasswordRotationEnabled-OmaUri-Begin -->
@@ -535,7 +536,7 @@ Specifies whether automatic password rotation is enabled. If you enforce a passw
 <!-- Device-DeviceAccount-SipAddress-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-SipAddress-Applicability-End -->
 
 <!-- Device-DeviceAccount-SipAddress-OmaUri-Begin -->
@@ -574,7 +575,7 @@ Session Initiation Protocol (SIP) address of the device account. Normally, the d
 <!-- Device-DeviceAccount-UserName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-UserName-Applicability-End -->
 
 <!-- Device-DeviceAccount-UserName-OmaUri-Begin -->
@@ -613,7 +614,7 @@ Username of the device account when you are using Active Directory. To use a dev
 <!-- Device-DeviceAccount-UserPrincipalName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-UserPrincipalName-Applicability-End -->
 
 <!-- Device-DeviceAccount-UserPrincipalName-OmaUri-Begin -->
@@ -652,7 +653,7 @@ User principal name (UPN) of the device account. To use a device account from Az
 <!-- Device-DeviceAccount-ValidateAndCommit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-DeviceAccount-ValidateAndCommit-Applicability-End -->
 
 <!-- Device-DeviceAccount-ValidateAndCommit-OmaUri-Begin -->
@@ -691,7 +692,7 @@ This method validates the data provided and then commits the changes.
 <!-- Device-Dot3-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Dot3-Applicability-End -->
 
 <!-- Device-Dot3-OmaUri-Begin -->
@@ -730,7 +731,7 @@ Parent node.
 <!-- Device-Dot3-EapUserData-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Dot3-EapUserData-Applicability-End -->
 
 <!-- Device-Dot3-EapUserData-OmaUri-Begin -->
@@ -769,7 +770,7 @@ Used to specify credentials to authenticate device to the network.
 <!-- Device-Dot3-LanProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299.64] and later <br> ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Dot3-LanProfile-Applicability-End -->
 
 <!-- Device-Dot3-LanProfile-OmaUri-Begin -->
@@ -808,7 +809,7 @@ Used to specify credentials to authenticate device to the network.
 <!-- Device-InBoxApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-Applicability-End -->
 
 <!-- Device-InBoxApps-OmaUri-Begin -->
@@ -847,7 +848,7 @@ Node for the in-box app settings.
 <!-- Device-InBoxApps-Connect-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-Connect-Applicability-End -->
 
 <!-- Device-InBoxApps-Connect-OmaUri-Begin -->
@@ -886,7 +887,7 @@ Node for the Connect app.
 <!-- Device-InBoxApps-Connect-AutoLaunch-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-InBoxApps-Connect-AutoLaunch-Applicability-End -->
 
 <!-- Device-InBoxApps-Connect-AutoLaunch-OmaUri-Begin -->
@@ -934,7 +935,7 @@ Specifies whether to automatically launch the Connect app whenever a projection
 <!-- Device-InBoxApps-SkypeForBusiness-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-SkypeForBusiness-Applicability-End -->
 
 <!-- Device-InBoxApps-SkypeForBusiness-OmaUri-Begin -->
@@ -973,7 +974,7 @@ Node for the Skype for Business settings.
 <!-- Device-InBoxApps-SkypeForBusiness-DomainName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-InBoxApps-SkypeForBusiness-DomainName-Applicability-End -->
 
 <!-- Device-InBoxApps-SkypeForBusiness-DomainName-OmaUri-Begin -->
@@ -1012,7 +1013,7 @@ Specifies the domain of the Skype for Business account when you are using Active
 <!-- Device-InBoxApps-Teams-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.450] and later <br> ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.450] and later <br> ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-InBoxApps-Teams-Applicability-End -->
 
 <!-- Device-InBoxApps-Teams-OmaUri-Begin -->
@@ -1051,7 +1052,7 @@ This node controls policies specific to the Teams App on Surface Hub.
 <!-- Device-InBoxApps-Teams-Configurations-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041.450] and later <br> ✅ Windows 10, version 2009 [10.0.19042] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.450] and later <br> ✅ Windows 10, version 2009 [10.0.19042] and later |
 <!-- Device-InBoxApps-Teams-Configurations-Applicability-End -->
 
 <!-- Device-InBoxApps-Teams-Configurations-OmaUri-Begin -->
@@ -1090,7 +1091,7 @@ String to contain Teams policy configs.
 <!-- Device-InBoxApps-Welcome-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-Welcome-Applicability-End -->
 
 <!-- Device-InBoxApps-Welcome-OmaUri-Begin -->
@@ -1129,7 +1130,7 @@ Node for the welcome screen.
 <!-- Device-InBoxApps-Welcome-AutoWakeScreen-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-Welcome-AutoWakeScreen-Applicability-End -->
 
 <!-- Device-InBoxApps-Welcome-AutoWakeScreen-OmaUri-Begin -->
@@ -1177,7 +1178,7 @@ Setting for the screen to wake up and stay on with sensor activity.
 <!-- Device-InBoxApps-Welcome-CurrentBackgroundPath-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-Welcome-CurrentBackgroundPath-Applicability-End -->
 
 <!-- Device-InBoxApps-Welcome-CurrentBackgroundPath-OmaUri-Begin -->
@@ -1216,7 +1217,7 @@ Background image for the welcome screen. To set this, specify an https URL to a
 <!-- Device-InBoxApps-Welcome-MeetingInfoOption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-Welcome-MeetingInfoOption-Applicability-End -->
 
 <!-- Device-InBoxApps-Welcome-MeetingInfoOption-OmaUri-Begin -->
@@ -1264,7 +1265,7 @@ Meeting information displayed on the welcome screen.
 <!-- Device-InBoxApps-Whiteboard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-OmaUri-Begin -->
@@ -1303,7 +1304,7 @@ This node controls policies specific to the Whiteboard App on Surface Hub.
 <!-- Device-InBoxApps-Whiteboard-SharingDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-SharingDisabled-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-SharingDisabled-OmaUri-Begin -->
@@ -1351,7 +1352,7 @@ When enabled, prevents a user from initiating a collaborative session on the dev
 <!-- Device-InBoxApps-Whiteboard-SignInDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-SignInDisabled-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-SignInDisabled-OmaUri-Begin -->
@@ -1400,7 +1401,7 @@ When enabled, prevents a user from Signing into Whiteboard on the device.
 <!-- Device-InBoxApps-Whiteboard-TelemetryDisabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362.449] and later <br> ✅ Windows 10, version 1909 [10.0.18363] and later |
 <!-- Device-InBoxApps-Whiteboard-TelemetryDisabled-Applicability-End -->
 
 <!-- Device-InBoxApps-Whiteboard-TelemetryDisabled-OmaUri-Begin -->
@@ -1449,7 +1450,7 @@ When enabled, prevents Whiteboard from sending telemetry from the device.
 <!-- Device-InBoxApps-WirelessProjection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-WirelessProjection-Applicability-End -->
 
 <!-- Device-InBoxApps-WirelessProjection-OmaUri-Begin -->
@@ -1488,7 +1489,7 @@ Node for the wireless projector app settings.
 <!-- Device-InBoxApps-WirelessProjection-Channel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-WirelessProjection-Channel-Applicability-End -->
 
 <!-- Device-InBoxApps-WirelessProjection-Channel-OmaUri-Begin -->
@@ -1535,7 +1536,7 @@ Outside of regulatory concerns, if the channel is configured incorrectly, the dr
 <!-- Device-InBoxApps-WirelessProjection-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-WirelessProjection-Enabled-Applicability-End -->
 
 <!-- Device-InBoxApps-WirelessProjection-Enabled-OmaUri-Begin -->
@@ -1583,7 +1584,7 @@ Enables wireless projection to the device.
 <!-- Device-InBoxApps-WirelessProjection-PINRequired-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-InBoxApps-WirelessProjection-PINRequired-Applicability-End -->
 
 <!-- Device-InBoxApps-WirelessProjection-PINRequired-OmaUri-Begin -->
@@ -1631,7 +1632,7 @@ Users must enter a PIN to wirelessly project to the device.
 <!-- Device-MaintenanceHoursSimple-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MaintenanceHoursSimple-Applicability-End -->
 
 <!-- Device-MaintenanceHoursSimple-OmaUri-Begin -->
@@ -1670,7 +1671,7 @@ Node for maintenance schedule.
 <!-- Device-MaintenanceHoursSimple-Hours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MaintenanceHoursSimple-Hours-Applicability-End -->
 
 <!-- Device-MaintenanceHoursSimple-Hours-OmaUri-Begin -->
@@ -1709,7 +1710,7 @@ Node for maintenance schedule.
 <!-- Device-MaintenanceHoursSimple-Hours-Duration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MaintenanceHoursSimple-Hours-Duration-Applicability-End -->
 
 <!-- Device-MaintenanceHoursSimple-Hours-Duration-OmaUri-Begin -->
@@ -1749,7 +1750,7 @@ Specifies the duration of maintenance window in minutes. For example, to set a 3
 <!-- Device-MaintenanceHoursSimple-Hours-StartTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MaintenanceHoursSimple-Hours-StartTime-Applicability-End -->
 
 <!-- Device-MaintenanceHoursSimple-Hours-StartTime-OmaUri-Begin -->
@@ -1789,7 +1790,7 @@ Specifies the start time for maintenance hours in minutes from midnight. For exa
 <!-- Device-Management-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Management-Applicability-End -->
 
 <!-- Device-Management-OmaUri-Begin -->
@@ -1828,7 +1829,7 @@ Not a supported scenario.
 <!-- Device-Management-GroupName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Management-GroupName-Applicability-End -->
 
 <!-- Device-Management-GroupName-OmaUri-Begin -->
@@ -1867,7 +1868,7 @@ The name of the domain admin group to add to the administrators group on the dev
 <!-- Device-Management-GroupSid-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Management-GroupSid-Applicability-End -->
 
 <!-- Device-Management-GroupSid-OmaUri-Begin -->
@@ -1878,7 +1879,7 @@ The name of the domain admin group to add to the administrators group on the dev
 
 <!-- Device-Management-GroupSid-Description-Begin -->
 <!-- Description-Source-DDF -->
-The sid of the domain admin group to add to the administrators group on the device.
+The SID of the domain admin group to add to the administrators group on the device.
 <!-- Device-Management-GroupSid-Description-End -->
 
 <!-- Device-Management-GroupSid-Editable-Begin -->
@@ -1906,7 +1907,7 @@ The sid of the domain admin group to add to the administrators group on the devi
 <!-- Device-MOMAgent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MOMAgent-Applicability-End -->
 
 <!-- Device-MOMAgent-OmaUri-Begin -->
@@ -1945,7 +1946,7 @@ Node for the Microsoft Operations Management Suite.
 <!-- Device-MOMAgent-WorkspaceID-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MOMAgent-WorkspaceID-Applicability-End -->
 
 <!-- Device-MOMAgent-WorkspaceID-OmaUri-Begin -->
@@ -1984,7 +1985,7 @@ GUID identifying the Microsoft Operations Management Suite workspace ID to colle
 <!-- Device-MOMAgent-WorkspaceKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-MOMAgent-WorkspaceKey-Applicability-End -->
 
 <!-- Device-MOMAgent-WorkspaceKey-OmaUri-Begin -->
@@ -2023,7 +2024,7 @@ Primary key for authenticating with workspace. Will always return an empty strin
 <!-- Device-Properties-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Properties-Applicability-End -->
 
 <!-- Device-Properties-OmaUri-Begin -->
@@ -2062,7 +2063,7 @@ Node for the device properties.
 <!-- Device-Properties-AllowAutoProxyAuth-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-AllowAutoProxyAuth-Applicability-End -->
 
 <!-- Device-Properties-AllowAutoProxyAuth-OmaUri-Begin -->
@@ -2111,7 +2112,7 @@ Specifies whether to use the device account for proxy authentication. If this se
 <!-- Device-Properties-AllowSessionResume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-AllowSessionResume-Applicability-End -->
 
 <!-- Device-Properties-AllowSessionResume-OmaUri-Begin -->
@@ -2154,13 +2155,62 @@ Specifies whether to allow the ability to resume a session when the session time
 
 <!-- Device-Properties-AllowSessionResume-End -->
 
+<!-- Device-Properties-DefaultAutomaticFraming-Begin -->
+### Properties/DefaultAutomaticFraming
+
+<!-- Device-Properties-DefaultAutomaticFraming-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2009 [10.0.19042] and later |
+<!-- Device-Properties-DefaultAutomaticFraming-Applicability-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-OmaUri-Begin -->
+```Device
+./Vendor/MSFT/SurfaceHub/Properties/DefaultAutomaticFraming
+```
+<!-- Device-Properties-DefaultAutomaticFraming-OmaUri-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-Description-Begin -->
+<!-- Description-Source-DDF -->
+Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled.
+<!-- Device-Properties-DefaultAutomaticFraming-Description-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Properties-DefaultAutomaticFraming-Editable-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Get, Replace |
+| Default Value  | true |
+<!-- Device-Properties-DefaultAutomaticFraming-DFProperties-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false | Disabled. |
+| true (Default) | Enabled. |
+<!-- Device-Properties-DefaultAutomaticFraming-AllowedValues-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Properties-DefaultAutomaticFraming-Examples-End -->
+
+<!-- Device-Properties-DefaultAutomaticFraming-End -->
+
 <!-- Device-Properties-DefaultVolume-Begin -->
 ### Properties/DefaultVolume
 
 <!-- Device-Properties-DefaultVolume-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-DefaultVolume-Applicability-End -->
 
 <!-- Device-Properties-DefaultVolume-OmaUri-Begin -->
@@ -2201,7 +2251,7 @@ Specifies the default volume value for a new session.
 <!-- Device-Properties-DisableSigninSuggestions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-DisableSigninSuggestions-Applicability-End -->
 
 <!-- Device-Properties-DisableSigninSuggestions-OmaUri-Begin -->
@@ -2250,7 +2300,7 @@ Specifies whether to disable auto-populating of the sign-in dialog with invitees
 <!-- Device-Properties-DoNotShowMyMeetingsAndFiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-DoNotShowMyMeetingsAndFiles-Applicability-End -->
 
 <!-- Device-Properties-DoNotShowMyMeetingsAndFiles-OmaUri-Begin -->
@@ -2299,7 +2349,7 @@ Specifies whether to disable the "My meetings and files" feature in the Start me
 <!-- Device-Properties-FriendlyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Properties-FriendlyName-Applicability-End -->
 
 <!-- Device-Properties-FriendlyName-OmaUri-Begin -->
@@ -2338,7 +2388,7 @@ Friendly name of the device. Specifies the name that users see when they want to
 <!-- Device-Properties-ProxyServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Properties-ProxyServers-Applicability-End -->
 
 <!-- Device-Properties-ProxyServers-OmaUri-Begin -->
@@ -2378,7 +2428,7 @@ Specifies hostnames of proxy servers to automatically provide device account cre
 <!-- Device-Properties-ScreenTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-ScreenTimeout-Applicability-End -->
 
 <!-- Device-Properties-ScreenTimeout-OmaUri-Begin -->
@@ -2436,7 +2486,7 @@ Specifies the number of minutes until the Hub screen turns off.
 <!-- Device-Properties-SessionTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-SessionTimeout-Applicability-End -->
 
 <!-- Device-Properties-SessionTimeout-OmaUri-Begin -->
@@ -2494,7 +2544,7 @@ Specifies the number of minutes until the session times out.
 <!-- Device-Properties-SleepMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-SleepMode-Applicability-End -->
 
 <!-- Device-Properties-SleepMode-OmaUri-Begin -->
@@ -2543,7 +2593,7 @@ Specifies the type of sleep mode for the Surface Hub.
 <!-- Device-Properties-SleepTimeout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-SleepTimeout-Applicability-End -->
 
 <!-- Device-Properties-SleepTimeout-OmaUri-Begin -->
@@ -2601,7 +2651,7 @@ Specifies the number of minutes until the Hub enters sleep mode.
 <!-- Device-Properties-SurfaceHubMeetingMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-SurfaceHubMeetingMode-Applicability-End -->
 
 <!-- Device-Properties-SurfaceHubMeetingMode-OmaUri-Begin -->
@@ -2642,7 +2692,7 @@ Teams mode.
 <!-- Device-Properties-VtcAppPackageId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393.969] and later <br> ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-Properties-VtcAppPackageId-Applicability-End -->
 
 <!-- Device-Properties-VtcAppPackageId-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 5437172618..2519ecf5d4 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1362,6 +1362,43 @@ The following XML file contains the device description framework (DDF) for the S
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>DefaultAutomaticFraming</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>true</DefaultValue>
+          <Description>Specifies whether the Surface Hub 2 Smart Camera feature to automatically zoom and keep users centered in the video is enabled.</Description>
+          <DFFormat>
+            <bool />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.19042</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.0</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>false</MSFT:Value>
+              <MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>true</MSFT:Value>
+              <MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>AllowAutoProxyAuth</NodeName>
         <DFProperties>
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index e4247312ed..9125eb9388 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -3,6 +3,8 @@ items:
   href: index.yml
   expanded: true
   items:
+  - name: Contributing to CSP reference
+    href: contribute-csp-reference.md
   - name: Device description framework (DDF) files
     href: configuration-service-provider-ddf.md
   - name: Support scenarios
@@ -382,8 +384,6 @@ items:
           href: policy-csp-cellular.md
         - name: CloudDesktop
           href: policy-csp-clouddesktop.md
-        - name: CloudPC
-          href: policy-csp-cloudpc.md
         - name: Connectivity
           href: policy-csp-connectivity.md
         - name: ControlPolicyConflict
@@ -440,6 +440,8 @@ items:
           href: policy-csp-feeds.md
         - name: FileExplorer
           href: policy-csp-fileexplorer.md
+        - name: FileSystem
+          href: policy-csp-filesystem.md
         - name: Games
           href: policy-csp-games.md
         - name: Handwriting
@@ -554,6 +556,8 @@ items:
           href: policy-csp-webthreatdefense.md
         - name: Wifi
           href: policy-csp-wifi.md
+        - name: WindowsAI
+          href: policy-csp-windowsai.md
         - name: WindowsAutopilot
           href: policy-csp-windowsautopilot.md
         - name: WindowsConnectionManager
@@ -629,6 +633,11 @@ items:
       items:
       - name: ClientCertificateInstall DDF file
         href: clientcertificateinstall-ddf-file.md
+    - name: CloudDesktop
+      href: clouddesktop-csp.md
+      items:
+      - name: CloudDesktop DDF file
+        href: clouddesktop-ddf-file.md
     - name: CM_CellularEntries
       href: cm-cellularentries-csp.md
     - name: CMPolicy
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 1c089a6ce5..99272efc31 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -250,7 +250,7 @@ The following list shows the VPNv2 configuration service provider nodes:
 <!-- Device-{ProfileName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-Applicability-End -->
 
 <!-- Device-{ProfileName}-OmaUri-Begin -->
@@ -292,7 +292,7 @@ Unique alpha numeric identifier for the profile. The profile name mustn't includ
 <!-- Device-{ProfileName}-AlwaysOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AlwaysOn-Applicability-End -->
 
 <!-- Device-{ProfileName}-AlwaysOn-OmaUri-Begin -->
@@ -341,7 +341,7 @@ An optional flag to enable Always On mode. This will automatically connect the V
 <!-- Device-{ProfileName}-AlwaysOnActive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AlwaysOnActive-Applicability-End -->
 
 <!-- Device-{ProfileName}-AlwaysOnActive-OmaUri-Begin -->
@@ -390,7 +390,7 @@ An optional flag to activate Always On mode. This is true by default if AlwaysOn
 <!-- Device-{ProfileName}-APNBinding-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-OmaUri-Begin -->
@@ -429,7 +429,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-APNBinding-AccessPointName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-AccessPointName-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-AccessPointName-OmaUri-Begin -->
@@ -468,7 +468,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-APNBinding-AuthenticationType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-AuthenticationType-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-AuthenticationType-OmaUri-Begin -->
@@ -507,7 +507,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-APNBinding-IsCompressionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-IsCompressionEnabled-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-IsCompressionEnabled-OmaUri-Begin -->
@@ -546,7 +546,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-APNBinding-Password-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-Password-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-Password-OmaUri-Begin -->
@@ -585,7 +585,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-APNBinding-ProviderId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-ProviderId-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-ProviderId-OmaUri-Begin -->
@@ -624,7 +624,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-APNBinding-UserName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-APNBinding-UserName-Applicability-End -->
 
 <!-- Device-{ProfileName}-APNBinding-UserName-OmaUri-Begin -->
@@ -663,7 +663,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-AppTriggerList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AppTriggerList-Applicability-End -->
 
 <!-- Device-{ProfileName}-AppTriggerList-OmaUri-Begin -->
@@ -702,7 +702,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-Applicability-End -->
 
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-OmaUri-Begin -->
@@ -742,7 +742,7 @@ A sequential integer identifier which allows the ability to specify multiple app
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Applicability-End -->
 
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-OmaUri-Begin -->
@@ -781,7 +781,7 @@ App Node under the Row Id.
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Id-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Id-Applicability-End -->
 
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Id-OmaUri-Begin -->
@@ -820,7 +820,7 @@ App Identity. Specified, based on the Type Field.
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Type-Applicability-End -->
 
 <!-- Device-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Type-OmaUri-Begin -->
@@ -859,7 +859,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa
 <!-- Device-{ProfileName}-ByPassForLocal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-ByPassForLocal-Applicability-End -->
 
 <!-- Device-{ProfileName}-ByPassForLocal-OmaUri-Begin -->
@@ -902,7 +902,7 @@ Optional. When this setting is True, requests to local resources that are availa
 <!-- Device-{ProfileName}-DataEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-DataEncryption-Applicability-End -->
 
 <!-- Device-{ProfileName}-DataEncryption-OmaUri-Begin -->
@@ -953,7 +953,7 @@ Determines the level of data encryption required for the connection.
 <!-- Device-{ProfileName}-DeviceCompliance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DeviceCompliance-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-OmaUri-Begin -->
@@ -992,7 +992,7 @@ Nodes under DeviceCompliance can be used to enable AAD based Conditional Access
 <!-- Device-{ProfileName}-DeviceCompliance-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DeviceCompliance-Enabled-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-Enabled-OmaUri-Begin -->
@@ -1040,7 +1040,7 @@ Enables the Device Compliance flow from the client. If marked as True, the VPN C
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-OmaUri-Begin -->
@@ -1079,7 +1079,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Eku-OmaUri-Begin -->
@@ -1118,7 +1118,7 @@ Comma Separated list of EKU's for the VPN Client to look for the correct certifi
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Enabled-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-Enabled-OmaUri-Begin -->
@@ -1166,7 +1166,7 @@ If this field is set to True the VPN Client will look for a separate certificate
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-IssuerHash-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-IssuerHash-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceCompliance-Sso-IssuerHash-OmaUri-Begin -->
@@ -1205,7 +1205,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct
 <!-- Device-{ProfileName}-DeviceTunnel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{ProfileName}-DeviceTunnel-Applicability-End -->
 
 <!-- Device-{ProfileName}-DeviceTunnel-OmaUri-Begin -->
@@ -1262,7 +1262,7 @@ A device tunnel profile must be deleted before another device tunnel profile can
 <!-- Device-{ProfileName}-DisableAdvancedOptionsEditButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-DisableAdvancedOptionsEditButton-Applicability-End -->
 
 <!-- Device-{ProfileName}-DisableAdvancedOptionsEditButton-OmaUri-Begin -->
@@ -1310,7 +1310,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi
 <!-- Device-{ProfileName}-DisableDisconnectButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-DisableDisconnectButton-Applicability-End -->
 
 <!-- Device-{ProfileName}-DisableDisconnectButton-OmaUri-Begin -->
@@ -1358,7 +1358,7 @@ Optional. When this setting is True, the Disconnect button won't be visible for
 <!-- Device-{ProfileName}-DisableIKEv2Fragmentation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-DisableIKEv2Fragmentation-Applicability-End -->
 
 <!-- Device-{ProfileName}-DisableIKEv2Fragmentation-OmaUri-Begin -->
@@ -1407,7 +1407,7 @@ Set to disable IKEv2 Fragmentation.
 <!-- Device-{ProfileName}-DnsSuffix-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DnsSuffix-Applicability-End -->
 
 <!-- Device-{ProfileName}-DnsSuffix-OmaUri-Begin -->
@@ -1446,7 +1446,7 @@ Specifies one or more comma separated DNS suffixes. The first in the list is als
 <!-- Device-{ProfileName}-DomainNameInformationList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-OmaUri-Begin -->
@@ -1487,7 +1487,7 @@ NRPT ([Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-s
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-OmaUri-Begin -->
@@ -1527,7 +1527,7 @@ A sequential integer identifier for the Domain Name information. Sequencing must
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-AutoTrigger-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-AutoTrigger-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-AutoTrigger-OmaUri-Begin -->
@@ -1576,7 +1576,7 @@ Boolean to determine whether this domain name rule will trigger the VPN.
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-OmaUri-Begin -->
@@ -1615,7 +1615,7 @@ Comma Seperated list of IP addresses for the DNS Servers to use for the domain n
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainName-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainName-OmaUri-Begin -->
@@ -1654,7 +1654,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainNameType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainNameType-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainNameType-OmaUri-Begin -->
@@ -1693,7 +1693,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-Persistent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-Persistent-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-Persistent-OmaUri-Begin -->
@@ -1742,7 +1742,7 @@ A boolean value that specifies if the rule being added should persist even when
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-WebProxyServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-WebProxyServers-Applicability-End -->
 
 <!-- Device-{ProfileName}-DomainNameInformationList-{dniRowId}-WebProxyServers-OmaUri-Begin -->
@@ -1781,7 +1781,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
 <!-- Device-{ProfileName}-EdpModeId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-EdpModeId-Applicability-End -->
 
 <!-- Device-{ProfileName}-EdpModeId-OmaUri-Begin -->
@@ -1792,7 +1792,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
 
 <!-- Device-{ProfileName}-EdpModeId-Description-Begin -->
 <!-- Description-Source-DDF -->
-Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 <!-- Device-{ProfileName}-EdpModeId-Description-End -->
 
 <!-- Device-{ProfileName}-EdpModeId-Editable-Begin -->
@@ -1820,7 +1820,7 @@ Enterprise ID, which is required for connecting this VPN profile with an WIP pol
 <!-- Device-{ProfileName}-IPv4InterfaceMetric-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-IPv4InterfaceMetric-Applicability-End -->
 
 <!-- Device-{ProfileName}-IPv4InterfaceMetric-OmaUri-Begin -->
@@ -1860,7 +1860,7 @@ The metric for the IPv4 interface.
 <!-- Device-{ProfileName}-IPv6InterfaceMetric-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-IPv6InterfaceMetric-Applicability-End -->
 
 <!-- Device-{ProfileName}-IPv6InterfaceMetric-OmaUri-Begin -->
@@ -1900,7 +1900,7 @@ The metric for the IPv6 interface.
 <!-- Device-{ProfileName}-NativeProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-OmaUri-Begin -->
@@ -1939,7 +1939,7 @@ Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-OmaUri-Begin -->
@@ -1978,7 +1978,7 @@ Required node for native profile. It contains authentication information for the
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-OmaUri-Begin -->
@@ -2017,7 +2017,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Eku-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Eku-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Eku-OmaUri-Begin -->
@@ -2056,7 +2056,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Issuer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Issuer-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Certificate-Issuer-OmaUri-Begin -->
@@ -2095,7 +2095,7 @@ Reserved for future use.
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-OmaUri-Begin -->
@@ -2134,7 +2134,7 @@ Required when the native profile specifies EAP authentication. EAP configuration
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-OmaUri-Begin -->
@@ -2173,7 +2173,7 @@ HTML encoded XML of the EAP configuration. For more information,see [EAP configu
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Type-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Type-OmaUri-Begin -->
@@ -2215,7 +2215,7 @@ Required node for EAP profiles. This specifies the EAP Type ID
 <!-- Device-{ProfileName}-NativeProfile-Authentication-MachineMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-MachineMethod-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-MachineMethod-OmaUri-Begin -->
@@ -2262,7 +2262,7 @@ This is only supported in IKEv2.
 <!-- Device-{ProfileName}-NativeProfile-Authentication-UserMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Authentication-UserMethod-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-UserMethod-OmaUri-Begin -->
@@ -2310,7 +2310,7 @@ Type of user authentication.
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-OmaUri-Begin -->
@@ -2349,7 +2349,7 @@ Properties of IPSec tunnels.
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-AuthenticationTransformConstants-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-AuthenticationTransformConstants-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-AuthenticationTransformConstants-OmaUri-Begin -->
@@ -2401,7 +2401,7 @@ Type of authentication transform constant.
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-CipherTransformConstants-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-CipherTransformConstants-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-CipherTransformConstants-OmaUri-Begin -->
@@ -2455,7 +2455,7 @@ Type of Cipher transform constant.
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-DHGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-DHGroup-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-DHGroup-OmaUri-Begin -->
@@ -2508,7 +2508,7 @@ Group used for DH (Diffie-Hellman).
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-EncryptionMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-EncryptionMethod-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-EncryptionMethod-OmaUri-Begin -->
@@ -2561,7 +2561,7 @@ Type of encryption method.
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-IntegrityCheckMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-IntegrityCheckMethod-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-IntegrityCheckMethod-OmaUri-Begin -->
@@ -2611,7 +2611,7 @@ Type of integrity check.
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-PfsGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-PfsGroup-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-CryptographySuite-PfsGroup-OmaUri-Begin -->
@@ -2665,7 +2665,7 @@ Group used for PFS (Perfect Forward Secrecy).
 <!-- Device-{ProfileName}-NativeProfile-DisableClassBasedDefaultRoute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-DisableClassBasedDefaultRoute-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-DisableClassBasedDefaultRoute-OmaUri-Begin -->
@@ -2713,7 +2713,7 @@ Specifies the class based default routes. For example, if the interface IP begin
 <!-- Device-{ProfileName}-NativeProfile-L2tpPsk-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-NativeProfile-L2tpPsk-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-L2tpPsk-OmaUri-Begin -->
@@ -2752,7 +2752,7 @@ The preshared key used for an L2TP connection.
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-OmaUri-Begin -->
@@ -2768,8 +2768,10 @@ Required for native profiles. Type of tunneling protocol used.
 
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]
-> Using NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
+> [!NOTE]  
+> For a Device Tunnel, use IKEv2 only.  
+> For a User Tunnel, any value is allowed.  
+> Using ProtocolList as value in NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.  
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-DFProperties-Begin -->
@@ -2806,7 +2808,7 @@ Required for native profiles. Type of tunneling protocol used.
 <!-- Device-{ProfileName}-NativeProfile-PlumbIKEv2TSAsRoutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-{ProfileName}-NativeProfile-PlumbIKEv2TSAsRoutes-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-PlumbIKEv2TSAsRoutes-OmaUri-Begin -->
@@ -2845,7 +2847,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Don't plumb t
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-OmaUri-Begin -->
@@ -2883,7 +2885,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Don't plumb t
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-OmaUri-Begin -->
@@ -2899,8 +2901,10 @@ List of inbox VPN protocols in priority order.
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]
-> Up to 4 VPN protocols are supported. A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
+> [!NOTE]  
+> For a User Tunnel up to 4 VPN protocols are supported.  
+> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).  
+> For a Device tunnel, we recommend using IKEv2 in NativeProtocolType instead of ProtocolList.  
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-DFProperties-Begin -->
@@ -2924,7 +2928,7 @@ List of inbox VPN protocols in priority order.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-OmaUri-Begin -->
@@ -2964,7 +2968,7 @@ List of inbox VPN protocols in priority order.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-OmaUri-Begin -->
@@ -3016,7 +3020,7 @@ Inbox VPN protocols type.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-OmaUri-Begin -->
@@ -3032,7 +3036,7 @@ Default 168, max 500000.
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-RetryTimeInHours specifies the length of time Windows tries to use the last succesful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
+RetryTimeInHours specifies the length of time Windows tries to use the last successful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-DFProperties-Begin -->
@@ -3056,7 +3060,7 @@ RetryTimeInHours specifies the length of time Windows tries to use the last succ
 <!-- Device-{ProfileName}-NativeProfile-RoutingPolicyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-RoutingPolicyType-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-RoutingPolicyType-OmaUri-Begin -->
@@ -3104,7 +3108,7 @@ Type of routing policy.
 <!-- Device-{ProfileName}-NativeProfile-Servers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-NativeProfile-Servers-Applicability-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Servers-OmaUri-Begin -->
@@ -3115,7 +3119,7 @@ Type of routing policy.
 
 <!-- Device-{ProfileName}-NativeProfile-Servers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
+Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
 <!-- Device-{ProfileName}-NativeProfile-Servers-Description-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Servers-Editable-Begin -->
@@ -3143,7 +3147,7 @@ Required for native profiles. Public or routable IP address or DNS name for the
 <!-- Device-{ProfileName}-NetworkOutageTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-NetworkOutageTime-Applicability-End -->
 
 <!-- Device-{ProfileName}-NetworkOutageTime-OmaUri-Begin -->
@@ -3183,7 +3187,7 @@ The amount of time in seconds the network is allowed to idle. 0 means no limit.
 <!-- Device-{ProfileName}-PluginProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-PluginProfile-Applicability-End -->
 
 <!-- Device-{ProfileName}-PluginProfile-OmaUri-Begin -->
@@ -3222,7 +3226,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP
 <!-- Device-{ProfileName}-PluginProfile-CustomConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-PluginProfile-CustomConfiguration-Applicability-End -->
 
 <!-- Device-{ProfileName}-PluginProfile-CustomConfiguration-OmaUri-Begin -->
@@ -3261,7 +3265,7 @@ Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configur
 <!-- Device-{ProfileName}-PluginProfile-PluginPackageFamilyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-PluginProfile-PluginPackageFamilyName-Applicability-End -->
 
 <!-- Device-{ProfileName}-PluginProfile-PluginPackageFamilyName-OmaUri-Begin -->
@@ -3300,7 +3304,7 @@ Required for Plugin Profiles. This node specifies the Package Family Name of the
 <!-- Device-{ProfileName}-PluginProfile-ServerUrlList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-PluginProfile-ServerUrlList-Applicability-End -->
 
 <!-- Device-{ProfileName}-PluginProfile-ServerUrlList-OmaUri-Begin -->
@@ -3339,7 +3343,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn
 <!-- Device-{ProfileName}-PrivateNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-PrivateNetwork-Applicability-End -->
 
 <!-- Device-{ProfileName}-PrivateNetwork-OmaUri-Begin -->
@@ -3388,7 +3392,7 @@ Determines whether the VPN connection is public or private.
 <!-- Device-{ProfileName}-ProfileXML-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-ProfileXML-Applicability-End -->
 
 <!-- Device-{ProfileName}-ProfileXML-OmaUri-Begin -->
@@ -3428,7 +3432,7 @@ The XML schema for provisioning all the fields of a VPN.
 <!-- Device-{ProfileName}-Proxy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-Proxy-Applicability-End -->
 
 <!-- Device-{ProfileName}-Proxy-OmaUri-Begin -->
@@ -3467,7 +3471,7 @@ A collection of configuration objects to enable a post-connect proxy support for
 <!-- Device-{ProfileName}-Proxy-AutoConfigUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-Proxy-AutoConfigUrl-Applicability-End -->
 
 <!-- Device-{ProfileName}-Proxy-AutoConfigUrl-OmaUri-Begin -->
@@ -3506,7 +3510,7 @@ Optional. Set a URL to automatically retrieve the proxy settings.
 <!-- Device-{ProfileName}-Proxy-Manual-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-Proxy-Manual-Applicability-End -->
 
 <!-- Device-{ProfileName}-Proxy-Manual-OmaUri-Begin -->
@@ -3545,7 +3549,7 @@ Optional node containing the manual server settings.
 <!-- Device-{ProfileName}-Proxy-Manual-Server-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-Proxy-Manual-Server-Applicability-End -->
 
 <!-- Device-{ProfileName}-Proxy-Manual-Server-OmaUri-Begin -->
@@ -3584,7 +3588,7 @@ Optional. The value is the proxy server address as a fully qualified hostname or
 <!-- Device-{ProfileName}-RegisterDNS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-{ProfileName}-RegisterDNS-Applicability-End -->
 
 <!-- Device-{ProfileName}-RegisterDNS-OmaUri-Begin -->
@@ -3633,7 +3637,7 @@ Allows registration of the connection's address in DNS.
 <!-- Device-{ProfileName}-RememberCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-RememberCredentials-Applicability-End -->
 
 <!-- Device-{ProfileName}-RememberCredentials-OmaUri-Begin -->
@@ -3682,7 +3686,7 @@ Boolean value (true or false) for caching credentials.
 <!-- Device-{ProfileName}-RouteList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-RouteList-Applicability-End -->
 
 <!-- Device-{ProfileName}-RouteList-OmaUri-Begin -->
@@ -3721,7 +3725,7 @@ List of routes to be added to the Routing table for the VPN Interface. Required
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Applicability-End -->
 
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-OmaUri-Begin -->
@@ -3761,7 +3765,7 @@ A sequential integer identifier for the RouteList. This is required if you are a
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Address-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Address-Applicability-End -->
 
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Address-OmaUri-Begin -->
@@ -3800,7 +3804,7 @@ Subnet address in IPv4/v6 address format which, along with the prefix will be us
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-ExclusionRoute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-ExclusionRoute-Applicability-End -->
 
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-ExclusionRoute-OmaUri-Begin -->
@@ -3849,7 +3853,7 @@ A boolean value that specifies if the route being added should point to the VPN
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Metric-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Metric-Applicability-End -->
 
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-Metric-OmaUri-Begin -->
@@ -3888,7 +3892,7 @@ The route's metric.
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-PrefixSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-PrefixSize-Applicability-End -->
 
 <!-- Device-{ProfileName}-RouteList-{routeRowId}-PrefixSize-OmaUri-Begin -->
@@ -3928,7 +3932,7 @@ The subnet prefix size part of the destination prefix for the route entry. This,
 <!-- Device-{ProfileName}-TrafficFilterList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-OmaUri-Begin -->
@@ -3969,7 +3973,7 @@ A list of rules allowing traffic over the VPN Interface. Each Rule ID is OR'ed.
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-OmaUri-Begin -->
@@ -4009,7 +4013,7 @@ A sequential integer identifier for the Traffic Filter rules. Sequencing must st
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-OmaUri-Begin -->
@@ -4048,7 +4052,7 @@ Per App VPN Rule. This will Allow only the Apps specified to be allowed over VPN
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Id-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Id-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Id-OmaUri-Begin -->
@@ -4087,7 +4091,7 @@ App identity for the app-based traffic filter. The value for this node can be on
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Type-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Type-OmaUri-Begin -->
@@ -4126,7 +4130,7 @@ Returns the type of ID of the App/Id. Either PackageFamilyName, FilePath, or Sys
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Claims-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Claims-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Claims-OmaUri-Begin -->
@@ -4165,7 +4169,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Direction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Direction-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Direction-OmaUri-Begin -->
@@ -4206,7 +4210,7 @@ Inbound - The traffic filter allows traffic coming from external locations match
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalAddressRanges-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalAddressRanges-OmaUri-Begin -->
@@ -4245,7 +4249,7 @@ A list of comma separated values specifying local IP address ranges to allow.
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalPortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalPortRanges-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalPortRanges-OmaUri-Begin -->
@@ -4286,7 +4290,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320.
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Protocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Protocol-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-Protocol-OmaUri-Begin -->
@@ -4326,7 +4330,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320.
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemoteAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemoteAddressRanges-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemoteAddressRanges-OmaUri-Begin -->
@@ -4365,7 +4369,7 @@ A list of comma separated values specifying remote IP address ranges to allow.
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemotePortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemotePortRanges-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemotePortRanges-OmaUri-Begin -->
@@ -4406,7 +4410,7 @@ A list of comma separated values specifying remote port ranges to allow. For exa
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RoutingPolicyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RoutingPolicyType-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrafficFilterList-{trafficFilterId}-RoutingPolicyType-OmaUri-Begin -->
@@ -4454,7 +4458,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil
 <!-- Device-{ProfileName}-TrustedNetworkDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-{ProfileName}-TrustedNetworkDetection-Applicability-End -->
 
 <!-- Device-{ProfileName}-TrustedNetworkDetection-OmaUri-Begin -->
@@ -4494,7 +4498,7 @@ Comma separated string to identify the trusted network. VPN won't connect automa
 <!-- Device-{ProfileName}-UseRasCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- Device-{ProfileName}-UseRasCredentials-Applicability-End -->
 
 <!-- Device-{ProfileName}-UseRasCredentials-OmaUri-Begin -->
@@ -4543,7 +4547,7 @@ Determines whether the credential manager will save ras credentials after a conn
 <!-- User-{ProfileName}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-Applicability-End -->
 
 <!-- User-{ProfileName}-OmaUri-Begin -->
@@ -4585,7 +4589,7 @@ Unique alpha numeric identifier for the profile. The profile name mustn't includ
 <!-- User-{ProfileName}-AlwaysOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AlwaysOn-Applicability-End -->
 
 <!-- User-{ProfileName}-AlwaysOn-OmaUri-Begin -->
@@ -4634,7 +4638,7 @@ An optional flag to enable Always On mode. This will automatically connect the V
 <!-- User-{ProfileName}-AlwaysOnActive-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AlwaysOnActive-Applicability-End -->
 
 <!-- User-{ProfileName}-AlwaysOnActive-OmaUri-Begin -->
@@ -4683,7 +4687,7 @@ An optional flag to activate Always On mode. This is true by default if AlwaysOn
 <!-- User-{ProfileName}-APNBinding-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-OmaUri-Begin -->
@@ -4722,7 +4726,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-APNBinding-AccessPointName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-AccessPointName-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-AccessPointName-OmaUri-Begin -->
@@ -4761,7 +4765,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-APNBinding-AuthenticationType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-AuthenticationType-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-AuthenticationType-OmaUri-Begin -->
@@ -4800,7 +4804,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-APNBinding-IsCompressionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-IsCompressionEnabled-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-IsCompressionEnabled-OmaUri-Begin -->
@@ -4839,7 +4843,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-APNBinding-Password-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-Password-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-Password-OmaUri-Begin -->
@@ -4878,7 +4882,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-APNBinding-ProviderId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-ProviderId-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-ProviderId-OmaUri-Begin -->
@@ -4917,7 +4921,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-APNBinding-UserName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-APNBinding-UserName-Applicability-End -->
 
 <!-- User-{ProfileName}-APNBinding-UserName-OmaUri-Begin -->
@@ -4956,7 +4960,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-AppTriggerList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AppTriggerList-Applicability-End -->
 
 <!-- User-{ProfileName}-AppTriggerList-OmaUri-Begin -->
@@ -4995,7 +4999,7 @@ List of applications set to trigger the VPN. If any of these apps are launched a
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-Applicability-End -->
 
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-OmaUri-Begin -->
@@ -5035,7 +5039,7 @@ A sequential integer identifier which allows the ability to specify multiple app
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Applicability-End -->
 
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-OmaUri-Begin -->
@@ -5074,7 +5078,7 @@ App Node under the Row Id.
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Id-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Id-Applicability-End -->
 
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Id-OmaUri-Begin -->
@@ -5113,7 +5117,7 @@ App Identity. Specified, based on the Type Field.
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Type-Applicability-End -->
 
 <!-- User-{ProfileName}-AppTriggerList-{appTriggerRowId}-App-Type-OmaUri-Begin -->
@@ -5152,7 +5156,7 @@ Returns the type of App/Id. This value can be either of the following: PackageFa
 <!-- User-{ProfileName}-ByPassForLocal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-ByPassForLocal-Applicability-End -->
 
 <!-- User-{ProfileName}-ByPassForLocal-OmaUri-Begin -->
@@ -5195,7 +5199,7 @@ Optional. When this setting is True, requests to local resources that are availa
 <!-- User-{ProfileName}-DataEncryption-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-DataEncryption-Applicability-End -->
 
 <!-- User-{ProfileName}-DataEncryption-OmaUri-Begin -->
@@ -5246,7 +5250,7 @@ Determines the level of data encryption required for the connection.
 <!-- User-{ProfileName}-DeviceCompliance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DeviceCompliance-Applicability-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-OmaUri-Begin -->
@@ -5285,7 +5289,7 @@ Nodes under DeviceCompliance can be used to enable AAD based Conditional Access
 <!-- User-{ProfileName}-DeviceCompliance-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DeviceCompliance-Enabled-Applicability-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-Enabled-OmaUri-Begin -->
@@ -5333,7 +5337,7 @@ Enables the Device Compliance flow from the client. If marked as True, the VPN C
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Applicability-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-Sso-OmaUri-Begin -->
@@ -5372,7 +5376,7 @@ Nodes under SSO can be used to choose a certificate different from the VPN Authe
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-Applicability-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Eku-OmaUri-Begin -->
@@ -5411,7 +5415,7 @@ Comma Separated list of EKU's for the VPN Client to look for the correct certifi
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Enabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Enabled-Applicability-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-Sso-Enabled-OmaUri-Begin -->
@@ -5459,7 +5463,7 @@ If this field is set to True the VPN Client will look for a separate certificate
 <!-- User-{ProfileName}-DeviceCompliance-Sso-IssuerHash-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DeviceCompliance-Sso-IssuerHash-Applicability-End -->
 
 <!-- User-{ProfileName}-DeviceCompliance-Sso-IssuerHash-OmaUri-Begin -->
@@ -5498,7 +5502,7 @@ Comma Separated list of Issuer Hashes for the VPN Client to look for the correct
 <!-- User-{ProfileName}-DisableAdvancedOptionsEditButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-DisableAdvancedOptionsEditButton-Applicability-End -->
 
 <!-- User-{ProfileName}-DisableAdvancedOptionsEditButton-OmaUri-Begin -->
@@ -5546,7 +5550,7 @@ Optional. When this setting is True, the Advanced Options page will have its edi
 <!-- User-{ProfileName}-DisableDisconnectButton-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-DisableDisconnectButton-Applicability-End -->
 
 <!-- User-{ProfileName}-DisableDisconnectButton-OmaUri-Begin -->
@@ -5594,7 +5598,7 @@ Optional. When this setting is True, the Disconnect button won't be visible for
 <!-- User-{ProfileName}-DisableIKEv2Fragmentation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-DisableIKEv2Fragmentation-Applicability-End -->
 
 <!-- User-{ProfileName}-DisableIKEv2Fragmentation-OmaUri-Begin -->
@@ -5643,7 +5647,7 @@ Set to disable IKEv2 Fragmentation.
 <!-- User-{ProfileName}-DnsSuffix-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DnsSuffix-Applicability-End -->
 
 <!-- User-{ProfileName}-DnsSuffix-OmaUri-Begin -->
@@ -5682,7 +5686,7 @@ Specifies one or more comma separated DNS suffixes. The first in the list is als
 <!-- User-{ProfileName}-DomainNameInformationList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-OmaUri-Begin -->
@@ -5723,7 +5727,7 @@ NRPT ([Name Resolution Policy Table](/previous-versions/windows/it-pro/windows-s
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-OmaUri-Begin -->
@@ -5763,7 +5767,7 @@ A sequential integer identifier for the Domain Name information. Sequencing must
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-AutoTrigger-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-AutoTrigger-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-AutoTrigger-OmaUri-Begin -->
@@ -5812,7 +5816,7 @@ Boolean to determine whether this domain name rule will trigger the VPN.
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DnsServers-OmaUri-Begin -->
@@ -5851,7 +5855,7 @@ Comma Seperated list of IP addresses for the DNS Servers to use for the domain n
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainName-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainName-OmaUri-Begin -->
@@ -5890,7 +5894,7 @@ Used to indicate the namespace to which the policy applies. When a Name query is
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainNameType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainNameType-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-DomainNameType-OmaUri-Begin -->
@@ -5929,7 +5933,7 @@ Returns the namespace type. This value can be one of the following: FQDN - If th
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-Persistent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-Persistent-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-Persistent-OmaUri-Begin -->
@@ -5978,7 +5982,7 @@ A boolean value that specifies if the rule being added should persist even when
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-WebProxyServers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-WebProxyServers-Applicability-End -->
 
 <!-- User-{ProfileName}-DomainNameInformationList-{dniRowId}-WebProxyServers-OmaUri-Begin -->
@@ -6017,7 +6021,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
 <!-- User-{ProfileName}-EdpModeId-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-EdpModeId-Applicability-End -->
 
 <!-- User-{ProfileName}-EdpModeId-OmaUri-Begin -->
@@ -6028,7 +6032,7 @@ Web Proxy Server IP address if you are redirecting traffic through your intranet
 
 <!-- User-{ProfileName}-EdpModeId-Description-Begin -->
 <!-- Description-Source-DDF -->
-Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
+Enterprise ID, which is required for connecting this VPN profile with a WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 <!-- User-{ProfileName}-EdpModeId-Description-End -->
 
 <!-- User-{ProfileName}-EdpModeId-Editable-Begin -->
@@ -6056,7 +6060,7 @@ Enterprise ID, which is required for connecting this VPN profile with an WIP pol
 <!-- User-{ProfileName}-IPv4InterfaceMetric-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-IPv4InterfaceMetric-Applicability-End -->
 
 <!-- User-{ProfileName}-IPv4InterfaceMetric-OmaUri-Begin -->
@@ -6096,7 +6100,7 @@ The metric for the IPv4 interface.
 <!-- User-{ProfileName}-IPv6InterfaceMetric-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-IPv6InterfaceMetric-Applicability-End -->
 
 <!-- User-{ProfileName}-IPv6InterfaceMetric-OmaUri-Begin -->
@@ -6136,7 +6140,7 @@ The metric for the IPv6 interface.
 <!-- User-{ProfileName}-NativeProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-OmaUri-Begin -->
@@ -6175,7 +6179,7 @@ InboxNodes under NativeProfile are required when using a Windows Inbox VPN Proto
 <!-- User-{ProfileName}-NativeProfile-Authentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-OmaUri-Begin -->
@@ -6214,7 +6218,7 @@ Required node for native profile. It contains authentication information for the
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-OmaUri-Begin -->
@@ -6253,7 +6257,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Eku-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Eku-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Eku-OmaUri-Begin -->
@@ -6292,7 +6296,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Issuer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Issuer-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Certificate-Issuer-OmaUri-Begin -->
@@ -6331,7 +6335,7 @@ Reserved for future use.
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-OmaUri-Begin -->
@@ -6370,7 +6374,7 @@ Required when the native profile specifies EAP authentication. EAP configuration
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-OmaUri-Begin -->
@@ -6409,7 +6413,7 @@ HTML encoded XML of the EAP configuration. For more information,see [EAP configu
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Type-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Type-OmaUri-Begin -->
@@ -6451,7 +6455,7 @@ Required node for EAP profiles. This specifies the EAP Type ID
 <!-- User-{ProfileName}-NativeProfile-Authentication-MachineMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-MachineMethod-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-MachineMethod-OmaUri-Begin -->
@@ -6498,7 +6502,7 @@ This is only supported in IKEv2.
 <!-- User-{ProfileName}-NativeProfile-Authentication-UserMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Authentication-UserMethod-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-UserMethod-OmaUri-Begin -->
@@ -6546,7 +6550,7 @@ This value can be one of the following: EAP or MSChapv2 (This isn't supported fo
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-OmaUri-Begin -->
@@ -6585,7 +6589,7 @@ Properties of IPSec tunnels.
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-AuthenticationTransformConstants-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-AuthenticationTransformConstants-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-AuthenticationTransformConstants-OmaUri-Begin -->
@@ -6637,7 +6641,7 @@ Type of authentication transform constant.
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-CipherTransformConstants-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-CipherTransformConstants-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-CipherTransformConstants-OmaUri-Begin -->
@@ -6691,7 +6695,7 @@ Type of Cipher transform constant.
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-DHGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-DHGroup-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-DHGroup-OmaUri-Begin -->
@@ -6744,7 +6748,7 @@ Group used for DH (Diffie-Hellman).
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-EncryptionMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-EncryptionMethod-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-EncryptionMethod-OmaUri-Begin -->
@@ -6797,7 +6801,7 @@ Type of encryption method.
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-IntegrityCheckMethod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-IntegrityCheckMethod-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-IntegrityCheckMethod-OmaUri-Begin -->
@@ -6847,7 +6851,7 @@ Type of integrity check.
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-PfsGroup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-PfsGroup-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-CryptographySuite-PfsGroup-OmaUri-Begin -->
@@ -6901,7 +6905,7 @@ Group used for PFS (Perfect Forward Secrecy).
 <!-- User-{ProfileName}-NativeProfile-DisableClassBasedDefaultRoute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-DisableClassBasedDefaultRoute-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-DisableClassBasedDefaultRoute-OmaUri-Begin -->
@@ -6949,7 +6953,7 @@ Specifies the class based default routes. For example, if the interface IP begin
 <!-- User-{ProfileName}-NativeProfile-L2tpPsk-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-NativeProfile-L2tpPsk-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-L2tpPsk-OmaUri-Begin -->
@@ -6988,7 +6992,7 @@ The preshared key used for an L2TP connection.
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-OmaUri-Begin -->
@@ -7004,8 +7008,10 @@ Required for native profiles. Type of tunneling protocol used.
 
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]
-> Using NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
+> [!NOTE]  
+> For a Device Tunnel, use IKEv2 only.  
+> For a User Tunnel, any value is allowed.  
+> Using ProtocolList as value in NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.  
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-DFProperties-Begin -->
@@ -7042,7 +7048,7 @@ Required for native profiles. Type of tunneling protocol used.
 <!-- User-{ProfileName}-NativeProfile-PlumbIKEv2TSAsRoutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-{ProfileName}-NativeProfile-PlumbIKEv2TSAsRoutes-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-PlumbIKEv2TSAsRoutes-OmaUri-Begin -->
@@ -7081,7 +7087,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Don't plumb t
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-OmaUri-Begin -->
@@ -7119,7 +7125,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Don't plumb t
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-OmaUri-Begin -->
@@ -7135,8 +7141,10 @@ List of inbox VPN protocols in priority order.
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-> [!NOTE]
-> Up to 4 VPN protocols are supported. A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
+> [!NOTE]  
+> For a User Tunnel up to 4 VPN protocols are supported.  
+> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).  
+> For a Device tunnel, we recommend using IKEv2 in NativeProtocolType instead of ProtocolList.  
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-DFProperties-Begin -->
@@ -7160,7 +7168,7 @@ List of inbox VPN protocols in priority order.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-OmaUri-Begin -->
@@ -7200,7 +7208,7 @@ List of inbox VPN protocols in priority order.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-OmaUri-Begin -->
@@ -7252,7 +7260,7 @@ Inbox VPN protocols type.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.20207] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20207] and later |
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-OmaUri-Begin -->
@@ -7268,7 +7276,7 @@ Default 168, max 500000.
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-RetryTimeInHours specifies the length of time Windows tries to use the last succesful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
+RetryTimeInHours specifies the length of time Windows tries to use the last successful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-DFProperties-Begin -->
@@ -7292,7 +7300,7 @@ RetryTimeInHours specifies the length of time Windows tries to use the last succ
 <!-- User-{ProfileName}-NativeProfile-RoutingPolicyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-RoutingPolicyType-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-RoutingPolicyType-OmaUri-Begin -->
@@ -7340,7 +7348,7 @@ Type of routing policy.
 <!-- User-{ProfileName}-NativeProfile-Servers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-NativeProfile-Servers-Applicability-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Servers-OmaUri-Begin -->
@@ -7351,7 +7359,7 @@ Type of routing policy.
 
 <!-- User-{ProfileName}-NativeProfile-Servers-Description-Begin -->
 <!-- Description-Source-DDF -->
-Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
+Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name. You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
 <!-- User-{ProfileName}-NativeProfile-Servers-Description-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Servers-Editable-Begin -->
@@ -7379,7 +7387,7 @@ Required for native profiles. Public or routable IP address or DNS name for the
 <!-- User-{ProfileName}-NetworkOutageTime-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-NetworkOutageTime-Applicability-End -->
 
 <!-- User-{ProfileName}-NetworkOutageTime-OmaUri-Begin -->
@@ -7419,7 +7427,7 @@ The amount of time in seconds the network is allowed to idle. 0 means no limit.
 <!-- User-{ProfileName}-PluginProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-PluginProfile-Applicability-End -->
 
 <!-- User-{ProfileName}-PluginProfile-OmaUri-Begin -->
@@ -7458,7 +7466,7 @@ Nodes under the PluginProfile are required when using a Microsoft Store based VP
 <!-- User-{ProfileName}-PluginProfile-CustomConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-PluginProfile-CustomConfiguration-Applicability-End -->
 
 <!-- User-{ProfileName}-PluginProfile-CustomConfiguration-OmaUri-Begin -->
@@ -7497,7 +7505,7 @@ Optional. This is an HTML encoded XML blob for SSL-VPN plug-in specific configur
 <!-- User-{ProfileName}-PluginProfile-PluginPackageFamilyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-PluginProfile-PluginPackageFamilyName-Applicability-End -->
 
 <!-- User-{ProfileName}-PluginProfile-PluginPackageFamilyName-OmaUri-Begin -->
@@ -7536,7 +7544,7 @@ Required for Plugin Profiles. This node specifies the Package Family Name of the
 <!-- User-{ProfileName}-PluginProfile-ServerUrlList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-PluginProfile-ServerUrlList-Applicability-End -->
 
 <!-- User-{ProfileName}-PluginProfile-ServerUrlList-OmaUri-Begin -->
@@ -7575,7 +7583,7 @@ Required for plug-in profiles. Semicolon-separated list of servers in URL, hostn
 <!-- User-{ProfileName}-PrivateNetwork-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-PrivateNetwork-Applicability-End -->
 
 <!-- User-{ProfileName}-PrivateNetwork-OmaUri-Begin -->
@@ -7624,7 +7632,7 @@ Determines whether the VPN connection is public or private.
 <!-- User-{ProfileName}-ProfileXML-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-ProfileXML-Applicability-End -->
 
 <!-- User-{ProfileName}-ProfileXML-OmaUri-Begin -->
@@ -7664,7 +7672,7 @@ The XML schema for provisioning all the fields of a VPN.
 <!-- User-{ProfileName}-Proxy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-Proxy-Applicability-End -->
 
 <!-- User-{ProfileName}-Proxy-OmaUri-Begin -->
@@ -7703,7 +7711,7 @@ A collection of configuration objects to enable a post-connect proxy support for
 <!-- User-{ProfileName}-Proxy-AutoConfigUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-Proxy-AutoConfigUrl-Applicability-End -->
 
 <!-- User-{ProfileName}-Proxy-AutoConfigUrl-OmaUri-Begin -->
@@ -7742,7 +7750,7 @@ Optional. Set a URL to automatically retrieve the proxy settings.
 <!-- User-{ProfileName}-Proxy-Manual-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-Proxy-Manual-Applicability-End -->
 
 <!-- User-{ProfileName}-Proxy-Manual-OmaUri-Begin -->
@@ -7781,7 +7789,7 @@ Optional node containing the manual server settings.
 <!-- User-{ProfileName}-Proxy-Manual-Server-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-Proxy-Manual-Server-Applicability-End -->
 
 <!-- User-{ProfileName}-Proxy-Manual-Server-OmaUri-Begin -->
@@ -7820,7 +7828,7 @@ Optional. The value is the proxy server address as a fully qualified hostname or
 <!-- User-{ProfileName}-RegisterDNS-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- User-{ProfileName}-RegisterDNS-Applicability-End -->
 
 <!-- User-{ProfileName}-RegisterDNS-OmaUri-Begin -->
@@ -7869,7 +7877,7 @@ Allows registration of the connection's address in DNS.
 <!-- User-{ProfileName}-RememberCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-RememberCredentials-Applicability-End -->
 
 <!-- User-{ProfileName}-RememberCredentials-OmaUri-Begin -->
@@ -7918,7 +7926,7 @@ Boolean value (true or false) for caching credentials.
 <!-- User-{ProfileName}-RequireVpnClientAppUI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ [10.0.19628] and later |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.19628] and later |
 <!-- User-{ProfileName}-RequireVpnClientAppUI-Applicability-End -->
 
 <!-- User-{ProfileName}-RequireVpnClientAppUI-OmaUri-Begin -->
@@ -7963,7 +7971,7 @@ Optional. This node is only relevant for AppContainer profiles (i.e. using the V
 <!-- User-{ProfileName}-RouteList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-RouteList-Applicability-End -->
 
 <!-- User-{ProfileName}-RouteList-OmaUri-Begin -->
@@ -8002,7 +8010,7 @@ List of routes to be added to the Routing table for the VPN Interface. Required
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Applicability-End -->
 
 <!-- User-{ProfileName}-RouteList-{routeRowId}-OmaUri-Begin -->
@@ -8042,7 +8050,7 @@ A sequential integer identifier for the RouteList. This is required if you are a
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Address-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Address-Applicability-End -->
 
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Address-OmaUri-Begin -->
@@ -8081,7 +8089,7 @@ Subnet address in IPv4/v6 address format which, along with the prefix will be us
 <!-- User-{ProfileName}-RouteList-{routeRowId}-ExclusionRoute-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-RouteList-{routeRowId}-ExclusionRoute-Applicability-End -->
 
 <!-- User-{ProfileName}-RouteList-{routeRowId}-ExclusionRoute-OmaUri-Begin -->
@@ -8130,7 +8138,7 @@ A boolean value that specifies if the route being added should point to the VPN
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Metric-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Metric-Applicability-End -->
 
 <!-- User-{ProfileName}-RouteList-{routeRowId}-Metric-OmaUri-Begin -->
@@ -8169,7 +8177,7 @@ The route's metric.
 <!-- User-{ProfileName}-RouteList-{routeRowId}-PrefixSize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-RouteList-{routeRowId}-PrefixSize-Applicability-End -->
 
 <!-- User-{ProfileName}-RouteList-{routeRowId}-PrefixSize-OmaUri-Begin -->
@@ -8209,7 +8217,7 @@ The subnet prefix size part of the destination prefix for the route entry. This,
 <!-- User-{ProfileName}-TrafficFilterList-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-OmaUri-Begin -->
@@ -8250,7 +8258,7 @@ A list of rules allowing traffic over the VPN Interface. Each Rule ID is OR'ed.
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-OmaUri-Begin -->
@@ -8290,7 +8298,7 @@ A sequential integer identifier for the Traffic Filter rules. Sequencing must st
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-OmaUri-Begin -->
@@ -8329,7 +8337,7 @@ Per App VPN Rule. This will Allow only the Apps specified to be allowed over VPN
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Id-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Id-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Id-OmaUri-Begin -->
@@ -8368,7 +8376,7 @@ App identity for the app-based traffic filter. The value for this node can be on
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Type-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Type-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-App-Type-OmaUri-Begin -->
@@ -8407,7 +8415,7 @@ Returns the type of ID of the App/Id. Either PackageFamilyName, FilePath, or Sys
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Claims-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Claims-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Claims-OmaUri-Begin -->
@@ -8446,7 +8454,7 @@ Specifies a rule in Security Descriptor Definition Language (SDDL) format to che
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Direction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Direction-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Direction-OmaUri-Begin -->
@@ -8487,7 +8495,7 @@ Inbound - The traffic filter allows traffic coming from external locations match
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalAddressRanges-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalAddressRanges-OmaUri-Begin -->
@@ -8526,7 +8534,7 @@ A list of comma separated values specifying local IP address ranges to allow.
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalPortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalPortRanges-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-LocalPortRanges-OmaUri-Begin -->
@@ -8567,7 +8575,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320.
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Protocol-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Protocol-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-Protocol-OmaUri-Begin -->
@@ -8607,7 +8615,7 @@ Comma Separated list of ranges for eg. 100-120,200,300-320.
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemoteAddressRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemoteAddressRanges-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemoteAddressRanges-OmaUri-Begin -->
@@ -8646,7 +8654,7 @@ A list of comma separated values specifying remote IP address ranges to allow.
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemotePortRanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemotePortRanges-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RemotePortRanges-OmaUri-Begin -->
@@ -8687,7 +8695,7 @@ A list of comma separated values specifying remote port ranges to allow. For exa
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RoutingPolicyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RoutingPolicyType-Applicability-End -->
 
 <!-- User-{ProfileName}-TrafficFilterList-{trafficFilterId}-RoutingPolicyType-OmaUri-Begin -->
@@ -8735,7 +8743,7 @@ Specifies the routing policy if an App or Claims type is used in the traffic fil
 <!-- User-{ProfileName}-TrustedNetworkDetection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-{ProfileName}-TrustedNetworkDetection-Applicability-End -->
 
 <!-- User-{ProfileName}-TrustedNetworkDetection-OmaUri-Begin -->
@@ -8775,7 +8783,7 @@ Comma separated string to identify the trusted network. VPN won't connect automa
 <!-- User-{ProfileName}-UseRasCredentials-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 21H2 [10.0.22000] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- User-{ProfileName}-UseRasCredentials-Applicability-End -->
 
 <!-- User-{ProfileName}-UseRasCredentials-OmaUri-Begin -->
@@ -9029,7 +9037,7 @@ Profile example
         <NativeProtocol>
           <Type>Sstp</Type>
         </NativeProtocol>
-        <RetryTimeinHours>168</RetryTimeinHours>
+        <RetryTimeInHours>168</RetryTimeInHours>
       </ProtocolList>
     <Authentication>
       <UserMethod>Eap</UserMethod>
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 294b7c1f32..2bb3347699 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/27/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the V
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -3272,7 +3272,7 @@ The following XML file contains the device description framework (DDF) for the V
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index c2f8aa8687..d7b549f5e8 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the WiFi CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -59,7 +59,7 @@ The following list shows the WiFi configuration service provider nodes:
 <!-- Device-Profile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Profile-Applicability-End -->
 
 <!-- Device-Profile-OmaUri-Begin -->
@@ -98,7 +98,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is
 <!-- Device-Profile-{SSID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Profile-{SSID}-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-OmaUri-Begin -->
@@ -126,7 +126,6 @@ SSID is the name of network you're connecting to, while Profile name is the name
 |:--|:--|
 | Format | `node` |
 | Access Type | Add, Delete, Get, Replace |
-| Atomic Required | True |
 | Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
 <!-- Device-Profile-{SSID}-DFProperties-End -->
 
@@ -142,7 +141,7 @@ SSID is the name of network you're connecting to, while Profile name is the name
 <!-- Device-Profile-{SSID}-ProfileSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-Profile-{SSID}-ProfileSource-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-ProfileSource-OmaUri-Begin -->
@@ -191,7 +190,7 @@ Allows for defining which administrative entity is setting this Wi-Fi profile. T
 <!-- Device-Profile-{SSID}-Proxy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Profile-{SSID}-Proxy-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-Proxy-OmaUri-Begin -->
@@ -230,7 +229,7 @@ Optional node. The format is url:port. Configuration of the network proxy (if an
 <!-- Device-Profile-{SSID}-ProxyPacUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Profile-{SSID}-ProxyPacUrl-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-ProxyPacUrl-OmaUri-Begin -->
@@ -271,7 +270,7 @@ Optional node. URL to the PAC file location.
 <!-- Device-Profile-{SSID}-ProxyWPAD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Profile-{SSID}-ProxyWPAD-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-ProxyWPAD-OmaUri-Begin -->
@@ -321,7 +320,7 @@ Optional node. The presence of the field enables WPAD for proxy lookup.
 <!-- Device-Profile-{SSID}-WiFiCost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Profile-{SSID}-WiFiCost-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-WiFiCost-OmaUri-Begin -->
@@ -371,7 +370,7 @@ Optional node. If the policy is active selecting one of the values from the foll
 <!-- Device-Profile-{SSID}-WlanXml-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Profile-{SSID}-WlanXml-Applicability-End -->
 
 <!-- Device-Profile-{SSID}-WlanXml-OmaUri-Begin -->
@@ -418,7 +417,7 @@ If it exists in the blob, the **keyType** and **protected** elements must come b
 <!-- User-Profile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-Profile-Applicability-End -->
 
 <!-- User-Profile-OmaUri-Begin -->
@@ -457,7 +456,7 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is
 <!-- User-Profile-{SSID}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-Profile-{SSID}-Applicability-End -->
 
 <!-- User-Profile-{SSID}-OmaUri-Begin -->
@@ -485,7 +484,6 @@ SSID is the name of network you're connecting to, while Profile name is the name
 |:--|:--|
 | Format | `node` |
 | Access Type | Add, Delete, Get, Replace |
-| Atomic Required | True |
 | Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
 <!-- User-Profile-{SSID}-DFProperties-End -->
 
@@ -501,7 +499,7 @@ SSID is the name of network you're connecting to, while Profile name is the name
 <!-- User-Profile-{SSID}-ProfileSource-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- User-Profile-{SSID}-ProfileSource-Applicability-End -->
 
 <!-- User-Profile-{SSID}-ProfileSource-OmaUri-Begin -->
@@ -550,7 +548,7 @@ Allows for defining which administrative entity is setting this Wi-Fi profile. T
 <!-- User-Profile-{SSID}-Proxy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-Profile-{SSID}-Proxy-Applicability-End -->
 
 <!-- User-Profile-{SSID}-Proxy-OmaUri-Begin -->
@@ -589,7 +587,7 @@ Optional node. The format is url:port. Configuration of the network proxy (if an
 <!-- User-Profile-{SSID}-ProxyPacUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-Profile-{SSID}-ProxyPacUrl-Applicability-End -->
 
 <!-- User-Profile-{SSID}-ProxyPacUrl-OmaUri-Begin -->
@@ -630,7 +628,7 @@ Optional node. URL to the PAC file location.
 <!-- User-Profile-{SSID}-ProxyWPAD-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- User-Profile-{SSID}-ProxyWPAD-Applicability-End -->
 
 <!-- User-Profile-{SSID}-ProxyWPAD-OmaUri-Begin -->
@@ -680,7 +678,7 @@ Optional node. The presence of the field enables WPAD for proxy lookup.
 <!-- User-Profile-{SSID}-WiFiCost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- User-Profile-{SSID}-WiFiCost-Applicability-End -->
 
 <!-- User-Profile-{SSID}-WiFiCost-OmaUri-Begin -->
@@ -730,7 +728,7 @@ Optional node. If the policy is active selecting one of the values from the foll
 <!-- User-Profile-{SSID}-WlanXml-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- User-Profile-{SSID}-WlanXml-Applicability-End -->
 
 <!-- User-Profile-{SSID}-WlanXml-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index c955abb2f5..269f95f3c7 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -96,7 +96,6 @@ The following XML file contains the device description framework (DDF) for the W
           <MSFT:DynamicNodeNaming>
             <MSFT:ServerGeneratedUniqueIdentifier />
           </MSFT:DynamicNodeNaming>
-          <MSFT:AtomicRequired />
         </DFProperties>
         <Node>
           <NodeName>WlanXml</NodeName>
@@ -330,7 +329,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -380,7 +379,6 @@ The following XML file contains the device description framework (DDF) for the W
           <MSFT:DynamicNodeNaming>
             <MSFT:ServerGeneratedUniqueIdentifier />
           </MSFT:DynamicNodeNaming>
-          <MSFT:AtomicRequired />
         </DFProperties>
         <Node>
           <NodeName>WlanXml</NodeName>
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 7cc00d2ad9..0261c3b007 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsDefenderApplicationGuard CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/11/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -51,7 +51,7 @@ The following list shows the WindowsDefenderApplicationGuard configuration servi
 <!-- Device-Audit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Audit-Applicability-End -->
 
 <!-- Device-Audit-OmaUri-Begin -->
@@ -90,7 +90,7 @@ Interior node for Audit.
 <!-- Device-Audit-AuditApplicationGuard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Audit-AuditApplicationGuard-Applicability-End -->
 
 <!-- Device-Audit-AuditApplicationGuard-OmaUri-Begin -->
@@ -153,7 +153,7 @@ This policy setting allows you to decide whether auditing events can be collecte
 <!-- Device-InstallWindowsDefenderApplicationGuard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-InstallWindowsDefenderApplicationGuard-Applicability-End -->
 
 <!-- Device-InstallWindowsDefenderApplicationGuard-OmaUri-Begin -->
@@ -201,7 +201,7 @@ Initiates remote installation of Application Guard feature.
 <!-- Device-PlatformStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 2004 [10.0.19041] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041] and later |
 <!-- Device-PlatformStatus-Applicability-End -->
 
 <!-- Device-PlatformStatus-OmaUri-Begin -->
@@ -240,7 +240,7 @@ Returns bitmask that indicates status of Application Guard platform installation
 <!-- Device-Settings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-Applicability-End -->
 
 <!-- Device-Settings-OmaUri-Begin -->
@@ -279,7 +279,7 @@ Interior Node for Settings.
 <!-- Device-Settings-AllowCameraMicrophoneRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Settings-AllowCameraMicrophoneRedirection-Applicability-End -->
 
 <!-- Device-Settings-AllowCameraMicrophoneRedirection-OmaUri-Begin -->
@@ -346,7 +346,7 @@ This policy setting allows you to determine whether applications inside Microsof
 <!-- Device-Settings-AllowPersistence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-AllowPersistence-Applicability-End -->
 
 <!-- Device-Settings-AllowPersistence-OmaUri-Begin -->
@@ -408,7 +408,7 @@ This policy setting allows you to decide whether data should persist across diff
 <!-- Device-Settings-AllowVirtualGPU-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Settings-AllowVirtualGPU-Applicability-End -->
 
 <!-- Device-Settings-AllowVirtualGPU-OmaUri-Begin -->
@@ -473,7 +473,7 @@ This policy setting allows you to determine whether Application Guard can use th
 <!-- Device-Settings-AllowWindowsDefenderApplicationGuard-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-AllowWindowsDefenderApplicationGuard-Applicability-End -->
 
 <!-- Device-Settings-AllowWindowsDefenderApplicationGuard-OmaUri-Begin -->
@@ -535,7 +535,7 @@ Turn on Microsoft Defender Application Guard in Enterprise Mode.
 <!-- Device-Settings-BlockNonEnterpriseContent-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-BlockNonEnterpriseContent-Applicability-End -->
 
 <!-- Device-Settings-BlockNonEnterpriseContent-OmaUri-Begin -->
@@ -600,7 +600,7 @@ This policy setting allows you to decide whether websites can load non-enterpris
 <!-- Device-Settings-CertificateThumbprints-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-Settings-CertificateThumbprints-Applicability-End -->
 
 <!-- Device-Settings-CertificateThumbprints-OmaUri-Begin -->
@@ -659,7 +659,7 @@ This policy setting allows certain device level Root Certificates to be shared w
 <!-- Device-Settings-ClipboardFileType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-ClipboardFileType-Applicability-End -->
 
 <!-- Device-Settings-ClipboardFileType-OmaUri-Begin -->
@@ -721,7 +721,7 @@ Determines the type of content that can be copied from the host to Application G
 <!-- Device-Settings-ClipboardSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-ClipboardSettings-Applicability-End -->
 
 <!-- Device-Settings-ClipboardSettings-OmaUri-Begin -->
@@ -785,7 +785,7 @@ This policy setting allows you to decide how the clipboard behaves while in Appl
 <!-- Device-Settings-PrintingSettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Settings-PrintingSettings-Applicability-End -->
 
 <!-- Device-Settings-PrintingSettings-OmaUri-Begin -->
@@ -861,7 +861,7 @@ This policy setting allows you to decide how the print functionality behaves whi
 <!-- Device-Settings-SaveFilesToHost-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1803 [10.0.17134] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1803 [10.0.17134] and later |
 <!-- Device-Settings-SaveFilesToHost-Applicability-End -->
 
 <!-- Device-Settings-SaveFilesToHost-OmaUri-Begin -->
@@ -924,7 +924,7 @@ This policy setting allows you to determine whether users can elect to download
 <!-- Device-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1709 [10.0.16299] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Status-Applicability-End -->
 
 <!-- Device-Status-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index 67e900aa01..fd77cfe61d 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.1</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 60dd258bf1..156b999f6d 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the WindowsLicensing CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,8 @@ ms.topic: reference
 <!-- WindowsLicensing-Begin -->
 # WindowsLicensing CSP
 
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
 <!-- WindowsLicensing-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The WindowsLicensing configuration service provider is designed for licensing related management scenarios.
@@ -59,7 +61,7 @@ The following list shows the WindowsLicensing configuration service provider nod
 <!-- Device-ChangeProductKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1703 [10.0.15063] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1703 [10.0.15063] and later |
 <!-- Device-ChangeProductKey-Applicability-End -->
 
 <!-- Device-ChangeProductKey-OmaUri-Begin -->
@@ -98,7 +100,7 @@ Installs a product key for Windows 10 desktop devices. Does not reboot.
 <!-- Device-CheckApplicability-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-CheckApplicability-Applicability-End -->
 
 <!-- Device-CheckApplicability-OmaUri-Begin -->
@@ -161,7 +163,7 @@ Returns TRUE if the entered product key can be used for an edition upgrade of Wi
 <!-- Device-DeviceLicensingService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-OmaUri-Begin -->
@@ -200,7 +202,7 @@ Device Based Subscription.
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-DeviceLicensingLastError-OmaUri-Begin -->
@@ -239,7 +241,7 @@ Returns the last error code of Refresh/Remove Device License operation. Value wo
 <!-- Device-DeviceLicensingService-DeviceLicensingLastErrorDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-DeviceLicensingLastErrorDescription-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-DeviceLicensingLastErrorDescription-OmaUri-Begin -->
@@ -278,7 +280,7 @@ Returns last error description from Device Licensing. Value would be empty, if e
 <!-- Device-DeviceLicensingService-DeviceLicensingStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-DeviceLicensingStatus-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-DeviceLicensingStatus-OmaUri-Begin -->
@@ -317,7 +319,7 @@ Returns the status of Refresh/Remove Device License operation.
 <!-- Device-DeviceLicensingService-LicenseType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 11, version 22H2 [10.0.22621] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000.1165] and later <br> ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- Device-DeviceLicensingService-LicenseType-Applicability-End -->
 
 <!-- Device-DeviceLicensingService-LicenseType-OmaUri-Begin -->
@@ -365,7 +367,7 @@ License Type: User Based Subscription or Device Based Subscription.
 <!-- Device-Edition-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Edition-Applicability-End -->
 
 <!-- Device-Edition-OmaUri-Begin -->
@@ -421,7 +423,7 @@ Returns a value that maps to the Windows 10 edition running on desktop or mobile
 <!-- Device-LicenseKeyType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-LicenseKeyType-Applicability-End -->
 
 <!-- Device-LicenseKeyType-OmaUri-Begin -->
@@ -477,7 +479,7 @@ Returns the parameter type used by Windows 10 devices for an edition upgrade. Wi
 <!-- Device-SMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SMode-Applicability-End -->
 
 <!-- Device-SMode-OmaUri-Begin -->
@@ -516,7 +518,7 @@ Interior node for managing S mode.
 <!-- Device-SMode-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SMode-Status-Applicability-End -->
 
 <!-- Device-SMode-Status-OmaUri-Begin -->
@@ -581,7 +583,7 @@ Possible values:
 <!-- Device-SMode-SwitchFromSMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SMode-SwitchFromSMode-Applicability-End -->
 
 <!-- Device-SMode-SwitchFromSMode-OmaUri-Begin -->
@@ -644,7 +646,7 @@ Switches a device out of S mode if possible. Does not reboot.
 <!-- Device-SMode-SwitchingPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-SMode-SwitchingPolicy-Applicability-End -->
 
 <!-- Device-SMode-SwitchingPolicy-OmaUri-Begin -->
@@ -784,7 +786,7 @@ This setting is only applicable to devices available in S mode.
 <!-- Device-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-Status-Applicability-End -->
 
 <!-- Device-Status-OmaUri-Begin -->
@@ -840,7 +842,7 @@ Returns the status of an edition upgrade on Windows 10 desktop and mobile device
 <!-- Device-Subscriptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Subscriptions-Applicability-End -->
 
 <!-- Device-Subscriptions-OmaUri-Begin -->
@@ -879,7 +881,7 @@ Node for subscriptions.
 <!-- Device-Subscriptions-{SubscriptionId}-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Subscriptions-{SubscriptionId}-Applicability-End -->
 
 <!-- Device-Subscriptions-{SubscriptionId}-OmaUri-Begin -->
@@ -919,7 +921,7 @@ Node for subscription IDs.
 <!-- Device-Subscriptions-{SubscriptionId}-Name-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Subscriptions-{SubscriptionId}-Name-Applicability-End -->
 
 <!-- Device-Subscriptions-{SubscriptionId}-Name-OmaUri-Begin -->
@@ -958,7 +960,7 @@ Returns the name of the subscription.
 <!-- Device-Subscriptions-{SubscriptionId}-Status-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Subscriptions-{SubscriptionId}-Status-Applicability-End -->
 
 <!-- Device-Subscriptions-{SubscriptionId}-Status-OmaUri-Begin -->
@@ -997,7 +999,7 @@ Returns the status of the subscription.
 <!-- Device-Subscriptions-DisableSubscription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Subscriptions-DisableSubscription-Applicability-End -->
 
 <!-- Device-Subscriptions-DisableSubscription-OmaUri-Begin -->
@@ -1045,7 +1047,7 @@ Disable or Enable subscription activation on a device.
 <!-- Device-Subscriptions-RemoveSubscription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Subscriptions-RemoveSubscription-Applicability-End -->
 
 <!-- Device-Subscriptions-RemoveSubscription-OmaUri-Begin -->
@@ -1084,7 +1086,7 @@ Remove subscription uninstall subscription license. It also reset subscription t
 <!-- Device-Subscriptions-SubscriptionLastError-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Subscriptions-SubscriptionLastError-Applicability-End -->
 
 <!-- Device-Subscriptions-SubscriptionLastError-OmaUri-Begin -->
@@ -1123,7 +1125,7 @@ Error code of last subscription operation. Value would be empty(0) in absence of
 <!-- Device-Subscriptions-SubscriptionLastErrorDescription-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Subscriptions-SubscriptionLastErrorDescription-Applicability-End -->
 
 <!-- Device-Subscriptions-SubscriptionLastErrorDescription-OmaUri-Begin -->
@@ -1162,7 +1164,7 @@ Error description of last subscription operation. Value would be empty, if error
 <!-- Device-Subscriptions-SubscriptionStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Subscriptions-SubscriptionStatus-Applicability-End -->
 
 <!-- Device-Subscriptions-SubscriptionStatus-OmaUri-Begin -->
@@ -1201,7 +1203,7 @@ Status of last subscription operation.
 <!-- Device-Subscriptions-SubscriptionType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1607 [10.0.14393] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-Subscriptions-SubscriptionType-Applicability-End -->
 
 <!-- Device-Subscriptions-SubscriptionType-OmaUri-Begin -->
@@ -1252,7 +1254,7 @@ Set device to Device Based Subscription or User Based Subscription. For Device B
 <!-- Device-UpgradeEditionWithLicense-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-UpgradeEditionWithLicense-Applicability-End -->
 
 <!-- Device-UpgradeEditionWithLicense-OmaUri-Begin -->
@@ -1291,7 +1293,7 @@ Provide a license for an edition upgrade of Windows 10 mobile devices. Does not
 <!-- Device-UpgradeEditionWithProductKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE | ✅ Windows 10, version 1511 [10.0.10586] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1511 [10.0.10586] and later |
 <!-- Device-UpgradeEditionWithProductKey-Applicability-End -->
 
 <!-- Device-UpgradeEditionWithProductKey-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index b5e14bb5ec..2fc871423e 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/01/2023
+ms.date: 08/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -47,7 +47,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -342,6 +342,10 @@ The following XML file contains the device description framework (DDF) for the W
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
+          </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="ENUM">
             <MSFT:Enum>
               <MSFT:Value>0</MSFT:Value>
@@ -373,6 +377,10 @@ The following XML file contains the device description framework (DDF) for the W
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
+          </MSFT:Applicability>
         </DFProperties>
       </Node>
       <Node>
@@ -394,6 +402,10 @@ The following XML file contains the device description framework (DDF) for the W
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
+          </MSFT:Applicability>
         </DFProperties>
       </Node>
       <Node>
@@ -415,6 +427,10 @@ The following XML file contains the device description framework (DDF) for the W
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
+          </MSFT:Applicability>
         </DFProperties>
       </Node>
       <Node>
@@ -436,6 +452,10 @@ The following XML file contains the device description framework (DDF) for the W
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
+          </MSFT:Applicability>
           <MSFT:AllowedValues ValueType="ENUM">
             <MSFT:Enum>
               <MSFT:Value>0</MSFT:Value>
@@ -467,6 +487,10 @@ The following XML file contains the device description framework (DDF) for the W
           <DFType>
             <MIME />
           </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>9.9</MSFT:CspVersion>
+          </MSFT:Applicability>
         </DFProperties>
       </Node>
     </Node>
@@ -600,7 +624,7 @@ The following XML file contains the device description framework (DDF) for the W
           <DDFName />
         </DFType>
         <MSFT:Applicability>
-          <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621, 10.0.22000.1165</MSFT:OsBuildVersion>
           <MSFT:CspVersion>1.4</MSFT:CspVersion>
         </MSFT:Applicability>
       </DFProperties>
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index 40515a8bd6..a609a45d59 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the WiredNetwork CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 05/10/2023
+ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -38,7 +38,7 @@ The following list shows the WiredNetwork configuration service provider nodes:
 <!-- Device-EnableBlockPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-EnableBlockPeriod-Applicability-End -->
 
 <!-- Device-EnableBlockPeriod-OmaUri-Begin -->
@@ -78,7 +78,7 @@ Enable block period (minutes), used to specify the duration for which automatic
 <!-- Device-LanXML-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- Device-LanXML-Applicability-End -->
 
 <!-- Device-LanXML-OmaUri-Begin -->
@@ -117,7 +117,7 @@ XML describing the wired network configuration and follows the LAN_profile schem
 <!-- User-EnableBlockPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- User-EnableBlockPeriod-Applicability-End -->
 
 <!-- User-EnableBlockPeriod-OmaUri-Begin -->
@@ -157,7 +157,7 @@ Enable block period (minutes), used to specify the duration for which automatic
 <!-- User-LanXML-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE | ✅ Windows 10, version 1809 [10.0.17763] and later |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1809 [10.0.17763] and later |
 <!-- User-LanXML-Applicability-End -->
 
 <!-- User-LanXML-OmaUri-Begin -->
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index 42f5285262..bfe5dc35f3 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/16/2023
+ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -46,7 +46,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
@@ -125,7 +125,7 @@ The following XML file contains the device description framework (DDF) for the W
       <MSFT:Applicability>
         <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
         <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
       </MSFT:Applicability>
     </DFProperties>
     <Node>
diff --git a/windows/client-management/mobile-device-enrollment.md b/windows/client-management/mobile-device-enrollment.md
index 1b1fb7c688..c69c1fb951 100644
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@@ -1,30 +1,21 @@
 ---
 title: Mobile device enrollment
-description: Learn how mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
+description: Learn how mobile device enrollment verifies that only authenticated and authorized devices are managed by the enterprise.
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
+ms.date: 08/10/2023
 ms.collection:
 - highpri
 - tier2
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 
 # Mobile device enrollment
 
-Mobile device enrollment is the first phase of enterprise management. The device is configured to communicate with the MDM server using security precautions during the enrollment process. The enrollment service verifies that only authenticated and authorized devices can be managed by their enterprise.
+Mobile device enrollment is the first phase of enterprise management. The device is configured to communicate with the MDM server using security precautions during the enrollment process. The enrollment service verifies that only authenticated and authorized devices are managed by the enterprise.
 
 The enrollment process includes the following steps:
 
 1. **Discovery of the enrollment endpoint**: This step provides the enrollment endpoint configuration settings.
-1. **Certificate installation**: This step handles user authentication, certificate generation, and certificate installation. The installed certificates will be used in the future to manage client/server Secure Sockets Layer (SSL) mutual authentication.
+1. **Certificate installation**: This step handles user authentication, certificate generation, and certificate installation. The installed certificates will be used in the future to manage client/server (TLS/SSL) mutual authentication.
 1. **DM Client provisioning**: This step configures the Device Management (DM) client to connect to a Mobile Device Management (MDM) server after enrollment via DM SyncML over HTTPS (also known as Open Mobile Alliance Device Management (OMA DM) XML).
 
 ## Enrollment protocol
@@ -52,9 +43,9 @@ The certificate enrollment is an implementation of the MS-WSTEP protocol.
 
 ### Management configuration
 
-The server sends provisioning XML that contains a server certificate (for SSL server authentication), a client certificate issued by enterprise CA, DM client bootstrap information (for the client to communicate with the management server), an enterprise application token (for the user to install enterprise applications), and the link to download the Company Hub application.
+The server sends provisioning XML that contains a server certificate (for TLS/SSL server authentication), a client certificate issued by enterprise CA, DM client bootstrap information (for the client to communicate with the management server), an enterprise application token (for the user to install enterprise applications), and the link to download the Company Hub application.
 
-The following topics describe the end-to-end enrollment process using various authentication methods:
+The following articles describe the end-to-end enrollment process using various authentication methods:
 
 - [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
 - [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
@@ -69,7 +60,7 @@ The following topics describe the end-to-end enrollment process using various au
 
 ## Enrollment support for domain-joined devices
 
-Devices that are joined to an on-premises Active Directory can enroll into MDM via **Settings** > **Access work or school**. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
+Devices that are joined to an on-premises Active Directory can enroll into MDM via **Settings** > **Access work or school**. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies continue to target all users of the device.
 
 ## Enrollment scenarios not supported
 
@@ -124,7 +115,7 @@ The enrollment server can decline enrollment messages using the SOAP Fault forma
 | s:        | CertificateRequest   | MENROLL_E_DEVICE_CERTIFICATEREQUEST_ERROR | The user has no permission for the certificate template or the certificate authority is unreachable. Try again or contact your system administrator. | 80180004 |
 | s:        | EnrollmentServer     | MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR    | The Mobile Device Management (MDM) server encountered an error. Try again or contact your system administrator.                                      | 80180005 |
 | a:        | InternalServiceFault | MENROLL_E_DEVICE_INTERNALSERVICE_ERROR    | There was an unhandled exception on the Mobile Device Management (MDM) server. Try again or contact your system administrator.                       | 80180006 |
-| a:        | InvalidSecurity      | MENROLL_E_DEVICE_INVALIDSECURITY_ERROR    | The Mobile Device Management (MDM) server was not able to validate your account. Try again or contact your system administrator.                     | 80180007 |
+| a:        | InvalidSecurity      | MENROLL_E_DEVICE_INVALIDSECURITY_ERROR    | The Mobile Device Management (MDM) server wasn't able to validate your account. Try again or contact your system administrator.                     | 80180007 |
 
 SOAP format also includes `deviceenrollmentserviceerror` element. Here's an example:
 
@@ -172,7 +163,7 @@ SOAP format also includes `deviceenrollmentserviceerror` element. Here's an exam
 
 TraceID is a freeform text node that is logged. It should identify the server side state for this enrollment attempt. This information may be used by support to look up why the server declined the enrollment.
 
-## Related topics
+## Related articles
 
 - [MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)
 - [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
diff --git a/windows/client-management/new-in-windows-mdm-enrollment-management.md b/windows/client-management/new-in-windows-mdm-enrollment-management.md
index b1f316d46d..4ed6e26aaf 100644
--- a/windows/client-management/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/new-in-windows-mdm-enrollment-management.md
@@ -1,18 +1,9 @@
 ---
 title: What's new in MDM enrollment and management
 description: Discover what's new and breaking changes in mobile device management (MDM) enrollment and management experience across all Windows devices.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
 ms.localizationpriority: medium
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # What's new in mobile device enrollment and management
@@ -83,7 +74,7 @@ For details about Microsoft mobile device management protocols for Windows, see
 | [BitLocker CSP](mdm/bitlocker-csp.md) | Added a new node AllowStandardUserEncryption.<br><li>Added support for Pro edition. |
 | [Defender CSP](mdm/defender-csp.md) | Added a new node Health/ProductStatus. |
 | [DevDetail CSP](mdm/devdetail-csp.md) | Added a new node SMBIOSSerialNumber. |
-| [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node. |
+| [EnterpriseModernAppManagement CSP](mdm/enterprisemodernappmanagement-csp.md) | Added Non-Removable setting under AppManagement node. |
 | [Office CSP](mdm/office-csp.md) | Added FinalStatus setting. |
 | [PassportForWork CSP](mdm/passportforwork-csp.md) | Added new settings. |
 | [RemoteWipe CSP](mdm/remotewipe-csp.md) | Added new settings. |
@@ -93,4 +84,3 @@ For details about Microsoft mobile device management protocols for Windows, see
 | [WindowsDefenderApplicationGuard CSP](mdm/windowsdefenderapplicationguard-csp.md) | Added new settings. |
 | [WindowsLicensing CSP](mdm/windowslicensing-csp.md) | Added S mode settings and SyncML examples. |
 | [Win32CompatibilityAppraiser CSP](mdm/win32compatibilityappraiser-csp.md) | New CSP. |
-
diff --git a/windows/client-management/oma-dm-protocol-support.md b/windows/client-management/oma-dm-protocol-support.md
index 521d15c082..ad62b88273 100644
--- a/windows/client-management/oma-dm-protocol-support.md
+++ b/windows/client-management/oma-dm-protocol-support.md
@@ -1,22 +1,13 @@
 ---
 title: OMA DM protocol support
 description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # OMA DM protocol support
 
-The OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. This topic describes the OMA DM functionality that the DM client supports in general. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf).
+The OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. This article describes the OMA DM functionality that the DM client supports in general. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf).
 
 ## OMA DM standards
 
@@ -24,11 +15,11 @@ The following table shows the OMA DM standards that Windows uses.
 
 |General area|OMA DM standard that is supported|
 |--- |--- |
-|Data transport and session|<li>Client-initiated remote HTTPS DM session over SSL.<li>Remote HTTPS DM session over SSL.<li>Remote DM server initiation notification using WAP Push over Short Message Service (SMS). Not used by enterprise management.<li>Remote bootstrap by using WAP Push over SMS. Not used by enterprise management.|
+|Data transport and session|<li>Client-initiated remote HTTPS DM session over TLS/SSL.<li>Remote HTTPS DM session over TLS/SSL.<li>Remote DM server initiation notification using WAP Push over Short Message Service (SMS). Not used by enterprise management.<li>Remote bootstrap by using WAP Push over SMS. Not used by enterprise management.|
 |Bootstrap XML|OMA Client Provisioning XML.|
-|DM protocol commands|The following list shows the commands that are used by the device. For more information about the OMA DM command elements, see "[OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/)" available from the OMA website.<br/><li>Add (Implicit Add supported)<li>Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.<li>Atomic: Performing an Add command followed by Replace on the same node within an atomic element isn't supported. Nested Atomic and Get commands aren't allowed and will generate error code 500.<li>Delete: Removes a node from the DM tree, and the entire subtree beneath that node if one exists<li>Exec: Invokes an executable on the client device<li>Get: Retrieves data from the client device; for interior nodes, the child node names in the Data element are returned in URI-encoded format<li>Replace: Overwrites data on the client device<li>Result: Returns the data results of a Get command to the DM server<li>Sequence: Specifies the order in which a group of commands must be processed<li>Status: Indicates the completion status (success or failure) of an operation<br/><br/>If an XML element that isn't a valid OMA DM command is under one of the following elements, the status code 400 is returned for that element:<br/><li>SyncBody<li>Atomic<li>Sequence<br><br/>If no CmdID is provided in the DM command, the client returns blank in the status element and the status code 400.<br/><br/>If Atomic elements are nested, the following status codes are returned:<br/><li>The nested Atomic command returns 500.<li>The parent Atomic command returns 507.<br/><br/>For more information about the Atomic command, see OMA DM protocol common elements.<br>Performing an Add command followed by Replace on the same node within an Atomic element isn't supported.<br><br/>LocURI can't start with `/`.<br/><br/>Meta XML tag in SyncHdr is ignored by the device.|
+|DM protocol commands|The following list shows the commands that are used by the device. For more information about the OMA DM command elements, see "[OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/)" available from the OMA website.<br/><li>Add (Implicit Add supported)<li>Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.<li>Atomic: Performing an Add command followed by Replace on the same node within an atomic element isn't supported. Nested Atomic and Get commands aren't allowed and generate error code 500.<li>Delete: Removes a node from the DM tree, and the entire subtree beneath that node if one exists<li>Exec: Invokes an executable on the client device<li>Get: Retrieves data from the client device; for interior nodes, the child node names in the Data element are returned in URI-encoded format<li>Replace: Overwrites data on the client device<li>Result: Returns the data results of a Get command to the DM server<li>Sequence: Specifies the order in which a group of commands must be processed<li>Status: Indicates the completion status (success or failure) of an operation<br/><br/>If an XML element that isn't a valid OMA DM command is under one of the following elements, the status code 400 is returned for that element:<br/><li>SyncBody<li>Atomic<li>Sequence<br><br/>If no CmdID is provided in the DM command, the client returns blank in the status element and the status code 400.<br/><br/>If Atomic elements are nested, the following status codes are returned:<br/><li>The nested Atomic command returns 500.<li>The parent Atomic command returns 507.<br/><br/>For more information about the Atomic command, see OMA DM protocol common elements.<br>Performing an Add command followed by Replace on the same node within an Atomic element isn't supported.<br><br/>LocURI can't start with `/`.<br/><br/>Meta XML tag in SyncHdr is ignored by the device.|
 |OMA DM standard objects|DevInfo<li>DevDetail<li>OMA DM DMS account objects (OMA DM version 1.2)|
-|Security|<li>Authenticate DM server initiation notification SMS message (not used by enterprise management)<li>Application layer Basic and MD5 client authentication<li>Authenticate server with MD5 credential at application level<li>Data integrity and authentication with HMAC at application level<li>SSL level certificate-based client/server authentication, encryption, and data integrity check|
+|Security|<li>Authenticate DM server initiation notification SMS message (not used by enterprise management)<li>Application layer Basic and MD5 client authentication<li>Authenticate server with MD5 credential at application level<li>Data integrity and authentication with HMAC at application level<li>TLS/SSL level certificate-based client/server authentication, encryption, and data integrity check|
 |Nodes|In the OMA DM tree, the following rules apply for the node name:<br/><li>"." can be part of the node name.<li>The node name can't be empty.<li>The node name can't be only the asterisk (`*`) character.|
 |Provisioning Files|Provisioning XML must be well formed and follow the definition in [SyncML Representation Protocol](https://www.openmobilealliance.org/release/Common/V1_2_2-20090724-A/OMA-TS-SyncML-RepPro-V1_2_2-20090724-A.pdf).<br/><br/>If an XML element that isn't a valid OMA DM command is under SyncBody, the status code 400 is returned for that element.<div class="alert">**Note**<br>To represent a Unicode string as a URI, first encode the string as UTF-8. Then encode each of the UTF-8 bytes using URI encoding.</div>|
 |WBXML support|Windows supports sending and receiving SyncML in both XML format and encoded WBXML format. This dual-format support is configurable by using the DEFAULTENCODING node under the w7 APPLICATION characteristic during enrollment. For more information about WBXML encoding, see section 8 of the [SyncML Representation Protocol](https://www.openmobilealliance.org/release/Common/V1_2_2-20090724-A/OMA-TS-SyncML-RepPro-V1_2_2-20090724-A.pdf) specification.|
@@ -38,26 +29,26 @@ The following table shows the OMA DM standards that Windows uses.
 
 Common elements are used by other OMA DM element types. The following table lists the OMA DM common elements used to configure the devices. For more information about OMA DM common elements, see "SyncML Representation Protocol Device Management Usage" (OMA-SyncML-DMRepPro-V1_1_2-20030613-A) available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
 
-|Element|Description|
-|--- |--- |
-|Chal|Specifies an authentication challenge. The server or client can send a challenge to the other if no credentials or inadequate credentials were given in the original request message.|
-|Cmd|Specifies the name of an OMA DM command referenced in a Status element.|
-|CmdID|Specifies the unique identifier for an OMA DM command.|
-|CmdRef|Specifies the ID of the command for which status or results information is being returned. This element takes the value of the CmdID element of the corresponding request message.|
-|Cred|Specifies the authentication credential for the originator of the message.|
-|Final|Indicates that the current message is the last message in the package.|
-|LocName|Specifies the display name in the Target and Source elements, used for sending a user ID for MD5 authentication.|
-|LocURI|Specifies the address of the target or source location. If the address contains a non-alphanumeric character, it must be properly escaped according to the URL encoding standard.|
-|MsgID|Specifies a unique identifier for an OMA DM session message.|
-|MsgRef|Specifies the ID of the corresponding request message. This element takes the value of the request message MsgID element.|
-|RespURI|Specifies the URI that the recipient must use when sending a response to this message.|
-|SessionID|Specifies the identifier of the OMA DM session associated with the containing message.<div class="alert">**Note**<br>  If the server doesn't notify the device that it supports a new version (through SyncApplicationVersion node in the DMClient CSP), the client returns the SessionID in integer in decimal format. If the server supports DM session sync version 2.0, which is used in Windows, the device client returns 2 bytes.</div>|
-|Source|Specifies the message source address.|
-|SourceRef|Specifies the source of the corresponding request message. This element takes the value of the request message Source element and is returned in the Status or Results element.|
-|Target|Specifies the address of the node, in the DM Tree, that is the target of the OMA DM command.|
-|TargetRef|Specifies the target address in the corresponding request message. This element takes the value of the request message Target element and is returned in the Status or Results element.|
-|VerDTD|Specifies the major and minor version identifier of the OMA DM representation protocol specification used to represent the message.|
-|VerProto|Specifies the major and minor version identifier of the OMA DM protocol specification used with the message.|
+| Element | Description |
+|:--|:--|
+| Chal      | Specifies an authentication challenge. The server or client can send a challenge to the other if no credentials or inadequate credentials were given in the original request message. |
+| Cmd       | Specifies the name of an OMA DM command referenced in a Status element. |
+| CmdID     | Specifies the unique identifier for an OMA DM command. |
+| CmdRef    | Specifies the ID of the command for which status or results information is being returned. This element takes the value of the CmdID element of the corresponding request message. |
+| Cred      | Specifies the authentication credential for the originator of the message. |
+| Final     | Indicates that the current message is the last message in the package. |
+| LocName   | Specifies the display name in the Target and Source elements, used for sending a user ID for MD5 authentication. |
+| LocURI    | Specifies the address of the target or source location. If the address contains a non-alphanumeric character, it must be properly escaped according to the URL encoding standard. |
+| MsgID     | Specifies a unique identifier for an OMA DM session message. |
+| MsgRef    | Specifies the ID of the corresponding request message. This element takes the value of the request message MsgID element. |
+| RespURI   | Specifies the URI that the recipient must use when sending a response to this message. |
+| SessionID | Specifies the identifier of the OMA DM session associated with the containing message. If the server doesn't notify the device that it supports a new version (through SyncApplicationVersion node in the DMClient CSP), the client returns the SessionID in integer in decimal format. If the server supports DM session sync version 2.0, which is used in Windows, the device client returns 2 bytes. |
+| Source    | Specifies the message source address. |
+| SourceRef | Specifies the source of the corresponding request message. This element takes the value of the request message Source element and is returned in the Status or Results element. |
+| Target    | Specifies the address of the node in the DM Tree that is the target of the OMA DM command. |
+| TargetRef | Specifies the target address in the corresponding request message. This element takes the value of the request message Target element and is returned in the Status or Results element. |
+| VerDTD    | Specifies the major and minor version identifier of the OMA DM representation protocol specification used to represent the message. |
+| VerProto  | Specifies the major and minor version identifier of the OMA DM protocol specification used with the message. |
 
 ## Device management session
 
@@ -69,8 +60,8 @@ A server sends a Get command to a client device to retrieve the contents of one
 
 A DM session can be divided into two phases:
 
-1. **Setup phase**: In response to a trigger event, a client device sends an initiating message to a DM server. The device and server exchange needed authentication and device information. This phase is represented by steps 1, 2, and 3 in the following table.
-1. **Management phase**: The DM server is in control. It sends management commands to the device and the device responds. Phase 2 ends when the DM server stops sending commands and terminates the session. This phase is represented by steps 3, 4, and 5 in the following table.
+1. **Setup phase**: In response to a trigger event, a client device sends an initiating message to a DM server. The device and server exchange needed authentication and device information. This phase is represented by steps 1, 2, and 3.
+1. **Management phase**: The DM server is in control. It sends management commands to the device and the device responds. Phase 2 ends when the DM server stops sending commands and terminates the session. This phase is represented by steps 3, 4, and 5.
 
 The following information shows the sequence of events during a typical DM session.
 
@@ -82,7 +73,7 @@ The following information shows the sequence of events during a typical DM sessi
 
 1. The device sends a message, over an IP connection, to initiate the session.
 
-    This message includes device information and credentials. The client and server do mutual authentication over an SSL channel or at the DM application level.
+    This message includes device information and credentials. The client and server do mutual authentication over a TLS/SSL channel or at the DM application level.
 
 1. The DM server responds, over an IP connection (HTTPS). The server sends initial device management commands, if any.
 
@@ -92,9 +83,9 @@ The following information shows the sequence of events during a typical DM sessi
 
 The step numbers don't represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each extra message. For more information about MsgID and OMA SyncML protocol, see [OMA Device Management Representation Protocol (DM_RepPro-V1_2-20070209-A)](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/).
 
-During OMA DM application level mutual authentication, if the device response code to Cred element in the server request is 212, no further authentication is needed for the remainder of the DM session. If the MD5 authentication occurs, the Chal element can be returned. Then the next nonce in Chal must be used for the MD5 digest when the next DM session is started.
+During OMA DM application level mutual authentication, if the device response code to Cred element in the server request is 212, no further authentication is needed for the remainder of the DM session. If the MD5 authentication occurs, the `Chal` element can be returned. Then the next nonce in `Chal` must be used for the MD5 digest when the next DM session is started.
 
-If a request includes credentials and the response code to the request is 200, the same credential must be sent within the next request. If the Chal element is included and the MD5 authentication is required, a new digest is created by using the next nonce via the Chal element for next request.
+If a request includes credentials and the response code to the request is 200, the same credential must be sent within the next request. If the `Chal` element is included and the MD5 authentication is required, a new digest is created by using the next nonce via the `Chal` element for next request.
 
 For more information about Basic or MD5 client authentication, MD5 server authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM_Security-V1_2_1-20080617-A), authentication response code handling and step-by-step samples in OMA Device Management Protocol specification (OMA-TS-DM_Protocol-V1_2_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/).
 
@@ -108,7 +99,7 @@ The data part of this alert could be one of following strings:
 - Others: another user sign in but that user doesn't have an MDM account. The server can only apply device-wide configuration, for example, configuration applies to all users in the device.
 - None: no active user sign in. The server can only apply device-wide configuration and available configuration is restricted to the device environment (no active user sign in).
 
-Below is an alert example:
+Here's an alert example:
 
 ```xml
 <Alert>
@@ -138,23 +129,23 @@ When using SyncML in OMA DM, there are standard response status codes that are r
 |---|----|
 | 200         | The SyncML command completed successfully.  |
 | 202         | Accepted for processing. This code denotes an asynchronous operation, such as a request to run a remote execution of an application.  |
-| 212         | Authentication accepted. Normally you'll only see this code in response to the SyncHdr element (used for authentication in the OMA-DM standard). You may see this code if you look at OMA DM logs, but CSPs don't typically generate this code. |
-| 214         | Operation canceled. The SyncML command completed successfully, but no more commands will be processed within the session. |
+| 212         | Authentication accepted. Normally you only see this code in response to the SyncHdr element (used for authentication in the OMA-DM standard). You may see this code if you look at OMA DM logs, but CSPs don't typically generate this code. |
+| 214         | Operation canceled. The SyncML command completed successfully, but no more commands are processed within the session. |
 | 215         | Not executed. A command wasn't executed as a result of user interaction to cancel the command.  |
 | 216         | `Atomic` roll back OK. A command was inside an `Atomic` element and `Atomic` failed. This command was rolled back successfully.  |
 | 400         | Bad request. The requested command couldn't be performed because of malformed syntax. CSPs don't usually generate this error, however you might see it if your SyncML is malformed.  |
 | 401         | Invalid credentials. The requested command failed because the requestor must provide proper authentication. CSPs don't usually generate this error.  |
 | 403         | Forbidden. The requested command failed, but the recipient understood the requested command.  |
-| 404         | Not found. The requested target wasn't found. This code will be generated if you query a node that doesn't exist.   |
-| 405         | Command not allowed. This respond code will be generated if you try to write to a read-only node.  |
-| 406         | Optional feature not supported. This response code will be generated if you try to access a property that the CSP doesn't support.  |
+| 404         | Not found. The requested target wasn't found. This code is generated if you query a node that doesn't exist.   |
+| 405         | Command not allowed. This respond code is generated if you try to write to a read-only node.  |
+| 406         | Optional feature not supported. This response code is generated if you try to access a property that the CSP doesn't support.  |
 | 415         | Unsupported type or format. This response code can result from XML parsing or formatting errors.  |
 | 418         | Already exists. This response code occurs if you attempt to add a node that already exists.  |
 | 425         | Permission Denied. The requested command failed because the sender doesn't have adequate access control permissions (ACL) on the recipient. "Access denied" errors usually get translated to this response code.  |
-| 500         | Command failed. Generic failure. The recipient encountered an unexpected condition, which prevented it from fulfilling the request. This response code will occur when the SyncML DPU can't map the originating error code.       |
+| 500         | Command failed. Generic failure. The recipient encountered an unexpected condition, which prevented it from fulfilling the request. This response code occurs when the SyncML DPU can't map the originating error code.       |
 | 507         | `Atomic` failed. One of the operations in an `Atomic` block failed.  |
 | 516         | `Atomic` roll back failed. An `Atomic` operation failed and the command wasn't rolled back successfully.  |
 
-## Related topics
+## Related articles
 
 [Configuration service provider reference](mdm/index.yml)
diff --git a/windows/client-management/on-premise-authentication-device-enrollment.md b/windows/client-management/on-premise-authentication-device-enrollment.md
index 8e72627af0..39e4133d55 100644
--- a/windows/client-management/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/on-premise-authentication-device-enrollment.md
@@ -1,17 +1,8 @@
 ---
 title: On-premises authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # On-premises authentication device enrollment
@@ -68,10 +59,10 @@ After the device gets a response from the server, the device sends a POST reques
 
 The following logic is applied:
 
-1. The device first tries HTTPS. If the server cert is not trusted by the device, the HTTPS fails.
-1. If that fails, the device tries HTTP to see whether it is redirected:
-   - If the device is not redirected, it prompts the user for the server address.
-   - If the device is redirected, it prompts the user to allow the redirect.
+1. The device first tries HTTPS. If the device doesn't trust the server certificate, the HTTPS attempt fails.
+1. If that fails, the device tries HTTP to see whether it's redirected:
+   - If the device isn't redirected, the user is prompted for the server address.
+   - If the device is redirected, the user is prompted to allow the redirect.
 
 The following example shows a request via an HTTP POST command to the discovery web service given user@contoso.com as the email address:
 
@@ -121,8 +112,8 @@ If a domain and user name are provided by the user instead of an email address,
 The discovery response is in the XML format and includes the following fields:
 
 - Enrollment service URL (EnrollmentServiceUrl) - Specifies the URL of the enrollment endpoint that is exposed by the management service. The device should call this URL after the user has been authenticated. This field is mandatory.
-- Authentication policy (AuthPolicy) - Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user will be authenticated when calling the management service URL. This field is mandatory.
-- Federated is added as another supported value. This allows the server to leverage the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
+- Authentication policy (AuthPolicy) - Indicates what type of authentication is required. For the MDM server, OnPremise is the supported value, which means that the user is authenticated when calling the management service URL. This field is mandatory.
+- Federated is added as another supported value. It allows the server to use the Web Authentication Broker to perform customized user authentication, and term of usage acceptance.
 
 > [!NOTE]
 > The HTTP server response must not be chunked; it must be sent as one message.
@@ -162,9 +153,7 @@ The following example shows a response received from the discovery web service f
 
 ## Enrollment policy web service
 
-For the OnPremise authentication policy, the UsernameToken in GetPolicies contains the user credential, whose value is based on the authentication policy in discovery. A sample of the request can be found on the MSDN website; the following is another sample, with "user@contoso.com" as the user name and "mypassword" as the password.
-
-The following example shows the policy web service request.
+For the OnPremise authentication policy, the UsernameToken in GetPolicies contains the user credential, whose value is based on the authentication policy in discovery. The following sample shows the policy web service request and uses `user@contoso.com` as the user name and `mypassword` as the password.
 
 ```xml
    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
@@ -207,7 +196,7 @@ The following example shows the policy web service request.
 
 After the user is authenticated, the web service retrieves the certificate template that the user should enroll with and creates enrollment policies based on the certificate template properties. A sample of the response can be found on MSDN.
 
-MS-XCEP supports very flexible enrollment policies using various Complex Types and Attributes. We will first support the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
+MS-XCEP supports flexible enrollment policies using various Complex Types and Attributes that include the minimalKeyLength, the hashAlgorithmOIDReference policies, and the CryptoProviders. The hashAlgorithmOIDReference has related OID and OIDReferenceID and policySchema in the GetPolicesResponse. The policySchema refers to the certificate template version. Version 3 of MS-XCEP supports hashing algorithms.
 
 > [!NOTE]
 > The HTTP server response must not be chunked; it must be sent as one message.
@@ -295,9 +284,9 @@ The following snippet shows the policy web service response.
 
 This web service implements the MS-WSTEP protocol. It processes the RequestSecurityToken (RST) message from the client, authenticates the client, requests the certificate from the CA, and returns it in the RequestSecurityTokenResponse (RSTR) to the client. Besides the issued certificate, the response also contains configurations needed to provision the DM client.
 
-The RequestSecurityToken (RST) must have the user credential and a certificate request. The user credential in an RST SOAP envelope is the same as in GetPolicies, and can vary depending on whether the authentication policy is OnPremise or Federated. The BinarySecurityToken in an RST SOAP body contains a Base64-encoded PKCS\#10 certificate request, which is generated by the client based on the enrollment policy. The client could have requested an enrollment policy by using MS-XCEP before requesting a certificate using MS-WSTEP. If the PKCS\#10 certificate request is accepted by the certification authority (CA) (the key length, hashing algorithm, and so on match the certificate template), the client can enroll successfully.
+The RequestSecurityToken (RST) must have the user credential and a certificate request. The user credential in an RST SOAP envelope is the same as in GetPolicies, and can vary depending on whether the authentication policy is OnPremise or Federated. The BinarySecurityToken in an RST SOAP body contains a Base64-encoded PKCS\#10 certificate request, which is generated by the client based on the enrollment policy. The client could have requested an enrollment policy by using MS-XCEP before requesting a certificate using MS-WSTEP. If the PKCS\#10 certificate request is accepted by the certification authority (CA) (the key length, hashing algorithm, and so on, match the certificate template), the client can enroll successfully.
 
-The RequestSecurityToken will use a custom TokenType (`http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken`), because our enrollment token is more than an X.509 v3 certificate. For more details, see the Response section.
+The RequestSecurityToken uses a custom TokenType (`http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken`), because our enrollment token is more than an X.509 v3 certificate. For more information, see the Response section.
 
 The RST may also specify a number of AdditionalContext items, such as DeviceType and Version. Based on these values, for example, the web service can return device-specific and version-specific DM configuration.
 
diff --git a/windows/client-management/push-notification-windows-mdm.md b/windows/client-management/push-notification-windows-mdm.md
index b1094d670f..d449bbfa9f 100644
--- a/windows/client-management/push-notification-windows-mdm.md
+++ b/windows/client-management/push-notification-windows-mdm.md
@@ -1,22 +1,13 @@
 ---
 title: Push notification support for device management
 description: The DMClient CSP supports the ability to configure push-initiated device management sessions.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Push notification support for device management
 
-The [DMClient CSP](mdm/dmclient-csp.md) supports the ability to configure push-initiated device management sessions. Using the [Windows Notification Services (WNS)](/windows/apps/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview), a management server can request a device to establish a management session with the server through a push notification. A device is provided with a PFN for an application. This provision results in the device getting configured, to support a push to it by the management server. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting).
+The [DMClient CSP](mdm/dmclient-csp.md) supports the ability to configure push-initiated device management sessions. With [Windows Notification Services (WNS)](/windows/apps/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview), a management server can request a device to establish a management session with the server through a push notification. A device is provided with a PFN for an application. This provision results in the device getting configured, to support a push to it by the management server. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting).
 
 To initiate a device management session, the management server must first authenticate with WNS using its SID and client secret. Once authenticated, the server receives a token to initiate a raw push notification for any ChannelURI. When the management server wants to initiate a management session with a device, it can utilize the token and the device ChannelURI, and begin communicating with the device.
 
@@ -27,10 +18,10 @@ Because a device may not always be connected to the internet, WNS supports cachi
 The following restrictions are related to push notifications and WNS:
 
 - Push for device management uses raw push notifications. This restriction means that these raw push notifications don't support or utilize push notification payloads.
-- Receipt of push notifications is sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS will be terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS will also be terminated.
-- A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It's strongly recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This will ensure that the management server won't attempt to use a ChannelURI that has expired.
+- Receipt of push notifications is sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS is terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS is also terminated.
+- A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It's recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This query ensures that the management server doesn't attempt to use a ChannelURI that has expired.
 - Push isn't a replacement for having a polling schedule.
-- WNS reserves the right to block push notifications to your PFN if improper use of notifications is detected. Any devices being managed using this PFN will cease to have push initiated device management support.
+- WNS reserves the right to block push notifications to your PFN if improper use of notifications is detected. Any devices being managed using this PFN cease to have push initiated device management support.
 
 - In Windows 10, version 1511, we use the following retry logic for the DMClient:
 
@@ -38,7 +29,7 @@ The following restrictions are related to push notifications and WNS:
   - If ExpiryTime is between now and 15 days, a schedule set for 4 +/- 1 hours from now.
   - If ExpiryTime has passed, a schedule is set for 1 day +/- 4 hours from now.
 
-- In Windows 10, version 1607 and later, we check for network connectivity before retrying. We don't check for internet connectivity. If network connectivity isn't available, we'll skip the retry and set schedule for 4+/-1 hours to try again.
+- In Windows 10, version 1607 and later, we check for network connectivity before retrying. We don't check for internet connectivity. If network connectivity isn't available, the retry is skipped and a schedule is set for 4+/-1 hours to try again.
 
 ## Get WNS credentials and PFN for MDM push notification
 
@@ -49,10 +40,10 @@ To get a PFN and WNS credentials, you must create a Microsoft Store app.
 1. Reserve an app name.
 1. Select **Product Identity** under Product Management to view the **Package Family Name (PFN)** of your app.
 1. Select **WNS/MPNS** under Product Management.
-   1. Click the **App Registration portal** link. A new window opens showing your app in the Azure Portal.
-   1. In the Application Registration Portal page, you'll see the properties for the app that you created, such as:
+   1. Select the **App Registration portal** link. A new window opens showing your app in the Azure portal.
+   1. In the Application Registration Portal page, you see the properties for the app that you created, such as:
       - Application ID
       - Application Secrets
       - Redirect URIs
 
-For more information see, [Tutorial: Send notifications to Universal Windows Platform apps using Azure Notification Hubs](/azure/notification-hubs/notification-hubs-windows-store-dotnet-get-started-wns-push-notification).
+For more information, see [Tutorial: Send notifications to Universal Windows Platform apps using Azure Notification Hubs](/azure/notification-hubs/notification-hubs-windows-store-dotnet-get-started-wns-push-notification).
diff --git a/windows/client-management/server-requirements-windows-mdm.md b/windows/client-management/server-requirements-windows-mdm.md
index 30f628af50..e3cafbd896 100644
--- a/windows/client-management/server-requirements-windows-mdm.md
+++ b/windows/client-management/server-requirements-windows-mdm.md
@@ -1,17 +1,8 @@
 ---
 title: Server requirements for using OMA DM to manage Windows devices
 description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
-ms.reviewer: 
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Server requirements for using OMA DM to manage Windows devices
@@ -20,7 +11,7 @@ The following list shows the general server requirements for using OMA DM to man
 
 - The OMA DM server must support the OMA DM v1.1.2 or later protocol.
 
-- Secure Sockets Layer (SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate isn't issued by a commercial Certification Authority whose root certificate is pre-installed in the device, you must provision the enterprise root certificate in the device's Root store.
+- Secure Sockets Layer (TLS/SSL) must be on the OMA DM server, and it must provide server certificate-based authentication, data integrity check, and data encryption. If the certificate isn't issued by a commercial Certification Authority whose root certificate is preinstalled in the device, you must provision the enterprise root certificate in the device's Root store.
 
 - To authenticate the client at the application level, you must use either Basic or MD5 client authentication.
 
diff --git a/windows/client-management/structure-of-oma-dm-provisioning-files.md b/windows/client-management/structure-of-oma-dm-provisioning-files.md
index b3724368d3..c239b9d0fd 100644
--- a/windows/client-management/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/structure-of-oma-dm-provisioning-files.md
@@ -1,17 +1,8 @@
 ---
 title: Structure of OMA DM provisioning files
 description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
-ms.reviewer: 
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Structure of OMA DM provisioning files
@@ -24,14 +15,14 @@ Each message is composed of a header, specified by the SyncHdr element, and a me
 
 The following table shows the OMA DM versions that are supported.
 
-|Version|Format|
-|--- |--- |
-|OMA DM version 1.1.2|<code>&lt;SyncML xmlns='SYNCML:SYNCML1.1'&gt;</code></p><p><code>&lt;/SyncML&gt;</code>|
-|OMA DM version 1.2|<code>&lt;SyncML xmlns='SYNCML:SYNCML1.2'&gt;</code></p><p><code>&lt;/SyncML&gt;</code>|
+| Version              | Format                                       |
+|----------------------|----------------------------------------------|
+| OMA DM version 1.1.2 | `<SyncML xmlns='SYNCML:SYNCML1.1'></SyncML>` |
+| OMA DM version 1.2   | `<SyncML xmlns='SYNCML:SYNCML1.2'></SyncML>` |
 
 ## File format
 
-The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain additional XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/OMA-TS-DM_Protocol-V1_2_1-20080617-A.pdf) specification.
+The following example shows the general structure of the XML document sent by the server using OMA DM version 1.2.1 for demonstration purposes only. The initial XML packages exchanged between client and server could contain more XML tags. For a detailed description and samples for those packages, see the [OMA Device Management Protocol 1.2.1](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/OMA-TS-DM_Protocol-V1_2_1-20080617-A.pdf) specification.
 
 ```xml
 <SyncML xmlns='SYNCML:SYNCML1.2'>
@@ -85,8 +76,6 @@ The following example shows the header component of a DM message. In this case,
 > [!NOTE]
 > The `<LocURI>` node value for the `<Source>` element in the SyncHdr of the device-generated DM package should be the same as the value of ./DevInfo/DevID. For more information about DevID, see [DevInfo configuration service provider](mdm/devinfo-csp.md).
 
- 
-
 ```xml
 <SyncHdr>
    <VerDTD>1.2</VerDTD>
@@ -108,7 +97,7 @@ SyncBody contains one or more DM commands. The SyncBody can contain multiple DM
 
 **Code example**
 
-The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This command is indicated by the &lt;Final /&gt; tag that occurs immediately after the terminating tag for the Get command.
+The following example shows the body component of a DM message. In this example, SyncBody contains only one command, Get. This command is indicated by the `<Final />` tag that occurs immediately after the terminating tag for the Get command.
 
 ```xml
 <SyncBody>
diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md
index dd0861e26c..e7bccddb07 100644
--- a/windows/client-management/understanding-admx-backed-policies.md
+++ b/windows/client-management/understanding-admx-backed-policies.md
@@ -1,17 +1,8 @@
 ---
 title: Understanding ADMX policies
 description: You can use ADMX policies for Windows mobile device management (MDM) across Windows devices.
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 03/23/2020
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Understanding ADMX policies
@@ -32,9 +23,9 @@ Depending on the specific category of the settings that they control (OS or appl
 
 In a domain controller/Group Policy ecosystem, Group Policies are automatically added to the registry of the client computer or user profile by the Administrative Templates Client Side Extension (CSE) whenever the client computer processes a Group Policy. Conversely, in an MDM-managed client, ADMX files are applied to define policies independent of Group Policies. Therefore, in an MDM-managed client, a Group Policy infrastructure, including the Group Policy Service (gpsvc.exe), isn't required.
 
-An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP doesn't rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies that are set by the MDM.
+An ADMX file can either be shipped with Windows (located at `%SystemRoot%\policydefinitions`) or it can be ingested to a device through the Policy CSP URI (`./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall`). Inbox ADMX files are processed into MDM policies at OS-build time. ADMX files that are ingested are processed into MDM policies post-OS shipment through the Policy CSP. Because the Policy CSP doesn't rely upon any aspect of the Group Policy client stack, including the PC's Group Policy Service (GPSvc), the policy handlers that are ingested to the device are able to react to policies set by the MDM.
 
-Windows maps the name and category path of a Group Policy to an MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy is referenced by a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX policies supported by MDM, see [Policy CSP - ADMX policies](mdm/policy-configuration-service-provider.md).
+Windows maps the name and category path of a Group Policy to an MDM policy area and policy name by parsing the associated ADMX file, finding the specified Group Policy, and storing the definition (metadata) in the MDM Policy CSP client store. When the MDM policy contains a SyncML command and the Policy CSP URI, `.\[device|user]\vendor\msft\policy\[config|result]\<area>\<policy>`, this metadata is referenced and determines which registry keys are set or removed. For a list of ADMX policies supported by MDM, see [Policy CSP - ADMX policies](mdm/policy-configuration-service-provider.md).
 
 <!-- [!TIP] -->
 <!-- Intune has added a number of ADMX administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](/intune/administrative-templates-windows) -->
@@ -47,15 +38,15 @@ The ADMX file that the MDM ISV uses to determine what UI to display to the IT ad
 
 Group Policy option button setting:
 
-- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and clicks **Apply**, the following events occur:
+- If **Enabled** is selected, the necessary data entry controls are displayed for the user in the UI. When IT administrator enters the data and select **Apply**, the following events occur:
   - The MDM ISV server sets up a Replace SyncML command with a payload that contains the user-entered data.
   - The MDM client stack receives this data, which causes the Policy CSP to update the device's registry per the ADMX policy definition.
 
-- If **Disabled** is selected and you click **Apply**, the following events occur:
+- If **Disabled** is selected and you select **Apply**, the following events occur:
   - The MDM ISV server sets up a Replace SyncML command with a payload set to `<disabled\>`.
   - The MDM client stack receives this command, which causes the Policy CSP to either delete the device's registry settings, set the registry keys, or both, per the state change directed by the ADMX policy definition.
 
-- If **Not Configured** is selected and you click **Apply**, the following events occur:
+- If **Not Configured** is selected and you select **Apply**, the following events occur:
   - MDM ISV server sets up a Delete SyncML command.
   - The MDM client stack receives this command, which causes the Policy CSP to delete the device's registry settings per the ADMX policy definition.
 
@@ -245,7 +236,7 @@ This section describes sample SyncML for the various ADMX elements like Text, Mu
 
 ### How a Group Policy policy category path and name are mapped to an MDM area and policy name
 
-Below is the internal OS mapping of a Group Policy to an MDM area and name. This mapping is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown below, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User.
+Here's the internal OS mapping of a Group Policy to an MDM area and name. This mapping is part of a set of Windows manifest that when compiled parses out the associated ADMX file, finds the specified Group Policy policy and stores that definition (metadata) in the MDM Policy CSP client store.  ADMX backed policies are organized hierarchically. Their scope can be **machine**, **user**, or have a scope of **both**. When the MDM policy is referred to through a SyncML command and the Policy CSP URI, as shown, this metadata is referenced and determines what registry keys are set or removed. Machine-scope policies are referenced via .\Device and the user scope policies via .\User.
 
 `./[Device|User]/Vendor/MSFT/Policy/Config/[config|result]/<area>/<policy>`
 
@@ -270,7 +261,7 @@ The **LocURI** for the above GP policy is:
 
 `./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2`
 
-To construct SyncML for your area/policy using the samples below, you need to update the **data id** and the **value** in the `<Data>` section of the SyncML. The items prefixed with an '&' character are the escape characters needed and can be retained as shown.
+To construct SyncML for your area/policy using the following samples, you need to update the **data id** and the **value** in the `<Data>` section of the SyncML. The items prefixed with an '&' character are the escape characters needed and can be retained as shown.
 
 ### Text Element
 
@@ -355,12 +346,12 @@ The `multiText` element simply corresponds to a REG_MULTISZ registry string and
 
 ### List Element (and its variations)
 
-The `list` element simply corresponds to a hive of REG_SZ registry strings and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc. How this element is represented in SyncML is as a string containing pairs of strings. Each pair is a REG_SZ name/value key. It's best to apply the policy through gpedit.msc (run as Administrator) and go to the registry hive location and see how the list values are stored. This location will give you an idea of the way the name/value pairs are stored to express it through SyncML.
+The `list` element simply corresponds to a hive of REG_SZ registry strings and correspondingly to a grid to enter multiple strings in a policy panel display by gpedit.msc. How this element is represented in SyncML is as a string containing pairs of strings. Each pair is a REG_SZ name/value key. It's best to apply the policy through gpedit.msc (run as Administrator) and go to the registry hive location and see how the list values are stored. This location gives you an idea of the way the name/value pairs are stored to express it through SyncML.
 
 > [!NOTE]
 > It's expected that each string in the SyncML is to be separated by the Unicode character 0xF000 (encoded version: `&#xF000;`).
 
-Variations of the `list` element are dictated by attributes. These attributes are ignored by the Policy Manager runtime. It's expected that the MDM server manages the name/value pairs. See below for a simple write-up of Group Policy List.
+Variations of the `list` element are dictated by attributes. These attributes are ignored by the Policy Manager runtime. It's expected that the MDM server manages the name/value pairs. Here are some samples for the Group Policy List.
 
 **ADMX file: inetres.admx**:
 
diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
index d3ea09a030..4c631e20f5 100644
--- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -1,22 +1,13 @@
 ---
 title: Using PowerShell scripting with the WMI Bridge Provider
-description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
+description: This article covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Using PowerShell scripting with the WMI Bridge Provider
 
-This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
+This article covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
 
 ## Configuring per-device policy settings
 
@@ -94,7 +85,7 @@ If accessing or modifying settings for a different user, then the PowerShell scr
 > [!NOTE]
 > All commands must executed under local system.
 
-A user SID can be obtained by Windows command `wmic useraccount get name, sid`. The following script example assumes the user SID is S-1-5-21-4017247134-4237859428-3008104844-1001.
+Windows command `wmic useraccount get name, sid` can be used to obtain the user SID. The following script example assumes the user SID is` S-1-5-21-4017247134-4237859428-3008104844-1001`.
 
 ```PowerShell
 $namespaceName = "root\cimv2\mdm\dmmap"
@@ -217,6 +208,6 @@ catch [Exception]
 }
 ```
 
-## Related topics
+## Related articles
 
 [WMI Bridge Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md
index b6502accac..0cab615908 100644
--- a/windows/client-management/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md
@@ -1,17 +1,8 @@
 ---
 title: Win32 and Desktop Bridge app ADMX policy Ingestion
 description: Ingest ADMX files and set ADMX policies for Win32 and Desktop Bridge apps.
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 03/23/2020
-ms.reviewer:
-manager: aaroncz
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Win32 and Desktop Bridge app ADMX policy Ingestion
@@ -27,7 +18,7 @@ Starting from the following Windows versions `Replace` command is supported:
 - Windows 10, version 1803 with KB4512509 and KB installed
 - Windows 10, version 1709 with KB4516071 and KB installed
 
-When the ADMX policies are ingested, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, are not overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies are not allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
+When the ADMX policies are ingested, the registry keys to which each policy is written are checked so that known system registry keys, or registry keys that are used by existing inbox policies or system components, aren't overwritten. This precaution helps to avoid security concerns over opening the entire registry. Currently, the ingested policies aren't allowed to write to locations within the **System**, **Software\Microsoft**, and **Software\Policies\Microsoft** keys, except for the following locations:
 
 - Software\Policies\Microsoft\Office\
 - Software\Microsoft\Office\
@@ -199,7 +190,7 @@ The following ADMX file example shows how to ingest a Win32 or Desktop Bridge ap
 **Request Syncml**:
 
 The ADMX file is escaped and sent in SyncML format through the Policy CSP URI, `./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/{SettingType}/{FileUid or AdmxFileName}`.
-When the ADMX file is imported, the policy states for each new policy are the same as those in a regular MDM policy: Enabled, Disabled, or Not Configured.
+When the ADMX file is imported, the policy states for each new policy are the same as the ones in a regular MDM policy: Enabled, Disabled, or Not Configured.
 
 The following example shows an ADMX file in SyncML format:
 
@@ -365,7 +356,7 @@ The following example shows an ADMX file in SyncML format:
 
 The following example shows how to derive a Win32 or Desktop Bridge app policy name and policy area name:
 
-```XML
+```xml
 <categories>
     <category name="ParentCategoryArea"/>
     <category name="Category1">
@@ -405,9 +396,9 @@ The policy {AreaName} format is {AppName}~{SettingType}~{CategoryPathFromAdmx}.
 
 Therefore, from the example:
 
-- Class: User
-- Policy name: L_PolicyPreventRun_1
-- Policy area name: ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3
+- Class: `User`
+- Policy name: `L_PolicyPreventRun_1`
+- Policy area name: `ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3`
 - URI: `./user/Vendor/MSFT/Policy/Config/ContosoCompanyApp~Policy~ParentCategoryArea~Category2~Category3/L_PolicyPreventRun_1`
 
 ## ADMX-backed app policy examples
diff --git a/windows/client-management/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md
index 82d1bf3135..e3503a278f 100644
--- a/windows/client-management/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/windows-mdm-enterprise-settings.md
@@ -1,17 +1,8 @@
 ---
 title: Enterprise settings and policy management
 description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 04/05/2023
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # Enterprise settings and policy management
@@ -20,7 +11,7 @@ The actual management interaction between the device and server is done via the
 
 Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](mdm/index.yml).
 
-Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. The DM client is configured during the enrollment process to be invoked by the task scheduler to periodically poll the MDM server.
+Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. During the enrollment process, the task scheduler is configured to invoke the DM client to periodically poll the MDM server.
 
 The following diagram shows the work flow between server and client.
 
@@ -30,7 +21,7 @@ The following diagram shows the work flow between server and client.
 
 This protocol defines an HTTPS-based client/server communication with DM SyncML XML as the package payload that carries management requests and execution results. The configuration request is addressed via a managed object (MO). The settings supported by the managed object are represented in a conceptual tree structure. This logical view of configurable device settings simplifies the way the server addresses the device settings by isolating the implementation details from the conceptual tree structure.
 
-To facilitate security-enhanced communication with the remote server for enterprise management, Windows supports certificate-based mutual authentication over an encrypted SSL HTTP channel between the DM client and management service. The server and client certificates are provisioned during the enrollment process.
+To facilitate security-enhanced communication with the remote server for enterprise management, Windows supports certificate-based mutual authentication over an encrypted TLS/SSL HTTP channel between the DM client and management service. The server and client certificates are provisioned during the enrollment process.
 
 The DM client configuration, company policy enforcement, business application management, and device inventory are all exposed or expressed via configuration service providers (CSPs). CSPs are the Windows term for managed objects. The DM client communicates with the server and sends configuration request to CSPs. The server only needs to know the logical local URIs defined by those CSP nodes in order to use the DM protocol XML to manage the device.
 
diff --git a/windows/client-management/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md
index 79a3785540..ab34b9d0c7 100644
--- a/windows/client-management/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/wmi-providers-supported-in-windows.md
@@ -1,17 +1,8 @@
 ---
 title: WMI providers supported in Windows
 description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
 ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.date: 06/26/2017
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+ms.date: 08/10/2023
 ---
 
 # WMI providers supported in Windows
@@ -21,7 +12,7 @@ Windows Management Infrastructure (WMI) providers (and the classes they support)
 > [!NOTE]
 > Applications installed using WMI classes are not removed when the MDM account is removed from device.
 
-The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here is an example query.
+The child node names of the result from a WMI query are separated by a forward slash (/) and not URI escaped. Here's an example query.
 
 Get the list of network adapters from the device.
 
@@ -109,79 +100,76 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw
 
 | Class                                                                                                   | Test completed in Windows 10 |
 |---------------------------------------------------------------------------------------------------------|------------------------------|
-| [**Win32\_1394Controller**](/windows/win32/cimwin32prov/win32-1394controller)                           |
-| [**Win32\_BaseBoard**](/windows/win32/cimwin32prov/win32-baseboard)                                     |
+| [**Win32\_1394Controller**](/windows/win32/cimwin32prov/win32-1394controller)                           |                              |
+| [**Win32\_BaseBoard**](/windows/win32/cimwin32prov/win32-baseboard)                                     |                              |
 | [**Win32\_Battery**](/windows/win32/cimwin32prov/win32-battery)                                         | Yes                          |
 | [**Win32\_BIOS**](/windows/win32/cimwin32prov/win32-bios)                                               | Yes                          |
-| [**Win32\_CDROMDrive**](/windows/win32/cimwin32prov/win32-cdromdrive)                                   |
+| [**Win32\_CDROMDrive**](/windows/win32/cimwin32prov/win32-cdromdrive)                                   |                              |
 | [**Win32\_ComputerSystem**](/windows/win32/cimwin32prov/win32-computersystem)                           | Yes                          |
 | [**Win32\_ComputerSystemProduct**](/windows/win32/cimwin32prov/win32-computersystemproduct)             | Yes                          |
 | [**Win32\_CurrentTime**](/previous-versions/windows/desktop/wmitimepprov/win32-currenttime)             | Yes                          |
-| [**Win32\_Desktop**](/windows/win32/cimwin32prov/win32-desktop)                                         |
+| [**Win32\_Desktop**](/windows/win32/cimwin32prov/win32-desktop)                                         |                              |
 | [**Win32\_DesktopMonitor**](/windows/win32/cimwin32prov/win32-desktopmonitor)                           | Yes                          |
 | [**Win32\_DiskDrive**](/windows/win32/cimwin32prov/win32-diskdrive)                                     | Yes                          |
-| [**Win32\_DiskPartition**](/windows/win32/cimwin32prov/win32-diskpartition)                             |
+| [**Win32\_DiskPartition**](/windows/win32/cimwin32prov/win32-diskpartition)                             |                              |
 | [**Win32\_DisplayConfiguration**](/previous-versions//aa394137(v=vs.85))                                | Yes                          |
-| [**Win32\_DMAChannel**](/windows/win32/cimwin32prov/win32-dmachannel)                                   |
-| [**Win32\_DriverVXD**](/previous-versions//aa394141(v=vs.85))                                           |
-| [**Win32\_EncryptableVolume**](/windows/win32/secprov/win32-encryptablevolume)                          |
-| [**Win32\_Environment**](/windows/win32/cimwin32prov/win32-environment)                                 |
-| [**Win32\_IDEController**](/windows/win32/cimwin32prov/win32-idecontroller)                             |
-| [**Win32\_InfraredDevice**](/windows/win32/cimwin32prov/win32-infrareddevice)                           |
-| [**Win32\_IRQResource**](/windows/win32/cimwin32prov/win32-irqresource)                                 |
-| [**Win32\_Keyboard**](/windows/win32/cimwin32prov/win32-keyboard)                                       |
-| [**Win32\_LoadOrderGroup**](/windows/win32/cimwin32prov/win32-loadordergroup)                           |
+| [**Win32\_DMAChannel**](/windows/win32/cimwin32prov/win32-dmachannel)                                   |                              |
+| [**Win32\_DriverVXD**](/previous-versions//aa394141(v=vs.85))                                           |                              |
+| [**Win32\_EncryptableVolume**](/windows/win32/secprov/win32-encryptablevolume)                          |                              |
+| [**Win32\_Environment**](/windows/win32/cimwin32prov/win32-environment)                                 |                              |
+| [**Win32\_IDEController**](/windows/win32/cimwin32prov/win32-idecontroller)                             |                              |
+| [**Win32\_InfraredDevice**](/windows/win32/cimwin32prov/win32-infrareddevice)                           |                              |
+| [**Win32\_IRQResource**](/windows/win32/cimwin32prov/win32-irqresource)                                 |                              |
+| [**Win32\_Keyboard**](/windows/win32/cimwin32prov/win32-keyboard)                                       |                              |
+| [**Win32\_LoadOrderGroup**](/windows/win32/cimwin32prov/win32-loadordergroup)                           |                              |
 | [**Win32\_LocalTime**](/previous-versions/windows/desktop/wmitimepprov/win32-localtime)                 | Yes                          |
-| [**Win32\_LoggedOnUser**](/windows/win32/cimwin32prov/win32-loggedonuser)                               |
+| [**Win32\_LoggedOnUser**](/windows/win32/cimwin32prov/win32-loggedonuser)                               |                              |
 | [**Win32\_LogicalDisk**](/windows/win32/cimwin32prov/win32-logicaldisk)                                 | Yes                          |
-| [**Win32\_MotherboardDevice**](/windows/win32/cimwin32prov/win32-motherboarddevice)                     |
+| [**Win32\_MotherboardDevice**](/windows/win32/cimwin32prov/win32-motherboarddevice)                     |                              |
 | [**Win32\_NetworkAdapter**](/windows/win32/cimwin32prov/win32-networkadapter)                           | Yes                          |
-| [**Win32\_NetworkAdapterConfiguration**](/windows/win32/cimwin32prov/win32-networkadapterconfiguration) |
-| [**Win32\_NetworkClient**](/windows/win32/cimwin32prov/win32-networkclient)                             |
-| [**Win32\_NetworkLoginProfile**](/windows/win32/cimwin32prov/win32-networkloginprofile)                 |
-| [**Win32\_NetworkProtocol**](/windows/win32/cimwin32prov/win32-networkprotocol)                         |
-| [**Win32\_NTEventlogFile**](/previous-versions/windows/desktop/legacy/aa394225(v=vs.85))                |
+| [**Win32\_NetworkAdapterConfiguration**](/windows/win32/cimwin32prov/win32-networkadapterconfiguration) |                              |
+| [**Win32\_NetworkClient**](/windows/win32/cimwin32prov/win32-networkclient)                             |                              |
+| [**Win32\_NetworkLoginProfile**](/windows/win32/cimwin32prov/win32-networkloginprofile)                 |                              |
+| [**Win32\_NetworkProtocol**](/windows/win32/cimwin32prov/win32-networkprotocol)                         |                              |
+| [**Win32\_NTEventlogFile**](/previous-versions/windows/desktop/legacy/aa394225(v=vs.85))                |                              |
 | [**Win32\_OperatingSystem**](/windows/win32/cimwin32prov/win32-operatingsystem)                         | Yes                          |
-| [**Win32\_OSRecoveryConfiguration**](/windows/win32/cimwin32prov/win32-osrecoveryconfiguration)         |
-| [**Win32\_PageFileSetting**](/windows/win32/cimwin32prov/win32-pagefilesetting)                         |
-| [**Win32\_ParallelPort**](/windows/win32/cimwin32prov/win32-parallelport)                               |
-| [**Win32\_PCMCIAController**](/windows/win32/cimwin32prov/win32-pcmciacontroller)                       |
-| [**Win32\_PhysicalMedia**](/previous-versions/windows/desktop/cimwin32a/win32-physicalmedia)            |
+| [**Win32\_OSRecoveryConfiguration**](/windows/win32/cimwin32prov/win32-osrecoveryconfiguration)         |                              |
+| [**Win32\_PageFileSetting**](/windows/win32/cimwin32prov/win32-pagefilesetting)                         |                              |
+| [**Win32\_ParallelPort**](/windows/win32/cimwin32prov/win32-parallelport)                               |                              |
+| [**Win32\_PCMCIAController**](/windows/win32/cimwin32prov/win32-pcmciacontroller)                       |                              |
+| [**Win32\_PhysicalMedia**](/previous-versions/windows/desktop/cimwin32a/win32-physicalmedia)            |                              |
 | [**Win32\_PhysicalMemory**](/windows/win32/cimwin32prov/win32-physicalmemory)                           | Yes                          |
-| [**Win32\_PnPDevice**](/windows/win32/cimwin32prov/win32-pnpdevice)                                     |
-| [**Win32\_PnPEntity**](/windows/win32/cimwin32prov/win32-pnpentity)                                     |
-| [**Win32\_PointingDevice**](/windows/win32/cimwin32prov/win32-pointingdevice)                           |
-| [**Win32\_PortableBattery**](/windows/win32/cimwin32prov/win32-portablebattery)                         |
-| [**Win32\_PortResource**](/windows/win32/cimwin32prov/win32-portresource)                               |
-| [**Win32\_POTSModem**](/windows/win32/cimwin32prov/win32-potsmodem)                                     |
-| [**Win32\_Printer**](/windows/win32/cimwin32prov/win32-printer)                                         |
-| [**Win32\_PrinterConfiguration**](/windows/win32/cimwin32prov/win32-printerconfiguration)               |
+| [**Win32\_PnPDevice**](/windows/win32/cimwin32prov/win32-pnpdevice)                                     |                              |
+| [**Win32\_PnPEntity**](/windows/win32/cimwin32prov/win32-pnpentity)                                     |                              |
+| [**Win32\_PointingDevice**](/windows/win32/cimwin32prov/win32-pointingdevice)                           |                              |
+| [**Win32\_PortableBattery**](/windows/win32/cimwin32prov/win32-portablebattery)                         |                              |
+| [**Win32\_PortResource**](/windows/win32/cimwin32prov/win32-portresource)                               |                              |
+| [**Win32\_POTSModem**](/windows/win32/cimwin32prov/win32-potsmodem)                                     |                              |
+| [**Win32\_Printer**](/windows/win32/cimwin32prov/win32-printer)                                         |                              |
+| [**Win32\_PrinterConfiguration**](/windows/win32/cimwin32prov/win32-printerconfiguration)               |                              |
 | [**Win32\_Processor**](/windows/win32/cimwin32prov/win32-processor)                                     | Yes                          |
 | [**Win32\_QuickFixEngineering**](/windows/win32/cimwin32prov/win32-quickfixengineering)                 | Yes                          |
-| [**Win32\_Registry**](/windows/win32/cimwin32prov/win32-registry)                                       |
-| [**Win32\_SCSIController**](/windows/win32/cimwin32prov/win32-scsicontroller)                           |
-| [**Win32\_SerialPort**](/windows/win32/cimwin32prov/win32-serialport)                                   |
-| [**Win32\_SerialPortConfiguration**](/windows/win32/cimwin32prov/win32-serialportconfiguration)         |
-| [**Win32\_ServerFeature**](/windows/win32/wmisdk/win32-serverfeature)                                   |
+| [**Win32\_Registry**](/windows/win32/cimwin32prov/win32-registry)                                       |                              |
+| [**Win32\_SCSIController**](/windows/win32/cimwin32prov/win32-scsicontroller)                           |                              |
+| [**Win32\_SerialPort**](/windows/win32/cimwin32prov/win32-serialport)                                   |                              |
+| [**Win32\_SerialPortConfiguration**](/windows/win32/cimwin32prov/win32-serialportconfiguration)         |                              |
+| [**Win32\_ServerFeature**](/windows/win32/wmisdk/win32-serverfeature)                                   |                              |
 | [**Win32\_Service**](/windows/win32/cimwin32prov/win32-service)                                         | Yes                          |
 | [**Win32\_Share**](/windows/win32/cimwin32prov/win32-share)                                             | Yes                          |
-| [**Win32\_SoundDevice**](/windows/win32/cimwin32prov/win32-sounddevice)                                 |
-| [**Win32\_SystemAccount**](/windows/win32/cimwin32prov/win32-systemaccount)                             |
+| [**Win32\_SoundDevice**](/windows/win32/cimwin32prov/win32-sounddevice)                                 |                              |
+| [**Win32\_SystemAccount**](/windows/win32/cimwin32prov/win32-systemaccount)                             |                              |
 | [**Win32\_SystemBIOS**](/windows/win32/cimwin32prov/win32-systembios)                                   | Yes                          |
-| [**Win32\_SystemDriver**](/windows/win32/cimwin32prov/win32-systemdriver)                               |
+| [**Win32\_SystemDriver**](/windows/win32/cimwin32prov/win32-systemdriver)                               |                              |
 | [**Win32\_SystemEnclosure**](/windows/win32/cimwin32prov/win32-systemenclosure)                         | Yes                          |
-| [**Win32\_TapeDrive**](/windows/win32/cimwin32prov/win32-tapedrive)                                     |
+| [**Win32\_TapeDrive**](/windows/win32/cimwin32prov/win32-tapedrive)                                     |                              |
 | [**Win32\_TimeZone**](/windows/win32/cimwin32prov/win32-timezone)                                       | Yes                          |
-| [**Win32\_UninterruptiblePowerSupply**](/previous-versions//aa394503(v=vs.85))                          |
-| [**Win32\_USBController**](/windows/win32/cimwin32prov/win32-usbcontroller)                             |
+| [**Win32\_UninterruptiblePowerSupply**](/previous-versions//aa394503(v=vs.85))                          |                              |
+| [**Win32\_USBController**](/windows/win32/cimwin32prov/win32-usbcontroller)                             |                              |
 | [**Win32\_UTCTime**](/previous-versions/windows/desktop/wmitimepprov/win32-utctime)                     | Yes                          |
-| [**Win32\_VideoController**](/windows/win32/cimwin32prov/win32-videocontroller)                         |
-| **Win32\_WindowsUpdateAgentVersion**                                                                    |
+| [**Win32\_VideoController**](/windows/win32/cimwin32prov/win32-videocontroller)                         |                              |
+| **Win32\_WindowsUpdateAgentVersion**                                                                    |                              |
 
-## Related topics
-
-[Configuration service provider reference](mdm/index.yml)
-
-## Related Links
+## Related articles
 
 [CIM Video Controller](/windows/win32/cimwin32prov/cim-videocontroller)
+[Configuration service provider reference](mdm/index.yml)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index 78ad0b03f2..d238ab8539 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Send feedback about Cortana back to Microsoft
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 To provide feedback on an individual request or response, select the item in the conversation history and then select **Give feedback**. The Feedback Hub application is launched, where you can provide more information to help diagnose reported issues.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index 399384fb32..5dc0aa37ec 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -10,12 +10,14 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
 
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 ## What can you do with in Windows 10, versions 1909 and earlier?
 Your employees can use Cortana to help manage their day and be more productive by getting quick answers to common questions, setting reminders, adding tasks to their To-Do lists, and find out where their next meeting is.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index cd9bc813a9..2f8c615755 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Configure Cortana in Windows 10 and Windows 11
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
 ms.prod: windows-client
 ms.collection: tier3
@@ -14,7 +14,8 @@ ms.topic: article
 ---
 
 # Configure Cortana in Windows 10 and Windows 11
-
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 ## Who is Cortana?
 
 Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 and Windows 11 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 0071761fd5..8cfe781f37 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -7,13 +7,15 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ms.topic: article
 ---
 
 # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index 0cf1df4390..421e8959d9 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -7,13 +7,15 @@ author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ms.topic: article
 ---
 
 # Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!NOTE]
 >The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index 4ba46b4d36..c107c97a64 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 2 – Perform a Bing search with Cortana
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 1. Select the  **Cortana**  icon in the taskbar.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index b2202a902d..50fb4c4d32 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 3 - Set a reminder
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 This scenario helps you set up, review, and edit a reminder. For example, you can remind yourself to send someone a link to a document after a meeting.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index fcad450ae3..997bd2f471 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -8,12 +8,15 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
 
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
+
 This scenario helps you find out if a time slot is free on your calendar.
 
 1. Select the  **Cortana**  icon in the taskbar.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index 94c1edabe4..67d77779e6 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,6 +1,6 @@
 ---
-title: Use Cortana to send email to a co-worker (Windows)
-description: A test scenario about how to use Cortana at work to send email to a co-worker.
+title: Use Cortana to send email to a coworker (Windows)
+description: A test scenario about how to use Cortana at work to send email to a coworker.
 ms.prod: windows-client
 ms.collection: tier3
 author: aczechowski
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 5 - Test scenario 5 – Find out about a person
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 Cortana can help you quickly look up information about someone or the org chart.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index 54a1064afb..a940f6be39 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 6 – Change your language and perform a quick search with Cortana
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 Cortana can help employees in regions outside the US search for quick answers like currency conversions, time zone conversions, or weather in their location.
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index a69e0078ff..88e5901e0c 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!IMPORTANT]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
index 63c801e46b..6a8fa6528d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@@ -8,12 +8,15 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 06/28/2021
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Cortana at work testing scenarios
 
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
+
 We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
 
 - [Sign into Azure AD, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index ec1abf4d96..21f168168d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Set up and test custom voice commands in Cortana for your organization
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!NOTE]
 >This content applies to Cortana in versions 1909 and earlier, but will not be available in future releases.
diff --git a/windows/configuration/cortana-at-work/includes/cortana-deprecation.md b/windows/configuration/cortana-at-work/includes/cortana-deprecation.md
new file mode 100644
index 0000000000..c5ad2bd22a
--- /dev/null
+++ b/windows/configuration/cortana-at-work/includes/cortana-deprecation.md
@@ -0,0 +1,14 @@
+---
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+ms.technology: itpro-updates
+ms.prod: windows-client
+ms.topic: include
+ms.date: 06/08/2023
+ms.localizationpriority: medium
+---
+<!--This file is shared by all Cortana in Windows (standalone app) articles under /windows/configuration. 7987543 -->
+
+> [!Important]
+> Cortana in Windows as a standalone app is [deprecated](/windows/whats-new/deprecated-features). This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. 
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index b089b30590..01d6c2db85 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -1,7 +1,7 @@
 ---
 title: Set up and test Cortana in Windows 10, version 2004 and later
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
 ms.prod: windows-client
 ms.collection: tier3
@@ -14,7 +14,8 @@ ms.topic: article
 ---
 
 # Set up and test Cortana in Windows 10, version 2004 and later
-
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 ## Before you begin
 
 - If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you'll need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
index 76496df719..6f3ffd8173 100644
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 This scenario turns on Azure AD and lets your employee use Cortana to manage an entry in the notebook.
 
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
index c6a2efd05f..f69b1c2789 100644
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ b/windows/configuration/cortana-at-work/test-scenario-2.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 2 – Perform a quick search with Cortana at work
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
index 468c4060cc..b57dded7f3 100644
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ b/windows/configuration/cortana-at-work/test-scenario-3.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 3 - Set a reminder for a specific location using Cortana at work
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index d1e98c4409..081ea5877a 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 4 - Use Cortana to find your upcoming meetings at work
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index fcb33530cc..17a27dc786 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 5 - Use Cortana to send an email to co-worker
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.
diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md
index 1090b25b3f..8915d4300d 100644
--- a/windows/configuration/cortana-at-work/test-scenario-6.md
+++ b/windows/configuration/cortana-at-work/test-scenario-6.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 >[!Important]
 >The data created as part of these scenarios will be uploaded to Microsoft’s Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).
diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
index 5f71bbdcec..a7ad523655 100644
--- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
+++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
@@ -8,11 +8,13 @@ ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
 # Testing scenarios using Cortana in your business or organization
+<!--Using include for Cortana in Windows deprecation -->
+[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
 
 We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
 
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index a97023b5d9..a38e34c05c 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -11,7 +11,7 @@ ms.collection:
  - highpri
  - tier1
 ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 08/17/2023
 ms.topic: article
 ---
 
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 49737ce32b..0ab80c34f4 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -39,7 +39,7 @@
         "tier2"
       ],
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "ms.technology": "itpro-configure",
       "ms.topic": "article",
       "feedback_system": "GitHub",
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
index efe346ced6..7f90909404 100644
--- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md
+++ b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
@@ -3,7 +3,7 @@ author: aczechowski
 ms.author: aaroncz
 ms.date: 09/21/2021
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.prod: w10
 ms.topic: include
 ---
diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml
index 2891f614c0..0eace6a656 100644
--- a/windows/configuration/index.yml
+++ b/windows/configuration/index.yml
@@ -13,7 +13,7 @@ metadata:
     - tier1
   author: aczechowski
   ms.author: aaroncz
-  manager: dougeby
+  manager: aaroncz
   ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 57f6e8b22d..4b2f8a1fe8 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -26,8 +26,11 @@ Here's an example to set AssignedAccess configuration:
 
 1. Download the [psexec tool](/sysinternals/downloads/psexec).  
 2. Run `psexec.exe -i -s cmd.exe`.
-3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. 
-4. Execute the following script:
+3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
+
+Step 4 is different for Windows 10 or Windows 11
+
+4. Execute the following script for Windows 10:
 
 ```xml
 $nameSpaceName="root\cimv2\mdm\dmmap"
@@ -87,3 +90,55 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 
 Set-CimInstance -CimInstance $obj
 ```
+4. Execute the following script for Windows 11:
+
+ ```xml
+$nameSpaceName="root\cimv2\mdm\dmmap"
+$className="MDM_AssignedAccess"
+$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
+Add-Type -AssemblyName System.Web
+$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
+
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration  
+  xmlns=http://schemas.microsoft.com/AssignedAccess/2017/config xmlns:win11=http://schemas.microsoft.com/AssignedAccess/2022/config>
+  <Profiles>
+    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">       
+      <AllAppsList>
+        <AllowedApps> 
+          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
+          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> 
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> 
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> 
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" /> 
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" /> 
+        </AllowedApps> 
+      </AllAppsList> 
+      <win11:StartPins>
+        <![CDATA[  
+          { "pinnedList":[
+            {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},
+            {"packagedAppId":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App"},
+            {"packagedAppId":"Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic"},
+            {"packagedAppId":"Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo"},
+            {"packagedAppId":"Microsoft.BingWeather_8wekyb3d8bbwe!App"},
+            {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Paint.lnk"},
+            {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Notepad.lnk"}
+          ] }
+        ]]>
+      </win11:StartPins>
+      <Taskbar ShowTaskbar="true"/>
+    </Profile> 
+  </Profiles>
+  <Configs>
+    <Config>
+      <Account>MultiAppKioskUser</Account>
+      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+    </Config>
+  </Configs>
+</AssignedAccessConfiguration>    
+"@)
+
+Set-CimInstance -CimInstance $obj
+```
\ No newline at end of file
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index d48592fdfc..db0f2a955f 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -12,8 +12,9 @@ ms.collection:
  - highpri
  - tier1
 ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 07/12/2023
 ---
+<!--8107263-->
 
 # Set up a single-app kiosk on Windows 10/11
 
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 87899c2977..0df2e63128 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -22,8 +22,7 @@ ms.date: 12/31/2017
 - Windows 10 Pro, Enterprise, and Education
 
 > [!NOTE]
-> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
-> The use of multiple monitors isn't supported for multi-app kiosk mode.
+> The use of multiple monitors isn't supported for multi-app kiosk mode in Windows 10.
 
 A [kiosk device](./kiosk-single-app.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp) was expanded to make it easy for administrators to create kiosks that run more than one app. The benefit of a kiosk that runs only one or more specified apps is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don't need to access.
 
diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/lock-down-windows-11-to-specific-apps.md
index fbf303f314..80c498eb6e 100644
--- a/windows/configuration/lock-down-windows-11-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-11-to-specific-apps.md
@@ -18,7 +18,7 @@ ms.topic: how-to
 - Windows 11 Pro, Enterprise, and Education
 
 > [!NOTE]
-> The use of multiple monitors isn't supported for multi-app kiosk mode.
+> The use of multiple monitors is supported for multi-app kiosk mode in Windows 11.
 
 An assigned access multi-app kiosk runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. A multi-app kiosk is appropriate for devices that are shared by multiple people. Here's a guide on how to set up a multi-app kiosk.
 
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index a22a2e2dc5..f6bda1fbba 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -66,6 +66,7 @@ The following table shows the conditions supported in Windows client provisionin
 | ProcessorName | P1 | Supported | String | Use to target settings based on the processor name. |
 | AoAc ("Always On, Always Connected") | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true). If this condition is TRUE, the system supports the S0 low power idle model. |
 | PowerPlatformRole | P1 | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the [POWER_PLATFORM_ROLE enumeration](/windows/win32/api/winnt/ne-winnt-power_platform_role).  |
+| SocIdentifier | P1 | Supported | String | Use to target settings based on the Soc Identifier. Available since 25301 OS build version. |
 | Architecture | P1 | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
 | Server | P1 | Supported | Boolean | Set the value to **0** (false) or **1** (true) to identify a server. |
 | Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index a6fac6c279..a778b86f70 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -71,7 +71,7 @@ The following table describes settings that you can configure using the wizards
 
 | Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
 | --- | --- | --- | --- | --- |
-| Set up device | Assign device name, enter product key to upgrade Windows, configure shared used, remove pre-installed software | ✔️ | ✔️ | ✔️ |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✔️ | ✔️ | ✔️ |
 | Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
 | Account management | Enroll device in Active Directory, enroll device in Azure Active Directory, or create a local administrator account | ✔️ | ✔️ | ✔️ |
 | Bulk Enrollment in Azure AD | Enroll device in Azure Active Directory using Bulk Token</br></br> [Set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Azure AD enrollment. | ✔️ | ✔️ | ✔️ |
diff --git a/windows/configuration/shared-devices-concepts.md b/windows/configuration/shared-devices-concepts.md
index cabee079ab..0138bae2ca 100644
--- a/windows/configuration/shared-devices-concepts.md
+++ b/windows/configuration/shared-devices-concepts.md
@@ -1,14 +1,12 @@
 ---
 title: Manage multi-user and guest Windows devices
 description: options to optimize Windows devices used in shared scenarios, such touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
-ms.date: 10/15/2022
+ms.date: 08/18/2023
 ms.prod: windows-client
 ms.technology: itpro-configure
-ms.topic: conceptual
-ms.localizationpriority: medium
+ms.topic: concept-article
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: 
 manager: aaroncz
 ms.collection: tier2
 appliesto: 
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 852b3e4500..9c048c2cf5 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -3,10 +3,12 @@ title: Administering UE-V with Windows PowerShell and WMI
 description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index b4bfc496ca..627039a508 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -3,10 +3,12 @@ title: Administering UE-V
 description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index a26af56567..21e3edd00d 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -3,10 +3,12 @@ title: Application Template Schema Reference for UE-V
 description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index d6cb847dc1..0104526a2b 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -3,10 +3,12 @@ title: Changing the Frequency of UE-V Scheduled Tasks
 description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 5942fc45be..44e725599f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -3,10 +3,12 @@ title: Configuring UE-V with Group Policy Objects
 description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index 60273009e8..30bf50f542 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -3,10 +3,12 @@ title: Configuring UE-V with Microsoft Configuration Manager
 description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Configuration Manager.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index 479a729676..1ab8b30874 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -3,10 +3,12 @@ title: Deploy required UE-V features
 description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example, a network share that stores and retrieves user settings.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 1d05d369d0..65523c41b0 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -3,10 +3,12 @@ title: Use UE-V with custom applications
 description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-for-windows.md b/windows/configuration/ue-v/uev-for-windows.md
index f1604d6359..c8732241c7 100644
--- a/windows/configuration/ue-v/uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-for-windows.md
@@ -3,10 +3,12 @@ title: User Experience Virtualization for Windows 10, version 1607
 description: Overview of User Experience Virtualization for Windows 10, version 1607
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 05/02/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 36ce63717c..7bf8cae820 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -3,10 +3,12 @@ title: Get Started with UE-V
 description: Use the steps in this article to deploy User Experience Virtualization (UE-V) for the first time in a test environment.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 03/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.technology: itpro-configure
 ---
diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
index 22bf076b54..ec137a5b65 100644
--- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
+++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md
@@ -3,10 +3,12 @@ title: Manage Administrative Backup and Restore in UE-V
 description: Learn how an administrator of User Experience Virtualization (UE-V) can back up and restore application and Windows settings to their original state.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 1e594846ab..419e2f3379 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -3,10 +3,12 @@ title: Manage Configurations for UE-V
 description: Learn to manage the configuration of the User Experience Virtualization (UE-V) service and also learn to manage storage locations for UE-V resources.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
index 04dae12024..fd0c9e9aac 100644
--- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -3,10 +3,12 @@ title: Managing UE-V Settings Location Templates Using Windows PowerShell and WM
 description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
index 4d07a6a09a..9be69be554 100644
--- a/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -3,10 +3,12 @@ title: Manage UE-V Service and Packages with Windows PowerShell and WMI
 description: Managing the UE-V service and packages with Windows PowerShell and WMI
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-migrating-settings-packages.md b/windows/configuration/ue-v/uev-migrating-settings-packages.md
index 9c3cebd1a1..37a5be45ad 100644
--- a/windows/configuration/ue-v/uev-migrating-settings-packages.md
+++ b/windows/configuration/ue-v/uev-migrating-settings-packages.md
@@ -3,10 +3,12 @@ title: Migrating UE-V settings packages
 description: Learn to relocate User Experience Virtualization (UE-V) user settings packages either when you migrate to a new server or when you perform backups.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index 5e13281dc1..3ed4ab1b43 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -3,10 +3,12 @@ title: Prepare a UE-V Deployment
 description: Learn about the types of User Experience Virtualization (UE-V) deployment you can execute and what preparations you can make beforehand to be successful.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 47dfe6e7e7..995f79f988 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -3,10 +3,12 @@ title: User Experience Virtualization (UE-V) Release Notes
 description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index a91444675f..0f2220b76e 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -3,10 +3,12 @@ title: Security Considerations for UE-V
 description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 7d1eeeccb0..17d2bba46f 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -3,10 +3,12 @@ title: Sync Methods for UE-V
 description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index b9571cdf2a..6cae6d66bf 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -3,10 +3,12 @@ title: Sync Trigger Events for UE-V
 description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index 7851418fe8..e06e33e471 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -3,10 +3,12 @@ title: Synchronizing Microsoft Office with UE-V
 description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index 9d161c1889..aa4bde4500 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -3,10 +3,12 @@ title: Technical Reference for UE-V
 description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index d2a350b63d..e27f2c92a6 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -3,10 +3,12 @@ title: Troubleshooting UE-V
 description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
index 78cfb2f9c0..12ac8cd14c 100644
--- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
+++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
@@ -3,10 +3,12 @@ title: Upgrade to UE-V for Windows 10
 description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
index 5d02d042ce..85bc1b7d3c 100644
--- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
@@ -3,10 +3,12 @@ title: Using UE-V with Application Virtualization applications
 description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V).
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index 157f473f1f..fa2083f4ad 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -3,10 +3,12 @@ title: What's New in UE-V for Windows 10, version 1607
 description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
index 827c6ad3ff..8fca3e87fa 100644
--- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -3,10 +3,12 @@ title: Working with Custom UE-V Templates and the UE-V Template Generator
 description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator.
 author: aczechowski
 ms.prod: windows-client
-ms.collection: tier3
+ms.collection:
+ - tier3
+ - must-keep
 ms.date: 04/19/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.author: aaroncz
 ms.topic: article
 ms.technology: itpro-configure
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
index 2e7840f541..0b571541ae 100644
--- a/windows/configuration/wcd/wcd-accountmanagement.md
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 43031314a1..1678247efe 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index b393f8b184..9af5c203a8 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index be108dc758..0e3964d49e 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index eed909eb0d..97e8ca8ceb 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 10/02/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
@@ -81,7 +82,7 @@ Use *Default* to specify a name that matches one of the search providers you ent
 
 #### Specific region guidance
 
-Some countries require specific, default search providers. The following table lists the applicable countries and information for configuring the necessary search provider.
+Some countries/regions require specific, default search providers. The following table lists the applicable countries/regions and information for configuring the necessary search provider.
 
 >[!NOTE]
 >For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Turkey.
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index af88e9f060..f9f8b16187 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 10/02/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index 7b97d13b21..4ea08e6e5b 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -1,13 +1,14 @@
 ---
 title: Cellular (Windows 10)
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
 ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index 0fac2bb393..b05ce84a8f 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index a4f21e84f9..32db3b13f7 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -1,13 +1,14 @@
 ---
 title: Changes to settings in Windows Configuration Designer (Windows 10)
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809.
 ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md
index 7c9b872efe..d5cf3986fb 100644
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index e8fb9cfb34..dc3d949232 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 1692de1889..e66ad72ff5 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index e008f9285f..8e9f623688 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
index 4c51c6e3ef..3c88652ff7 100644
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/21/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md
index 496b0b07bd..1820eebc0a 100644
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index be7bfcda42..eb07550f1f 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index b7f1546197..1f4744f0a1 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 9d0ab9779d..8c9cbe5372 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -5,8 +5,9 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-manager: dougeby
-ms.topic: article
+manager: aaroncz
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index 7c7fe21043..f5169b0cee 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index c2261d1d6c..99b9f9fc47 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md
index ed8813b347..1310f33c30 100644
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index 317e860a92..1c2b161ffa 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 08/08/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index d65f38e718..05670e0935 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md
index 6e0bfbe99c..0fb6073692 100644
--- a/windows/configuration/wcd/wcd-hotspot.md
+++ b/windows/configuration/wcd/wcd-hotspot.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 12/18/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
index d1904f8a39..addcf27aad 100644
--- a/windows/configuration/wcd/wcd-kioskbrowser.md
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 10/02/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index 7308c531a1..a2135a483b 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index 9b1e501fec..bbc00f2648 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index 37b93da96d..bf3aeccaf3 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 0b8561c8cf..3e2ac6dce1 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 2be6c377ba..eb78b8e3fe 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index df4078b569..61c6c77b95 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -1,13 +1,14 @@
 ---
 title: OOBE (Windows 10)
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
 ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index 249dc446a7..c6ab55142e 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index b2ac514b17..449ba3ba75 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -1,13 +1,14 @@
 ---
 title: Policies (Windows 10)
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
 ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index df2b29c1ff..13962db09d 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -5,8 +5,9 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-manager: dougeby
-ms.topic: article
+manager: aaroncz
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index 1015406211..e79eb9f7f3 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index f0574a44c2..fbfb42be13 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 10/16/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 5f29ebedfd..1e5fe77243 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 03/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index 098c9bbb9c..b8d84f5b0c 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 7ebe657816..55c8fcc8f3 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 0ef9b010e5..6838b63730 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 61f8c30b69..397c14a4f5 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -5,8 +5,9 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
-manager: dougeby
+ms.topic: reference
+ms.collection: must-keep
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index 12bd766d54..cd0bdc4208 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 15758077ad..9934c78fd0 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index 1def53b033..2fd7a6d426 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 09/06/2017
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 659eef75c7..1bb981193e 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -5,8 +5,9 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-manager: dougeby
-ms.topic: article
+manager: aaroncz
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 55abb9002a..2c03844e3f 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index bbd3749ad5..2e3a68fe9f 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index ab0005120f..5889dc2d7e 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 3a53cca460..9869da77b4 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 2270de3845..211d170ce0 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index 8c42614eca..f69695122b 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index 9db59248ff..d5e531d913 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index c691224077..6a2da109c1 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -1,13 +1,14 @@
 ---
 title: WLAN (Windows 10)
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
 ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index 2055154e19..8e21def9dd 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -5,10 +5,11 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.date: 04/30/2018
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ---
 
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 1c7d6d423c..3fe32ffa9b 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -5,9 +5,10 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
-ms.topic: article
+ms.topic: reference
+ms.collection: must-keep
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
diff --git a/windows/configuration/windows-accessibility-for-ITPros.md b/windows/configuration/windows-accessibility-for-ITPros.md
index 1c23a9707e..34434f0a9d 100644
--- a/windows/configuration/windows-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-accessibility-for-ITPros.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.technology: itpro-configure
 ms.author: lizlong
 author: lizgt2000
+ms.date: 06/27/2023
 ms.reviewer: 
 manager: aaroncz
 ms.localizationpriority: medium
@@ -67,6 +68,8 @@ Windows 11, version 22H2, includes improvements for people with disabilities: sy
 
 - [Use live captions to better understand audio](https://support.microsoft.com/windows/use-live-captions-to-better-understand-audio-b52da59c-14b8-4031-aeeb-f6a47e6055df). Use Windows 11, version 22H2 or later to better understand any spoken audio with real time captions.
 
+- Starting with Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446), live captions now supports additional languages.
+
 - [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
 
 - [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
@@ -110,6 +113,8 @@ Windows 11, version 22H2, includes improvements for people with disabilities: sy
 
 - [Save time with keyboard shortcuts](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec).
 
+- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/en-us/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
+
 ## Other resources
 
 [Windows accessibility](https://www.microsoft.com/Accessibility/windows)
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 3cd3b238d5..b8da7a6027 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -19,8 +19,6 @@
           href: update/waas-servicing-strategy-windows-10-updates.md
         - name: Deployment proof of concept
           items: 
-            - name: Demonstrate Autopilot deployment on a VM
-              href: windows-autopilot/demonstrate-deployment-on-vm.md
             - name: Deploy Windows 10 with MDT and Configuration Manager
               items:
                 - name: 'Step by step guide: Configure a test lab to deploy Windows 10'
@@ -103,7 +101,9 @@
         - name: Deploy Windows client
           items:
             - name: Deploy Windows client with Autopilot
-              href: windows-autopilot/index.yml
+              href: /autopilot/
+            - name: Windows deployment scenarios and tools
+              href: windows-deployment-scenarios-and-tools.md
             - name: Deploy Windows client with Configuration Manager
               items:
                 - name: Deploy to a new device
@@ -138,10 +138,6 @@
           items:
             - name: Assign devices to servicing channels
               href: update/waas-servicing-channels-windows-10-updates.md
-            - name: Deploy updates with Configuration Manager
-              href: update/deploy-updates-configmgr.md
-            - name: Deploy updates with Intune
-              href: update/deploy-updates-intune.md
             - name: Deploy updates with WSUS
               href: update/waas-manage-updates-wsus.md
             - name: Deploy updates with Group Policy
@@ -172,8 +168,6 @@
               href: update/waas-integrate-wufb.md
             - name: 'Walkthrough: use Group Policy to configure Windows Update for Business'
               href: update/waas-wufb-group-policy.md
-            - name: 'Walkupdatesthrough: use Intune to configure Windows Update for Business'
-              href: update/deploy-updates-intune.md
         - name: Windows Update for Business deployment service
           items:
           - name: Windows Update for Business deployment service overview
@@ -217,8 +211,10 @@
           - name: Software updates in the Microsoft 365 admin center
             href: update/wufb-reports-admin-center.md                                
           - name: Use Windows Update for Business reports data
-            href: update/wufb-reports-use.md                                
-          - name: Feedback, support, and troubleshooting 
+            href: update/wufb-reports-use.md
+          - name: FAQ for Windows Update for Business reports
+            href: update/wufb-reports-faq.yml                                            
+          - name: Feedback and support 
             href: update/wufb-reports-help.md                                               
         - name: Windows Update for Business reports schema reference
           items:
@@ -240,49 +236,6 @@
             href: update/wufb-reports-schema-ucserviceupdatestatus.md
           - name: UCUpdateAlert
             href: update/wufb-reports-schema-ucupdatealert.md                                                                         
-      - name: Monitor updates with Update Compliance
-        href: update/update-compliance-monitor.md
-        items:
-        - name: Get started
-          items: 
-          - name: Get started with Update Compliance
-            href: update/update-compliance-get-started.md
-          - name: Update Compliance configuration script
-            href: update/update-compliance-configuration-script.md
-          - name: Manually configuring devices for Update Compliance
-            href: update/update-compliance-configuration-manual.md
-          - name: Configuring devices for Update Compliance in Microsoft Intune
-            href: update/update-compliance-configuration-mem.md
-        - name: Update Compliance monitoring
-          items: 
-          - name: Use Update Compliance
-            href: update/update-compliance-using.md
-          - name: Need attention report
-            href: update/update-compliance-need-attention.md
-          - name: Security update status report
-            href: update/update-compliance-security-update-status.md
-          - name: Feature update status report
-            href: update/update-compliance-feature-update-status.md
-          - name: Safeguard holds report
-            href: update/update-compliance-safeguard-holds.md
-          - name: Delivery Optimization in Update Compliance
-            href: update/update-compliance-delivery-optimization.md
-          - name: Data handling and privacy in Update Compliance
-            href: update/update-compliance-privacy.md
-        - name: Schema reference
-          items:
-          - name: Update Compliance schema reference
-            href: update/update-compliance-schema.md
-          - name: WaaSUpdateStatus
-            href: update/update-compliance-schema-waasupdatestatus.md
-          - name: WaaSInsiderStatus
-            href: update/update-compliance-schema-waasinsiderstatus.md
-          - name: WaaSDeploymentStatus
-            href: update/update-compliance-schema-waasdeploymentstatus.md
-          - name: WUDOStatus
-            href: update/update-compliance-schema-wudostatus.md
-          - name: WUDOAggregatedStatus
-            href: update/update-compliance-schema-wudoaggregatedstatus.md
     - name: Troubleshooting
       items:
       - name: Resolve upgrade errors
@@ -638,3 +591,5 @@
 
         - name: Install fonts in Windows client
           href: windows-10-missing-fonts.md
+        - name: Customize Windows PE boot images
+          href: customize-boot-image.md
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
deleted file mode 100644
index 8a3e5bc940..0000000000
--- a/windows/deployment/add-store-apps-to-image.md
+++ /dev/null
@@ -1,89 +0,0 @@
----
-title: Add Microsoft Store for Business applications to a Windows 10 image
-description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: article
-ms.date: 11/23/2022
-ms.technology: itpro-deploy
----
-
-# Add Microsoft Store for Business applications to a Windows 10 image
-
-*Applies to:*
-
-- Windows 10
-
-This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. Adding Microsoft Store for Business applications to a Windows 10 image will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
-
-> [!IMPORTANT]
-> In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
-
-## Prerequisites
-
-- [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md) for the tools required to mount and edit Windows images.
-
-- Download an offline signed app package and license of the application you would like to add through [Microsoft Store for Business](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app).
-- A Windows Image. For instructions on image creation, see [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md).
-
-> [!NOTE]
-> If you'd like to add an internal LOB Microsoft Store application, please follow the instructions on **[Sideload line of business (LOB) apps in Windows client devices](/windows/application-management/sideload-apps-in-windows-10)**.
-
-## Adding a Store application to your image
-
-On a machine where your image file is accessible:
-
-1. Open Windows PowerShell with administrator privileges.
-
-2. Mount the image. At the Windows PowerShell prompt, enter:
-`Mount-WindowsImage -ImagePath c:\images\myimage.wim -Index 1 -Path C:\test`
-
-3. Use the Add-AppxProvisionedPackage cmdlet in Windows PowerShell to preinstall the app. Use the /PackagePath option to specify the location of the Store package and /LicensePath to specify the location of the license .xml file. In Windows PowerShell, enter:
-`Add-AppxProvisionedPackage -Path C:\test -PackagePath C:\downloads\appxpackage -LicensePath C:\downloads\appxpackage\license.xml`
-
-> [!NOTE]
-> Paths and file names are examples. Use your paths and file names where appropriate.
->
-> Do not dismount the image, as you will return to it later.
-
-## Editing the Start Layout
-
-In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
-
-On a test machine:
-
-1. **Install the Microsoft Store for Business application you previously added** to your image.
-
-2. **Pin these apps to the Start screen**, by typing the name of the app, right-clicking and selecting **Pin to Start**.
-
-3. Open Windows PowerShell with administrator privileges.
-
-4. Use `Export-StartLayout -path <path><file name>.xml` where *\<path>\<file name>* is the path and name of the xml file your will later import into your Windows Image.
-
-5. Copy the XML file you created to a location accessible by the machine you previously used to add Store applications to your image.
-
-Now, on the machine where your image file is accessible:
-
-1. Import the Start layout. At the Windows PowerShell prompt, enter:
-`Import-StartLayout -LayoutPath "<path><file name>.xml" -MountPath "C:\test\"`
-
-2. Save changes and dismount the image. At the Windows PowerShell prompt, enter:
-`Dismount-WindowsImage -Path c:\test -Save`
-
-> [!NOTE]
-> Paths and file names are examples. Use your paths and file names where appropriate.
->
-> For more information on Start customization, see [Windows 10 Start Layout Customization](/archive/blogs/deploymentguys/windows-10-start-layout-customization)
-
-## Related articles
-
-- [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
-- [Export-StartLayout](/powershell/module/startlayout/export-startlayout)
-- [Import-StartLayout](/powershell/module/startlayout/import-startlayout)
-- [Sideload line of business (LOB) apps in Windows client devices](/windows/application-management/sideload-apps-in-windows-10)
-- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-- [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-- [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
new file mode 100644
index 0000000000..1e160b35dd
--- /dev/null
+++ b/windows/deployment/customize-boot-image.md
@@ -0,0 +1,1285 @@
+---
+title: Customize Windows PE boot images
+description: This article describes how to customize a Windows PE (WinPE) boot image including updating with the latest cumulative update, adding drivers, and adding optional components.
+ms.prod: windows-client
+ms.localizationpriority: medium
+author: frankroj
+manager: aaroncz
+ms.author: frankroj
+ms.topic: article
+ms.date: 09/05/2023
+ms.technology: itpro-deploy
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
+---
+
+# Customize Windows PE boot images
+
+<!-- 7894697 -->
+
+The Windows PE (WinPE) boot images that are included with the Windows ADK have a minimal number of features and drivers. However the boot images can be customized by adding drivers, optional components, and applying the latest cumulative update.
+
+Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+
+This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
+
+## Prerequisites
+
+- [Windows Assessment and Deployment Kit (Windows ADK)](/windows-hardware/get-started/adk-install) - It's recommended to use the latest version of the ADK.
+- [Windows PE add-on for the Windows ADK](/windows-hardware/get-started/adk-install). Make sure the version of Windows PE matches the version of Windows ADK that is being used.
+- Windows PE boot image.
+- Latest cumulative update downloaded from the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site.
+
+## Steps
+
+- [Step 1: Download and install ADK](#step-1-download-and-install-adk)
+- [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu)
+- [Step 3: Backup existing boot image](#step-3-backup-existing-boot-image)
+- [Step 4: Mount boot image to mount folder](#step-4-mount-boot-image-to-mount-folder)
+- [Step 5: Add drivers to boot image (optional)](#step-5-add-drivers-to-boot-image-optional)
+- [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image)
+- [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image)
+- [Step 8: Copy boot files from mounted boot image to ADK installation path](#step-8-copy-boot-files-from-mounted-boot-image-to-adk-installation-path)
+- [Step 9: Perform component cleanup](#step-9-perform-component-cleanup)
+- [Step 10: Verify all desired packages have been added to boot image](#step-10-verify-all-desired-packages-have-been-added-to-boot-image)
+- [Step 11: Unmount boot image and save changes](#step-11-unmount-boot-image-and-save-changes)
+- [Step 12: Export boot image to reduce size](#step-12-export-boot-image-to-reduce-size)
+- [Step 13: Update boot images in products that utilize the boot images (optional)](#step-13-update-boot-image-in-products-that-utilize-it-if-applicable)
+
+## Step 1: Download and install ADK
+
+1. Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
+
+    For this walk-through, when the Windows ADK is installed, it's only necessary to install the **Deployment Tools**. Other products, such as Microsoft Configuration Manager and Microsoft Deployment Toolkit (MDT), may require additional features installed, such as the **User State Migration Tool (USMT)**.
+
+    One of the tools installed when installing the the **Deployment Tools** feature is the **Deployment and Imaging Tools Environment** command prompt. When using the **Command Line** option to run the commands in this walk-through, make sure to run the commands from an elevated **Deployment and Imaging Tools Environment** command prompt. The **Deployment and Imaging Tools Environment** command prompt can be found in the Start Menu under **Windows Kits** > **Deployment and Imaging Tools Environment**.
+
+    The paths in this article assume the Windows ADK was installed at the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths during the walk-through accordingly.
+
+1. Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). The **Windows PE add-on for the Windows ADK** is a separate download and install from the **Windows Assessment and Deployment Kit (Windows ADK)**. Make sure to individually download and install both.
+
+> [!IMPORTANT]
+>
+> It's strongly recommended to download and install the latest version of the Windows ADK and the Windows PE add-on for the Windows ADK.
+>
+> In certain instances, older versions of the Windows ADK and Windows PE add-on may need to be used instead of the latest version. For example:
+>
+> - Microsoft Deployment Toolkit (MDT) doesn't support versions of Windows or the Windows ADK beyond Windows 10. If using MDT, the recommendation is to instead use the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads). This version was the last version of the Windows ADK supported by MDT.
+>
+> - The latest versions of the **Windows PE add-on for the Windows ADK** only includes 64-bit boot images. If a 32-bit boot image is required, then the recommendation in this scenario is to also use the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads). This version of the Windows ADK was the last version to include both 32-bit and 64-bit boot images.
+
+## Step 2: Download cumulative update (CU)
+
+1. Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update. The Windows version of the cumulative update should match the version of the Windows PE boot image that is being updated.
+
+1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"<year>-<month> cumulative update for windows <x>"` where `year` is the four digit current year, `<month>` is the two digit current month, and `<x>` is the version of Windows that Windows PE is based on. Make sure to include the quotes (`"`). For example, to search for the latest cumulative update for Windows 11 in August 2023, use the search term `"2023-08 cumulative update for windows 11"`, again making sure to include the quotes. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
+
+1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
+
+1. Store the downloaded cumulative update in a known location for later use, for example `C:\Updates`.
+
+> [!TIP]
+>
+> It is recommended to use the full cumulative update when updating boot images with a cumulative update. However, instead of downloading the full cumulative update, the cumulative update for SafeOS can be downloaded and used instead. This will reduce the size of the final updated boot image. If any issues occur with a boot image updated with the SafeOS cumulative update, then use the full cumulative update instead.
+
+> [!NOTE]
+>
+> When updating the boot image in the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads), download the cumulative update for Windows 10 Version 22H2.
+
+## Step 3: Backup existing boot image
+
+Before modifying the desired boot image, make a backup copy of the boot image that needs to be updated. For example:
+
+- For the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
+
+- For the default 64-bit boot image that is generated by **Microsoft Configuration Manager**, the boot image is located at `<ConfigMgr_Install_Directory>\OSD\boot\x64\boot.wim`. For other boot images in Configuration Manager, the path to the boot image is displayed in the **Image path:** field under the **Data Source** tab in the **Properties** of the boot image.
+
+    However, for **Microsoft Configuration Manager** it's recommended to instead modify the `winpe.wim` boot image included with the **Windows PE add-on for the Windows ADK**. For more information, see [Microsoft Configuration Manager considerations](#microsoft-configuration-manager-considerations).
+
+- For the default 64-bit boot image that is generated by the **Microsoft Deployment Toolkit (MDT)**, the boot image is located at `<Deployment_Share>\Boot\LiteTouchPE_x64.wim`.
+
+    However, for **Microsoft Deployment Toolkit (MDT)** it's recommended to instead modify the `winpe.wim` boot image included with the **Windows PE add-on for the Windows ADK**. For more information, see [Microsoft Deployment Toolkit (MDT) considerations](#microsoft-deployment-toolkit-mdt-considerations).
+
+- For 64-bit boot images in **Windows Deployment Services (WDS)**, the boot images are located at `<RemoteInstall>\Boot\x64\Images`.
+
+Adjust the above paths for 32-bit boot images (only available with Windows 10 ADKs).
+
+The following command backs up the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**:
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed-up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
+
+```powershell
+Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.bak.wim"
+```
+
+Adjust paths and file names accordingly to back up other boot images.
+
+To automatically overwrite an existing backed up boot image without confirmation, for example in a script, add the `-Force` parameter to the end of the command line.
+
+For more information, see [Copy-Item](/powershell/module/microsoft.powershell.management/copy-item).
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed-up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
+
+```cmd
+copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.bak.wim"
+```
+
+Adjust paths and file names accordingly to back up other boot images.
+
+To automatically overwrite an existing backed up boot image without confirmation, for example in a script, add the `/Y` parameter to the end of the command line.
+
+For more information, see [copy](/windows-server/administration/windows-commands/copy).
+
+---
+
+> [!IMPORTANT]
+>
+> When using the default `winpe.wim` boot image from the **Windows PE add-on for the Windows ADK**, it's recommended to always have a backed copy of the original unmodified boot image. This allows reverting back to the pristine untouched original boot image in case any issues occur with any iteration of an updated boot image. Additionally, whenever a new cumulative update needs to be applied to a boot image, it's recommended to always start fresh and update from the original boot image with no updates instead of updating a previously updated boot image.
+
+## Step 4: Mount boot image to mount folder
+
+1. Create a new empty folder to mount the boot image to. For example, `C:\Mount`. If using a previously created mount folder, ensure that it's empty and doesn't have any previously mounted images in it.
+
+1. Mount the boot image to the mount folder using one of the following methods:
+
+    ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to mount the boot image to the mount folder:
+
+    ```powershell
+    Mount-WindowsImage -Path "<Mount_folder_path>" -ImagePath "<Boot_image_path>\<boot_image>.wim" -Index 1 -Verbose
+    ```
+
+    **Example**:
+
+    ```powershell
+    Mount-WindowsImage -Path "C:\Mount" -ImagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -Index 1 -Verbose
+    ```
+
+    For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage).
+
+    ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to mount the boot image to the mount folder:
+
+    ```cmd
+    DISM.exe /Mount-image /imagefile:"<Boot_image_path>" /Index:1 /MountDir:"<Mount_folder_path>"
+    ```
+
+    Example:
+
+    ```cmd
+    DISM.exe /Mount-image /imagefile:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" /Index:1 /MountDir:"C:\Mount"
+    ```
+
+    For more information, see [Modify a Windows image using DISM: Mount an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism) and [DISM Image Management Command-Line Options: /Mount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#mount-image).
+
+  ---
+
+## Step 5: Add drivers to boot image (optional)
+
+If needed, add any drivers to the boot image:
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run one of the following commands to add drivers to the boot image:
+
+```powershell
+Add-WindowsDriver -Path "<Mount_folder_path>" -Driver "<Driver_INF_source_path>\<driver>.inf"
+```
+
+or
+
+```powershell
+Add-WindowsDriver -Path "<Mount_folder_path>" -Driver "<Drivers_source_path>" -Recurse
+```
+
+**Examples**:
+
+```powershell
+Add-WindowsDriver -Path "C:\Mount" -Driver "C:\Drivers\driver.inf"
+```
+
+or
+
+```powershell
+Add-WindowsDriver -Path "C:\Mount" -Driver "C:\Drivers" -Recurse
+```
+
+For more information, see [Add-WindowsDriver](/powershell/module/dism/add-windowsdriver).
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated **Deployment and Imaging Tools Environment** command prompt, run one of the following commands to add drivers to the boot image:
+
+```cmd
+DISM.exe /Image:"<Mount_folder_path>" /Add-Driver /Driver:"<Driver_INF_source_path>\<driver>.inf"
+```
+
+or
+
+```cmd
+DISM.exe /Image:"<Mount_folder_path>" /Add-Driver /Driver:"<Drivers_source_path>" /Recurse
+```
+
+**Examples**:
+
+```cmd
+DISM.exe /Image:"C:\Mount" /Add-Driver /Driver:"C:\Drivers\driver.inf"
+```
+
+or
+
+```cmd
+DISM.exe /Image:"C:\Mount" /Add-Driver /Driver:"C:\Drivers" /Recurse
+```
+
+For more information, see [Add and Remove Driver packages to an offline Windows Image](/windows-hardware/manufacture/desktop/add-and-remove-drivers-to-an-offline-windows-image)
+
+---
+
+The cumulative update installed later in this walkthrough doesn't affect drivers. Once a driver is added to a boot image, it doesn't need to be added again if a newer cumulative update is applied to the boot image.
+
+> [!TIP]
+>
+> A full set of drivers is not needed in Windows PE boot images. Only a small subset of drivers is needed that provide basic functionality while in WinPE. In most cases, no drivers need to be added to an out of box Windows ADK boot image since it already has many drivers built in. Don't add drivers to a boot image until it is verified that they are needed. When drivers do need to be added, generally only network (NIC) drivers are needed. Occasionally, mass storage (disk) may also be needed. Some Surface devices may also need keyboard and mouse drivers.
+
+> [!IMPORTANT]
+>
+> For Microsoft Configuration Manager and Microsoft Deployment Toolkit (MDT) boot images, don't manually add drivers to the boot image using the above steps. Instead, add drivers to the boot images via Microsoft Configuration Manager or Microsoft Deployment Toolkit (MDT):
+>
+> - In Configuration Manager, via the **Drivers** tab in the **Properties** of the boot image.
+> - In Microsoft Deployment Toolkit (MDT), via the **Drivers and Patches** tab under the **Windows PE** tab in the **Properties** of the deployment share.
+>
+> This will ensure that the drivers in the boot image can be properly managed through Configuration Manager or Microsoft Deployment Toolkit (MDT).
+
+## Step 6: Add optional components to boot image
+
+1. Add any desired optional components to the boot image:
+
+    ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to add optional components to the boot image:
+
+    ```powershell
+    Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Component>.cab" -Path "<Mount_folder_path>" -Verbose
+    ```
+
+    **Example**:
+
+    ```powershell
+    Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab" -Path "C:\Mount" -Verbose
+    ```
+
+    These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths in the commands accordingly.
+
+    For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+
+    ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to add optional components to the boot image:
+
+    ```cmd
+    DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Component>.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Component2>.cab"
+    ```
+
+    **Example**:
+
+    ```cmd
+    DISM.exe /Image:"C:\Mount" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WMI.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-WDS-Tools.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-SecureStartup.cab"
+    ```
+
+    These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths in the commands accordingly.
+
+    You can add as many desired optional components as needed on a single **DISM.exe** command line.
+
+    For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+
+    ---
+
+1. After adding an optional component to the boot image, make sure to also add the language specific component for that optional component.
+
+    Not all optional components have the language specific component. However, for optional components that do have a language specific component, make sure that the language specific component is installed.
+
+    To check if an optional component has a language component, check the `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Language>\` directory to see if there's a matching language component for that optional component.
+
+    For example, to install the English United States (en-us) language component for an optional component, use the following command line:
+
+    ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to add the language components for the optional components to the boot image:
+
+    ```powershell
+    Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\<Component>_en-us.cab" -Path "<Mount_folder_path>" -Verbose
+    ```
+
+    **Example**:
+
+    ```powershell
+     Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab" -Path "C:\Mount" -Verbose   
+    ```
+
+    These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths accordingly.
+
+    For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+
+    ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to add the language components for the optional components to the boot image:
+
+    ```cmd
+    DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\<Component>_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\<Component2>_en-us.cab"
+    ```
+
+    **Example**:
+
+    ```cmd
+    DISM.exe /Image:"C:\Mount" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-WMI_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-WDS-Tools_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-SecureStartup_en-us.cab"
+    ```
+
+    These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths accordingly.
+
+    You can add as many desired optional components as needed on a single DISM.exe command line.
+
+    For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+
+    ---
+
+> [!IMPORTANT]
+>
+> When adding optional components, make sure to check if an optional component has a prerequisite for another optional component. When an optional component does have a prerequisite, make sure that the prerequisite component is installed first. For more information, see [WinPE Optional Components (OC) Reference: How to add Optional Components](/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference#how-to-add-optional-components).
+
+> [!IMPORTANT]
+>
+> Cumulative updates always need to be applied or reapplied after adding optional components to the boot image. If additional optional components are added to a boot image after a cumulative update has been applied, then the cumulative update needs to be reapplied.
+
+> [!IMPORTANT]
+>
+> Both **Microsoft Configuration Manager** and **Microsoft Deployment Toolkit (MDT)** boot images require certain optional components to work properly. Make sure to add these required components when using either **Microsoft Configuration Manager** and **Microsoft Deployment Toolkit (MDT)**. For more information, see [Configuration Manager boot image required components](#configuration-manager-boot-image-required-components) or [MDT boot image required components](#mdt-boot-image-required-components).
+>
+> Additionally, when adding any optional component for either **Microsoft Configuration Manager** or **Microsoft Deployment Toolkit (MDT)** boot images, make sure to manually add the optional components using this walkthrough instead of adding them through **Configuration Manager** or **MDT**. For more information and reasons why, see [Microsoft Configuration Manager considerations](#microsoft-configuration-manager-considerations) or [Microsoft Deployment Toolkit (MDT) considerations](#microsoft-deployment-toolkit-mdt-considerations).
+
+### Popular optional components
+
+The following list contains the more popular optional components that are commonly added to boot images:
+
+| **Feature** | **File Name** | **Dependency** | **Purpose** | **Required by ConfigMgr** | **Required by MDT** |
+| --- | --- | --- | --- | --- |
+| Scripting/WinPE-Scripting | `WinPE-Scripting.cab` | NA | Supports running non-PowerShell scripts in WinPE | Yes | Yes |
+| Network/WinPE-WDS-Tools | `WinPE-WDS-Tools.cab` | NA | Supports WDS in WinPE, including image capture and multicast | Yes | No |
+| Scripting/WinPE-WMI | `WinPE-WMI.cab` | NA | Supports WMI and WMI scripting in WinPE | Yes | Yes |
+| Startup/WinPE-SecureStartup | `WinPE-SecureStartup.cab` | Scripting/WinPE-WMI | Supports managing BitLocker and TPMs within WinPE | Yes | Yes|
+| File management/WinPE-FMAPI | `WinPE-FMAPI.cab` | NA | Supports access to the Windows PE File Management API | No | Yes |
+| Windows PowerShell/WinPE-PowerShell | `WinPE-PowerShell.cab` | Scripting/WinPE-Scripting <br> Scripting/WinPE-WMI <br> Microsoft .NET/WinPE-NetFx | Supports running PowerShell commands and scripts in WinPE | No | No |
+| Microsoft .NET/WinPE-NetFx | `WinPE-NetFx.cab` | Scripting/WinPE-WMI | Supports .NET applications in WinPE | No | No |
+| Network/WinPE-Dot3Svc | `WinPE-Dot3Svc.cab` | NA | Supports the 802.1X network protocol in WinPE | No | No |
+| HTML/WinPE-HTA | `WinPE-HTA.cab` | Scripting/WinPE-WMI | Supports running HTML applications in WinPE | No | No |
+| Database/WinPE-MDAC | `WinPE-MDAC.cab` | NA | Supports connecting to databases in WinPE | No | No |
+
+For a full list of all available WinPE optional components including descriptions for each component, see [WinPE Optional Components (OC) Reference: WinPE Optional Components](/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference#winpe-optional-components).
+
+## Step 7: Add cumulative update (CU) to boot image
+
+Apply the cumulative update (CU) downloaded during the [Step 2: Download cumulative update (CU)](#step-2-download-cumulative-update-cu) step to the boot image:
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following command to add the cumulative update (CU) to the boot image:
+
+```powershell
+Add-WindowsPackage -PackagePath "<Path_to_CU_MSU_update>\<CU>.msu" -Path "<Mount_folder_path>" -Verbose
+```
+
+**Example**:
+
+```powershell
+Add-WindowsPackage -PackagePath "C:\Updates\windows11.0-kb5029263-x64_4f5fe19bbec786f5e445d3e71bcdf234fe2cbbec.msu" -Path "C:\Mount" -Verbose
+```
+
+For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage)
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to add the cumulative update (CU) to the boot image:
+
+```cmd
+DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"<Path_to_CU_MSU_update>\<CU>.msu"
+```
+
+**Example**:
+
+```cmd
+DISM.exe /Image:"C:\Mount" /Add-Package /PackagePath:"C:\Updates\windows11.0-kb5029263-x64_4f5fe19bbec786f5e445d3e71bcdf234fe2cbbec.msu"
+```
+
+For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+
+---
+
+> [!IMPORTANT]
+>
+> Make sure not to apply the cumulative update (CU) until all desired optional components have been installed via the [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) step. Waiting to install the cumulative update (CU) until all optional components are installed makes sure that the optional components are also properly updated by the cumulative update. If in the future any additional optional components need to be added to the boot image, make sure to reapply the cumulative update.
+
+### Servicing stack update (SSU) and error 0x800f0823
+
+Sometimes when applying a cumulative update (CU) to a boot image, you may receive error `0x800f0823`:
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+```powershell
+VERBOSE: Target Image Version <WinPE version>
+WARNING: Failed to add package <Cumulative_Update_Path>\<Cumulative_Update>.msu
+WARNING: Add-WindowsPackage failed. Error code = 0x800f0823
+Add-WindowsPackage : An error occurred applying the Unattend.xml file from the .msu package.
+For more information, review the log file.
+At line:1 char:1
++ Add-WindowsPackage -PackagePath "<Cumulative_Update_Path>\<Cumulative_Update> ...
++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+    + CategoryInfo          : NotSpecified: (:) [Add-WindowsPackage], COMException
+    + FullyQualifiedErrorId : Microsoft.Dism.Commands.AddWindowsPackageCommand
+```
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+```cmd
+Error: 0x800f0823
+
+Package <Cumulative_Update_Path>\<Cumulative_Update>.msu may have failed due to pending updates to servicing components in the image. Try the command again.
+The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
+```
+
+---
+
+Inspecting the **DISM.log** reveals the following error:
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+```powershell
+Package "Package_for_RollupFix~<Cumulative_Update>" requires Servicing Stack v<Required_Servicing_Stack_Version> but current Servicing Stack is v<Current_Servicing_Stack_Version>. [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+Failed to initialize internal package [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+Failed to create internal package [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+Failed to create windows update package [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+DISM Package Manager: PID=<PID> TID=<TID> Failed opening package. - CDISMPackageManager::Internal_CreatePackageByPath(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to get the underlying CBS package. - CDISMPackageManager::OpenPackageByPath(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> The specified package cannot be added to this Windows Image due to a version mismatch. - GetCbsErrorMsg
+DISM Package Manager: PID=<PID> TID=<TID> Failed to open package at location [<Temp_Path>\<Cumulative_Update>.cab]. - CPackageManagerUnattendHandler::Internal_ProcessPackageFromSource(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to install package from source [0] - trying next source location. hr = [0x800F0823] - CPackageManagerUnattendHandler::Internal_UnattendInstallPackage
+DISM Package Manager: PID=<PID> TID=<TID> Failed to Install the package [Multiple_Packages~~~~0.0.0.0]. - CPackageManagerUnattendHandler::Internal_UnattendInstallPackage(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Package failed to install [Multiple_Packages~~~~0.0.0.0]. - CPackageManagerUnattendHandler::Internal_UnattendProcessPackage(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to process package at node <package[1]>. - CPackageManagerUnattendHandler::Apply(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to Apply the unattend. - CDISMPackageManager::Apply(hr:0x800f0823)
+DISM Unattend Manager: PID=<PID> TID=<TID> "Error applying unattend for provider: DISM Package Manager" - CUnattendManager::Apply(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed applying the unattend file from the MSU package. - CMsuPackage::ApplyMsuUnattend(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to apply the MSU unattend file to the image. - CMsuPackage::Install(hr:0x800f0823)
+API: PID=<PID> TID=<TID> Failed to install msu package <Path_to_CU_MSU_update>\<MSU_Cumulative_Update>.msu - CAddPackageCommandObject::InternalExecute(hr:0x800f0823)
+API: PID=<PID> TID=<TID> InternalExecute failed - CBaseCommandObject::Execute(hr:0x800f0823)
+API: PID=<PID> TID=<TID> CAddPackageCommandObject internal execution failed - DismAddPackageInternal(hr:0x800f0823)
+```
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+```cmd
+Package "Package_for_RollupFix~<Cumulative_Update>" requires Servicing Stack v<Required_Servicing_Stack_Version> but current Servicing Stack is v<Current_Servicing_Stack_Version>. [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+Failed to initialize internal package [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+Failed to create internal package [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+Failed to create windows update package [HRESULT = 0x800f0823 - CBS_E_NEW_SERVICING_STACK_REQUIRED]
+DISM Package Manager: PID=<PID> TID=<TID> Failed opening package. - CDISMPackageManager::Internal_CreatePackageByPath(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to get the underlying CBS package. - CDISMPackageManager::OpenPackageByPath(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> The specified package cannot be added to this Windows Image due to a version mismatch. - GetCbsErrorMsg
+DISM Package Manager: PID=<PID> TID=<TID> Failed to open package at location [<Temp_Path>\<Cumulative_Update>.cab]. - CPackageManagerUnattendHandler::Internal_ProcessPackageFromSource(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to install package from source [0] - trying next source location. hr = [0x800F0823] - CPackageManagerUnattendHandler::Internal_UnattendInstallPackage
+DISM Package Manager: PID=<PID> TID=<TID> Failed to Install the package [Multiple_Packages~~~~0.0.0.0]. - CPackageManagerUnattendHandler::Internal_UnattendInstallPackage(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Package failed to install [Multiple_Packages~~~~0.0.0.0]. - CPackageManagerUnattendHandler::Internal_UnattendProcessPackage(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to process package at node <package[1]>. - CPackageManagerUnattendHandler::Apply(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to Apply the unattend. - CDISMPackageManager::Apply(hr:0x800f0823)
+DISM Unattend Manager: PID=<PID> TID=<TID> "Error applying unattend for provider: DISM Package Manager" - CUnattendManager::Apply(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed applying the unattend file from the MSU package. - CMsuPackage::ApplyMsuUnattend(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed to apply the MSU unattend file to the image. - CMsuPackage::Install(hr:0x800f0823)
+DISM Package Manager: PID=<PID> TID=<TID> Failed while processing command add-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x800f0823)
+```
+
+---
+
+The problem occurs when the WinPE boot image that is being serviced requires installation of a servicing stack update (SSU) before installation of the cumulative update (CU) can occur. The problem usually occurs when using older Windows ADKs and older versions of Windows PE. The suggested fix is to upgrade to the latest version of the Windows ADK and Windows PE. The latest versions of the Windows ADK and Windows PE most likely don't need a servicing stack update (SSU) installed before installing the cumulative update (CU).
+
+For scenarios where older versions of the Windows ADK and Windows PE need to be used, for example when using Microsoft Deployment Toolkit (MDT), the servicing stack update needs to be installed before installing the cumulative update. The servicing stack update (SSU) is contained within the cumulative update (CU). To obtain the servicing stack update (SSU) so that it can be applied, it can be extracted from the cumulative update (CU).
+
+The following steps outline how to extract and then install the servicing stack update (SSU) to the boot image. Once the servicing stack update (SSU) has been installed in the boot image, then the cumulative update (CU) should install to the boot image without error:
+
+> [!IMPORTANT]
+>
+> These steps are only necessary if error `0x800f0823` occurs when installing the cumulative update (CU) to the boot image. If error `0x800f0823` didn't occur when installing the cumulative update (CU) to the boot image, then skip to the next step [Step 8: Copy boot files from mounted boot image to ADK installation path](#step-8-copy-boot-files-from-mounted-boot-image-to-adk-installation-path)
+
+1. Create a folder to extract the servicing stack update (SSU) into. For example, `C:\Updates\Extract`:
+
+1. Extract the contents of the cumulative update (CU) to the folder created in the previous step using the following command:
+
+    ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    ```powershell
+    Start-Process "expand.exe" -ArgumentList " -f:* `"<Cumulative_Update_Path>\<Cumulative_Update>.msu`" `"<Extract_Folder_Path>`"" -Wait -LoadUserProfile
+    ```
+
+    **Example**:
+
+    ```powershell
+    Start-Process "expand.exe" -ArgumentList " -f:* `"C:\Updates\windows10.0-kb5028166-x64_fe3aa2fef685c0e76e1f5d34d529624294273f41.msu`" `"C:\Updates\Extract`"" -Wait -LoadUserProfile
+    ```
+
+    For more information, see [Start-Process](/powershell/module/microsoft.powershell.management/start-process) and [expand](/windows-server/administration/windows-commands/expand).
+
+    ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    ```cmd
+    expand.exe -f:* "<Cumulative_Update_Path>\<Cumulative_Update>.msu" "<Extract_Folder_Path>"
+    ```
+
+    **Example**:
+
+    ```cmd
+    expand.exe -f:* "C:\Updates\windows10.0-kb5028166-x64_fe3aa2fef685c0e76e1f5d34d529624294273f41.msu" "C:\Updates\Extract"
+    ```
+
+    For more information, see [expand](/windows-server/administration/windows-commands/expand).
+
+    ---
+
+1. Inspect the extracted files in the extract folder and identify the servicing stack update (SSU) CAB file. One of the files should be called `SSU-<Version>-<Arch>.cab`. For example, `SSU-19041.3205-x64.cab`. Make a note of the name of the servicing stack update (SSU) CAB file.
+
+1. Using the name of the servicing stack update (SSU) CAB file obtained in the previous step, apply the servicing stack update (SSU) CAB file to the boot image using the following command:
+
+    ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to add the cumulative update (CU) to the boot image:
+
+    ```powershell
+    Add-WindowsPackage -PackagePath "<Path_to_SSU_CAB_update>\<SSU>.cab" -Path "<Mount_folder_path>" -Verbose
+    ```
+
+    **Example**:
+
+    ```powershell
+    Add-WindowsPackage -PackagePath "C:\Updates\Extract\SSU-19041.3205-x64.cab" -Path "C:\Mount" -Verbose
+    ```
+
+    For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
+
+    ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to add the cumulative update (CU) to the boot image:
+
+    ```cmd
+    DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"<Path_to_SSU_CAB_update>\<SSU>.cab"
+    ```
+
+    **Example**:
+
+    ```cmd
+    DISM.exe /Image:"C:\Mount" /Add-Package /PackagePath:"C:\Updates\Extract\SSU-19041.3205-x64.cab"
+    ```
+
+    For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
+
+    ---
+
+1. Attempt to apply the cumulative update (CU) to the boot image again using the commands from [Step 7: Add cumulative update (CU) to boot image](#step-7-add-cumulative-update-cu-to-boot-image).
+
+## Step 8: Copy boot files from mounted boot image to ADK installation path
+
+Some cumulative updates contain updated bootmgr boot files that are added to the boot image. After these bootmgr boot files have been updated in the boot image, it's recommended to copy these updated bootmgr boot files from the boot image back to the Windows ADK. Copying these files ensures that the Windows ADK has the updated bootmgr boot files.
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following commands to copy the updated bootmgr boot files from the mounted boot image to the ADK installation path. These commands also back up any existing bootmgr boot files its finds. When applicable, the commands need confirmation to overwrite any existing files:
+
+```powershell
+Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.bak.efi"
+
+Copy-Item "<Mount_folder_path>\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi"
+
+Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi"
+
+Copy-Item "<Mount_folder_path>\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
+```
+
+**Example**:
+
+```powershell
+Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.bak.efi"
+
+Copy-Item "C:\Mount\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi"
+
+Copy-Item "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi"
+
+Copy-Item "C:\Mount\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
+```
+
+To overwrite the bootmgr boot files and any backed up bootmgr boot file without confirmation, for example in a script, add the `-Force` parameter to the end of the command lines.
+
+For more information, see [Copy-Item](/powershell/module/microsoft.powershell.management/copy-item).
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated command prompt, run the following command to copy the updated bootmgr boot files from the mounted boot image to the ADK installation path. These commands also back up any existing bootmgr boot files its finds. When applicable, the commands need confirmation to overwrite any existing files:
+
+```cmd
+copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.bak.efi"
+
+copy "<Mount_folder_path>\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi"
+
+copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi"
+
+copy "<Mount_folder_path>\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
+```
+
+**Example**:
+
+```cmd
+copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.bak.efi"
+
+copy "C:\Mount\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi"
+
+copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi"
+
+copy "C:\Mount\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
+```
+
+To overwrite the bootmgr boot files and any backed up bootmgr boot file without confirmation, for example in a script, add the `/Y` parameter to the end of the command lines.
+
+For more information, see [copy](/windows-server/administration/windows-commands/copy).
+
+---
+
+This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr boot files are available to the Windows ADK when creating bootable media via the Windows ADK. When these files are updated in the Windows ADK, products that use the Windows ADK to create bootable media, such as **Microsoft Deployment Toolkit (MDT)**, also have access to the updated bootmgr boot files.
+
+In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+
+> [!NOTE]
+>
+> **Microsoft Configuration Manager** and **Windows Deployment Services (WDS)** automatically extract the bootmgr boot files from the boot images when the boot images are updated in these products. They don't use the bootmgr boot files from the Windows ADK.
+
+## Step 9: Perform component cleanup
+
+Run **DISM.exe** commands that clean up the mounted boot image and help reduce its size:
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following command to clean up the mounted boot image and help reduce its size:
+
+```powershell
+Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"<Mount_folder_path>" /Cleanup-image /StartComponentCleanup /Resetbase /Defer" -Wait -LoadUserProfile
+
+Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"<Mount_folder_path>" /Cleanup-image /StartComponentCleanup /Resetbase" -Wait -LoadUserProfile
+```
+
+**Example**:
+
+```powershell
+Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:`"C:\Mount`" /Cleanup-image /StartComponentCleanup /Resetbase /Defer" -Wait -LoadUserProfile
+
+Start-Process "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\dism.exe" -ArgumentList " /Image:"C:\Mount" /Cleanup-image /StartComponentCleanup /Resetbase" -Wait -LoadUserProfile
+```
+
+For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image), [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Cleanup-Image](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#cleanup-image), and [Start-Process](/powershell/module/microsoft.powershell.management/start-process).
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to clean up the mounted boot image and help reduce its size:
+
+```cmd
+DISM.exe /Image:"<Mount_folder_path>" /Cleanup-image /StartComponentCleanup /Resetbase /Defer
+
+DISM.exe /Image:"<Mount_folder_path>" /Cleanup-image /StartComponentCleanup /Resetbase
+```
+
+**Example**:
+
+```cmd
+DISM.exe /Image:"C:\Mount" /Cleanup-image /StartComponentCleanup /Resetbase /Defer
+
+DISM.exe /Image:"C:\Mount" /Cleanup-image /StartComponentCleanup /Resetbase
+```
+
+For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Cleanup-Image](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#cleanup-image).
+
+---
+
+## Step 10: Verify all desired packages have been added to boot image
+
+After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they're showing as installed:
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following command to verify that all optional components and the cumulative update (CU) have been applied to the boot image:
+
+```powershell
+Get-WindowsPackage -Path "<Mount_folder_path>"
+```
+
+**Example**:
+
+```powershell
+Get-WindowsPackage -Path "C:\Mount"
+```
+
+For more information, see [Get-WindowsPackage](/powershell/module/dism/get-windowspackage).
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to verify that all optional components and the cumulative update (CU) have been applied to the boot image:
+
+```cmd
+DISM.exe /Image:"<Mount_folder_path>" /Get-Packages
+```
+
+**Example**:
+
+```cmd
+DISM.exe /Image:"C:\Mount" /Get-Packages
+```
+
+For more information, see [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Get-Packages](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#get-packages).
+
+---
+
+## Step 11: Unmount boot image and save changes
+
+Once drivers, optional components, and the cumulative update (CU) have been applied to the boot image, unmount the boot image and save changes.
+
+### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following command to unmount the boot image and save changes:
+
+```powershell
+Dismount-WindowsImage -Path "<Mount_folder_path>" -Save -Verbose
+```
+
+**Example**:
+
+```powershell
+Dismount-WindowsImage -Path "C:\Mount" -Save -Verbose
+```
+
+For more information, see [Dismount-WindowsImage](/powershell/module/dism/dismount-windowsimage).
+
+### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to unmount the boot image and save changes:
+
+```cmd
+DISM.exe /Unmount-Image /MountDir:"<Mount_folder_path>" /Commit
+```
+
+**Example:**
+
+```cmd
+DISM.exe /Unmount-Image /MountDir:"C:\Mount" /Commit
+```
+
+For more information, see [Modify a Windows image using DISM: Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image) and [DISM Image Management Command-Line Options: /Unmount-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#unmount-image).
+
+---
+
+## Step 12: Export boot image to reduce size
+
+1. Once the boot image has been unmounted and saved, its size can be further reduced by exporting it:
+
+    ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to further reduce the size of the boot image by exporting it:
+
+    ```powershell
+    Export-WindowsImage -SourceImagePath "<Boot_image_path>\<boot_image>.wim" -SourceIndex 1 -DestinationImagePath "<Boot_image_path>\<boot_image>-export.wim" -CompressionType max -Verbose
+    ```
+
+    **Example**:
+
+    ```powershell
+    Export-WindowsImage -SourceImagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -SourceIndex 1 -DestinationImagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe-export.wim" -CompressionType max -Verbose
+    ```
+
+    For more information, see [Export-WindowsImage](/powershell/module/dism/export-windowsimage).
+
+    ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to further reduce the size of the boot image by exporting it:
+
+    ```cmd
+    DISM.exe /Export-Image /SourceImageFile:"<Boot_image_path>\<boot_image>.wim" /SourceIndex:1 /DestinationImageFile:"<Boot_image_path>\<boot_image>-export.wim"
+    ```
+
+    **Example**:
+
+    ```cmd
+    DISM.exe /Export-Image /SourceImageFile:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" /SourceIndex:1 /DestinationImageFile:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe-export.wim"
+    ```
+
+    For more information, see [Modify a Windows image using DISM: Reduce the size of an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#reduce-the-size-of-an-image) and [DISM Image Management Command-Line Options: /Export-Image](/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14#export-image).
+
+    ---
+
+1. Once the export has completed:
+  
+    1. Delete the original updated boot image:
+
+        ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+        From an elevated **PowerShell** command prompt, run the following command to delete the original updated boot image:
+
+        ```powershell
+        Remove-Item -Path "<Boot_image_path>\<boot_image>.wim" -Force
+        ```
+
+        **Example**:
+
+        ```powershell
+        Remove-Item -Path "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -Force
+        ```
+
+        For more information, see [Remove-Item](/powershell/module/microsoft.powershell.management/remove-item).
+
+        ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+        From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to delete the original updated boot image:
+
+        ```cmd
+        del "<Boot_image_path>\<boot_image>.wim" /F
+        ```
+
+        **Example**:
+
+        ```cmd
+        del "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" /F
+        ```
+
+        For more information, see [del](/windows-server/administration/windows-commands/del).
+
+        ---
+
+    1. Rename the exported boot image with the name of the original boot image:
+
+        ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+        From an elevated **PowerShell** command prompt, run the following command to rename the exported boot image with the name of the original boot image:
+
+        ```powershell
+        Rename-Item -Path "<Boot_image_path>\<exported_boot_image>.wim" -NewName "<original_boot_image_name>.wim"
+        ```
+
+        **Example**:
+
+        ```powershell
+        Rename-Item -Path "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe-export.wim" -NewName "winpe.wim"
+        ```
+
+        For more information, see [Rename-Item](/powershell/module/microsoft.powershell.management/rename-item).
+
+        ### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+        From an elevated **Deployment and Imaging Tools Environment** command prompt, run the following command to rename the exported boot image with the name of the original boot image:
+
+        ```cmd
+        rename "<Boot_image_path>\<boot_image>-export.wim" "<original_boot_image_name>.wim"
+        ```
+
+        **Example**:
+
+        ```cmd
+        rename "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe-export.wim" "winpe.wim"
+        ```
+
+        For more information, see [rename](/windows-server/administration/windows-commands/rename).
+
+        ---
+
+## Step 13: Update boot image in products that utilize it (if applicable)
+
+After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the product(s) that utilize the boot image. The following links contain information on how to update the boot image for several popular products that utilize boot images:
+
+- [Microsoft Configuration Manager](#updating-the-boot-image-in-configuration-manager)
+- [Microsoft Deployment Toolkit (MDT)](#updating-the-boot-image-and-boot-media-in-mdt)
+- Windows Deployment Services
+  - [Original WDS boot image is updated](#original-wds-boot-image-is-updated)
+  - [WDS boot image is replaced with new updated boot image](#wds-boot-image-is-replaced-with-new-updated-boot-image)
+  - [Add updated boot image as a new boot image in WDS](#add-updated-boot-image-as-a-new-boot-image-in-wds)
+
+For any other products that utilize boot images, consult the product's documentation on updating the boot image.
+
+## Microsoft Configuration Manager considerations
+
+### How Microsoft Configuration Manager creates boot images
+
+Microsoft Configuration Manager creates its own boot images by taking the `winpe.wim` from the Windows ADK, adding some [optional components it requires](#configuration-manager-boot-image-required-components) to function correctly, and then saving the boot image as `boot.wim` in the directory `<ConfigMgr_Install_Directory>\OSD\boot\<architecture>\boot.wim`. This `boot.wim` boot image is considered the pristine authoritative copy of the boot image by Configuration Manager. Configuration Manager never touches, modifies, or updates the `boot.wim` boot image except in some specific scenarios. Instead, when changes are done in the properties of the boot image in Configuration Manager such as:
+
+- Adding drivers
+- Adding optional components
+- Enabling the command prompt
+
+Configuration Manager makes a copy of `boot.wim`, applies the changes to the copy, and then saves the new boot image as `boot.<package_id>.wim`.
+
+If in the future any additional changes are done to the boot image, Configuration Manager discards the previously created `boot.<package_id>.wim` boot image, makes a new copy of `boot.wim`, applies the changes to the copy, and then saves the new boot image as `boot.<package_id>.wim`. In other words, `boot.wim` is never touched. Anytime any changes are made to a boot image, both the new changes and any changes done in the past are all reapplied to a new copy of `boot.wim`.
+
+This process has the following advantages:
+
+1. Keeps `boot.wim` pristine.
+
+1. Makes sure that changes done to a boot image are being done to a pristine unmodified version of the boot image. This process helps avoid corruption when a boot image is updated multiple times. I can also correct issues with existing boot images.
+
+1. Helps manage components in the boot image. The process doesn't need to know what components may need to be removed from the boot image each time the boot image is rebuilt. Instead, it just needs to know what components need to be added to the boot image.
+
+1. It reduces the size of the boot image that can occur when components are repeatedly added to and removed from the boot image.
+
+Configuration Manager updates the `boot.wim` boot image in two scenarios:
+
+1. When Configuration Manager is upgraded between version or a hotfix roll ups (HFRUs) is applied, `boot.wim` may be updated as part of the upgrade process.
+
+1. When selecting the option **Reload this boot image with the current Windows PE version from the Windows ADK** in the **Update Distribution Points Wizard**.
+
+In theses scenarios, the `boot.wim` boot image is updated using the `winpe.wim` boot image from the Windows ADK as described earlier in this section. This process creates a new pristine copy of the `boot.wim` boot image using the current version of the `winpe.wim` boot image that is part of the Windows ADK.
+
+### Which boot image should be updated with the cumulative update?
+
+When manually adding a cumulative update to a Configuration Manager boot image, it's recommended to update the `winpe.wim` boot image from the Windows ADK instead of directly updating the `boot.wim` boot image generated by Configuration Manager.
+
+The `winpe.wim` boot image from the Windows ADK should be updated because if `boot.wim` generated by Configuration Manager is updated instead, then the next time `boot.wim` is updated via a Configuration Manager upgrade or the **Reload this boot image with the current Windows PE version from the Windows ADK** option, then changes made to `boot.wim`, including the applied cumulative update, will be lost. If the `winpe.wim` boot image from the Windows ADK is updated with the cumulative update instead, then the cumulative update persists and is preserved even when Configuration Manager does update the `boot.wim` boot image.
+
+> [!IMPORTANT]
+>
+> Never manually update the `boot.<package_id>.wim` boot image. In addition to facing the same issues when manually updating the `boot.wim` boot image,  the `boot.<package_id>.wim` boot image will also face additional issues such as:
+>
+> - Any time any changes are done to the boot image, such as adding drivers, enabling the command prompt. etc, any manual changes done to the boot image, including the cumulative update, will be lost.
+>
+> - Manually changing the `boot.<package_id>.wim` boot image changes the hash value of the boot image. A change in the hash value of the boot image can lead to download failures when downloading the boot image from a distribution point.
+
+Updating `winpe.wim` from the Windows ADK ensures that the cumulative update stays applied regardless of what changes are made to the `boot.wim` boot image via Configuration Manager.
+
+### Add optional components manually to Configuration Manager boot images
+
+For Microsoft Configuration Manager boot images, when applying a cumulative update to a boot image, make sure to add any desired optional components manually using the command lines from the walkthrough instead of adding them through Configuration Manager. Optional components are added to boot images in Configuration Manager via the **Optional Components** tab in the **Properties** of the boot image.
+
+Optional components need to be added to the boot image manually instead of via Configuration Manager because:
+
+- When the cumulative update is applied, it also updates any optional components as needed.
+
+- If optional components are added through Configuration Manager on a boot image that has a cumulative update, then the optional components aren't updated with the cumulative update. Adding the optional components through Configuration Manager could lead to unexpected behaviors and problems. The cumulative update needs to be added after the optional components have been added to the boot image for the optional components to be updated properly with the cumulative update.
+
+> [!NOTE]
+>
+> If an optional component is attempted to be added via the **Optional Components** tab in the **Properties** of the boot image in Configuration Manager but the optional component has already been manually added to the boot image, Configuration Manager won't add that optional component again. Instead, Configuration Manager detects that the optional component has already been added and it won't try to add the optional component again.
+
+### Configuration Manager boot image required components
+
+For Microsoft Configuration Manager boot images to function correctly, it requires the following optional components:
+
+| **Feature** | **File Name** | **Dependency** | **Required by ConfigMgr** |
+| --- | --- | --- | --- |
+| Scripting/WinPE-Scripting | `WinPE-Scripting.cab` | NA | Yes |
+| Scripting/WinPE-WMI | `WinPE-WMI.cab` | NA | Yes |
+| Network/WinPE-WDS-Tools | `WinPE-WDS-Tools.cab` | NA | Yes |
+| Startup/WinPE-SecureStartup | `WinPE-SecureStartup.cab` | Scripting/WinPE-WMI | Yes |
+
+When adding optional components to any boot image used by Configuration Manager during the [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) step, make sure to first add the above required components in the above order to the boot image. After adding the required components to the boot image, add any additional desired optional components to the boot image.
+
+For a list of all available WinPE optional components including descriptions for each component, see [WinPE Optional Components (OC) Reference: WinPE Optional Components](/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference#winpe-optional-components).
+
+### Updating the boot image in Configuration Manager
+
+After updating the `winpe.wim` boot image from the Windows ADK, generate a new `boot.wim` boot image for Configuration Manager so that it contains the cumulative update. A new `boot.wim` boot image can be generated by using the following steps:
+
+1. Open the Microsoft Configuration manager console.
+
+1. In the Microsoft Configuration manager console, navigate to **Software Library** > **Overview** > **Operating Systems** > **Boot Images**.
+
+1. In the **Boot Images** pane, select the desired boot image.
+
+1. In the toolbar, select **Update Distribution Points**.
+
+1. When the **Update Distribution Points Wizard** window that appears:
+
+    1. In the **General**/**Update distribution points with this image** page, select the **Reload this boot image with the current Windows PE version from the Windows ADK** option, and then select the **Next >** button.
+
+    1. In the **Summary** page, select the **Next >** button.
+
+    1. The **Progress** page appears while the boot image builds.
+
+    1. Once the boot image finishes building, the **The task "Update Distribution Points Wizard" completed successfully**/**Completion** page appears. Select the **Close** button.
+
+This process updates the boot image used by Configuration Manager. It also updates the boot image and the bootmgr boot files used by any PXE enabled distribution points.
+
+> [!IMPORTANT]
+>
+> If there are multiple boot images used in the environment for PXE enabled distribution points, make sure to update all of the PXE enabled boot images with the same cumulative update. This will ensure that the PXE enabled distribution points all use the version of the bootmgr boot files extracted from the boot images (if applicable).
+
+### Updating Configuration Manager boot media
+
+After completing the walkthrough, including updating boot images in Configuration Manager, update any Configuration Manager task sequence media. Updating any Configuration Manager task sequence media ensures that the task sequence media has both the updated boot image. If applicable, it will also update bootmgr boot files on the media by extracting the latest versions from the boot image. For more information on creating Configuration Manager task sequence media, see [Create task sequence media](/mem/configmgr/osd/deploy-use/create-task-sequence-media).
+
+## Microsoft Deployment Toolkit (MDT) considerations
+
+When adding a cumulative update to a Microsoft Deployment Toolkit (MDT) boot image, it's recommended to update the `winpe.wim` boot image from the Windows ADK instead of directly updating the `LiteTouchPE_<arch>.wim` boot image in the MDT Deployment Share.
+
+The `winpe.wim` boot image from the Windows ADK should be updated because if `LiteTouchPE_<arch>.wim` is updated instead, then the next time the MDT Deployment Share is updated, the changes made to `LiteTouchPE_<arch>.wim`, including the applied cumulative update, will be lost. If the `winpe.wim` boot image from the Windows ADK is updated with the cumulative update instead, then the cumulative update persists and is preserved even when the MDT Deployment Share is updated.
+
+### MDT and Windows ADK versions
+
+Microsoft Deployment Toolkit (MDT) doesn't support versions of Windows or the Windows ADK beyond Windows 10. When MDT is used, the recommendation is to use the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads) instead of the latest version of the Windows ADK. **ADK for Windows 10, version 2004** was the last version of the Windows ADK supported by MDT. When updating the boot image for the ADK for Windows 10, version 2004 with a cumulative update, use the cumulative update for Windows 10 Version 22H2.
+
+### MDT boot image required components
+
+For Microsoft Deployment Toolkit (MDT) boot images to function correctly, it requires the following optional components:
+
+| **Feature** | **File Name** | **Dependency** | **Required by MDT** |
+| --- | --- | --- | --- |
+| Scripting/WinPE-Scripting | `WinPE-Scripting.cab` | NA | Yes |
+| Scripting/WinPE-WMI | `WinPE-WMI.cab` | NA | Yes |
+| File management/WinPE-FMAPI | `WinPE-FMAPI.cab` | NA | Yes |
+| Startup/WinPE-SecureStartup | `WinPE-SecureStartup.cab` | Scripting/WinPE-WMI | Yes |
+| HTML/WinPE-HTA | `WinPE-HTA.cab` | Scripting/WinPE-WMI | Yes |
+
+When adding optional components to any boot image used by MDT during the [Step 6: Add optional components to boot image](#step-6-add-optional-components-to-boot-image) step, make sure to first add the above required components in the above order to the boot image. After adding the required components to the boot image, add any additional desired optional components to the boot image.
+
+For a list of all available WinPE optional components including descriptions for each component, see [WinPE Optional Components (OC) Reference: WinPE Optional Components](/windows-hardware/manufacture/desktop/winpe-add-packages--optional-components-reference#winpe-optional-components).
+
+### Updating the boot image and boot media in MDT
+
+After updating the `winpe.wim` boot image from the Windows ADK, generate a new `LiteTouchPE_<arch>.wim` boot image for MDT that contains the cumulative update followed by creating new MDT boot media. New MDT boot images and MDT boot media can be generated by using the following steps:
+
+1. Make sure [Step 8: Copy boot files from mounted boot image to ADK installation path](#step-8-copy-boot-files-from-mounted-boot-image-to-adk-installation-path) has been completed. MDT copies the bootmgr boot files from the Windows ADK installation path to its deployment share. Following this step makes sure that the deployment share has the latest bootmgr boot files that are needed when creating MDT boot media.
+
+1. Open the Microsoft Deployment Toolkit (MDT) Deployment Workbench console.
+
+1. In the Deployment Workbench console, navigate to **Deployment Workbench** > **Deployment Shares** > **MDT Deployment Share**.
+
+1. Right click on **MDT Deployment Share** and select **Update Deployment Share**.
+
+1. In the **Update Deployment Share Wizard** window that appears:
+
+    1. In the **Options** page, select the **Completely regenerate the boot images** option, and then select the **Next >** button.
+
+    1. In the **Summary** page, select the **Next >** button.
+
+    1. The **Progress** page appears while the boot image and deployment share build.
+
+    1. Once the boot image and deployment share finish building, the **The process completed successfully**/**Confirmation** page appears. Select the **Finish** button.
+
+These steps also update the MDT boot media in the MDT Deployment Share. After following the above steps, use the newly updated ISO files in the `<DeploymentShare>\Boot` folder to create new MDT boot media.
+
+## Windows Deployment Services (WDS) considerations
+
+### Original WDS boot image is updated
+
+If the WDS boot image modified was the original WDS boot image in the `<RemoteInstall>` folder, then the only additional step to take is to restart `Windows Deployment Services Server` service. WDS can be restarted by using the following command lines:
+
+#### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+From an elevated **PowerShell** command prompt, run the following command to restart the `Windows Deployment Services Server` service:
+
+```powershell
+Restart-Service -Name WDSServer
+```
+
+For more information, see [Restart-Service](/powershell/module/microsoft.powershell.management/restart-service).
+
+#### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+From an elevated command prompt, run the following command to restart the `Windows Deployment Services Server` service:
+
+```cmd
+wdsutil.exe /Stop-Server
+wdsutil.exe /Start-Server
+```
+
+or
+
+```cmd
+net.exe stop WDSServer
+net.exe start WDSServer
+```
+
+For more information, see [wdsutil stop-server](/windows-server/administration/windows-commands/wdsutil-stop-server) and [wdsutil start-server](/windows-server/administration/windows-commands/wdsutil-start-server).
+
+---
+
+### WDS boot image is replaced with new updated boot image
+
+In the following boot image replacement scenario for WDS:
+
+- The boot image modified as part of this guide is outside of the `<RemoteInstall>` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK
+- An existing boot image in WDS is being replaced with the updated boot image
+
+then follow these steps to update the boot image in WDS:
+
+1. Replace the existing boot image in WDS with the modified boot image using the following command lines:
+
+    #### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    In PowerShell, the original boot image needs to be removed first and then replaced with a new image. From an elevated **PowerShell** command prompt, run the following commands to replace an existing boot image in WDS with a new boot image:
+
+    ```powershell
+    Remove-WdsBootImage -Architecture <Architecture_x64_or_x86> -ImageName "<Name_Of_Existing_Boot_Image_In_WDS>"
+    Import-WdsBootImage -Path "<Path_To_Updated_Boot_Image>\<boot_image>.wim" -NewImageName "<Name_Of_Existing_Boot_Image_In_WDS>"
+    ```
+
+    **Example**:
+
+    ```powershell
+    Remove-WdsBootImage -Architecture x64 -ImageName "Microsoft Windows PE (amd64)"
+    Import-WdsBootImage -Path "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -NewImageName "Microsoft Windows PE (amd64)"
+    ```
+
+    For more information, see [Remove-WdsBootImage](/powershell/module/wds/remove-wdsbootimage) and [Import-WdsBootImage](/powershell/module/wds/import-wdsbootimage).
+
+    #### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated command prompt, run the following command to replace an existing boot image in WDS with a new boot image:
+
+    ```cmd
+    wdsutil.exe /Verbose /Progress /Replace-Image /Image:"<Name_Of_Existing_Boot_Image_In_WDS>" /ImageType:Boot /Architecture:<Architecture_x64_orx86> /ReplacementImage /ImageFile:"<Path_To_Updated_Boot_Image>\<boot_image>.wim"
+    ```
+
+    **Example**:
+
+    ```cmd
+    wdsutil.exe /Verbose /Progress /Replace-Image /Image:"Microsoft Windows PE (amd64)" /ImageType:Boot /Architecture:x64 /ReplacementImage /ImageFile:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim"
+    ```
+
+    For more information, see [wdsutil replace-image](/windows-server/administration/windows-commands/wdsutil-replace-image).
+
+    ---
+
+1. Once the existing boot image in WDS has been replaced, restart the WDS service:
+
+    #### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to restart the `Windows Deployment Services Server` service:
+
+    ```powershell
+    Restart-Service -Name WDSServer
+    ```
+
+    For more information, see [Restart-Service](/powershell/module/microsoft.powershell.management/restart-service).
+
+    #### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated command prompt, run the following command to restart the `Windows Deployment Services Server` service:
+
+    ```cmd
+    wdsutil.exe /Stop-Server
+    wdsutil.exe /Start-Server
+    ```
+
+    or
+
+    ```cmd
+    net.exe stop WDSServer
+    net.exe start WDSServer
+    ```
+
+    For more information, see [wdsutil stop-server](/windows-server/administration/windows-commands/wdsutil-stop-server) and [wdsutil start-server](/windows-server/administration/windows-commands/wdsutil-start-server).
+
+    ---
+
+### Add updated boot image as a new boot image in WDS
+
+In the following boot image scenario for WDS:
+
+- The boot image modified as part of this guide is outside of the `<RemoteInstall>` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK
+- The updated boot image is being added as a new boot image in WDS
+
+then follow these steps to add the boot image in WDS:
+
+1. Add the updated boot image to WDS using the following command lines:
+
+    #### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following commands to add the updated boot image in WDS as a new boot image:
+
+    ```powershell
+    Import-WdsBootImage -Path "<Path_To_Updated_Boot_Image>\<boot_image>.wim" -NewImageName "<Boot_Image_Name_In_WDS>"
+    ```
+
+    **Example**:
+
+    ```powershell
+    Import-WdsBootImage -Path "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -NewImageName "Microsoft Windows PE (amd64) - Updated"
+    ```
+
+    For more information, see [Import-WdsBootImage](/powershell/module/wds/import-wdsbootimage).
+
+    #### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated command prompt, run the following command to replace an existing boot image in WDS with a new boot image:
+
+    ```cmd
+    wdsutil.exe /Verbose /Progress /Add-Image /ImageFile:"<Path_To_Updated_Boot_Image>\<boot_image>.wim" /ImageType:Boot /Name:"<Boot_Image_Name_In_WDS>"
+
+    ```
+
+    **Example**:
+
+    ```cmd
+    wdsutil.exe /Verbose /Progress /Add-Image /ImageFile:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" /ImageType:Boot /Name:"Microsoft Windows PE (amd64) - Updated"
+
+    ```
+
+    For more information, see [wdsutil add-image](/windows-server/administration/windows-commands/wdsutil-add-image).
+
+    ---
+
+1. Once the existing boot image in WDS has been replaced, restart the WDS service:
+
+    #### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
+
+    From an elevated **PowerShell** command prompt, run the following command to restart the `Windows Deployment Services Server` service:
+
+    ```powershell
+    Restart-Service -Name WDSServer
+    ```
+
+    For more information, see [Restart-Service](/powershell/module/microsoft.powershell.management/restart-service).
+
+    #### [:::image type="icon" source="images/icons/command-line-18.svg"::: **Command Line**](#tab/command-line)
+
+    From an elevated command prompt, run the following command to restart the `Windows Deployment Services Server` service:
+
+    ```cmd
+    wdsutil.exe /Stop-Server
+    wdsutil.exe /Start-Server
+    ```
+
+    or
+
+    ```cmd
+    net.exe stop WDSServer
+    net.exe start WDSServer
+    ```
+
+    For more information, see [wdsutil stop-server](/windows-server/administration/windows-commands/wdsutil-stop-server) and [wdsutil start-server](/windows-server/administration/windows-commands/wdsutil-start-server).
+
+    ---
+
+## Boot.wim support
+
+The **boot.wim** that is part of Windows installation media isn't supported for deploying Windows 11 with Windows Deployment Services (WDS). Additionally, the **boot.wim** from Windows 11 installation media isn't supported for deploying any version of Windows with Windows Deployment Services (WDS). For more information, see [Windows Deployment Services (WDS) boot.wim support](wds-boot-support.md).
+
+## Windows Server 2012 R2
+
+This walk-through isn't intended for use with Windows Server 2012 R2. The steps in this article may work with Windows Server 2012 R2 when using older versions of the Windows ADK. However, it may have compatibility problems with versions of the Windows ADK that are newer than the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads). To resolve compatibility problems with newer ADKs and Windows Server 2012 R2:
+
+1. Upgrade Windows Server 2012 R2 to a newer version of Windows Server.
+1. Perform the boot image customizations on a computer running a version of Windows that supports the newer ADKs, for example Windows 10 or Windows 11, and then transfer the modified boot image to the Windows Server 2012 R2 server.
+
+For more information, see [Windows Server 2012 R2 Lifecycle](/lifecycle/products/windows-server-2012-r2).
+
+## Related articles
+
+- [Create bootable Windows PE media: Update the Windows PE add-on for the Windows ADK](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive#update-the-windows-pe-add-on-for-the-windows-adk)
+- [Update Windows installation media with Dynamic Update: Update WinPE](/windows/deployment/update/media-dynamic-update#update-winpe)
+- [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932: Updating bootable media](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d?preview=true#updatebootable5025885)
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
deleted file mode 100644
index b72a595c2a..0000000000
--- a/windows/deployment/deploy.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Deploy Windows 10 (Windows 10)
-description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
-manager: aaroncz
-author: frankroj
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-ms.topic: article
-ms.date: 11/23/2022
-ms.technology: itpro-deploy
----
-
-# Deploy Windows 10
-
-Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and articles are available.
-
-|Article |Description |
-|------|------------|
-|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |This article provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
-|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This article provides information about support for upgrading directly to Windows 10 from a previous operating system. |
-|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This article provides information about support for upgrading from one edition of Windows 10 to another. |
-|[Windows 10 volume license media](windows-10-media.md) |This article provides information about updates to volume licensing media in the current version of Windows 10. |
-|[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they're known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. |
-|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After you complete this guide, more guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md). |
-|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to help Windows 10 deployment planning. |
-|[Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
-|[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) |If you have Microsoft Configuration Manager in your environment, you'll most likely want to use it to deploy Windows 10. This article will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT). |
-|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
-|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install more fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
-
-## Related articles
-
-[Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home)
diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index 4e9dc9cb0c..136f9e7998 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -13,6 +13,8 @@
     items:
     - name: Set up Delivery Optimization for Windows
       href: waas-delivery-optimization-setup.md
+    - name: Monitor Delivery Optimization for Windows
+      href: waas-delivery-optimization-monitor.md
     - name: Configure Delivery Optimization settings using Microsoft Intune
       href: /mem/intune/configuration/delivery-optimization-windows
   - name: Resources for Delivery Optimization
@@ -65,7 +67,7 @@
           href: mcc-isp-support.md
         - name: MCC for ISPs (early preview)
           href: mcc-isp.md
-- name: Content endpoints for Delivery Optimization and Microsoft Connected Cache
+- name: Endpoints for Microsoft Connected Cache content and services
   href: delivery-optimization-endpoints.md 
 
   
diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
index b6ead30f95..aa74140003 100644
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -28,7 +28,7 @@ Use the table below to reference any particular content types or services endpoi
 
 |Domain Name  |Protocol/Port(s)  | Content Type | Additional Information | Microsoft Connected Cache Version |
 |---------|---------|---------------|-------------------|-----------------|
-| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com   |  HTTP / 80  | Windows Update </br> Windows Defender </br> Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Both |
+| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com   |  HTTP / 80  | Windows Update </br> Windows Defender </br> Windows Drivers </br> Windows Store | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Both |
 | *.delivery.mp.microsoft.com  |  HTTP / 80  | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Both |
 | *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net |  HTTP / 80  | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Both |
 | *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com |  HTTP / 80 </br> HTTPs / 443  | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Both |
diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md
index bab58db796..922909b41d 100644
--- a/windows/deployment/do/delivery-optimization-proxy.md
+++ b/windows/deployment/do/delivery-optimization-proxy.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 12/31/2017
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Using a proxy with Delivery Optimization
@@ -34,7 +35,7 @@ If a user is signed in, the system uses the Internet Explorer proxy.
 
 If no user is signed in, even if both the Internet Explorer proxy and netsh configuration are set, the netsh configuration will take precedence over the Internet Explorer proxy. This can result in download failures. For example, you might receive HTTP_E_STATUS_PROXY_AUTH_REQ or HTTP_E_STATUS_DENIED errors.
 
-You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply.
+You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie`) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply.
 
 ### Summary of settings behavior
 
diff --git a/windows/deployment/do/delivery-optimization-test.md b/windows/deployment/do/delivery-optimization-test.md
index 7ce46ef46c..978410d908 100644
--- a/windows/deployment/do/delivery-optimization-test.md
+++ b/windows/deployment/do/delivery-optimization-test.md
@@ -90,7 +90,7 @@ The following set of instructions will be used for each machine:
 |--------|-------------------------------|
 | :::image type="content" source="images/test-scenarios/win10/m1-basic-complete.png" alt-text="Windows 10 21H2 - Machine 1 - Basic Test." lightbox="images/test-scenarios/win10/m1-basic-complete.png"::: | :::image type="content" source="images/test-scenarios/win11/m1-basic-complete.png" alt-text="Windows 11 21H2 - Machine 1 - Basic Test." lightbox="images/test-scenarios/win11/m1-basic-complete.png"::: |
 | **Observations** | |
-| * No peers were found on the first machine downloading the content.<br>* 'TotalBytesDownloaded' is equal to the file size.<br>* Status is set to 'Caching' the content so future peers can use it.<br>* Download was happening in the foreground.<br>* DownloadMode is set to 'Group' and no peers were found.<br>* No distinct observations seen between Window 10 and Windows 11 devices. |
+| *No peers were found on the first machine downloading the content.<br>* 'TotalBytesDownloaded' is equal to the file size.<br>*Status is set to 'Caching' the content so future peers can use it.<br>* Download was happening in the foreground.<br>*DownloadMode is set to 'Group' and no peers were found.<br>* No distinct observations seen between Window 10 and Windows 11 devices. |
 
 *Wait 5 minutes*.
 
@@ -102,7 +102,7 @@ The following set of instructions will be used for each machine:
 |--------|--------------------------------|
 | :::image type="content" source="images/test-scenarios/win10/m2-basic-complete.png" alt-text="Windows 10 21H2 - Machine 2 - Basic Test." lightbox="images/test-scenarios/win10/m2-basic-complete.png"::: | :::image type="content" source="images/test-scenarios/win11/m2-basic-complete.png" alt-text="Windows 11 21H2 - Machine 2 - Basic Test." lightbox="images/test-scenarios/win11/m2-basic-complete.png":::|
 | **Observations** | **Observations**|
-| * A peer was found for the content and 87% of total bytes came from the peer. <br> * One peer was found for the piece of content, which is expected as there are only two devices in the peering group. <br> * Download mode was set to 'Group', but since group mode includes both LAN and Group devices, Delivery Optimization prioritizes LAN peers, if found. Therefore, 'BytesFromLanPeers' shows bytes where 'BytesFromGroupPeers' doesn't. <br> * 'DownloadDuration' is roughly the same between machines.|* A peer was found for the content and 90% of total bytes came from the peer. <br> * All other points are the same as Windows 10 results. |
+| *A peer was found for the content and 87% of total bytes came from the peer. <br>* One peer was found for the piece of content, which is expected as there are only two devices in the peering group. <br> *Download mode was set to 'Group', but since group mode includes both LAN and Group devices, Delivery Optimization prioritizes LAN peers, if found. Therefore, 'BytesFromLanPeers' shows bytes where 'BytesFromGroupPeers' doesn't. <br>* 'DownloadDuration' is roughly the same between machines.|*A peer was found for the content and 90% of total bytes came from the peer. <br>* All other points are the same as Windows 10 results. |
 
 ### Scenario 2: Advance Setup
 
diff --git a/windows/deployment/do/delivery-optimization-workflow.md b/windows/deployment/do/delivery-optimization-workflow.md
index b994ac956f..c201a86893 100644
--- a/windows/deployment/do/delivery-optimization-workflow.md
+++ b/windows/deployment/do/delivery-optimization-workflow.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 12/31/2017
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Delivery Optimization client-service communication explained
@@ -35,7 +36,7 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 |Endpoint hostname | Port|Name|Description|Data sent from the computer to the endpoint
 |--------------------------------------------|--------|---------------|-----------------------|------------------------|
 | geover-prod.do.dsp.mp.microsoft.com <br> geo-prod.do.dsp.mp.microsoft.com <br> geo.prod.do.dsp.mp.microsoft.com <br> geover.prod.do.dsp.mp.microsoft.com | 443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | **Profile**: The device type (for example, PC or Xbox) <br> **doClientVersion**: The version of the DoSvc client <br> **groupID**: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
-| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services and device configs. | **countryCode**: The country the client is connected from <br> **doClientVersion**: The version of the DoSvc client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping ID <br> **CacheHost**: Cache host ID |
+| kv\*.prod.do.dsp.mp.microsoft.com | 443| KeyValue | Bootstrap service provides endpoints for all other services and device configs. | **countryCode**: The country or region the client is connected from <br> **doClientVersion**: The version of the DoSvc client <br> **Profile**: The device type (for example, PC or Xbox) <br> **eId**: Client grouping ID <br> **CacheHost**: Cache host ID |
 | cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies and as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **eID**: Client grouping ID <br> **CacheHost**: Cache host ID |
 | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentID**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **partitionID**: Client partitioning hint <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **eID**: Client grouping ID |
 | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentID**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **PeerID**:  Identity of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group ID**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eID**: Client grouping ID |
diff --git a/windows/deployment/do/images/ent-mcc-deployment-complete.png b/windows/deployment/do/images/ent-mcc-deployment-complete.png
new file mode 100644
index 0000000000..3586c6019f
Binary files /dev/null and b/windows/deployment/do/images/ent-mcc-deployment-complete.png differ
diff --git a/windows/deployment/do/images/ent-mcc-portal-create.png b/windows/deployment/do/images/ent-mcc-portal-create.png
new file mode 100644
index 0000000000..194220be72
Binary files /dev/null and b/windows/deployment/do/images/ent-mcc-portal-create.png differ
diff --git a/windows/deployment/do/images/ent-mcc-portal-resource.png b/windows/deployment/do/images/ent-mcc-portal-resource.png
new file mode 100644
index 0000000000..383db09303
Binary files /dev/null and b/windows/deployment/do/images/ent-mcc-portal-resource.png differ
diff --git a/windows/deployment/do/images/ent-mcc-provisioning.png b/windows/deployment/do/images/ent-mcc-provisioning.png
new file mode 100644
index 0000000000..1c1dc4f0d0
Binary files /dev/null and b/windows/deployment/do/images/ent-mcc-provisioning.png differ
diff --git a/windows/deployment/do/includes/get-azure-subscription.md b/windows/deployment/do/includes/get-azure-subscription.md
index b0039d5c54..cce1f7f7f6 100644
--- a/windows/deployment/do/includes/get-azure-subscription.md
+++ b/windows/deployment/do/includes/get-azure-subscription.md
@@ -1,6 +1,7 @@
 ---
-author: amymzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.date: 10/18/2022
 ms.prod: windows-client
diff --git a/windows/deployment/do/includes/mcc-prerequisites.md b/windows/deployment/do/includes/mcc-prerequisites.md
index d264cc0f93..fbe43f8660 100644
--- a/windows/deployment/do/includes/mcc-prerequisites.md
+++ b/windows/deployment/do/includes/mcc-prerequisites.md
@@ -1,6 +1,7 @@
 ---
-author: amyzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.prod: windows-client
 ms.technology: itpro-deploy
diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml
index cdbe9ad071..c886372c0f 100644
--- a/windows/deployment/do/index.yml
+++ b/windows/deployment/do/index.yml
@@ -14,7 +14,7 @@ metadata:
     - tier3
   author: aczechowski
   ms.author: aaroncz
-  manager: dougeby
+  manager: aaroncz
   ms.date: 03/07/2022 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
@@ -41,10 +41,10 @@ landingContent:
     linkLists:
       - linkListType: how-to-guide
         links:
-          - text: Delivery Optimization settings
+          - text: Delivery Optimization recommended settings
             url: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings
-          - text: Windows PowerShell for Delivery Optimization
-            url: waas-delivery-optimization-setup.md#windows-powershell-cmdlets
+          - text: Monitor Delivery Optimization for Windows
+            url: waas-delivery-optimization-monitor.md
           - text: Troubleshoot Delivery Optimization
             url: waas-delivery-optimization-setup.md#troubleshooting
           - text: Delivery Optimization Frequently Asked Questions
diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
index 5702d64fde..566e605a7c 100644
--- a/windows/deployment/do/mcc-ent-edu-overview.md
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -3,12 +3,13 @@ title: MCC for Enterprise and Education Overview
 manager: aaroncz
 description: Overview of Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
 ms.topic: article
 ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Microsoft Connected Cache for Enterprise and Education Overview
@@ -37,9 +38,9 @@ Connected Cache (early preview) supports the following scenarios:
 
 When clients download cloud-managed content, they use Delivery Optimization from the cache server installed on a Windows server or VM. Cloud-managed content includes the following types:
 
-- Windows Update for Business: Windows feature and quality updates
+- Windows updates: Windows feature and quality updates
 - Office Click-to-Run apps: Microsoft 365 Apps and updates
-- Client apps: Microsoft Store apps and updates
+- Client apps: Intune, store apps, and updates
 - Endpoint protection: Windows Defender definition updates
 
 For the full list of content endpoints that Microsoft Connected Cache for Enterprise and Education supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
index 7f45db43f3..1e998c0da5 100644
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ b/windows/deployment/do/mcc-enterprise-appendix.md
@@ -3,12 +3,15 @@ title: Appendix
 manager: aaroncz
 description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
-ms.author: amyzhou
-ms.topic: article
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
+ms.topic: how-to
 ms.date: 12/31/2017
 ms.technology: itpro-updates
-ms.collection: tier3
+ms.collection:
+  - tier3
+  - must-keep
 ---
 
 # Appendix
diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md
index 4c015f9471..53d2940cc1 100644
--- a/windows/deployment/do/mcc-enterprise-deploy.md
+++ b/windows/deployment/do/mcc-enterprise-deploy.md
@@ -1,10 +1,11 @@
 ---
 title: Deploying your cache node
 manager: aaroncz
-description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
+description: How to deploy a Microsoft Connected Cache (MCC) for Enterprise and Education cache node
 ms.prod: windows-client
-author: amymzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md
index d8282ff774..dec45fd83c 100644
--- a/windows/deployment/do/mcc-enterprise-prerequisites.md
+++ b/windows/deployment/do/mcc-enterprise-prerequisites.md
@@ -3,8 +3,9 @@ title: Requirements for Microsoft Connected Cache (MCC) for Enterprise and Educa
 manager: aaroncz
 description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
diff --git a/windows/deployment/do/mcc-enterprise-update-uninstall.md b/windows/deployment/do/mcc-enterprise-update-uninstall.md
index 1a995a17cf..410155b347 100644
--- a/windows/deployment/do/mcc-enterprise-update-uninstall.md
+++ b/windows/deployment/do/mcc-enterprise-update-uninstall.md
@@ -3,13 +3,17 @@ title: Update or uninstall Microsoft Connected Cache for Enterprise and Educatio
 manager: aaroncz
 description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education.
 ms.prod: windows-client
-author: amymzhou
-ms.author: amyzhou
-ms.topic: article
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
+ms.topic: how-to
 ms.date: 12/31/2017
 ms.technology: itpro-updates
-ms.collection: tier3
+ms.collection:
+  - tier3
+  - must-keep
 ---
+
 # Update or uninstall Microsoft Connected Cache for Enterprise and Education
 
 Throughout the preview phase, we'll send you security and feature updates for MCC. Follow these steps to perform the update.
diff --git a/windows/deployment/do/mcc-isp-cache-node-configuration.md b/windows/deployment/do/mcc-isp-cache-node-configuration.md
index 1ab223ec25..a4d800235c 100644
--- a/windows/deployment/do/mcc-isp-cache-node-configuration.md
+++ b/windows/deployment/do/mcc-isp-cache-node-configuration.md
@@ -1,19 +1,22 @@
 ---
 title: Cache node configuration
 manager: aaroncz
-description: Configuring a cache node on Azure portal
+description: Configuring a cache node on Azure portal.
 ms.prod: windows-client
-author: amyzhou
-ms.author: amyzhou
-ms.topic: article
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
+ms.topic: reference
 ms.date: 12/31/2017
 ms.technology: itpro-updates
-ms.collection: tier3
+ms.collection:
+  - tier3
+  - must-keep
 ---
 
 # Cache node configuration
 
-All cache node configuration will take place within Azure portal. This article outlines all of the settings that you'll be able to configure. 
+All cache node configuration takes place within Azure portal. This article outlines all of the settings that you're able to configure. 
 
 ## Settings
 
diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index d7bf5ee7a4..d118693501 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.date: 05/09/2023
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Create, configure, provision, and deploy the cache node in Azure portal
@@ -82,7 +83,7 @@ To set up and enable BGP routing for your cache node, follow the steps below:
 1. Under **Routing information**, select the routing method you would like to use. For more information, see [Client routing](#client-routing).
 
     - If you choose **Manual routing**, enter your address range/CIDR blocks.  
-    - If you choose **BGP routing**, enter the ASN and IP addresses of the neighborship.  
+    - If you choose **BGP routing**, enter the ASN and IP addresses of the neighborship. Use your ASN, the one used to sign up for MCC. MCC will be automatically assigned as the same ASN as the neighbor.
     > [!NOTE]
     > **Prefix count** and **IP Space** will stop displaying `0` when BGP is successfully established.
 
diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml
index 375036f62d..f04f2e3dc9 100644
--- a/windows/deployment/do/mcc-isp-faq.yml
+++ b/windows/deployment/do/mcc-isp-faq.yml
@@ -2,8 +2,9 @@
 metadata:
   title: Microsoft Connected Cache Frequently Asked Questions
   description: The following article is a list of frequently asked questions for Microsoft Connected Cache.
-  author: amymzhou
-  ms.author: amymzhou
+  ms.author: carmenf
+  author: cmknox
+  ms.reviewer: mstewart
   manager: aaroncz
   ms.collection:
     - highpri
@@ -54,8 +55,8 @@ sections:
         answer: You can choose to route your traffic using manual CIDR blocks or BGP. If you have multiple Microsoft Connected Cache(s), you can allocate subsets of CIDR blocks to each cache node if you wish. However, since Microsoft Connected Cache has automatic load balancing, we recommend adding all of your traffic to all of your cache nodes.  
       - question: Should I add any load balancing mechanism?
         answer: You don't need to add any load balancing. Our service will take care of routing traffic if you have multiple cache nodes serving the same CIDR blocks based on the reported health of the cache node.  
-      - question: How many Microsoft Connected Cache instances will I need? How do we set up if we support multiple countries?
-        answer: As stated in the table above, the recommended configuration will achieve near the maximum possible egress of 40 Gbps with a two-port link aggregated NIC and four cache drives. We have a feature coming soon that will help you estimate the number of cache nodes needed. If your ISP spans multiple countries, you can set up separate cache nodes per country.  
+      - question: How many Microsoft Connected Cache instances will I need? How do we set up if we support multiple countries or regions?
+        answer: As stated in the table above, the recommended configuration will achieve near the maximum possible egress of 40 Gbps with a two-port link aggregated NIC and four cache drives. We have a feature coming soon that will help you estimate the number of cache nodes needed. If your ISP spans multiple countries or regions, you can set up separate cache nodes per country or region.  
       - question: Where should we install Microsoft Connected Cache?
         answer: You are in control of your hardware and you can pick the location based on your traffic and end customers. You can choose the location where you have your routers or where you have dense traffic or any other parameters.
       - question: How long would a piece of content live within the Microsoft Connected Cache? Is content purged from the cache?
@@ -67,7 +68,7 @@ sections:
       - question: Is IPv6 supported?
         answer: No, we don't currently support IPV6. We plan to support it in the future.   
       - question: Is Microsoft Connected Cache stable and reliable?
-        answer: We have already successfully onboarded ISPs in many countries around the world and have received positive feedback! However, you can always start off with a portion of your CIDR blocks to test out the performance of MCC before expanding to more customers.
+        answer: We have already successfully onboarded ISPs in many countries and regions around the world and have received positive feedback! However, you can always start off with a portion of your CIDR blocks to test out the performance of MCC before expanding to more customers.
       - question: How does Microsoft Connected Cache populate its content?
         answer: Microsoft Connected Cache is a cold cache warmed by client requests. The client requests content and that is what fills up the cache. There's no off-peak cache fill necessary. Microsoft Connected Cache will reach out to different CDN providers just like a client device would. The traffic flow from Microsoft Connected Cache will vary depending on how you currently transit to each of these CDN providers. The content can come from third party CDNs or from AFD.
       - question: What CDNs will Microsoft Connected Cache pull content from?
diff --git a/windows/deployment/do/mcc-isp-overview.md b/windows/deployment/do/mcc-isp-overview.md
index 9ef0352aab..9c0aa7fd80 100644
--- a/windows/deployment/do/mcc-isp-overview.md
+++ b/windows/deployment/do/mcc-isp-overview.md
@@ -3,10 +3,11 @@ title: MCC for ISPs Overview
 manager: aaroncz
 description: Overview for Microsoft Connected Cache for ISPs
 ms.prod: windows-client
-author: amymzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
-ms.date: 05/09/2023
+ms.date: 07/27/2023
 ms.technology: itpro-updates
 ms.collection: tier3
 ---
@@ -18,7 +19,7 @@ ms.collection: tier3
 - Windows 10
 - Windows 11
 
-Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a software-only caching solution that delivers Microsoft content. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
+Microsoft Connected Cache (MCC) for Internet Service Providers (preview) is a free software-only caching solution that delivers Microsoft content. MCC can be deployed free of charge to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing.
 
 ## Supported scenarios
 
@@ -31,10 +32,43 @@ Microsoft Connected Cache (preview) supports the following scenarios:
 
 Microsoft Connected Cache uses Delivery Optimization as the backbone for Microsoft content delivery. Microsoft Connected Cache caches the following types:
 
-- Windows Update for Business: Windows feature and quality updates
+- Windows updates: Windows feature and quality updates
 - Office Click-to-Run apps: Microsoft 365 Apps and updates
-- Client apps: Microsoft Store apps and updates
+- Client apps: Intune, store apps, and updates
 - Endpoint protection: Windows Defender definition updates
 - Xbox: Xbox Game Pass (PC only)
 
+Do you peer with [Microsoft (ASN 8075)](/azure/internet-peering/)? Microsoft Connected Cache complements peering by offloading static content that is served off of multiple CDNs such as Akamai, Lumen, and Edgecast. Microsoft Peering mainly caches dynamic content - by onboarding to Microsoft Connected Cache, you'll cache static content that otherwise would be served from the CDN. 
+
 For the full list of content endpoints that Microsoft Connected Cache for ISPs supports, see [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md).
+
+## How MCC works
+
+:::image type="content" source="./images/mcc-isp-diagram.png" alt-text="Data flow diagram of how Microsoft Connected Cache works." lightbox="./images/mcc-isp-diagram.png":::
+
+The following steps describe how MCC is provisioned and used:
+
+1. The Azure portal is used to create and manage MCC nodes.
+
+1. A shell script is used to provision the server and deploy the MCC application.
+
+1. A combination of the Azure portal and shell script is used to configure Microsoft Delivery Optimization Services to route traffic to the MCC server.
+
+    - The publicly accessible IPv4 address of the server is configured on the portal.
+
+    - **Manual Routing:** Providing the CIDR blocks that represent the client IP address space, which should be routed to the MCC node.
+
+    - **BGP Routing:** A shell script is used to initiate a peering session with a router in the operator network, and the operator initiates a session with the MCC node.
+
+        > [!NOTE]
+        > Only IPv4 addresses are supported at this time. Entering IPv6 addresses will result in an error.
+
+1. Microsoft end-user devices (clients) periodically connect with Microsoft Delivery Optimization Services, and the services match the IP address of the client with the IP address of the corresponding MCC node.
+
+1. Microsoft clients make the range requests for content from the MCC node.
+
+1. An MCC node gets content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
+
+1. Subsequent requests from end-user devices for content will be served from cache.
+
+1. If the MCC node is unavailable, the client gets content from the CDN to ensure uninterrupted service for your subscribers.
diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md
index 9ae3e9ed19..087a11d27f 100644
--- a/windows/deployment/do/mcc-isp-signup.md
+++ b/windows/deployment/do/mcc-isp-signup.md
@@ -9,6 +9,7 @@ ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Operator sign up and service onboarding for Microsoft Connected Cache
@@ -29,6 +30,9 @@ Before you begin sign up, ensure you have the following components:
 
 1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You'll need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, go to the [Pay-As-You-Go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/).
 
+   > [!NOTE]
+   > Microsoft Connected Cache is a completely free service for operators. None of the resources created in Azure will incur any charges. However, be aware that any additional services that might be selected as part of the Azure sign-up process might incur charges.
+
 1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal.
 
 1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. 
diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md
index 2be225b039..dba3bbfc15 100644
--- a/windows/deployment/do/mcc-isp-support.md
+++ b/windows/deployment/do/mcc-isp-support.md
@@ -9,6 +9,7 @@ ms.topic: reference
 ms.date: 12/31/2017
 ms.technology: itpro-updates
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Support and troubleshooting
diff --git a/windows/deployment/do/mcc-isp-update.md b/windows/deployment/do/mcc-isp-update.md
index 0b9a530e78..5a3dcbd4fb 100644
--- a/windows/deployment/do/mcc-isp-update.md
+++ b/windows/deployment/do/mcc-isp-update.md
@@ -3,12 +3,15 @@ title: Update or uninstall your cache node
 manager: aaroncz
 description: How to update or uninstall your cache node
 ms.prod: windows-client
-author: amyzhou
-ms.author: amyzhou
-ms.topic: article
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
+ms.topic: how-to
 ms.date: 12/31/2017
 ms.technology: itpro-updates
-ms.collection: tier3
+ms.collection:
+  - tier3
+  - must-keep
 ---
 
 # Update or uninstall your cache node
diff --git a/windows/deployment/do/mcc-isp-verify-cache-node.md b/windows/deployment/do/mcc-isp-verify-cache-node.md
index ebe7e20158..9dc6e22466 100644
--- a/windows/deployment/do/mcc-isp-verify-cache-node.md
+++ b/windows/deployment/do/mcc-isp-verify-cache-node.md
@@ -3,8 +3,9 @@ title: Verify cache node functionality and monitor health and performance
 manager: aaroncz
 description: How to verify the functionality of a cache node
 ms.prod: windows-client
-author: amyzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: article
 ms.date: 12/31/2017
 ms.technology: itpro-updates
diff --git a/windows/deployment/do/mcc-isp-vm-performance.md b/windows/deployment/do/mcc-isp-vm-performance.md
index e56fc1ef3a..7d3b9de1cc 100644
--- a/windows/deployment/do/mcc-isp-vm-performance.md
+++ b/windows/deployment/do/mcc-isp-vm-performance.md
@@ -3,8 +3,9 @@ title: Enhancing cache performance
 manager: aaroncz
 description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs
 ms.prod: windows-client
-author: amyzhou
-ms.author: amyzhou
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ms.topic: reference
 ms.technology: itpro-updates
 ms.date: 12/31/2017
diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md
index 9a067c4a51..097b922aa9 100644
--- a/windows/deployment/do/mcc-isp.md
+++ b/windows/deployment/do/mcc-isp.md
@@ -4,9 +4,9 @@ description: Details on Microsoft Connected Cache (MCC) for Internet Service Pro
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.localizationpriority: medium
-author: amymzhou
-ms.author: amyzhou
-ms.reviewer: carmenf
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.topic: how-to
 ms.date: 05/20/2022
diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml
index 4cccd98fa6..d306d123f9 100644
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@@ -12,7 +12,7 @@ metadata:
     - highpri
     - tier3
   ms.topic: faq
-  ms.date: 04/17/2023
+  ms.date: 07/31/2023
 title: Delivery Optimization Frequently Asked Questions
 summary: |
   **Applies to**
@@ -23,29 +23,28 @@ sections:
   - name: Ignored
     questions:
       - question: Does Delivery Optimization work with WSUS?
-        answer: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
+        answer: Yes. Devices obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination.
           
       - question: Which ports does Delivery Optimization use?
         answer: | 
-          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
+          Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service registers and opens this port on the device. The port must be set to accept inbound traffic through your firewall. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data).
 
-          Delivery Optimization will use Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
+          Delivery Optimization uses Teredo to create peer groups, which include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets). To enable this scenario, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up.
 
           Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80.
 
       - question: What are the requirements if I use a proxy?
         answer: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](../do/delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).
-           
+
       - question: What hostnames should I allow through my firewall to support Delivery Optimization?
         answer: | 
           **For communication between clients and the Delivery Optimization cloud service**:
           
-          - `*.do.dsp.mp.microsoft.com`
+          - `*.prod.do.dsp.mp.microsoft.com`
 
           **For Delivery Optimization metadata**:
 
           - `*.dl.delivery.mp.microsoft.com`
-          - `*.emdl.ws.microsoft.com`
 
           **For the payloads (optional)**:
 
@@ -58,6 +57,15 @@ sections:
 
           For more information, see [Endpoints for Delivery Optimization and Microsoft Connected Cache](../do/delivery-optimization-endpoints.md) for a list of all content endpoints needed.
 
+      - question: My firewall requires IP addresses and can't process FQDNs. How do I configure it to download content with Delivery Optimization?
+        answer: | 
+          Microsoft content, such as Windows updates, are hosted and delivered globally via Content Delivery Networks (CDNs) and [Microsoft Connected Cache](waas-microsoft-connected-cache.md) (MCC) servers, which are hosted within Internet Service Provider (ISP) networks. 
+          The network of CDNs and MCCs allows Microsoft to reach the scale required to meet the demand of the Windows user base. Given this delivery infrastructure changes dynamically, providing an exhaustive list of IPs and keeping it up to date isn't feasible. 
+        
+      - question: Delivery Optimization is downloading Windows content on my devices directly from an IP Address, is it expected? 
+        answer: | 
+          When Delivery Optimization downloads from a [Microsoft Connected Cache](waas-microsoft-connected-cache.md) server that is hosted by your Internet Service Provider, the download will be pulled directly from the IP Address of that server. If the Microsoft Connected cache isn't available, the download will fall back seamlessly to the CDN instead. Delivery Optimization Peers are used in parallel if available. 
+
       - question: Does Delivery Optimization use multicast?
         answer: No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP.
           
@@ -66,11 +74,11 @@ sections:
 
       - question: How does Delivery Optimization handle VPNs?
         answer: |
-          Delivery Optimization attempts to identify VPNs by checking the network adapter type and details. A connection will be treated as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
+          Delivery Optimization attempts to identify VPNs by checking the network adapter type and details. A connection is treated as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
 
-          If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](../do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
+          If the connection is identified as a VPN, Delivery Optimization suspends uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](../do/waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
 
-          If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](../do/waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group, to ensure that there will be no peer-to-peer activity over the VPN. When the device isn't connected using a VPN, it can still use peer-to-peer with the default of LAN.
+          If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](../do/waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group, to ensure that there's no peer-to-peer activity over the VPN. When the device isn't connected using a VPN, it can still use peer-to-peer with the default of LAN.
 
           With split tunneling, make sure to allow direct access to these endpoints:
 
@@ -80,7 +88,6 @@ sections:
 
           Delivery Optimization metadata:
           
-          - `http://emdl.ws.microsoft.com`
           - `http://download.windowsupdate.com`
           - `http://*.dl.delivery.mp.microsoft.com`
 
@@ -102,9 +109,34 @@ sections:
 
       - question: How are downloads initiated by Delivery Optimization?
         answer: |
-         Delivery Optimization only starts when an application or service that's integrated with Delivery Optimization starts a download. For example, the Microsoft Edge browser. For more information about Delivery Optimization callers, see [Types of download content supported by Delivery Optimization](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization).
+          Delivery Optimization only starts when an application or service that's integrated with Delivery Optimization starts a download. For example, the Microsoft Edge browser. For more information about Delivery Optimization callers, see [Types of download content supported by Delivery Optimization](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization).
             
       - question: How does Delivery Optimization determine which content is available for peering?
         answer: |
           Delivery Optimization uses the cache content on the device to determine what's available for peering. For the upload source device, there's a limited number (4) of slots for cached content that's available for peering at a given time. Delivery Optimization contains logic that rotates the cached content in those slots.
+      
+      - question: What is the recommended configuration for Delivery Optimization used with cloud proxies (for example, Zscaler)?
+        answer: |
+          The recommended configuration for Delivery Optimization Peer-to-Peer to work most efficiently along with cloud proxy solutions (for example, Zscaler) is to allow traffic to the Delivery Optimization services to go directly to the internet and not through the cloud proxy.
+          At a minimum, the following FQDN that is used for communication between clients and the Delivery Optimization service should be allowed with direct Internet access and bypass the cloud proxy service: 
+
+            - `*.prod.do.dsp.mp.microsoft.com`
+
+          If allowing direct Internet access isn't an option, try using Group Download Mode '2' to define the peering group. [Learn more](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) about using Group Download mode.
           
+      - question: How do I turn off Delivery Optimization?
+        answer: |
+          Delivery Optimization is an HTTP downloader used by most content providers from Microsoft. When a device is configured to use Delivery Optimization peering (on by default), it does so with the HTTP downloader capabilities to optimize bandwidth usage. 
+          If you'd like to disable peer-to-peer capabilities of Delivery Optimization, change the Delivery Optimization [Download mode](waas-delivery-optimization-reference.md#download-mode) setting to '0', which will disable peer-to-peer and provide hash checks. [Download mode](waas-delivery-optimization-reference.md#download-mode) set to '99' should only be used when the device is offline and doesn't have internet access.
+          Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. Starting in Windows 11, Download mode '100' is deprecated.
+
+          > [!NOTE]
+          > Disabling Delivery Optimization won't prevent content from downloading to your devices. If you're looking to pause updates, you need to set policies for the relevant components such as Windows Update, Windows Store or Microsoft Edge browser.  If you're looking to reduce the load on your network, look into using Delivery Optimization Peer-to-Peer, Microsoft Connected Cache or apply the [network throttling policies](waas-delivery-optimization-reference.md#maximum-download-bandwidth) available for Delivery Optimization.
+      
+      - question: Delivery Optimization is using device resources and I can't tell why?
+        answer: |
+          Delivery Optimization is used by most content providers from Microsoft. A complete list can be found [here](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization). Often customers may not realize the vast application of Delivery Optimization and how it's used across different apps. Content providers have the option to run downloads in the foreground or background. It's good to check any apps running in the background to see what is running. Also note that depending on the app, closing the app may not necessarily stop the download.
+
+      - question: What Delivery Optimization settings are available?
+        answer: |
+          There are many different Delivery Optimization [settings](waas-delivery-optimization-reference.md) available. These settings allow you to effectively manage how Delivery Optimization is used within your environment with control s on bandwidth, time of day, etc. 
diff --git a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md b/windows/deployment/do/waas-delivery-optimization-monitor.md
similarity index 64%
rename from windows/deployment/do/includes/waas-delivery-optimization-monitor.md
rename to windows/deployment/do/waas-delivery-optimization-monitor.md
index faf96a6339..2a44035bf3 100644
--- a/windows/deployment/do/includes/waas-delivery-optimization-monitor.md
+++ b/windows/deployment/do/waas-delivery-optimization-monitor.md
@@ -1,22 +1,36 @@
 ---
-author: mestew
-ms.author: mstewart
 manager: aaroncz
+title: Monitor Delivery Optimization
+description: How to monitor Delivery Optimization
+ms.collection:
+  - tier3
 ms.prod: windows-client
-ms.technology: itpro-deploy
-ms.topic: include
-ms.date: 04/06/2022
+ms.technology: itpro-updates
+ms.topic: reference
+ms.date: 08/13/2023
 ms.localizationpriority: medium
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 ---
-<!--This file is shared by do/waas-delivery-optimization-setup.md and the update/update-compliance-get-started.md articles -->
 
-## Monitor Delivery Optimization
+# Monitor Delivery Optimization
 
-### Windows PowerShell cmdlets
+To monitor Delivery Optimization, you can use either the Windows Update for Business Delivery Optimization Report or Windows PowerShell cmdlets.
+
+## Monitor with Windows Update for Business Delivery Optimization Report
+
+Windows Update for Business Delivery Optimization Report provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer, Microsoft Connected Cache (MCC), HTTP source/CDN distribution over the past 28 days.
+
+:::image type="content" source="../update/media/wufb-do-overview.png" alt-text="This screenshot shows the Windows Update for Business report, Delivery Optimization status in Update Compliance." lightbox= "../update/media/wufb-do-overview.png":::
+
+For details, see [Windows Update for Business Delivery Optimization Report](/windows/deployment/update/wufb-reports-overview).
+
+## Windows PowerShell cmdlets
 
 **Starting in Windows 10, version 1703**, you can use new PowerShell cmdlets to check the performance of Delivery Optimization.
 
-#### Analyze usage
+### Analyze usage
 
 `Get-DeliveryOptimizationStatus` returns a real-time snapshot of all current Delivery Optimization jobs.
 
@@ -27,13 +41,13 @@ ms.localizationpriority: medium
 | FileSizeInCache | Size of the file in the cache |
 | TotalBytesDownloaded | The number of bytes from any source downloaded so far |
 | PercentPeerCaching |The percentage of bytes downloaded from peers versus over HTTP |
-| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
+| BytesFromPeers | Total bytes downloaded from peer devices (sum of bytes downloaded from LAN, Group, and Internet Peers) |
 | BytesfromHTTP | Total number of bytes received over HTTP. This metric represents all HTTP sources, which includes BytesFromCacheServer |
 | Status | Current state of the operation. Possible values are: **Downloading** (download in progress); **Complete** (download completed, but isn't uploading yet); **Caching** (download completed successfully and is ready to upload or uploading); **Paused** (download/upload paused by caller) |
 | Priority | Priority of the download; values are **foreground** or **background** |
 | BytesFromCacheServer | Total number of bytes received from cache server (MCC) |
 | BytesFromLanPeers | Total number of bytes received from peers found on the LAN |
-| BytesFromGroupPeers | Total number of bytes received from peers found in the group. (Note: Group mode is LAN + Group. If peers are found on the LAN, those bytes will be registered in 'BytesFromLANPeers'.)  |
+| BytesFromGroupPeers | Total number of bytes received from peers found in the group. (Note: Group mode is LAN + Group. If peers are found on the LAN, those bytes are registered in 'BytesFromLANPeers'.)  |
 | BytesFromInternetPeers | Total number of bytes received from internet peers |
 | BytesToLanPeers | Total number of bytes delivered from peers found on the LAN |
 | BytesToGroupPeers | Total number of bytes delivered from peers found in the group |
@@ -112,7 +126,7 @@ Using the `-Verbose` option returns additional information:
 
 Starting in Windows 10, version 1803, `Get-DeliveryOptimizationPerfSnapThisMonth` returns data similar to data from `Get-DeliveryOptimizationPerfSnap` but limited to the current calendar month.
 
-#### Manage the Delivery Optimization cache
+### Manage the Delivery Optimization cache
 
 **Starting in Windows 10, version 1903:**
 
@@ -132,7 +146,7 @@ You can now "pin" files to keep them persistent in the cache, only with files th
 - `-IncludePinnedFiles` deletes all files that are pinned.
 - `-Force` deletes the cache with no prompts.
 
-#### Work with Delivery Optimization logs
+### Work with Delivery Optimization logs
 
 **Starting in Windows 10, version 2004:**
 
@@ -168,3 +182,34 @@ Using the `-ListConnections` option returns these details about peers:
 If `Path` isn't specified, this cmdlet reads all logs from the DoSvc log directory, which requires administrator permissions. If `Flush` is specified, the cmdlet stops DoSvc before reading logs.
 
 Log entries are written to the PowerShell pipeline as objects. To dump logs to a text file, run `Get-DeliveryOptimizationLog | Set-Content <output file>` or something similar.
+
+
+**Starting in Windows 10, version 1803:**
+
+`Get-DOConfig -Verbose`
+
+This cmdlet lists local configuration and policies that are applied to Delivery Optimization. This includes policies that are set via Group Policies or MDM Policies. Each policy is listed with the current set value and the provider of that policy. For example:
+
+DownloadMode:Simple
+DownloadModeProvider:Mdm Provider
+
+The provider is listed as "Default Provider" if it's using the Delivery Optimization platform configured default. 
+
+The cmdlet returns the following data:
+
+- BatteryPctToSeed: Corresponds to the [DOMinBatteryPercentageAllowedToUpload](waas-delivery-optimization-reference.md#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) policy.
+- WorkingDirectory: The local folder containing the Delivery Optimization cache.
+- MinTotalDiskSize: Corresponds to the [DOMinDiskSizeAllowedToPeer](waas-delivery-optimization-reference.md#minimum-disk-size-allowed-to-use-peer-caching) policy.
+- MinTotalRAM: Corresponds to the [DOMinRAMAllowedToPeer](waas-delivery-optimization-reference.md#minimum-ram-inclusive-allowed-to-use-peer-caching) policy.
+- VpnPeerCachingAllowed: Corresponds to the [DOAllowVPNPeerCaching](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy.
+- VpnKeywords: List of keywords used to identify a VPN adapter.
+- SetHoursToLimitDownloadBackground: Corresponds to the [DOSetHoursToLimitBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-background-download-bandwidth) policy.
+- SetHoursToLimitDownloadForeground: Corresponds to the [DOSetHoursToLimitForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#set-business-hours-to-limit-foreground-download-bandwidth) policy.
+- DownloadMode: Corresponds to the [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) policy.
+- DownBackLimitBps: Corresponds to the [DOMaxBackgroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth-in-kbs) policy.
+- DownloadForegroundLimitBps: Corresponds to the [DOMaxForegroundDownloadBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth-in-kbs) policy.
+- DownBackLimitPct: Corresponds to the [DOPercentageMaxBackgroundBandwidth](waas-delivery-optimization-reference.md#maximum-background-download-bandwidth) policy.
+- DownloadForegroundLimitPct: Corresponds to the [DOPercentageMaxForegroundBandwidth](waas-delivery-optimization-reference.md#maximum-foreground-download-bandwidth) policy.
+- MaxUploadRatePct: Corresponds to the [DOMaxUploadBandwidth](waas-delivery-optimization-reference.md#max-upload-bandwidth) policy (deprecated in Windows 10, version 2004).
+- UploadLimitMonthlyGB: Corresponds to the [DOMonthlyUploadDataCap](waas-delivery-optimization-reference.md#monthly-upload-data-cap) policy.
+
diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md
index 4908ba4901..2735892b16 100644
--- a/windows/deployment/do/waas-delivery-optimization-reference.md
+++ b/windows/deployment/do/waas-delivery-optimization-reference.md
@@ -6,28 +6,29 @@ ms.prod: windows-client
 author: cmknox
 ms.localizationpriority: medium
 ms.author: carmenf
-ms.topic: article
+ms.topic: reference
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 07/31/2023
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # Delivery Optimization reference
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 - Windows 11
 
 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the Download Center [for Windows 11](https://www.microsoft.com/en-us/download/details.aspx?id=104594) or [for Windows 10](https://www.microsoft.com/en-us/download/details.aspx?id=104678).
 
-There are many configuration options you can set in Delivery Optimization to customize the content delivery experience specific to your environment needs. This topic summarizes those configurations for your reference. If you just need an overview of Delivery Optimization, see [What is Delivery Optimization](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows](waas-delivery-optimization-setup.md).
+There are many configuration options you can set in Delivery Optimization to customize the content delivery experience specific to your environment needs. This article summarizes those configurations for your reference. If you just need an overview of Delivery Optimization, see [What is Delivery Optimization](waas-delivery-optimization.md). If you need information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization for Windows](waas-delivery-optimization-setup.md).
 
 ## Delivery Optimization options
 
 You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization.
 
-You'll find the Delivery Optimization settings in Group Policy under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**.
+The Delivery Optimization settings in Group Policy are under **Configuration\Policies\Administrative Templates\Windows Components\Delivery Optimization**.
 In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**.
 
 ### Summary of Delivery Optimization settings
@@ -35,9 +36,9 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | Group Policy setting | MDM setting | Supported from version | Notes |
 | --- | --- | --- | ------- |
 | [Download mode](#download-mode) | DODownloadMode | 1511 | Default is set to LAN(1). The Group [Download mode](#download-mode) (2) combined with [Group ID](#group-id), enables administrators to create custom device groups that will share content between devices in the group.|
-| [Group ID](#group-id)  | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not set, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't set, the GroupID will be defined as the AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order.  |
-| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not set, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't set, the Group will be defined as the AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. |
-| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, consumer devices default to using 'Local discovery (DNS-SD)' and commercial devices  default to using 'Subnet'.  |
+| [Group ID](#group-id)  | DOGroupID | 1511 | Used with Group [Download mode](#download-mode). If not set, check [GroupIDSource](#select-the-source-of-group-ids). When GroupID or GroupIDSource policies aren't set, the GroupID is defined as the AD Site (1), Authenticated domain SID (2) or Azure AD Tenant ID (5), in that order.  |
+| [Select the source of Group IDs](#select-the-source-of-group-ids) | DOGroupIDSource | 1803 | If not set, check [Group ID](#group-id). When the GroupID or GroupIDSource policies aren't set, the Group is defined as the AD Site (1), Authenticated domain SID (2) or Azure AD Tenant ID (5), in that order. |
+| [Select a method to restrict peer selection](#select-a-method-to-restrict-peer-selection) | DORestrictPeerSelectionBy | 1803 | Starting in Windows 11, a new option to use 'Local discovery (DNS-SD)' is available to set via this policy. |
 | [Minimum RAM (inclusive) allowed to use peer caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) | DOMinRAMAllowedToPeer | 1703 | Default value is 4 GB. |
 | [Minimum disk size allowed to use peer caching](#minimum-disk-size-allowed-to-use-peer-caching) | DOMinDiskSizeAllowedToPeer | 1703 | Default value is 32 GB. |
 | [Max cache age](#max-cache-age) | DOMaxCacheAge | 1511 | Default value is 259,200 seconds (three days). |
@@ -51,16 +52,16 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz
 | [Allow uploads while the device is on battery while under set battery level](#allow-uploads-while-the-device-is-on-battery-while-under-set-battery-level) | DOMinBatteryPercentageAllowedToUpload | 1709 | Default is to not allow peering while on battery.  |
 | [Maximum foreground download bandwidth (percentage)](#maximum-foreground-download-bandwidth) | DOPercentageMaxForegroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (percentage)](#maximum-background-download-bandwidth) | DOPercentageMaxBackgroundBandwidth | 1803 | Default is '0' which will dynamically adjust. |
-| [Maximum foreground download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
+| [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
 | [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 | Default is '0' which will dynamically adjust. |
 | [Set hours to limit background download bandwidth](#set-business-hours-to-limit-background-download-bandwidth) | DOSetHoursToLimitBackgroundDownloadBandwidth | 1803 | Default isn't set. |
 | [Set hours to limit foreground download bandwidth](#set-business-hours-to-limit-foreground-download-bandwidth) |DOSetHoursToLimitForegroundDownloadBandwidth | 1803 | Default isn't set. |
 | [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) | DODelayBackgroundDownloadFromHttp | 1803 | Default isn't set. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
 | [Delay foreground download from HTTP (in secs)](#delay-foreground-download-from-http-in-secs) | DODelayForegroundDownloadFromHttp | 1803 | Default isn't set. For peering, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
-| [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | Default isn't set. For Microsoft Connected Cache content use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
-| [Delay background download Cache Server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | Default isn't set. For Microsoft Connected Cache content use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
-| [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  | Default is it has no value. |
-| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | Default is it has no value. |
+| [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | Default isn't set. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options. |
+| [Delay background download Cache Server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | Default isn't set. For Microsoft Connected Cache content, use this policy to delay the fallback to the HTTP source. [Learn more](#policies-to-prioritize-the-use-of-peer-to-peer-and-cache-server-sources) about the different delay options.|
+| [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809  | No value is set as default. |
+| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | No value is set as default. |
 | [Maximum download bandwidth](#maximum-download-bandwidth) | DOMaxDownloadBandwidth | 1607 (deprecated in Windows 10, version 2004); use [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) or [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| Default is '0' which will dynamically adjust. |
 | [Percentage of maximum download bandwidth](#percentage-of-maximum-download-bandwidth) | DOPercentageMaxDownloadBandwidth | 1607 (deprecated in Windows 10, version 2004); use [Maximum background download bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs)  or [Maximum foreground download bandwidth (in KB/s)](#maximum-foreground-download-bandwidth-in-kbs) instead)| Default is '0' which will dynamically adjust. |
 | [Maximum upload bandwidth](#max-upload-bandwidth) | DOMaxUploadBandwidth | 1607 (deprecated in Windows 10, version 2004) | Default is '0' (unlimited). |
@@ -82,7 +83,7 @@ All cached files have to be above a set minimum size. This size is automatically
 
 #### Impact to network
 
-More options available that control the impact Delivery Optimization has on your network include the following:
+More options available that control the impact Delivery Optimization has on your network include the following settings:
 
 - [Minimum Background QoS](#minimum-background-qos) lets administrators guarantee a minimum download speed for Windows updates. This setting adjusts the amount of data downloaded directly from HTTP sources, rather than other peers in the network.
 - [Maximum Foreground Download Bandwidth](#maximum-foreground-download-bandwidth) specifies the maximum foreground download bandwidth*hat Delivery Optimization uses, across all concurrent download activities, as a percentage of available download bandwidth.
@@ -94,7 +95,7 @@ More options available that control the impact Delivery Optimization has on your
 
 #### Policies to prioritize the use of Peer-to-Peer and Cache Server sources
 
-When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client will connect to both MCC and peers in parallel. If the desired content can’t be obtained from MCC or peers, Delivery Optimization will automatically fallback to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source which is the default behavior.
+When Delivery Optimization client is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client connects to both MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization will automatically fallback to the HTTP source to get the requested content. There are four settings that allow you to prioritize peer-to-peer or MCC sources by delaying the immediate fallback to HTTP source, which is the default behavior.
 
 ##### Peer-to-peer delay fallback settings
 
@@ -106,11 +107,11 @@ When Delivery Optimization client is configured to use peers and Microsoft Conne
 - [Delay foreground download Cache Server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use a cache server.
 - [Delay background download from HTTP (in secs)](#delay-background-download-from-http-in-secs) allows you to delay the use of an HTTP source in a background  download that is allowed to use a cache server.
 
-**If both peer-to-peer and MCC are configured, the peer-to-peer delay settings will take precedence over the cache server delay settings.** This allows Delivery Optimization to discover peers first then recognize the fallback setting for the MCC cache server.
+**If both peer-to-peer and MCC are configured, the peer-to-peer delay settings will take precedence over the cache server delay settings.** This setting allows Delivery Optimization to discover peers first then recognize the fallback setting for the MCC cache server.
 
 #### System resource usage
 
-Administrators can further customize scenarios where Delivery Optimization will be used with the following settings:
+Administrators can further customize scenarios where Delivery Optimization is used with the following settings:
 
 - [Minimum RAM (inclusive) allowed to use Peer Caching](#minimum-ram-inclusive-allowed-to-use-peer-caching) sets the minimum RAM required for peer caching to be enabled.
 - [Minimum disk size allowed to use Peer Caching](#minimum-disk-size-allowed-to-use-peer-caching) sets the minimum disk size required for peer caching to be enabled.
@@ -119,25 +120,26 @@ Administrators can further customize scenarios where Delivery Optimization will
 
 ### Download mode
 
+MDM Setting: **DODownloadMode**
+
 Download mode dictates which download sources clients are allowed to use when downloading Windows updates in addition to Windows Update servers. The following table shows the available download mode options and what they do. Other technical details for these policies are available in [Policy CSP - Delivery Optimization](/windows/client-management/mdm/policy-csp-deliveryoptimization).
 
 | Download mode option | Functionality when set |
 | --- | --- |
 | HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source or a Microsoft Connected Cache server. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
-| LAN (**1 – Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
+| LAN (**1 - Default**) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then try to connect to other peers on the same network by using their private subnet IP.|
 | Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
 | Internet (3) | Enable Internet peer sources for Delivery Optimization. |
 | Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable, or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience over HTTP from the download's original source or a Microsoft Connected Cache server, with no peer-to-peer caching. |
-| Bypass (100) | This option is deprecated starting in Windows 11. If you want to disable peer-to-peer functionality, it's best to set DownloadMode to (0). If your device doesn’t have internet access, set Download Mode to (99). Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You don't need to set this option if you're using Configuration Manager. |
+| Bypass (100) | Starting in Windows 11, this option is deprecated. Don't set **Download mode** to '100' (Bypass), which can cause some content to fail to download. If you want to disable peer-to-peer functionality, set DownloadMode to (0). If your device doesn't have internet access, set Download Mode to (99). When you set Bypass (100), the download bypasses Delivery Optimization and uses BITS instead. You don't need to set this option if you're using Configuration Manager. |
 
-> [!NOTE]
-> Starting in Windows 11, the Bypass option of Download Mode is deprecated.
->
 > [!NOTE]
 > When you use Azure Active Directory tenant, AD Site, or AD Domain as the source of group IDs, the association of devices participating in the group should not be relied on for an authentication of identity of those devices.
 
 ### Group ID
 
+MDM Setting: **DOGroupID**
+
 By default, peer sharing on clients using the Group download mode (option 2) is limited to the same domain in Windows 10, version 1511, and the same domain and Active Directory Domain Services site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but don't fall within those domain or Active Directory Domain Services site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example, you could create a subgroup representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to be peers. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group.
 
 >[!NOTE]
@@ -147,23 +149,29 @@ By default, peer sharing on clients using the Group download mode (option 2) is
 
 ### Select the source of Group IDs
 
+MDM Setting: **DOGroupIDSource**
+
 Starting in Windows 10, version 1803, set this policy to restrict peer selection to a specific source, when using a GroupID policy. The options are:
 
 - 0 = Not set
 - 1 = AD Site
 - 2 = Authenticated domain SID
-- 3 = DHCP Option ID (with this option, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID)
+- 3 = DHCP Option ID (with this option, the client queries DHCP Option ID 234 and use the returned GUID value as the Group ID)
 - 4 = DNS Suffix
-- 5 = Starting with Windows 10, version 1903, you can use the Azure Active Directory (AAD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
+- 5 = Starting with Windows 10, version 1903, you can use the Azure AD Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5.
 
-When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy will be ignored. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  
+When set, the Group ID is assigned automatically from the selected source. If you set this policy, the GroupID policy is ignored. The default behavior, when the GroupID or GroupIDSource policies aren't set, is to determine the Group ID using AD Site (1), Authenticated domain SID (2) or Azure AD Tenant ID (5), in that order. If GroupIDSource is set to either DHCP Option ID (3) or DNS Suffix (4) and those methods fail, the default behavior is used instead. The option set in this policy only applies to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. If you set the value to anything other than 0-5, the policy is ignored.  
 
 ### Minimum RAM (inclusive) allowed to use Peer Caching  
 
+MDM Setting: **DOMinRAMAllowedToPeer**
+
 This setting specifies the minimum RAM size in GB required to use Peer Caching. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. The recommended values are 1 to 4, and **the default value is 4 GB**.
 
 ### Minimum disk size allowed to use Peer Caching
 
+MDM Setting: **DOMinDiskSizeAllowedToPeer**
+
 This setting specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The recommended values are 64 to 256, and **the default value is 32 GB**.
 
 >[!NOTE]
@@ -171,57 +179,82 @@ This setting specifies the required minimum disk size (capacity in GB) for the d
 
 ### Max Cache Age
 
-In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers re-downloading content. When "Unlimited" value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed). **The default value is 259,200 seconds (three days)**.
+MDM Setting: **DOMaxCacheAge**
+
+In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers redownloading content. When "Unlimited" value is set, Delivery Optimization holds the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed). **The default value is 259,200 seconds (three days)**.
 
 ### Max Cache Size
 
-This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization will use up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. **The default value is 20%**.
+MDM Setting: **DOMaxCacheSize**
+
+This setting limits the maximum amount of space the Delivery Optimization cache can use as a percentage of the available drive space, from 1 to 100. For example, if you set this value to 10 on a Windows client device that has 100 GB of available drive space, then Delivery Optimization uses up to 10 GB of that space. Delivery Optimization will constantly assess the available drive space and automatically clear the cache to keep the maximum cache size under the set percentage. **The default value is 20%**.
 
 ### Absolute Max Cache Size
 
-This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the [**Max Cache Size**](#max-cache-size) setting, which is a percentage of available disk space. Also, if you configure this policy, it will override the [**Max Cache Size**](#max-cache-size) setting. **The default value is 10 GB**.
+MDM Setting: **DOAbsoluteMaxCacheSize**
+
+This setting specifies the maximum number of gigabytes the Delivery Optimization cache can use. This is different from the [**Max Cache Size**](#max-cache-size) setting, which is a percentage of available disk space. Also, if you configure this policy, it overrides the [**Max Cache Size**](#max-cache-size) setting. **The default value is 10 GB**.
 
 ### Minimum Peer Caching Content File Size
 
+MDM Setting: **DOMinFileSizeToCache**
+
 This setting specifies the minimum content file size in MB enabled to use Peer Caching. The recommended values are from 1 to 100000. **The default file size is 50 MB** to participate in peering.
 
 ### Maximum Download Bandwidth
 
+MDM Setting: **DOMaxUploadBandwidth**
+
+Deprecated in Windows 10, version 2004.
 This setting specifies the maximum download bandwidth that can be used across all concurrent Delivery Optimization downloads in kilobytes per second (KB/s). **A default value of "0"** means that Delivery Optimization will dynamically adjust and optimize the maximum bandwidth used.
 
-> [!NOTE]
-> This is the best option for low bandwidth environments.
 
 ### Maximum Foreground Download Bandwidth
 
+MDM Setting: **DOPercentageMaxForegroundBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. However, downloads from LAN peers aren't throttled even when this policy is set.
 
 ### Maximum Background Download Bandwidth
 
+MDM Setting: **DOPercentageMaxBackgroundBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for background downloads. However, downloads from LAN peers aren't throttled even when this policy is set.
 
+> [!NOTE]
+> It is recommended to use the absolute value download options 'DOMaxBackgroundDownloadBandwidth' and 'DOMaxForegroundDownloadBandwidth', rather than percentage-based options, for low bandwidth environments.
+
 ### Percentage of Maximum Download Bandwidth
 
-This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
+MDM Setting: **DOPercentageMaxDownloadBandwidth**
 
-> [!NOTE]
-> It is recommended to use the absolute value download option 'Maximum Download Bandwidth', rather than percentage-based options, for low bandwidth environments.
+Deprecated in Windows 10, version 2004.
+This setting specifies the maximum download bandwidth that Delivery Optimization can use across all concurrent download activities as a percentage of available download bandwidth. **The default value of "0"** means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
 
 ### Max Upload Bandwidth
 
+MDM Setting: **DOMaxUploadBandwidth**
+
+Deprecated in Windows 10, version 2004.
 This setting allows you to limit the number of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). **The default value is "0" or "unlimited"** which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it doesn't cap the upload bandwidth rate at a set rate.
 
 ### Set Business Hours to Limit Background Download Bandwidth
 
+MDM Setting: **DOSetHoursToLimitBackgroundDownloadBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't set.**
 
 ### Set Business Hours to Limit Foreground Download Bandwidth
 
+MDM Setting: **DOSetHoursToLimitForegroundDownloadBandwidth**
+
 Starting in Windows 10, version 1803, specifies the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. **By default, this policy isn't set.**
 
 ### Select a method to restrict peer selection
 
-Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets. **The default value in Windows 11 is set to "Local Peer Discovery"**.
+MDM Setting: **DORestrictPeerSelectionBy**
+
+Starting in Windows 10, version 1803, set this policy to restrict peer selection via selected option. In Windows 11, the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there's no peering between subnets.
 
 If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID).
 
@@ -229,40 +262,56 @@ The Local Peer Discovery (DNS-SD) option can only be set via MDM delivered polic
 
 ### Delay background download from HTTP (in secs)
 
+MDM Setting: **DODelayBackgroundDownloadFromHttp**
+
 Starting in Windows 10, version 1803, this allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't set.**
 
 ### Delay foreground download from HTTP (in secs)
 
+MDM Setting: **DODelayForegroundDownloadFromHttp**
+
 Starting in Windows 10, version 1803, allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. The maximum value is 4294967295 seconds. **By default, this policy isn't set.**
 
 ### Delay Foreground Download Cache Server Fallback (in secs)
 
-Starting in Windows 10, version 1903, allows you to delay the fallback from cache server to the HTTP source for foreground content download by X seconds. If the 'Delay foreground download from HTTP' policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**
+MDM Setting: **DelayCacheServerFallbackForeground**
 
-By default this policy isn't set. So,
+Starting in Windows 10, version 1903, allows you to delay the fallback from cache server to the HTTP source for foreground content download by X seconds. If the 'Delay foreground download from HTTP policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**
 
 ### Delay Background Download Cache Server Fallback (in secs)
 
+MDM Setting: **DelayCacheServerFallbackBackground**
+
 Starting in Windows 10, version 1903, set this policy to delay the fallback from cache server to the HTTP source for a background content download by X seconds. If the 'Delay background download from HTTP' policy is set, it will apply first (to allow downloads from peers) and then this policy will be applied. **By default, this policy isn't set.**
 
 ### Minimum Background QoS
 
-This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources. The lower this value is, the more content will be sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**
+MDM Setting: **DOMinBackgroundQoS**
+
+This value specifies the minimum download speed guarantee that a client attempts to achieve and will fulfill by downloading more kilobytes from HTTP sources. The lower this value is, the more content is sourced using peers on the network rather than HTTP sources. The higher this value, the more content is received from HTTP sources, versus peers on the local network. **The default value is 2500 KB/s.**
 
 ### Modify Cache Drive
 
+MDM Setting: **DOModifyCacheDrive**
+
 This setting allows for an alternate Delivery Optimization cache location on the clients. **By default, the cache is stored on the operating system drive through the %SYSTEMDRIVE% environment variable.** You can set the value to an environment variable (for example, %SYSTEMDRIVE%), a drive letter (for example, D:), or a folder path (for example, D:\DOCache).
 
 ### Monthly Upload Data Cap
 
+MDM Setting: **DOMonthlyUploadDataCap**
+
 This setting specifies the total amount of data in gigabytes that a Delivery Optimization client can upload to Internet peers per month. A value of "0" means that an unlimited amount of data can be uploaded. **The default value for this setting is 20 GB.**
 
 ### Enable Peer Caching while the device connects via VPN
 
-This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. **By default, if a VPN connection is detected, peering isn't allowed.** Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. The device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
+MDM Setting: **DOAllowVPNPeerCaching**
+
+This setting determines whether a device will be allowed to participate in Peer Caching while connected to VPN. **By default, if a VPN connection is detected, peering isn't allowed, except when the 'Local Discovery' (DNS-SD) option is chosen.** Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. The device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
 
 ### Allow uploads while the device is on battery while under set Battery level
 
+MDM Setting: **DOMinBatteryPercentageAllowedToUpload**
+
 This setting specifies battery levels at which a device will be allowed to upload data. Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on DC power (Battery). Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set if you allow uploads on battery is 40 (for 40%).
 The device can download from peers while on battery regardless of this policy.
 
@@ -271,19 +320,23 @@ The device can download from peers while on battery regardless of this policy.
 
 ### Cache Server Hostname
 
-Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.**
+MDM Setting: **DOCacheHost**
+
+Set this policy to designate one or more Microsoft Connected Cache servers to be used by Delivery Optimization. You can set one or more FQDNs or IP Addresses that are comma-separated, for example: myhost.somerandomhost.com,myhost2.somerandomhost.com,10.10.1.7. **By default, this policy has no value.** Delivery Optimization client will connect to the listed Microsoft Connected Cache servers in the order as they are listed. When multiple FQDNs or IP Addresses are listed, the Microsoft Connected Cache server priority order is determined based on the order as they are listed. If the first server fails, it will move the the next one. When the last server fails, it will fallback to the CDN.
 
 >[!IMPORTANT]
 > Any value will signify that the policy is set. For example, an empty string ("") isn't considered empty.
 
 ### Cache Server Hostname Source
 
+MDM Setting: **DOCacheHostSource**
+
 This policy allows you to specify how your client(s) can discover Delivery Optimization in Network Cache servers dynamically. There are two options:
 
 - 1 = DHCP Option 235.
 - 2 = DHCP Option 235 Force.
 
-With either option, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. **By default, this policy has no value.**
+With either option, the client queries DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if set. **By default, this policy has no value.**
 
 Set this policy to designate Delivery Optimization in Network Cache servers through a custom DHCP Option. Specify the custom DHCP option on your DHCP server as *text* type. You can add one or more values as either fully qualified domain names (FQDN) or IP addresses. To add multiple values, separate each FQDN or IP address with commas.
 
@@ -292,12 +345,16 @@ Set this policy to designate Delivery Optimization in Network Cache servers thro
 
 ### Maximum Foreground Download Bandwidth (in KB/s)
 
+MDM Setting: **DOMaxForegroundDownloadBandwidth**
+
 Specifies the maximum foreground download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization.
 
 **The default value of "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.**
 
 ### Maximum Background Download Bandwidth (in KB/s)
 
+MDM Setting: **DOMaxBackgroundDownloadBandwidth**
+
 Specifies the maximum background download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization.
 
 **The default value "0" means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.**
diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md
index 04c0b9e893..61df7a10d6 100644
--- a/windows/deployment/do/waas-delivery-optimization-setup.md
+++ b/windows/deployment/do/waas-delivery-optimization-setup.md
@@ -26,15 +26,15 @@ ms.collection: tier3
 
 You can use Group Policy or an MDM solution like Intune to configure Delivery Optimization.
 
-You'll find the Delivery Optimization settings in Group Policy under **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization**.
+You find the Delivery Optimization settings in Group Policy under **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization**.
 
 Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](/mem/intune/configuration/delivery-optimization-windows).
 
-**Starting with Windows 10, version 1903**, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this set the value for [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) to its new maximum value of 5.
+**Starting with Windows 10, version 1903**, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To set the value for [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) to its new maximum value of 5.
 
 ## Allow service endpoints
 
-When using a firewall, it's important that the Delivery Optimization Service endpoints are allowed and associated ports are open. For more information, see [Delivery Optimization FAQ](waas-delivery-optimization-faq.yml#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization) for more information.
+When using a firewall, it's important that the Delivery Optimization Service endpoints are allowed and associated ports are open. For more information, see [Delivery Optimization FAQ](waas-delivery-optimization-faq.yml#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization).
 
 ## Allow content endpoints
 
@@ -42,9 +42,9 @@ When using a firewall, it's important that the content endpoints are allowed and
 
 ## Recommended Delivery Optimization settings
 
-Delivery Optimization offers a great many settings to fine-tune its behavior (see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list), but for the most efficient performance, there are just a few key parameters that will have the greatest impact if particular situations exist in your deployment. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
+Delivery Optimization offers a great many settings to fine-tune its behavior see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list, but for the most efficient performance, there are just a few key parameters that have the greatest impact if particular situations exist in your deployment. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
 
-- Does your topology include multiple breakouts to the internet (i.e., a "hybrid WAN") or are there only a few connections to the internet, so that all requests appear to come from a single external IP address (a "hub and spoke" topology)?
+- Does your topology include multiple breakouts to the internet that is, a "hybrid WAN" or are there only a few connections to the internet, so that all requests appear to come from a single external IP address a "hub and spoke" topology?
 - If you use boundary groups in your topology, how many devices are present in a given group?
 - What percentage of your devices are mobile?
 - Do your devices have a lot of free space on their drives?
@@ -69,17 +69,17 @@ Quick-reference table:
 
 For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group, when the GroupID or GroupIDSource policies aren't set, is the AD Site (1), Authenticated domain SID (2) or AAD Tenant ID (5), in that order. If your domain-based group is too wide, or your Active Directory sites aren't aligned with your site network topology, then you should consider other options for dynamically creating groups, for example by using the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) policy.
 
-To do this in Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
+In Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
 
-To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to 1 or 2.
+Using with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to 1 or 2.
 
 ### Hub and spoke topology with boundary groups
 
-The default download mode setting is **1**; this means all devices breaking out to the internet using the same public IP will be considered as a single peer group. To prevent peer-to-peer activity across your WAN, you should set the download mode to **2**. If you have already defined Active Directory sites per hub or branch office, then you don't need to do anything else since those will be used by default as the source for creation of Group IDs. If you're not using Active Directory sites, you should set a different source for Groups by using the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) options or the [DORestrictPeerSelectionBy](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection) policy to restrict the activity to the subnet.
+The default download mode setting is **1**; this means all devices breaking out to the internet using the same public IP is considered as a single peer group. To prevent peer-to-peer activity across your WAN, you should set the download mode to **2**. If you have already defined Active Directory sites per hub or branch office, then you don't need to do anything else since the Active Directory sites are used by default as the source for creation of Group IDs. If you're not using Active Directory sites, you should set a different source for Groups by using the [DOGroupIDSource](waas-delivery-optimization-reference.md#select-the-source-of-group-ids) options or the [DORestrictPeerSelectionBy](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection) policy to restrict the activity to the subnet.
 
-To do this in Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
+With Group Policy go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Download mode** to **2**.
 
-To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to **2**.
+Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DODownloadMode](/windows/client-management/mdm/policy-csp-deliveryoptimization#dodownloadmode) to **2**.
 
 > [!NOTE]
 > For more information about using Delivery Optimization with Configuration Manager boundary groups, see [Delivery Optimization for Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#delivery-optimization).
@@ -88,39 +88,28 @@ To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimiza
 
 If you have a mobile workforce with a great many mobile devices, set Delivery Optimization to allow uploads on battery power, while limiting the use to prevent battery drain. A setting for **DOMinBatteryPercentageAllowedToUpload** of 60% is a good starting point, though you might want to adjust it later.
 
-To do this in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60.
+With Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Allow uploads while the device is on battery while under set Battery level** to 60.
 
-To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominbatterypercentageallowedtoupload) to 60.
+Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominbatterypercentageallowedtoupload) to 60.
 
 ### Plentiful free space and large numbers of devices
 
-Many devices now come with large internal drives. You can set Delivery Optimization to take better advantage of this space (especially if you have large numbers of devices) by changing the minimum file size to cache. If you've more than 30 devices in your local network or group, change it from the default 50 MB to 10 MB. If you've more than 100 devices (and are running Windows 10, version 1803 or later), set this value to 1 MB.
+Many devices now come with large internal drives. You can set Delivery Optimization to take better advantage of this space (especially if you have large numbers of devices) by changing the minimum file size to cache. If you have more than 30 devices in your local network or group, change it from the default 50 MB to 10 MB. If you have more than 100 devices (and are running Windows 10, version 1803 or later), set this value to 1 MB.
 
-To do this in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 10 (if you've more than 30 devices) or 1 (if you've more than 100 devices).
+With Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Minimum Peer Caching Content File Size** to 10 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
 
-To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinFileSizeToCache](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominfilesizetocache) to 100 (if you've more than 30 devices) or 1 (if you've more than 100 devices).
+Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMinFileSizeToCache](/windows/client-management/mdm/policy-csp-deliveryoptimization#dominfilesizetocache) to 100 (if you have more than 30 devices) or 1 (if you have more than 100 devices).
 
 ### Lab scenario
 
-In a lab situation, you typically have a large number of devices that are plugged in and have a lot of free disk space. By increasing the content expiration interval, you can take advantage of these devices, using them as excellent upload sources in order to upload much more content over a longer period.
+In a lab situation, you typically have a large number of devices that are plugged in and have a lot of free disk space. By increasing the content expiration interval, you can take advantage of these devices, using them as excellent upload sources in order to upload more content over a longer period.
 
-To do this in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **604800** (7 days) or more (up to 30 days).
+With Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization** and set **Max Cache Age** to **604800** (7 days) or more (up to 30 days).
 
-To do this with MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMaxCacheAge](/windows/client-management/mdm/policy-csp-deliveryoptimization#domaxcacheage) to 7 or more (up to 30 days).
+Using MDM, go to **./Device/Vendor/MSFT/Policy/Config/DeliveryOptimization/** and set [DOMaxCacheAge](/windows/client-management/mdm/policy-csp-deliveryoptimization#domaxcacheage) to 7 or more (up to 30 days).
 
 [Learn more](delivery-optimization-test.md) about Delivery Optimization testing scenarios.
 
-<!--Using include file, waas-delivery-optimization-monitor.md, for shared content on DO monitoring-->
-[!INCLUDE [Monitor Delivery Optimization](includes/waas-delivery-optimization-monitor.md)]
-
-### Monitor with Windows Update for Business Delivery Optimization Report
-
-Windows Update for Business Delivery Optimization Report provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer, Microsoft Connected Cache (MCC), HTTP source/CDN distribution over the past 28 days.
-
-:::image type="content" source="/windows/deployment/update/images/wufb-do-overview.png" alt-text="This screenshot shows the Windows Update for Business report, Delivery Optimization status in Update Compliance." lightbox="/windows/deployment/update/images/wufb-do-overview.png":::
-
-For details, see [Windows Update for Business Delivery Optimization Report](../update/wufb-reports-overview.md).
-
 ## Troubleshooting
 
 This section summarizes common problems and some solutions to try.
@@ -140,7 +129,7 @@ Try these steps:
 
 1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DODownloadMode](waas-delivery-optimization-reference.md#download-mode) setting. For peering to work, download mode should be 1, 2, or 3.
-3. If the download mode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
+3. If the download mode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.prod.do.dsp.mp.microsoft.com**.
 
 ### The cloud service doesn't see other peers on the network
 
@@ -148,8 +137,8 @@ Try these steps:
 
 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads.
 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1 or 2 on both devices.
-3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero.
-4. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**, to fix this.
+3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be nonzero.
+4. If the number of peers is zero and **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices aren't reporting the same public IP address, configure **[DODownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[DOGroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**.
 
 > [!NOTE]
 > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of potential peers per file, including which peers are successfully connected and the total bytes sent or received from each peer.
diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md
index 94d89f77a1..14d8a8a7d9 100644
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@@ -12,6 +12,7 @@ ms.collection:
   - highpri
 ms.topic: overview
 ms.date: 12/31/2017
+ms.reviewer: mstewart
 ---
 
 # What is Delivery Optimization?
@@ -23,9 +24,9 @@ ms.date: 12/31/2017
 
 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the Download Center [for Windows 11](https://www.microsoft.com/en-us/download/details.aspx?id=104594) or [for Windows 10](https://www.microsoft.com/en-us/download/details.aspx?id=104678).
 
-Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. Delivery Optimization is a reliable HTTP downloader with a cloud-managed solution that allows Windows devices to download those packages from alternate sources if desired (such as other devices on the network and/or a dedicated cache server) in addition to the traditional internet-based servers (referred to as 'HTTP sources' throughout Delivery Optimization documents). You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment however, the use of peer-to-peer is completely optional.
+Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. Delivery Optimization is a reliable HTTP downloader with a cloud-managed solution that allows Windows devices to download those packages from alternate sources if desired (such as other devices on the network and/or a dedicated cache server) in addition to the traditional internet-based servers (referred to as 'HTTP sources' throughout Delivery Optimization documents). You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment however, the use of peer-to-peer is optional.
 
-To use either the peer-to-peer functionality or the Microsoft Connected Cache features, devices must have access to the Internet and Delivery Optimization cloud services. When Delivery Optimization is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client will connect to MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization will seamlessly fall back to the HTTP source to get the requested content.
+To use either the peer-to-peer functionality or the Microsoft Connected Cache features, devices must have access to the Internet and Delivery Optimization cloud services. When Delivery Optimization is configured to use peers and Microsoft Connected Cache (MCC), to achieve the best possible content delivery experience, the client connects to MCC and peers in parallel. If the desired content can't be obtained from MCC or peers, Delivery Optimization seamlessly falls back to the HTTP source to get the requested content.
 
 You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Microsoft Intune/Windows Update for Business, or Microsoft Configuration Manager (when installation of Express Updates is enabled).
 
@@ -50,9 +51,9 @@ The following table lists the minimum Windows 10 version that supports Delivery
 
 | Windows Client | Minimum Windows version | HTTP Downloader | Peer to Peer | Microsoft Connected Cache (MCC)
 |------------------|---------------|----------------|----------|----------------|
-| Windows Update (feature updates quality updates, language packs, drivers) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Windows 10 Store files | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
-| Windows 10 Store for Business files | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Windows Update ([feature updates quality updates, language packs, drivers](../update/get-started-updates-channels-tools.md#types-of-updates)) | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Windows 10 Store apps | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
+| Windows 10 Store for Business apps | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Windows Defender definition updates | Windows 10 1511, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
 | Intune Win32 apps| Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark:  | :heavy_check_mark: |
 | Microsoft 365 Apps and updates | Windows 10 1709, Windows 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index 7b4290c2a6..398ef9a635 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -10,6 +10,7 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 05/09/2023
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
 # What is Microsoft Connected Cache?
@@ -23,8 +24,9 @@ ms.collection: tier3
 > Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 Microsoft Connected Cache is a software-only caching solution that delivers Microsoft content. Microsoft Connected Cache has two main offerings:
-- Microsoft Connected Cache for Internet Service Providers 
-- Microsoft Connected Cache for Enterprise and Education (early preview). 
+
+- Microsoft Connected Cache for Internet Service Providers
+- Microsoft Connected Cache for Enterprise and Education (early preview)
 
 Both products are created and managed in the cloud portal.
 
@@ -33,7 +35,7 @@ Both products are created and managed in the cloud portal.
 > [!NOTE]
 > Microsoft Connected Cache for Internet Service Providers is now in public preview. To onboard, follow the instructions in the [Operator sign up and service onboarding](mcc-isp-signup.md) article.
 
-Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. Learn more at [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md). 
+Microsoft Connected Cache (MCC) for Internet Service Providers is currently in preview. MCC can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, MCC can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. Learn more at [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md).
 
 ## Microsoft Connected Cache for Enterprise and Education (early preview)
 
diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md
index c3d46c8e64..e8fa21b8c3 100644
--- a/windows/deployment/do/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/do/waas-optimize-windows-10-updates.md
@@ -3,8 +3,9 @@ title: Optimize Windows update delivery
 description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: mestew
-ms.author: mstewart
+ms.author: carmenf
+author: cmknox
+ms.reviewer: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
diff --git a/windows/deployment/do/whats-new-do.md b/windows/deployment/do/whats-new-do.md
index 87d135c896..6236a48963 100644
--- a/windows/deployment/do/whats-new-do.md
+++ b/windows/deployment/do/whats-new-do.md
@@ -10,9 +10,10 @@ ms.topic: article
 ms.technology: itpro-updates
 ms.date: 12/31/2017
 ms.collection: tier3
+ms.reviewer: mstewart
 ---
 
-# What's new in Delivery Optimization 
+# What's new in Delivery Optimization
 
 **Applies to**
 
@@ -25,14 +26,19 @@ Microsoft Connected Cache (MCC) is a software-only caching solution that deliver
 
 For more information about MCC, see [Microsoft Connected Cache overview](waas-microsoft-connected-cache.md).
 
-## New in Delivery Optimization for Windows 10, version 20H2 and Windows 11
+There are two different versions:
 
-- New peer selection options: Currently the available options include: 0 = None, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)."
-- Local Peer Discovery: a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If Group mode is enabled, Delivery Optimization will connect to locally discovered peers that are also part of the same group, for those devices with the same Group ID).
+- [Microsoft Connected Cache for Enterprise and Education](mcc-ent-edu-overview.md)
+- [Microsoft Connected Cache for ISPs](mcc-isp-overview.md).
+
+## New in Delivery Optimization for Windows
+
+- Delivery Optimization introduced support for receiver side ledbat (rLedbat) in Windows 11 22H2.
+
+- New peer selection options: Currently the available options include: 0 = None, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization connects to locally discovered peers that are also part of the same Group (have the same Group ID)."
+- Local Peer Discovery: a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization restricts peer selection to peers that are locally discovered (using DNS-SD). If Group mode is enabled, Delivery Optimization connects to locally discovered peers that are also part of the same group, for those devices with the same Group ID).
 
 > [!NOTE]
 > The Local Peer Discovery (DNS-SD, [RFC 6763](https://datatracker.ietf.org/doc/html/rfc6763)) option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**. For more information, see [Delivery Optimization reference](waas-delivery-optimization-reference.md).
 
 - Starting with Windows 11, the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used.
-
-
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index 90f5217061..d718ec36aa 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -39,7 +39,7 @@
         "tier2"
       ],
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
       "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
diff --git a/windows/deployment/images/icons/command-line-18.svg b/windows/deployment/images/icons/command-line-18.svg
new file mode 100644
index 0000000000..7e1f7de9c2
--- /dev/null
+++ b/windows/deployment/images/icons/command-line-18.svg
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg width="18" height="18" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M0 13H16V6H2C0.9 6 0 6.9 0 8V13Z" fill="#CCCCCC"/>
+<path d="M32 6H16V13H32V6Z" fill="#999999"/>
+<path d="M48 13H32V6H46C47.1 6 48 6.9 48 8V13Z" fill="#666666"/>
+<path d="M46 42H2C0.9 42 0 41.1 0 40V12H48V40C48 41.1 47.1 42 46 42Z" fill="url(#paint0_linear)"/>
+<g filter="url(#filter0_dd)">
+<path d="M15.2 24.3L6.39999 33.1C5.89999 33.6 5.89999 34.3 6.39999 34.7L8.19999 36.5C8.69999 37 9.4 37 9.8 36.5L18.6 27.7C19.1 27.2 19.1 26.5 18.6 26.1L16.8 24.3C16.4 23.9 15.6 23.9 15.2 24.3Z" fill="url(#paint1_linear)"/>
+<mask id="mask0" mask-type="alpha" maskUnits="userSpaceOnUse" x="6" y="24" width="13" height="13">
+<path d="M15.2 24.3L6.39999 33.1C5.89999 33.6 5.89999 34.3 6.39999 34.7L8.19999 36.5C8.69999 37 9.4 37 9.8 36.5L18.6 27.7C19.1 27.2 19.1 26.5 18.6 26.1L16.8 24.3C16.4 23.9 15.6 23.9 15.2 24.3Z" fill="url(#paint2_linear)"/>
+</mask>
+<g mask="url(#mask0)">
+<g filter="url(#filter1_dd)">
+<path d="M9.8 17.3L18.6 26.1C19.1 26.6 19.1 27.3 18.6 27.7L16.8 29.5C16.3 30 15.6 30 15.2 29.5L6.39999 20.7C5.89999 20.2 5.89999 19.5 6.39999 19.1L8.19999 17.3C8.59999 16.9 9.4 16.9 9.8 17.3Z" fill="url(#paint3_linear)"/>
+</g>
+</g>
+<path d="M9.8 17.3L18.6 26.1C19.1 26.6 19.1 27.3 18.6 27.7L16.8 29.5C16.3 30 15.6 30 15.2 29.5L6.39999 20.7C5.89999 20.2 5.89999 19.5 6.39999 19.1L8.19999 17.3C8.59999 16.9 9.4 16.9 9.8 17.3Z" fill="url(#paint4_linear)"/>
+</g>
+<g filter="url(#filter2_dd)">
+<path d="M40 32H24C23.4 32 23 32.4 23 33V36C23 36.6 23.4 37 24 37H40C40.6 37 41 36.6 41 36V33C41 32.4 40.6 32 40 32Z" fill="url(#paint5_linear)"/>
+</g>
+<defs>
+<filter id="filter0_dd" x="3.02499" y="15" width="18.95" height="25.875" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="0.5"/>
+<feGaussianBlur stdDeviation="0.5"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.1 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="1"/>
+<feGaussianBlur stdDeviation="1.5"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.2 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow" result="effect2_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect2_dropShadow" result="shape"/>
+</filter>
+<filter id="filter1_dd" x="3.02499" y="15" width="18.95" height="18.875" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="0.5"/>
+<feGaussianBlur stdDeviation="0.5"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.1 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="1"/>
+<feGaussianBlur stdDeviation="1.5"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.2 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow" result="effect2_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect2_dropShadow" result="shape"/>
+</filter>
+<filter id="filter2_dd" x="20" y="30" width="24" height="11" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="0.5"/>
+<feGaussianBlur stdDeviation="0.5"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.1 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0"/>
+<feOffset dy="1"/>
+<feGaussianBlur stdDeviation="1.5"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.2 0"/>
+<feBlend mode="normal" in2="effect1_dropShadow" result="effect2_dropShadow"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect2_dropShadow" result="shape"/>
+</filter>
+<linearGradient id="paint0_linear" x1="36.4462" y1="47.8257" x2="11.8217" y2="5.1748" gradientUnits="userSpaceOnUse">
+<stop stop-color="#333333"/>
+<stop offset="1" stop-color="#4D4D4D"/>
+</linearGradient>
+<linearGradient id="paint1_linear" x1="14.5276" y1="33.9959" x2="10.4841" y2="26.9924" gradientUnits="userSpaceOnUse">
+<stop stop-color="#999999"/>
+<stop offset="1" stop-color="#B3B3B3"/>
+</linearGradient>
+<linearGradient id="paint2_linear" x1="14.5276" y1="33.9959" x2="10.4841" y2="26.9924" gradientUnits="userSpaceOnUse">
+<stop stop-color="#999999"/>
+<stop offset="1" stop-color="#B3B3B3"/>
+</linearGradient>
+<linearGradient id="paint3_linear" x1="16.2747" y1="30.0336" x2="8.73699" y2="16.9781" gradientUnits="userSpaceOnUse">
+<stop stop-color="#CCCCCC"/>
+<stop offset="1" stop-color="#E6E6E6"/>
+</linearGradient>
+<linearGradient id="paint4_linear" x1="16.2747" y1="30.0336" x2="8.73699" y2="16.9781" gradientUnits="userSpaceOnUse">
+<stop stop-color="#CCCCCC"/>
+<stop offset="1" stop-color="#E6E6E6"/>
+</linearGradient>
+<linearGradient id="paint5_linear" x1="35.1496" y1="39.9553" x2="28.8504" y2="29.0447" gradientUnits="userSpaceOnUse">
+<stop stop-color="#CCCCCC"/>
+<stop offset="1" stop-color="#E6E6E6"/>
+</linearGradient>
+</defs>
+</svg>
diff --git a/windows/deployment/images/icons/powershell-18.svg b/windows/deployment/images/icons/powershell-18.svg
new file mode 100644
index 0000000000..ab2d5152ca
--- /dev/null
+++ b/windows/deployment/images/icons/powershell-18.svg
@@ -0,0 +1,20 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
+  <defs>
+    <linearGradient id="a24f9983-911f-4df7-920f-f964c8c10f82" x1="9" y1="15.834" x2="9" y2="5.788" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#32bedd" />
+      <stop offset="0.175" stop-color="#32caea" />
+      <stop offset="0.41" stop-color="#32d2f2" />
+      <stop offset="0.775" stop-color="#32d4f5" />
+    </linearGradient>
+  </defs>
+  <title>MsPortalFx.base.images-10</title>
+  <g id="a7ef0482-71f2-4b7e-b916-b1c754245bf1">
+    <g>
+      <path d="M.5,5.788h17a0,0,0,0,1,0,0v9.478a.568.568,0,0,1-.568.568H1.068A.568.568,0,0,1,.5,15.266V5.788A0,0,0,0,1,.5,5.788Z" fill="url(#a24f9983-911f-4df7-920f-f964c8c10f82)" />
+      <path d="M1.071,2.166H16.929a.568.568,0,0,1,.568.568V5.788a0,0,0,0,1,0,0H.5a0,0,0,0,1,0,0V2.734A.568.568,0,0,1,1.071,2.166Z" fill="#0078d4" />
+      <path d="M4.292,7.153h.523a.167.167,0,0,1,.167.167v3.858a.335.335,0,0,1-.335.335H4.125a0,0,0,0,1,0,0V7.321a.167.167,0,0,1,.167-.167Z" transform="translate(-5.271 5.967) rotate(-45.081)" fill="#f2f2f2" />
+      <path d="M4.32,9.647h.523a.167.167,0,0,1,.167.167v4.131a0,0,0,0,1,0,0H4.488a.335.335,0,0,1-.335-.335v-3.8a.167.167,0,0,1,.167-.167Z" transform="translate(-0.504 23.385) rotate(-135.081)" fill="#e6e6e6" />
+      <rect x="7.221" y="12.64" width="4.771" height="1.011" rx="0.291" fill="#f2f2f2" />
+    </g>
+  </g>
+</svg>
\ No newline at end of file
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index c2e2672c36..b72aa8d9ad 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -60,8 +60,6 @@ landingContent:
             url: /mem/autopilot
           - text: Assign devices to servicing channels
             url: update/waas-servicing-channels-windows-10-updates.md
-          - text: Deploy Windows updates with Configuration Manager
-            url: update/deploy-updates-configmgr.md
  
   # Card
   - title: Overview
diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md
deleted file mode 100644
index 07cf3c224a..0000000000
--- a/windows/deployment/planning/act-technical-reference.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10)
-description: The Microsoft Application Compatibility Toolkit (ACT) helps you see if the apps and devices in your org are compatible with different versions of Windows.
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Application Compatibility Toolkit (ACT) Technical Reference
-
-
-**Applies to**
-- Windows 10, version 1607
- 
->[!IMPORTANT]
->We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with [Windows Analytics](/mem/configmgr/desktop-analytics/overview), a solution in the Microsoft Operations Management Suite. Windows Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
-
-Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft's experience upgrading millions of devices to Windows 10. 
-
-With Windows diagnostic data enabled, Windows Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. 
-
-Use Windows Analytics to get:
-- A visual workflow that guides you from pilot to production
-- Detailed computer and application inventory
-- Powerful computer level search and drill-downs 
-- Guidance and insights into application and driver compatibility issues, with suggested fixes 
-- Data driven application rationalization tools
-- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-- Data export to commonly used software deployment tools, including Microsoft Configuration Manager
-
-The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
-
-At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatibility Administrator, which helps you to resolve potential compatibility issues.
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Standard User Analyzer (SUA) User's Guide](sua-users-guide.md) |The Standard User Analyzer (SUA) helps you test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. |
-|[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) |The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. |
-|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. |
diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md
deleted file mode 100644
index 4d26878cb9..0000000000
--- a/windows/deployment/planning/index.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Plan for Windows 10 deployment (Windows 10)
-description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: article
-ms.technology: itpro-deploy
-ms.date: 10/28/2022
----
-
-# Plan for Windows 10 deployment
-Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. Together, these changes require that you rethink the traditional deployment process.
-
-## In this section
-|Topic |Description |
-|------|------------|
-|[Windows 10 Enterprise: FAQ for IT professionals](windows-10-enterprise-faq-itpro.yml) | Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise. |
-|[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
-|[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
-|[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
-|[Features removed or planned for replacement](/windows/whats-new/feature-lifecycle) |Information is provided about Windows features and functionality that are removed or planned for replacement. |
-|[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. |
-
-## Related topics
-- [Windows 10 servicing options for updates and upgrades](../update/index.md)
-- [Deploy Windows 10 with MDT](../deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-- [Upgrade to Windows 10 with MDT](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Upgrade to Windows 10 with Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
-- [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
- 
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
index 29746b5180..4332f5785a 100644
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@@ -94,22 +94,6 @@ As of the date of publication, the following are the USB drives currently certif
 - IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws))
 - IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws))
 - Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
-- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
-
-    We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace.
-
-- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
-
-    > [!IMPORTANT]
-    > You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go, see [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720).
-
-
-- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
-
-    > [!TIP]
-    > This device contains an embedded smart card.
-
-     
 
 -   Super Talent Express RC4 for Windows To Go
 
@@ -168,4 +152,4 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your Wi
 [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
 [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
 [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
-[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
\ No newline at end of file
+[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index a0f9346acc..72d37a8849 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -2,20 +2,23 @@
 title: Windows Updates using forward and reverse differentials
 description: A technique to produce compact software updates optimized for any origin and destination revision pair
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 08/21/2021
 ---
 
 # Windows Updates using forward and reverse differentials
 
-Windows 10 monthly quality updates are cumulative, containing all previously
+Windows monthly quality updates are cumulative, containing all previously
 released fixes to ensure consistency and simplicity. For an operating system
-platform like Windows 10, which stays in support for multiple years, the size of
+platform like Windows, which stays in support for multiple years, the size of
 monthly quality updates can quickly grow large, thus directly impacting network
 bandwidth consumption.
 
@@ -23,8 +26,8 @@ Today, this problem is addressed by using express downloads, where differential
 downloads for every changed file in the update are generated based on selected
 historical revisions plus the base version. In this paper, we introduce a new
 technique to build compact software update packages that are applicable to any
-revision of the base version, and then describe how Windows 10 quality updates
-uses this technique.
+revision of the base version, and then describe how Windows quality updates
+use this technique.
 
 ## General Terms
 
@@ -65,45 +68,44 @@ numerous advantages:
 - Efficient to install
 - Redistributable
 
-Historically, download sizes of Windows 10 quality updates (Windows 10, version 1803 and older supported versions of Windows 10) are optimized by using express download. Express download is optimized such that updating Windows 10 systems will download the minimum number of bytes. This is achieved by generating differentials for every updated file based on selected historical base revisions of the same file + its base or RTM version.
+Historically, download sizes of Windows quality updates (Windows 10, version 1803 and older supported versions of Windows 10) were optimized by using express download. Express download is optimized such that updating Windows systems download the minimum number of bytes. This is achieved by generating differentials for every updated file based on selected historical base revisions of the same file + its base or RTM version.
 
-For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
+For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as express download files) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device applying express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
 
-The flip side of express download is that the size of PSF files can be very large depending on the number of historical baselines against which differentials were calculated. Downloading and caching large PSF files to on-premises or remote update distribution servers is problematic for most organizations, hence they are unable to leverage express updates to keep their fleet of devices running Windows 10 up to date. Secondly, due to the complexity of generating differentials and size of the express files that need to be cached on update distribution servers, it is only feasible to generate express download files for the most common baselines, thus express updates are only applicable to selected baselines. Finally, calculation of optimal differentials is expensive in terms of system memory utilization, especially for low-cost systems, impacting their ability to download and apply an update seamlessly.
+The flip side of express download is that the size of PSF files can be large depending on the number of historical baselines against which differentials were calculated. Downloading and caching large PSF files to on-premises or remote update distribution servers is problematic for most organizations, hence they're unable to use express updates to keep their fleet of devices running Windows up to date. Secondly, due to the complexity of generating differentials and size of the express files that need to be cached on update distribution servers, it's only feasible to generate express download files for the most common baselines, thus express updates are only applicable to selected baselines. Finally, calculation of optimal differentials is expensive in terms of system memory utilization, especially for low-cost systems, impacting their ability to download and apply an update seamlessly.
 
-In the following sections, we describe how Windows 10 quality updates will leverage this technique based on forward and reverse differentials for newer releases of Windows 10 and Windows Server to overcome the challenges with express downloads.
+In the following sections, we describe how quality updates use this technique based on forward and reverse differentials for newer releases of Windows  and Windows Server to overcome the challenges with express downloads.
 
 ## High-level Design
 
 ### Update packaging
 
-Windows 10 quality update packages will contain forward differentials from quality update RTM baselines (∆RTM→N) and reverse differentials back to RTM (∆N→RTM) for each file that has changed since RTM. By using the RTM version as the baseline, we ensure that all devices will have an identical payload. Update package metadata, content manifests, and forward and reverse differentials will be packaged into a cabinet file (.cab). This .cab file, and the applicability logic, will also be wrapped in Microsoft Standalone Update (.msu) format.
+Windows quality update packages contain forward differentials from quality update RTM baselines (∆RTM→N) and reverse differentials back to RTM (∆N→RTM) for each file that has changed since RTM. By using the RTM version as the baseline, we ensure that all devices have an identical payload. Update package metadata, content manifests, and forward and reverse differentials are packaged into a cabinet file (.cab). This .cab file, and the applicability logic, will also be wrapped in Microsoft Standalone Update (.msu) format.
 
-There can be cases where new files are added to the system during servicing. These files will not have RTM baselines, thus forward and reverse differentials cannot be used. In these scenarios, null differentials will be used to handle servicing. Null differentials are the slightly compressed and optimized version of the full binaries. Update packages can have either forward or reverse differentials, or null differential of any given binary in them. The following image symbolizes the content of a Windows 10 quality update installer:
+There can be cases where new files are added to the system during servicing. These files won't have RTM baselines, thus forward and reverse differentials can't be used. In these scenarios, null differentials are used to handle servicing. Null differentials are the slightly compressed and optimized version of the full binaries. Update packages can have either forward or reverse differentials, or null differential of any given binary in them. The following image symbolizes the content of a Windows quality update installer:
 
 ![Outer box labeled .msu containing two sub-boxes: 1) Applicability Logic, 2) box labeled .cab containing four sub-boxes: 1) update metadata, 2) content manifests, 3) delta sub RTM transform to sub N (file 1, file2, etc.), and 4) delta sub N transform to RTM (file 1, file 2, etc.).](images/PSF4.png)
 
 ### Hydration and installation 
 
-Once the usual applicability checks are performed on the update package and are determined to be applicable, the Windows component servicing infrastructure will hydrate the full files during pre-installation and then proceed with the usual installation process.
+Once the usual applicability checks are performed on the update package and are determined to be applicable, the Windows component servicing infrastructure hydrates the full files during preinstallation and then proceeds with the usual installation process.
 
-Below is a high-level sequence of activities that the component servicing infrastructure will run in a transaction to complete installation of the update:
+Below is a high-level sequence of activities that the component servicing infrastructure runs in a transaction to complete installation of the update:
 
 - Identify all files that are required to install the update.
 - Hydrate each of necessary files using current version (V<sub>N</sub>) of the file, reverse differential (V<sub>N</sub>--->RTM) of the file back to quality update RTM/base version and forward differential (V<sub>RTM</sub>--->R) from feature update RTM/base version to the target version. Also, use null differential hydration to hydrate null compressed files.
-- Stage the hydrated files (full file), forward differentials (under ‘f’ folder) and reverse differentials (under ‘r’ folder) or null compressed files (under ‘n’ folder) in the component store (%windir%\\WinSxS folder).
+- Stage the hydrated files (full file), forward differentials (under `f` folder) and reverse differentials (under `r` folder) or null compressed files (under `n` folder) in the component store (%windir%\\WinSxS folder).
 - Resolve any dependencies and install components.
 - Clean up older state (V<sub>N-1</sub>); the previous state V<sub>N</sub> is retained for uninstallation and restoration or repair.
 
 ### **Resilient Hydration**
 
-To ensure resiliency against component store corruption or missing files that could occur due to susceptibility of certain types of hardware to file system corruption, a corruption repair service has been traditionally used to recover the component store automatically (“automatic corruption repair”) or on demand (“manual corruption repair”) using an online or local repair source. This service will continue to offer the ability to repair and recover content for
-hydration and successfully install an update, if needed.
+To ensure resiliency against component store corruption or missing files that could occur due to susceptibility of certain types of hardware to file system corruption, a corruption repair service has been traditionally used to recover the component store automatically (automatic corruption repair) or on demand (manual corruption repair) using an online or local repair source. This service will continue to offer the ability to repair and recover content for hydration and successfully install an update, if needed.
 
-When corruption is detected during update operations, automatic corruption repair will start as usual and use the Baseless Patch Storage File published to Windows Update for each update to fix corrupted manifests, binary differentials, or hydrated or full files. Baseless patch storage files will contain reverse and forward differentials and full files for each updated component. Integrity of the repair files will be hash verified.
+When corruption is detected during update operations, automatic corruption repair starts as usual and uses the Baseless Patch Storage File published to Windows Update for each update to fix corrupted manifests, binary differentials, or hydrated or full files. Baseless patch storage files contain reverse and forward differentials and full files for each updated component. Integrity of the repair files will be hash verified.
 
-Corruption repair will use the component manifest to detect missing files and get hashes for corruption detection. During update installation, new registry flags for each differential staged on the machine will be set. When automatic corruption repair runs, it will scan hydrated files using the manifest and differential files using the flags. If the differential cannot be found or verified, it will be added to the list of corruptions to repair.
+Corruption repair uses the component manifest to detect missing files and get hashes for corruption detection. During update installation, new registry flags for each differential staged on the machine are set. When automatic corruption repair runs, it scans hydrated files using the manifest and differential files using the flags. If the differential can't be found or verified, it's added to the list of corruptions to repair.
 
 ### Lazy automatic corruption repair
 
-“Lazy automatic corruption repair” runs during update operations to detect corrupted binaries and differentials. While applying an update, if hydration of any file fails, "lazy" automatic corruption repair automatically starts, identifies the corrupted binary or differential file, and then adds it to the corruption list. Later, the update operation continues as far as it can go, so that "lazy" automatic corruption repair can collect as many corrupted files to fix as possible. At the end of the hydration section, the update fails, and automatic corruption repair starts. Automatic corruption repair runs as usual and at the end of its operation, adds the corruption list generated by "lazy" automatic corruption repair on top of the new list to repair. Automatic corruption repair then repairs the files on the corruption list and installation of the update will succeed on the next attempt.
+"Lazy automatic corruption repair" runs during update operations to detect corrupted binaries and differentials. While applying an update, if hydration of any file fails, "lazy" automatic corruption repair automatically starts, identifies the corrupted binary or differential file, and then adds it to the corruption list. Later, the update operation continues as far as it can go, so that "lazy" automatic corruption repair can collect as many corrupted files to fix as possible. At the end of the hydration section, the update fails, and automatic corruption repair starts. Automatic corruption repair runs as usual and at the end of its operation, adds the corruption list generated by "lazy" automatic corruption repair on top of the new list to repair. Automatic corruption repair then repairs the files on the corruption list and installation of the update will succeed on the next attempt.
diff --git a/windows/deployment/update/WIP4Biz-intro.md b/windows/deployment/update/WIP4Biz-intro.md
deleted file mode 100644
index ba129003a6..0000000000
--- a/windows/deployment/update/WIP4Biz-intro.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Introduction to the Windows Insider Program for Business
-description: In this article, you'll learn about the Windows Insider Program for Business and why IT Pros should join.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 12/31/2017
----
-
-# Introduction to the Windows Insider Program for Business
-
-**Applies to**
-
-- Windows 10
-
-> **Looking for information about Windows 10 for personal or home use?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
-
-For many IT Pros, it's valuable to have visibility into feature updates early--before they’re available in the General Availability Channel. With Windows 10, feature flighting enables participants in the Windows Insider Preview program can consume and deploy preproduction code to test devices, gaining early visibility into the next build. This is better for your organization because you can test the early builds of Windows 10 to discover possible issues with the code or with device and app compatibility in your organization before the update is ever publicly available. We at Microsoft also appreciate it because Insiders can report issues back to us in time for us to make improvements in a release before it is more generally available.
-
-The Windows Insider Program for Business gives you the opportunity to:
- 
-* Get early access to Windows Insider Preview Builds. 
-* Provide feedback to Microsoft in real time by using the Feedback Hub app.
-* Sign in with corporate credentials (Azure Active Directory) and increase the visibility of your organization's feedback with Microsoft – especially on features that support your productivity and business needs.
-* Register your Azure Active Directory domain in the program, allowing you to cover all users within your organization with just one registration.
-* Starting with Windows 10, version 1709, enable, disable, defer, and pause the installation of preview builds through policies.
-* Track feedback provided through the Feedback Hub App across your organization.
-
-Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans, and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub App. 
-
-The Windows Insider Program doesn't replace General Availability Channel deployments in an organization. Rather, it provides IT Pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
-
-[![Illustration showing the Windows Insider PreviewFast Ring for exploration, the Slow Ring for validation, the General Availability Channel Targeted ring for Pilot deployment, and the General Availability Channel for broad deployment.](images/WIP4Biz_deployment.png)](images/WIP4Biz_deployment.png)<br>
-Windows 10 Insider Preview builds enable organizations to prepare sooner for Windows Semi-Annual releases and reduce the overall validation effort required with traditional deployments. 
-
-## Explore new Windows 10 features in Insider Previews
-Windows 10 Insider Preview builds offer organizations a valuable and exciting opportunity to evaluate new Windows features well before general release. What’s more, by providing feedback to Microsoft on these features, you and other Insiders in your organization can help shape Windows for your specific business needs. Here’s how to get the most out of your feature exploration: 
-
-|Objective |Feature exploration|
-|---------|---------|
-|Release channel  |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
-|Users    |    Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices.     |
-|Tasks   |  - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)<br>  - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications<br> - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features.      |
-|Feedback   |  - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organization’s domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback)       |
-
-## Validate Insider Preview builds 
-Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits:
-
-- Get a head start on your Windows validation process.
-- Identify issues sooner to accelerate your Windows deployment.
-- Engage Microsoft earlier for help with potential compatibility issues.
-- Deploy Windows 10 General Availability Channel releases faster and more confidently.
-- Maximize the support window that comes with each General Availability Channel release.
-
-|Objective |Feature exploration|
-|---------|---------|
-|Release channel  |**Slow Ring:** Insider Preview builds in the Slow Ring are released approximately once a month. They are more stable than Fast Ring releases, making them better suited for validation purposes. Slow Ring releases can be run on either secondary or primary production devices by skilled users.|
-|Users    |   Application and infrastructure validation: In addition to Insiders who might have participated in feature exploration, we also recommend including a small group of application users from each business department to ensure a representative sample.|
-|Tasks   | Application and infrastructure validation: Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) and [Windows Insider Tech Community](https://techcommunity.microsoft.com/t5/Windows-Insider-Program/bd-p/WindowsInsiderProgram) pages for updates on current issues and fixes.    |
-|Feedback   | Application and infrastructure validation:Provide feedback in the Feedback Hub app and also inform app vendors of any significant issues.  |
-|Guidance  |  Application and infrastructure validation:<br>- [Use Upgrade Readiness to create an app inventory and identify mission-critical apps](/mem/configmgr/desktop-analytics/overview)<br>- [Use Device Health to identify problem devices and device drivers](/windows/deployment/update/device-health-monitor)<br> - [Windows 10 application compatibility](/windows/windows-10/)|
diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md
index 5504be6122..ba7b6d264d 100644
--- a/windows/deployment/update/check-release-health.md
+++ b/windows/deployment/update/check-release-health.md
@@ -1,14 +1,19 @@
 ---
 title: How to check Windows release health
 description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
-ms.date: 05/03/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 ms.author: mstewart
 author: mestew
 manager: aaroncz
-ms.reviewer: mstewart
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-updates
+ms.collection:
+  - tier2
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 09/08/2023
 ---
 
 # How to check Windows release health
@@ -19,28 +24,39 @@ If you're unable to sign in to the Microsoft 365 admin portal, check the [Micros
 
 To be informed about the latest updates and releases, follow [@WindowsUpdate](https://twitter.com/windowsupdate) on Twitter.
 
+## Prerequisites
+
+Ensure the following prerequisites are met to display the Windows release health page in the Microsoft 365 admin center: <!--7872213-->
+
+- One of the following licenses:
+   - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
+   - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
+
+- Sign into the Microsoft 365 admin center using an [admin role](/microsoft-365/admin/add-users/about-admin-roles).
+   - Most roles containing the word `administrator` give you access to the Windows release health page such as [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator), [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator), and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
+
+> [!NOTE]
+> Currently, Windows release health is available for Government Community Cloud (GCC) tenants, but isn't available for GCC High and DoD. <!--8337541-->
+
 ## How to review Windows release health information
 
-1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com) and sign in with an administrator account.
-
-    > [!NOTE]
-    > By default, the Windows release health page is available to individuals who have been assigned the global admin or service administrator role for their tenant. To allow Exchange, SharePoint, and Skype for Business admins to view the Windows release health page, you must first assign them to a Service admin role. For more information about roles that can view service health, see [About admin roles](/microsoft-365/admin/add-users/about-admin-roles#commonly-used-microsoft-365-admin-center-roles).
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com) and sign in with an admin account.
   
-2. To view Windows release health in the Microsoft 365 Admin Center, go to **Health > Windows release health**.
+1. To view Windows release health in the Microsoft 365 Admin Center, go to **Health > Windows release health**.
 
-3. On the **Windows release health** page, you'll have access to known issue information for all supported versions of the Windows operating system.
+1. On the **Windows release health** page, you have access to known issue information for all supported versions of the Windows operating system.
 
    The **All versions** tab (the default view) shows all Windows products with access to their posted known issues.
 
-   ![View of current issues in release health.](images/WRH-menu.png)
+   ![Screenshot of current issues in release health.](images/WRH-menu.png)
 
-   A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The **Active and recently resolved** column provides a link to the **Known issues** tab filtered to the version selected. Selecting the **Known issues** tab will show known issues that are active or resolved within the last 30 days.
+   A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The **Active and recently resolved** column provides a link to the **Known issues** tab filtered to the version selected. Selecting the **Known issues** tab shows known issues that are active or resolved within the last 30 days.
 
-   ![View of known issues in release health.](images/WRH-known-issues-20H2.png)
+   ![Screenshot of known issues in release health.](images/WRH-known-issues-20H2.png)
 
    The **History** tab shows the history of known issues that have been resolved for up to 6 months.
 
-   ![View of history issues in release health.](images/WRH-history-20H2.png)
+   ![Screenshot of history issues in release health.](images/WRH-history-20H2.png)
 
    The known issue summary provides the following information:
 
@@ -56,7 +72,7 @@ To be informed about the latest updates and releases, follow [@WindowsUpdate](ht
 
 ## Sign up for email notifications 
 
-You have the option to sign up for email notifications about Windows known issues and informational updates. Notifications include changes in issue status, new workarounds, and issue resolutions. To subscribe to notifications:
+You can sign up for email notifications about Windows known issues and informational updates. Notifications include changes in issue status, new workarounds, and issue resolutions. To subscribe to notifications:
 
 1. Go to the [Windows release health page](https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth).
 1. Select **Preferences** > **Email**, then select **Send me email notifications about Windows release health**.
@@ -78,20 +94,20 @@ In the **Windows release health** experience, every known issue is assigned as s
 |**Reported** | An issue has been brought to the attention of the Windows teams. At this stage, there's no confirmation that users are affected. |
 |**Investigating** | The issue is believed to affect users and efforts are underway to gather more information about the issue's scope, mitigation steps, and root cause. |
 |**Confirmed** | After close review, Microsoft has determined the issue is affecting Windows users, and progress is being made on mitigation steps and root cause. |
-|**Mitigated** | A workaround is available and communicated to Windows customers for a known issue. A known issue will stay in this state until a KB article is released by Microsoft to resolve the known issue. |
-|**Mitigated: External** | A workaround is available and communicated to Windows customers for a known issue that was caused by a software or driver from a third-party software or device manufacturer. A known issue will stay in this state until the issue is resolved by Microsoft or the third-party. |
-|**Resolved** | A solution has been released by Microsoft and has been documented in a KB article that will resolve the known issue once it's deployed in the customer's environment. |
-|**Resolved: External** | A solution has been released by a Microsoft or a third-party that will resolve the known issue once it's deployed in the customer's environment. |
+|**Mitigated** | A workaround is available and communicated to Windows customers for a known issue. A known issue stays in this state until a KB article is released by Microsoft to resolve the known issue. |
+|**Mitigated: External** | A workaround is available and communicated to Windows customers for a known issue caused by a software or driver from a third-party software or device manufacturer. A known issue stays in this state until the issue is resolved by Microsoft or the third-party. |
+|**Resolved** | A solution was released by Microsoft and was documented in a KB article that resolves the known issue once it's deployed in the customer's environment. |
+|**Resolved: External** | A solution was released by Microsoft or a third-party that resolves the known issue once it's deployed in the customer's environment. |
 
 ## Known issue history
 
 The Windows release health page lets you view the history of all status updates posted for a specific known issue. To view all past updates posted for a given issue, select **View history** on the issue detail page.
   
-![Show link to view message history.](images/WRH-view-message-history-padded.png)
+![Screenshot of the link to view message history.](images/WRH-view-message-history-padded.png)
   
-A list of all status updates posted in the selected timeframe will be displayed, as shown below. You can expand any row to view the specific information provided in that status update.  
+A list of all status updates posted in the selected time frame is displayed. You can expand any row to view the specific information provided in that status update.  
 
-![View message history.](images/WRH-message-history-example-padded.png)
+![Screenshot of the message history.](images/WRH-message-history-example-padded.png)
   
 ## Frequently asked questions
 
@@ -104,14 +120,14 @@ A list of all status updates posted in the selected timeframe will be displayed,
     Windows release health doesn't monitor user environments or collect customer environment information. In Windows release health, all known issue content across all supported Windows versions is published to all subscribed customers. Future iterations of the solution may target content based on customer location, industry, or Windows version.
 
 -   **Where do I find Windows release health?**   
-    After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, select **Health** and you'll see **Windows release health**.
+    After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, select **Health** to display the **Windows release health** menu option.
 
 
 -   **Is the Windows release health content published to Microsoft 365 admin center the same as the content on Windows release health on Microsoft Learn?**   
-    No. While the content is similar, you may see more issues and more technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you’ll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis.
+    No. While the content is similar, you may see more issues and more technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you'll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis.
 
 -   **How often will content be updated?**   
-    In an effort to ensure Windows customers have important information as soon as possible, all major known issues will be shared with Windows customers on both Microsoft Learn and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have additional details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment.
+    To ensure Windows customers have important information as soon as possible, all major known issues are shared with Windows customers on both Microsoft Learn and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have additional details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment.
 
 -   **Can I share this content publicly or with other Windows customers?**   
     Windows release health is provided to you as a licensed Windows customer and isn't to be shared publicly.
@@ -131,7 +147,7 @@ A list of all status updates posted in the selected timeframe will be displayed,
     Using the left-hand menu, go to Users, then select the Active Users tab and follow the prompts to add a new user, or assign an existing user, to the role of **Service Support admin**.
 
 -   **Why can't I click to the KB article from the Known issues or History tabs?**   
-    Within the issue description, you'll find links to the KB articles. In the Known issue and History tabs, the entire row is a clickable entry to the issue's Details pane.
+    Within the issue description, you'll find links to the KB articles. In the known issue and history tabs, the entire row is a clickable entry to the issue's Details pane.
 
 -   **Microsoft 365 admin center has a mobile app but I don't see Windows release health under the Health menu. Is this an open issue?**   
     We're working to build the Windows release health experience on mobile devices in a future release.
@@ -142,7 +158,7 @@ A list of all status updates posted in the selected timeframe will be displayed,
     Seek assistance through Premier support, the [Microsoft Support website](https://support.microsoft.com), or connect with your normal channels for Windows support.
 
 -   **When reaching out to Support, they asked me for an advisory ID. What is this and where can it?**   
-    The advisory ID can be found in the upper left-hand corner of the known issue Details pane. To find it, select the known issue you're seeking help on, select the **Details** pane, and you'll find the ID under the issue title. It will be the letters `WI` followed by a number, similar to `WI123456`.
+    The advisory ID can be found in the upper left-hand corner of the known issue Details pane. To find it, select the known issue you're seeking help on, select the **Details** pane, and you'll find the ID under the issue title. The ID is the letters `WI` followed by a number, similar to `WI123456`.
 
 -   **How can I learn more about expanding my use of Microsoft 365 admin center?**
     For more information, see the [Microsoft 365 admin center documentation](/microsoft-365/admin/admin-overview/about-the-admin-center).
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 0f0a693609..89a981ff58 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -1,28 +1,28 @@
 ---
 title: Create a deployment plan
-description: Devise the number of deployment rings you need and how you want to populate them
+description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.collection:
+  - tier2
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Create a deployment plan
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
 A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
 
-When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We’ve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
 
-At the highest level, each “ring” comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
+At the highest level, each ring comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
 
 A common ring structure uses three deployment groups:
 
@@ -31,7 +31,7 @@ A common ring structure uses three deployment groups:
 - Broad: Wide deployment
 
 > [!NOTE]
-> Organizations often use different names for their “rings," for example:
+> Organizations often use different names for their rings, for example:
 > - First > Fast > Broad
 > - Canaries > Early Adopters > Users
 > - Preview > Broad > Critical
@@ -45,8 +45,8 @@ There are no definite rules for exactly how many rings to have for your deployme
 
 There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project based.
 
-- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the “red button” to stop further distribution.
-- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the “green button” to push the content to the next ring.
+- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
+- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
 
 When it comes to deployments, having manual steps in the process usually impedes update velocity. A "red button" strategy is better when that is your goal. 
 
@@ -84,7 +84,7 @@ Analytics can help with defining a good Limited ring of representative devices a
 
 ### Who goes in the Limited ring?
 
-The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don’t have the applications or device drivers that are truly a representative sample of your network.
+The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don't have the applications or device drivers that are truly a representative sample of your network.
 
 
 During your pilot and validate phases, you should focus on the following activities:
@@ -93,11 +93,11 @@ During your pilot and validate phases, you should focus on the following activit
 - Assess and act if issues are encountered.
 - Move forward unless blocked.
 
-When you deploy to the Limited ring, you’ll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring. Your Limited ring represents your organization across the board. When you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
+When you deploy to the Limited ring, you'll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring. Your Limited ring represents your organization across the board. When you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
 
 ## Broad deployment
 
-Once the devices in the Limited ring have had a sufficient stabilization period, it’s time for broad deployment across the network.
+Once the devices in the Limited ring have had a sufficient stabilization period, it's time for broad deployment across the network.
 
 ### Who goes in the Broad deployment ring?
 
diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md
deleted file mode 100644
index 3a6115792f..0000000000
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ /dev/null
@@ -1,21 +0,0 @@
----
-title: Deploy Windows client updates with Configuration Manager
-description: Deploy Windows client updates with Configuration Manager
-ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 12/31/2017
----
-
-# Deploy Windows 10 updates with Configuration Manager
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-See the [Microsoft Configuration Manager documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.
diff --git a/windows/deployment/update/deploy-updates-intune.md b/windows/deployment/update/deploy-updates-intune.md
deleted file mode 100644
index 8ce126fdb1..0000000000
--- a/windows/deployment/update/deploy-updates-intune.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Deploy updates with Intune
-description: Deploy Windows client updates with Intune.
-ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.collection:
-  - highpri
-  - tier2
-ms.date: 12/31/2017
----
-
-# Deploy Windows 10 updates with Intune
-
-**Applies to**
-
--   Windows 10
--   Windows 11
-
-See the Microsoft Intune [documentation](/mem/intune/protect/windows-update-for-business-configure#windows-10-feature-updates) for details about using Intune to deploy and manage Windows client updates.
diff --git a/windows/deployment/update/deployment-service-drivers.md b/windows/deployment/update/deployment-service-drivers.md
index d7608bf6f1..39d270bf63 100644
--- a/windows/deployment/update/deployment-service-drivers.md
+++ b/windows/deployment/update/deployment-service-drivers.md
@@ -1,19 +1,24 @@
 ---
-title: Deploy drivers and firmware updates with Windows Update for Business deployment service.
-description: Use Windows Update for Business deployment service to deploy driver and firmware updates. 
+title: Deploy drivers and firmware updates
+titleSuffix: Windows Update for Business deployment service 
+description: Use Windows Update for Business deployment service to deploy driver and firmware updates to devices.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 02/14/2023
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 06/22/2023
 ---
 
 # Deploy drivers and firmware updates with Windows Update for Business deployment service
 <!--7260403, 7512398-->
-***(Applies to: Windows 11 & Windows 10)***
 
 The Windows Update for Business deployment service is used to approve and schedule software updates. The deployment service exposes its capabilities through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune). 
 
@@ -81,7 +86,7 @@ To create a policy without any deployment settings, in the request body specify
    
    {
      "audience": {
-       "@odata.id": "d39ad1ce-0123-4567-89ab-cdef01234567"
+       "id": "d39ad1ce-0123-4567-89ab-cdef01234567"
      }
    }
    ```
@@ -123,7 +128,7 @@ To create a policy with additional settings, in the request body:
    {
      "@odata.type": "#microsoft.graph.windowsUpdates.updatePolicy",
      "audience": {
-       "@odata.id": "d39ad1ce-0123-4567-89ab-cdef01234567"
+       "id": "d39ad1ce-0123-4567-89ab-cdef01234567"
      },
      "complianceChanges": [
        {
diff --git a/windows/deployment/update/deployment-service-expedited-updates.md b/windows/deployment/update/deployment-service-expedited-updates.md
index 14b6fec38a..a7e5e6a58f 100644
--- a/windows/deployment/update/deployment-service-expedited-updates.md
+++ b/windows/deployment/update/deployment-service-expedited-updates.md
@@ -1,20 +1,24 @@
 ---
-title: Deploy expedited updates with Windows Update for Business deployment service
-description: Use Windows Update for Business deployment service to deploy expedited updates.
+title: Deploy expedited updates
+titleSuffix: Windows Update for Business deployment service
+description: Learn how to use Windows Update for Business deployment service to deploy expedited updates to devices in your organization. 
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
-ms.date: 02/14/2023
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 08/29/2023
 ---
 
 # Deploy expedited updates with Windows Update for Business deployment service
-
 <!--7512398-->
-***(Applies to: Windows 11 & Windows 10)***
 
 In this article, you will:
 > [!div class="checklist"]
@@ -47,13 +51,13 @@ All of the [prerequisites for the Windows Update for Business deployment service
 
 ## List catalog entries for expedited updates
 
-Each update is associated with a unique [catalog entry](/graph/api/resources/windowsupdates-catalogentry). You can query the catalog to find updates that can be expedited. The `id` returned is the **Catalog ID** and is used to create a deployment. The following query lists all security updates that can be deployed as expedited updates by the deployment service. Using `$top=3` and ordering by `ReleaseDateTimeshows` displays the three most recent updates.
+Each update is associated with a unique [catalog entry](/graph/api/resources/windowsupdates-catalogentry). You can query the catalog to find updates that can be expedited. The `id` returned is the **Catalog ID** and is used to create a deployment. The following query lists all security updates that can be deployed as expedited updates by the deployment service. Using `$top=1` and ordering by `ReleaseDateTimeshows` displays the most recent update that can be deployed as expedited.
 
 ```msgraph-interactive
-GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=isof('microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry') and microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/isExpeditable eq true&$orderby=releaseDateTime desc&$top=3
+GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$filter=isof('microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry') and microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/isExpeditable eq true&$orderby=releaseDateTime desc&$top=1
 ```
 
-The following truncated response displays a **Catalog ID** of  `693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432` for the `01/10/2023 - 2023.01 B Security Updates for Windows 10 and later` security update:
+The following truncated response displays a **Catalog ID** of  `e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5` for the `08/08/2023 - 2023.08 B SecurityUpdate for Windows 10 and later` security update:
 
 ```json
 {
@@ -61,21 +65,119 @@ The following truncated response displays a **Catalog ID** of  `693fafea03c24cca
     "value": [
         {
             "@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
-            "id": "693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432",
-            "displayName": "01/10/2023 - 2023.01 B Security Updates for Windows 10 and later",
+            "id": "e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5",
+            "displayName": "08/08/2023 - 2023.08 B SecurityUpdate for Windows 10 and later",
             "deployableUntilDateTime": null,
-            "releaseDateTime": "2023-01-10T00:00:00Z",
+            "releaseDateTime": "2023-08-08T00:00:00Z",
             "isExpeditable": true,
-            "qualityUpdateClassification": "security"
-        },
-        ...
+            "qualityUpdateClassification": "security",
+            "catalogName": "2023-08 Cumulative Update for Windows 10 and later",
+            "shortName": "2023.08 B",
+            "qualityUpdateCadence": "monthly",
+            "cveSeverityInformation": {
+                "maxSeverity": "critical",
+                "maxBaseScore": 9.8,
+                "exploitedCves@odata.context": "https://graph.microsoft.com/$metadata#admin/windows/updates/catalog/entries('e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/exploitedCves",
+                "exploitedCves": [
+                    {
+                        "number": "ADV230003",
+                        "url": "https://msrc.microsoft.com/update-guide/vulnerability/ADV230003"
+                    },
+                    {
+                        "number": "CVE-2023-38180",
+                        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180"
+                    }
+                ]
+            }
+        }
     ]
 }
 ```
 
+The deployment service can display more information about updates that were released on or after January 2023. Using [product revision](/graph/api/resources/windowsupdates-productrevision) gives you additional information about the updates, such as the KB numbers, and the `MajorVersion.MinorVersion.BuildNumber.UpdateBuildRevision`. Windows 10 and 11 share the same major and minor versions, but have different build numbers. 
+<!--8092737-->
+Use the following to display the product revision information for the most recent quality update:
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries?$expand=microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions&$orderby=releaseDateTime desc&$top=1
+```
+
+
+The following truncated response displays information about KB5029244 for Windows 10, version 22H2, and KB5029263 for Windows 11, version 22H2:
+
+```json
+{
+    "@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries(microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions())",
+    "value": [
+        {
+            "@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
+            "id": "e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5",
+            "displayName": "08/08/2023 - 2023.08 B SecurityUpdate for Windows 10 and later",
+            "deployableUntilDateTime": null,
+            "releaseDateTime": "2023-08-08T00:00:00Z",
+            "isExpeditable": true,
+            "qualityUpdateClassification": "security",
+            "catalogName": "2023-08 Cumulative Update for Windows 10 and later",
+            "shortName": "2023.08 B",
+            "qualityUpdateCadence": "monthly",
+            "cveSeverityInformation": {
+                "maxSeverity": "critical",
+                "maxBaseScore": 9.8,
+                "exploitedCves@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/cveSeverityInformation/exploitedCves",
+                "exploitedCves": [
+                    {
+                        "number": "ADV230003",
+                        "url": "https://msrc.microsoft.com/update-guide/vulnerability/ADV230003"
+                    },
+                    {
+                        "number": "CVE-2023-38180",
+                        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180"
+                    }
+                ]
+            },
+            "productRevisions@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions",
+            "productRevisions": [
+                {
+                    "id": "10.0.19045.3324",
+                    "displayName": "Windows 10, version 22H2, build 19045.3324",
+                    "releaseDateTime": "2023-08-08T00:00:00Z",
+                    "version": "22H2",
+                    "product": "Windows 10",
+                    "osBuild": {
+                        "majorVersion": 10,
+                        "minorVersion": 0,
+                        "buildNumber": 19045,
+                        "updateBuildRevision": 3324
+                    },
+                    "knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.19045.3324')/knowledgeBaseArticle/$entity",
+                    "knowledgeBaseArticle": {
+                        "id": "KB5029244",
+                        "url": "https://support.microsoft.com/help/5029244"
+                    }
+                },
+                {
+                    "id": "10.0.22621.2134",
+                    "displayName": "Windows 11, version 22H2, build 22621.2134",
+                    "releaseDateTime": "2023-08-08T00:00:00Z",
+                    "version": "22H2",
+                    "product": "Windows 11",
+                    "osBuild": {
+                        "majorVersion": 10,
+                        "minorVersion": 0,
+                        "buildNumber": 22621,
+                        "updateBuildRevision": 2134
+                    },
+                    "knowledgeBaseArticle@odata.context": "https://graph.microsoft.com/beta/$metadata#admin/windows/updates/catalog/entries('e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5')/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry/productRevisions('10.0.22621.2134')/knowledgeBaseArticle/$entity",
+                    "knowledgeBaseArticle": {
+                        "id": "KB5029263",
+                        "url": "https://support.microsoft.com/help/5029263"
+                    }
+                },
+```
+
 ## Create a deployment
 
-When creating a deployment, there are [multiple options](/graph/api/resources/windowsupdates-deploymentsettings) available to define how the deployment behaves. The following example creates a deployment for the `01/10/2023 - 2023.01 B Security Updates for Windows 10 and later` security update with catalog entry ID `693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432`, and defines the `expedite` and `userExperience` deployment options in the request body.
+When creating a deployment, there are [multiple options](/graph/api/resources/windowsupdates-deploymentsettings) available to define how the deployment behaves. The following example creates a deployment for the `08/08/2023 - 2023.08 B SecurityUpdate for Windows 10 and later` security update with catalog entry ID `e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5`, and defines the `expedite` and `userExperience` deployment options in the request body.
 
 ```msgraph-interactive
 POST https://graph.microsoft.com/beta/admin/windows/updates/deployments
@@ -87,7 +189,7 @@ content-type: application/json
         "@odata.type": "#microsoft.graph.windowsUpdates.catalogContent",
         "catalogEntry": {
             "@odata.type": "#microsoft.graph.windowsUpdates.qualityUpdateCatalogEntry",
-            "id": "693fafea03c24cca819b3a15123a8880f217b96a878b6d6a61be021d476cc432"
+            "id": "e317aa8a0455ca604de95329b524ec921ca57f2e6ed3ff88aac757a7468998a5"
         }
     },
     "settings": {
diff --git a/windows/deployment/update/deployment-service-feature-updates.md b/windows/deployment/update/deployment-service-feature-updates.md
index b1a289befa..f9ba6dd147 100644
--- a/windows/deployment/update/deployment-service-feature-updates.md
+++ b/windows/deployment/update/deployment-service-feature-updates.md
@@ -1,20 +1,24 @@
 ---
-title: Deploy feature updates with Windows Update for Business deployment service.
-description: Use Windows Update for Business deployment service to deploy feature updates. 
+title: Deploy feature updates 
+titleSuffix: Windows Update for Business deployment service
+description: Use Windows Update for Business deployment service to deploy feature updates to devices in your organization. 
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
-ms.date: 02/14/2023
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 08/29/2023
 ---
 
 # Deploy feature updates with Windows Update for Business deployment service
 <!--7512398-->
-***(Applies to: Windows 11 & Windows 10)***
-
 The Windows Update for Business deployment service is used to approve and schedule software updates. The deployment service exposes its capabilities through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune). 
 
 This article uses [Graph Explorer](/graph/graph-explorer/graph-explorer-overview) to walk through the entire process of deploying a feature update to clients. In this article, you will:
@@ -82,7 +86,8 @@ The following truncated response displays a **Catalog ID** of  `d9049ddb-0ca8-4b
             "displayName": "Windows 11, version 22H2",
             "deployableUntilDateTime": "2025-10-14T00:00:00Z",
             "releaseDateTime": "2022-09-20T00:00:00Z",
-            "version": "Windows 11, version 22H2"
+            "version": "Windows 11, version 22H2",
+            "buildNumber": "22621"
         }
     ]
 }
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 4b8e52781b..58d36aae43 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -1,20 +1,24 @@
 ---
-title: Windows Update for Business deployment service
-description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates
+title: Overview of the deployment service
+titleSuffix: Windows Update for Business deployment service
+description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates with the deployment service.
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: overview
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 02/14/2023
 ---
 
 # Windows Update for Business deployment service
 
-***(Applies to: Windows 11 & Windows 10)***
-
 The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It's designed to work with your existing [Windows Update for Business](waas-manage-updates-wufb.md) policies and [Windows Update for Business reports](wufb-reports-overview.md). The deployment service provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices. The service is privacy focused and backed by leading industry compliance certifications.
 
 Windows Update for Business product family has three elements:
diff --git a/windows/deployment/update/deployment-service-prerequisites.md b/windows/deployment/update/deployment-service-prerequisites.md
index ad489103a6..de71ad0223 100644
--- a/windows/deployment/update/deployment-service-prerequisites.md
+++ b/windows/deployment/update/deployment-service-prerequisites.md
@@ -1,20 +1,24 @@
 ---
-title: Prerequisites for the Windows Update for Business deployment service
-description: Prerequisites for using the Windows Update for Business deployment service. 
+title: Prerequisites for the deployment service
+titleSuffix: Windows Update for Business deployment service
+description: Prerequisites for using the Windows Update for Business deployment service for updating devices in your organization. 
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 02/14/2023
 ---
 
 # Windows Update for Business deployment service prerequisites
 <!--7512398-->
-***(Applies to: Windows 11 & Windows 10)***
-
 Before you begin the process of deploying updates with Windows Update for Business deployment service, ensure you meet the prerequisites.
 
 ## Azure and Azure Active Directory
diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md
index f6be148c37..2d4052bbba 100644
--- a/windows/deployment/update/deployment-service-troubleshoot.md
+++ b/windows/deployment/update/deployment-service-troubleshoot.md
@@ -1,22 +1,24 @@
 ---
-title: Troubleshoot the Windows Update for Business deployment service
-description: Solutions to common problems with the service
+title: Troubleshoot the deployment service
+titleSuffix: Windows Update for Business deployment service
+description: Solutions to commonly encountered problems when using the Windows Update for Business deployment service.
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.topic: troubleshooting
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 02/14/2023
 ---
 
-
-
 # Troubleshoot the Windows Update for Business deployment service
 
-***(Applies to: Windows 11 & Windows 10)***
-
 This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
 
 ## The device isn't receiving an update that I deployed
diff --git a/windows/deployment/update/eval-infra-tools.md b/windows/deployment/update/eval-infra-tools.md
index 4a20d28511..6a83bab027 100644
--- a/windows/deployment/update/eval-infra-tools.md
+++ b/windows/deployment/update/eval-infra-tools.md
@@ -1,23 +1,21 @@
 ---
 title: Evaluate infrastructure and tools
-description: Steps to make sure your infrastructure is ready to deploy updates
+description: Review the steps to ensure your infrastructure is ready to deploy updates to clients in your organization.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: article
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Evaluate infrastructure and tools
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
 Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
 
 ## Infrastructure
diff --git a/windows/deployment/update/feature-update-user-install.md b/windows/deployment/update/feature-update-user-install.md
index 1385930bef..41a21d5d7c 100644
--- a/windows/deployment/update/feature-update-user-install.md
+++ b/windows/deployment/update/feature-update-user-install.md
@@ -1,20 +1,21 @@
 ---
-title: Best practices - deploy feature updates for user-initiated installations
+title: Best practices - user-initiated feature update installation
 description: Learn recommendations and best practices for manually deploying a feature update for a user-initiated installation.
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-ms.date: 07/10/2018
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
+ms.topic: best-practice
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/mem/configmgr/ > Microsoft Configuration Manager</a>
+ms.date: 07/10/2018
 ---
 
 # Deploy feature updates for user-initiated installations (during a fixed service window)
 
-**Applies to**: Windows 10
-
 Use the following steps to deploy a feature update for a user-initiated installation.
 
 ## Get ready to deploy feature updates
@@ -22,7 +23,7 @@ Use the following steps to deploy a feature update for a user-initiated installa
 ### Step 1: Enable Peer Cache
 Use **Peer Cache** to help manage deployment of content to clients in remote locations. Peer Cache is a built-in Configuration Manager solution that enables clients to share content with other clients directly from their local cache.
 
-[Enable Configuration Manager client in full OS to share content](/sccm/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update). 
+[Enable Configuration Manager client in full OS to share content](/mem/configmgr/core/clients/deploy/about-client-settings#enable-configuration-manager-client-in-full-os-to-share-content) if you have clients in remote locations that would benefit from downloading feature update content from a peer instead of downloading it from a distribution point (or Microsoft Update). 
 
 ### Step 2: Override the default Windows setup priority (Windows 10, version 1709 and later)
 
@@ -35,7 +36,7 @@ If you're deploying **Feature update to Windows 10, version 1709** or later, by
 Priority=Normal
 ```
 
-You can use the new [Run Scripts](/sccm/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
+You can use the new [Run Scripts](/mem/configmgr/apps/deploy-use/create-deploy-scripts) feature to run a PowerShell script like the sample below to create the SetupConfig.ini on target devices. 
 
 ```
 #Parameters
@@ -80,7 +81,7 @@ or documentation, even if Microsoft has been advised of the possibility of such
 ```
 
 >[!NOTE]
->If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. 
+> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/mem/configmgr/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value. 
 
 ## Manually deploy feature updates in a user-initiated installation
 
@@ -89,77 +90,73 @@ The following sections provide the steps to manually deploy a feature update.
 ### Step 1: Specify search criteria for feature updates
 There are potentially a thousand or more feature updates displayed in the Configuration Manager console. The first step in the workflow for manually deploying a feature update is to identify the feature updates that you want to deploy. 
 
-1. In the Configuration Manager console, click **Software Library**. 
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. The synchronized feature updates are displayed. 
+1. In the Configuration Manager console, select **Software Library**. 
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and select **All Windows 10 Updates**. The synchronized feature updates are displayed. 
 3. In the search pane, filter to identify the feature updates that you need by using one or both of the following steps:
-   - In the **search** text box, type a search string that will filter the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. 
-   - Click **Add Criteria**, select the criteria that you want to use to filter software updates, click **Add**, and then provide the values for the criteria. For example, Title contains 1803, **Required** is greater than or equal to 1, and **Language** equals English.
+   - In the **search** text box, type a search string that filters for the feature updates. For example, type the version number for a specific feature update, or enter a string that would appear in the title of the feature update. 
+   - Select **Add Criteria**, select the criteria that you want to use to filter software updates, select **Add**, and then provide the values for the criteria. For example, Title contains 1803, **Required** is greater than or equal to 1, and **Language** equals English.
 
 4. Save the search for future use. 
 
 ### Step 2: Download the content for the feature update(s)
-Before you deploy the feature updates, you can download the content as a separate step. Do this so you can verify that the content is available on the distribution points before you deploy the feature updates. This will help you to avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. 
+Before you deploy the feature updates, you can download the content as a separate step. Do this download so you can verify that the content is available on the distribution points before you deploy the feature updates. Downloading first helps you avoid any unexpected issues with the content delivery. Use the following procedure to download the content for feature updates before creating the deployment. 
 
 1. In the Configuration Manager console, navigate to **Software Library > Windows 10 Servicing**. 
-2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Download**.
+2. Choose the feature update(s) to download by using your saved search criteria. Select one or more of the feature updates returned, right-click, and select **Download**.
 
    The **Download Software Updates Wizard** opens. 
 3. On the **Deployment Package** page, configure the following settings: 
    **Create a new deployment package**: Select this setting to create a new deployment package for the software updates that are in the deployment. Configure the following settings: 
-   - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It is limited to 50 characters. 
+   - **Name**: Specifies the name of the deployment package. The package must have a unique name that briefly describes the package content. It's limited to 50 characters. 
    - **Description**: Specifies the description of the deployment package. The package description provides information about the package contents and is limited to 127 characters. 
-   - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or click **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. 
+   - **Package source**: Specifies the location of the feature update source files. Type a network path for the source location, for example, \\\server\sharename\path, or select **Browse** to find the network location. You must create the shared folder for the deployment package source files before you proceed to the next page. 
 
-     >[!NOTE]
-     >The deployment package source location that you specify cannot be used by another software deployment package. 
+     > [!IMPORTANT]
+     > - The deployment package source location that you specify cannot be used by another software deployment package. 
+     > - The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. 
+     > - You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. 
 
-     >[!IMPORTANT]
-     >The SMS Provider computer account and the user that is running the wizard to download the feature updates must both have Write NTFS permissions on the download location. You should carefully restrict access to the download location to reduce the risk of attackers tampering with the feature update source files. 
-
-     >[!IMPORTANT]
-     >You can change the package source location in the deployment package properties after Configuration Manager creates the deployment package. But if you do so, you must first copy the content from the original package source to the new package source location. 
-
-   Click **Next**. 
-4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then click **Next**. For more information about distribution points, see [Distribution point configurations](/sccm/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). 
+   Select **Next**. 
+4. On the **Distribution Points** page, specify the distribution points or distribution point groups that will host the feature update files, and then select **Next**. For more information about distribution points, see [Distribution point configurations](/mem/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_configs). 
 
    >[!NOTE]
-   >The Distribution Points page is available only when you create a new software update deployment package. 
+   > The Distribution Points page is available only when you create a new software update deployment package. 
 5. On the **Distribution Settings** page, specify the following settings: 
 
-   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there is no backlog, the package will process immediately regardless of its priority. By default, packages are sent using Medium priority. 
-   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content is not available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
+   - **Distribution priority**: Use this setting to specify the distribution priority for the deployment package. The distribution priority applies when the deployment package is sent to distribution points at child sites. Deployment packages are sent in priority order: **High**, **Medium**, or **Low**. Packages with identical priorities are sent in the order in which they were created. If there's no backlog, the package processes immediately regardless of its priority. By default, packages are sent using Medium priority. 
+   - **Enable for on-demand distribution**: Use this setting to enable on-demand content distribution to preferred distribution points. When this setting is enabled, the management point creates a trigger for the distribution manager to distribute the content to all preferred distribution points when a client requests the content for the package and the content isn't available on any preferred distribution points. For more information about preferred distribution points and on-demand content, see [Content source location scenarios](/mem/configmgr/core/plan-design/hierarchy/content-source-location-scenarios). 
    - **Prestaged distribution point settings**: Use this setting to specify how you want to distribute content to prestaged distribution points. Choose one of the following options: 
      - **Automatically download content when packages are assigned to distribution points**: Use this setting to ignore the prestage settings and distribute content to the distribution point. 
      - **Download only content changes to the distribution point**: Use this setting to prestage the initial content to the distribution point, and then distribute content changes to the distribution point.
-     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This is the default setting. 
+     - **Manually copy the content in this package to the distribution point**: Use this setting to always prestage content on the distribution point. This setting is the default. 
       
-     For more information about prestaging content to distribution points, see [Use Prestaged content](/sccm/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). 
-   Click **Next**. 
+     For more information about prestaging content to distribution points, see [Use Prestaged content](/mem/configmgr/core/servers/deploy/configure/deploy-and-manage-content#bkmk_prestage). 
+   Select **Next**. 
 6. On the **Download Location** page, specify location that Configuration Manager will use to download the software update source files. As needed, use the following options: 
 
    - **Download software updates from the Internet**: Select this setting to download the software updates from the location on the Internet. This is the default setting.
-   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard does not have Internet access. 
+   - **Download software updates from a location on the local network**: Select this setting to download software updates from a local folder or shared network folder. Use this setting when the computer running the wizard doesn't have Internet access. 
    
      >[!NOTE]
-     >When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
+     > When you use this setting, download the software updates from any computer with Internet access, and then copy the software updates to a location on the local network that is accessible from the computer running the wizard.
 
-   Click **Next**. 
-7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then click **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. 
-8. On the **Summary** page, verify the settings that you selected in the wizard, and then click Next to download the software updates. 
-9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click **Close**. 
+   Select **Next**. 
+7. On the **Language Selection** page, specify the languages for which the selected feature updates are to be downloaded, and then select **Next**. Ensure that your language selection matches the language(s) of the feature updates selected for download. For example, if you selected English and German based feature updates for download, select those same languages on the language selection page. 
+8. On the **Summary** page, verify the settings that you selected in the wizard, and then select **Next** to download the software updates. 
+9. On the **Completion** page, verify that the software updates were successfully downloaded, and then select **Close**. 
 
 #### To monitor content status
-1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console. 
-2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**. 
+1. To monitor the content status for the feature updates, select **Monitoring** in the Configuration Manager console. 
+2. In the Monitoring workspace, expand **Distribution Status**, and then select **Content Status**. 
 3. Select the feature update package that you previously identified to download the feature updates. 
-4. On the **Home** tab, in the Content group, click **View Status**.
+4. On the **Home** tab, in the Content group, select **View Status**.
 
 ### Step 3: Deploy the feature update(s) 
 After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s). 
 
-1. In the Configuration Manager console, click **Software Library**. 
-2. In the Software Library workspace, expand **Windows 10 Servicing**, and click **All Windows 10 Updates**. 
-3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right click, and select **Deploy**.
+1. In the Configuration Manager console, select **Software Library**. 
+2. In the Software Library workspace, expand **Windows 10 Servicing**, and select **All Windows 10 Updates**. 
+3. Choose the feature update(s) to deploy by using your saved search criteria. Select one or more of the feature updates returned, right select, and select **Deploy**.
 
    The **Deploy Software Updates Wizard** opens. 
 4. On the General page, configure the following settings: 
@@ -178,7 +175,7 @@ After you determine which feature updates you intend to deploy, you can manually
      >[!NOTE]
      >A software update group deployed as **Required** will be downloaded in background and honor BITS settings, if configured.
 
-   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that do not require any software updates in the deployment are not started. By default, this setting is not enabled and is available only when **Type of deployment** is set to **Required**. 
+   - **Use Wake-on-LAN to wake up clients for required deployments**: Specify whether to enable Wake On LAN at the deadline to send wake-up packets to computers that require one or more software updates in the deployment. Any computers that are in sleep mode at the installation deadline time will be awakened so the software update installation can initiate. Clients that are in sleep mode that don't require any software updates in the deployment aren't started. By default, this setting isn't enabled and is available only when **Type of deployment** is set to **Required**. 
 
      >[!WARNING]
      >Before you can use this option, computers and networks must be configured for Wake On LAN. 
@@ -189,7 +186,7 @@ After you determine which feature updates you intend to deploy, you can manually
    - **Schedule evaluation**: Specify whether the available time and installation deadline times are evaluated according to UTC or the local time of the computer running the Configuration Manager console. 
    
    - **Software available time**: Select **Specific time** to specify when the software updates will be available to clients:
-     - **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment is not available for installation until after the specified date and time are reached and the required content has been downloaded.
+     - **Specific time**: Select this setting to make the feature update in the deployment available to clients at a specific date and time. Specify a date and time that corresponds with the start of your fixed servicing window. When the deployment is created, the client policy is updated and clients are made aware of the deployment at their next client policy polling cycle. However, the feature update in the deployment isn't available for installation until after the specified date and time are reached and the required content has been downloaded.
  
    - **Installation deadline**: Select **Specific time** to specify the installation deadline for the software updates in the deployment. 
    
@@ -198,7 +195,7 @@ After you determine which feature updates you intend to deploy, you can manually
 
      - **Specific time**: Select this setting to automatically install the software updates in the deployment at a specific date and time. However, for the purposes of the fixed servicing window, set the installation deadline date and time to a future value, well beyond the fixed servicing window. 
 
-     Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients will start downloading the content based on a randomized time. The feature update will not be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation will start immediately when initiated.
+     Required deployments for software updates can benefit from functionality called advanced download. When the software available time is reached, clients start downloading the content based on a randomized time. The feature update won't be displayed in Software Center for installation until the content is fully downloaded. This ensures that the feature update installation starts immediately when initiated.
 
 7. On the User Experience page, configure the following settings: 
    - **User notifications**: Specify **Display in Software Center and show all notifications**. 
@@ -214,25 +211,25 @@ After you determine which feature updates you intend to deploy, you can manually
      >[!NOTE]
      >When you deploy a software update to a Windows Embedded device, make sure that the device is a member of a collection that has a configured maintenance window. 
    - **Software updates deployment re-evaluation behavior upon restart**: Starting in Configuration Manager version 1606, select this setting to configure software updates deployments to have clients run a software updates compliance scan immediately after a client installs software updates and restarts. This enables the client to check for additional software updates that become applicable after the client restarts, and to then install them (and become compliant) during the same maintenance window. 
-8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager will generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
+8. On the Alerts page, configure how Configuration Manager and System Center Operations Manager generate alerts for this deployment. You can configure alerts only when **Type of deployment** is set to **Required** on the Deployment Settings page. 
 
    >[!NOTE]
    >You can review recent software updates alerts from the **Software Updates** node in the **Software Library** workspace. 
 9. On the Download Settings page, configure the following settings: 
    - Specify whether the client will download and install the software updates when a client is connected to a slow network or is using a fallback content location. 
-   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates is not available on a preferred distribution point. 
-   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/sccm/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). 
-   - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates are not available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
+   - Specify whether to have the client download and install the software updates from a fallback distribution point when the content for the software updates isn't available on a preferred distribution point. 
+   - **Allow clients to share content with other clients on the same subnet**: Specify whether to enable the use of BranchCache for content downloads. For more information about BranchCache, see [Fundamental concepts for content management](/mem/configmgr/core/plan-design/hierarchy/fundamental-concepts-for-content-management#branchcache). 
+   - **If software updates are not available on distribution point in current, neighbor or site groups, download content from Microsoft Updates**: Select this setting to have clients that are connected to the intranet download software updates from Microsoft Update if software updates aren't available on distribution points. Internet-based clients can always go to Microsoft Update for software updates content.
    - Specify whether to allow clients to download after an installation deadline when they use metered Internet connections. Internet providers sometimes charge by the amount of data that you send and receive when you are on a metered Internet connection. 
 
      >[!NOTE]
-     >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/sccm/core/plan-design/hierarchy/content-source-location-scenarios). 
-10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting. 
-11. Click **Next** to deploy the feature update(s). 
+     >Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](/mem/configmgr/core/plan-design/hierarchy/content-source-location-scenarios). 
+10. On the Summary page, review the settings. To save the settings to a deployment template, select **Save As Template**, enter a name and select the settings that you want to include in the template, and then select **Save**. To change a configured setting, select the associated wizard page and change the setting. 
+11. Select **Next** to deploy the feature update(s). 
 
 ### Step 4: Monitor the deployment status
 After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
 
 1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**. 
-2. Click the software update group or software update for which you want to monitor the deployment status. 
-3. On the **Home** tab, in the **Deployment** group, click **View Status**.
+2. Select the software update group or software update for which you want to monitor the deployment status. 
+3. On the **Home** tab, in the **Deployment** group, select **View Status**.
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
index 2978105443..972dd73a69 100644
--- a/windows/deployment/update/fod-and-lang-packs.md
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -1,21 +1,26 @@
 ---
-title: Make FoD and language packs available for WSUS/Configuration Manager
-description: Learn how to make FoD and language packs available when you're using WSUS/Configuration Manager.
+title: FoD and language packs for WSUS and Configuration Manager
+description: Learn how to make FoD and language packs available to clients when you're using WSUS or Configuration Manager.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 ms.author: mstewart
 author: mestew
 ms.localizationpriority: medium
-ms.date: 03/13/2019
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/mem/configmgr/ > Microsoft Configuration Manager</a>
+- ✅ <a href=https://learn.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus > WSUS </a>
+ms.date: 03/13/2019
 ---
+
 # How to make Features on Demand and language packs available when you're using WSUS or Configuration Manager
 
-**Applies to**
+This article describes how to make Features on Demand and language packs available when you're using WSUS or Configuration Manager for specific versions of Windows.
 
--   Windows 10
--   Windows 11
+## Version information for Features on Demand and language packs
 
 In Windows 10 version 21H2 and later, non-Administrator user accounts can add both a display language and its corresponding language features.
 
@@ -23,10 +28,15 @@ As of Windows 10 version 1709, you can't use Windows Server Update Services (WSU
 
 The **Specify settings for optional component installation and component repair** policy, located under `Computer Configuration\Administrative Templates\System` in the Group Policy Editor, can be used to specify alternate ways to acquire FOD packages, language packages, and content for corruption repair. However, it's important to note this policy only allows specifying one alternate location and behaves differently across OS versions.
 
-In Windows 10 versions 1709 and 1803, changing the **Specify settings for optional component installation and component repair** policy to download content from Windows Update enables acquisition of FOD packages while also enabling corruption repair. Specifying a network location works for either, depending on the content is found at that location.  Changing this policy on these OS versions does not influence how language packs are acquired.
+In Windows 10 versions 1709 and 1803, changing the **Specify settings for optional component installation and component repair** policy to download content from Windows Update enables acquisition of FOD packages while also enabling corruption repair. Specifying a network location works for either, depending on the content is found at that location.  Changing this policy on these OS versions doesn't influence how language packs are acquired.
 
 In Windows 10 version 1809 and beyond, changing the **Specify settings for optional component installation and component repair** policy also influences how language packs are acquired, however language packs can only be acquired directly from Windows Update. It's currently not possible to acquire them from a network share. Specifying a network location works for FOD packages or corruption repair, depending on the content at that location.
 
-For all OS versions, changing the **Specify settings for optional component installation and component repair** policy does not affect how OS updates are distributed. They continue to come from WSUS, Configuration Manager, or other sources as you have scheduled them, even while optional content is sourced from Windows Update or a network location.
+For all OS versions, changing the **Specify settings for optional component installation and component repair** policy doesn't affect how OS updates are distributed. They continue to come from WSUS, Configuration Manager, or other sources as you have scheduled them, even while optional content is sourced from Windows Update or a network location.
 
 Learn about other client management options, including using Group Policy and administrative templates, in [Manage clients in Windows 10](/windows/client-management/).
+
+## More resources
+
+- [WSUS documentation](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus)
+- [Configuration Manager documentation](/mem/configmgr/)
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index 0ed7fc519a..5dc206f1aa 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -1,23 +1,22 @@
 ---
 title: Windows client updates, channels, and tools
-description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
+description: Brief summary of the kinds of Windows updates, the channels they're served through, and the tools for managing them
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Windows client updates, channels, and tools
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-
+This article provides a brief summary of the kinds of Windows updates, the channels they're served through, and the tools for managing them.
 ## How Windows updates work
 
 There are four phases to the Windows update process:
@@ -26,18 +25,18 @@ There are four phases to the Windows update process:
 administrator. This process is invisible to the user.
 - **Download:** Once the device determines that an update is available, it begins downloading the update. The download process is also invisible to the user. With feature updates, download happens in multiple
 sequential phases.
-- **Install:** After the update is downloaded, depending on the device’s Windows Update settings, the update is installed on the system.
+- **Install:** After the update is downloaded, depending on the device's Windows Update settings, the update is installed on the system.
 - **Commit and restart:** Once installed, the device usually (but not always) must be restarted in order to complete the installation and begin using the update. Before that happens, a device is still running the previous
 version of the software.
 
 ## Types of updates
 
-We include information here about many different update types you'll hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*. 
+We include information here about many different update types you hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*. 
 
-- **Feature updates:** Released annually. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
-- **Quality updates:** Quality updates deliver both security and non-security fixes. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
-- **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates are not necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
-- **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they are installed or not.
+- **Feature updates:** Released annually. Feature updates add new features and functionality to Windows 10. Because they're delivered frequently (rather than every 3-5 years), they're easier to manage.
+- **Quality updates:** Quality updates deliver both security and nonsecurity fixes. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They're typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
+- **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates aren't necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically doesn't have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
+- **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they're installed or not.
 - **Microsoft product updates:** These update other Microsoft products, such as Office. You can enable or disable Microsoft updates by using policies controlled by various servicing tools.
 
 
@@ -50,13 +49,14 @@ The first step of controlling when and how devices install updates is assigning
 
 ### General Availability Channel
 
-In the General Availability Channel, feature updates are released annually. As long as a device isn't set to defer feature updates, any device in this channel will install a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
+In the General Availability Channel, feature updates are released annually. As long as a device isn't set to defer feature updates, any device in this channel installs a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
 
 
 ### Windows Insider Program for Business
 
-Insider preview releases are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. There are actually three options within the Windows Insider Program for Business channel:
+Insider preview releases are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. There are options within the Windows Insider Program for Business channel:
 
+- Windows Insider Canary
 - Windows Insider Dev
 - Windows Insider Beta
 - Windows Insider Release Preview
@@ -73,12 +73,12 @@ The General Availability Channel is the default servicing channel for all Window
 
 | Edition | General Availability Channel | Insider Program | Long-Term Servicing Channel |
 | --- | --- | --- | --- |
-| Home | ![yes.](images/checkmark.png)|![no](images/crossmark.png)    | ![no](images/crossmark.png)|
-| Pro | ![yes.](images/checkmark.png) | ![yes](images/checkmark.png) |  ![no](images/crossmark.png)|
-| Enterprise  | ![yes.](images/checkmark.png) |![yes](images/checkmark.png)  |  ![no](images/crossmark.png)|
-| Enterprise LTSC  | ![no.](images/crossmark.png) |![no](images/crossmark.png) |   ![yes](images/checkmark.png)|
-| Pro Education | ![yes.](images/checkmark.png) | ![yes](images/checkmark.png) |  ![no](images/crossmark.png)|
-| Education  | ![yes.](images/checkmark.png) | ![yes](images/checkmark.png) |  ![no](images/crossmark.png)|
+| Home | Yes|No    | No|
+| Pro | Yes | Yes |  No|
+| Enterprise  | Yes |Yes  |  No|
+| Enterprise LTSC  | No |No |   Yes|
+| Pro Education | Yes | Yes |  No|
+| Education  | Yes | Yes |  No|
 
 ## Servicing tools
 
@@ -89,7 +89,7 @@ Windows Server Update Services (WSUS): you set up a WSUS server, which downloads
 You can set up, control, and manage the server and update process with several tools:
 
 - A standalone Windows Server Update Services server operated directly
-- [Configuration Manager](deploy-updates-configmgr.md)
+- Configuration Manager
 - Non-Microsoft tools
 
 For more information, see [Windows Server Update Services (WSUS)](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus).
@@ -104,4 +104,4 @@ Your individual devices connect to Microsoft endpoints directly to get the updat
 
 ### Hybrid scenarios
 
-It is also possible to combine WSUS-based on-premises update distribution with cloud-based update delivery.
+It's also possible to combine WSUS-based on-premises update distribution with cloud-based update delivery.
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index 907f34dd28..ef02459999 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -1,47 +1,38 @@
 ---
 title: How Windows Update works
-description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices.
+description: In this article, learn about the process Windows Update uses to download and install updates on Windows client devices.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # How Windows Update works
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
 The Windows Update workflow has four core areas of functionality: 
 
-### Scan
-
-1. Orchestrator schedules the scan.
-2. Orchestrator verifies admin approvals and policies for download.
-
-
-### Download
-1. Orchestrator starts downloads.
-2. Windows Update downloads manifest files and provides them to the arbiter.
-3. The arbiter evaluates the manifest and tells the Windows Update client to download files.
-4. Windows Update client downloads files in a temporary folder.
-5. The arbiter stages the downloaded files.
-
-
-### Install
-1. Orchestrator starts the installation.
-2. The arbiter calls the installer to install the package.
-
-
-### Commit
-1. Orchestrator starts a restart.
-2. The arbiter finalizes before the restart.
+1. Scan
+   1. Orchestrator schedules the scan.
+   1. Orchestrator verifies admin approvals and policies for download.
+1. Download
+   1. Orchestrator starts downloads.
+   1. Windows Update downloads manifest files and provides them to the arbiter.
+   1. The arbiter evaluates the manifest and tells the Windows Update client to download files.
+   1. Windows Update client downloads files in a temporary folder.
+   1. The arbiter stages the downloaded files.
+1. Install
+   1. Orchestrator starts the installation.
+   1. The arbiter calls the installer to install the package.
+1. Commit
+   1. Orchestrator starts a restart.
+   1. The arbiter finalizes before the restart.
 
 
 ## How updating works 
@@ -52,7 +43,7 @@ During the updating process, the Windows Update Orchestrator operates in the bac
 
 The Windows Update Orchestrator on your PC checks the Microsoft Update server or your WSUS endpoint for new updates at random intervals. The randomization ensures that the Windows Update server isn't overloaded with requests all at the same time. The Update Orchestrator searches only for updates that have been added since the last time updates were searched, allowing it to find updates quickly and efficiently.  
 
-When checking for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your device. It uses guidelines defined by the publisher of the update, for example, Microsoft Office including enterprise group policies. 
+When devices check for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your device. It uses guidelines defined by the publisher of the update, for example, Microsoft Office including enterprise group policies. 
 
 Make sure you're familiar with the following terminology related to Windows Update scan:
 
@@ -61,8 +52,8 @@ Make sure you're familiar with the following terminology related to Windows Upda
 |Update|We use this term to mean several different things, but in this context it's the actual updated code or change.| 
 |Bundle update|An update that contains 1-N child updates; doesn't contain payload itself.| 
 |Child update|Leaf update that's bundled by another update; contains payload.| 
-|Detector update|A special "update" that contains "IsInstalled" applicability rule only and no payload. Used for prereq evaluation.| 
-|Category update|A special "detectoid" that has an **IsInstalled** rule that is always true. Used for grouping updates and to allow the device to filter updates. |
+|Detector update|A special update that contains `IsInstalled` applicability rule only and no payload. Used for prerequisite evaluation.| 
+|Category update|A special `detectoid` that has an `IsInstalled` rule that is always true. Used for grouping updates and allowing the device to filter updates. |
 |Full scan|Scan with empty datastore.| 
 |Delta scan|Scan with updates from previous scan already cached in datastore.| 
 |Online scan|Scan that uses the network and to check an update server. |
@@ -80,7 +71,7 @@ Windows Update does the following actions when it runs a scan.
 #### Starts the scan for updates  
 When users start scanning in Windows Update through the Settings panel, the following occurs:  
 
-- The scan first generates a “ComApi” message. The caller (Microsoft Defender Antivirus) tells the Windows Update engine to scan for updates. 
+- The scan first generates a `ComApi` message. The caller (Microsoft Defender Antivirus) tells the Windows Update engine to scan for updates. 
 - "Agent" messages: queueing the scan, then actually starting the work: 
    - Updates are identified by the different IDs ("ID = 10", "ID = 11") and from the different thread ID numbers. 
    - Windows Update uses the thread ID filtering to concentrate on one particular task. 
@@ -88,9 +79,9 @@ When users start scanning in Windows Update through the Settings panel, the foll
       ![Windows Update scan log 1.](images/update-scan-log-1.png)
       
 #### Proxy Behavior
-For Windows Update (WU) scans URLs that are used for update detection ([MS-WUSP]: SimpleAuth Web Service | Microsoft Docs, [MS-WUSP]: Client Web Service | Microsoft Docs):
+For Windows Update (WU) scans URLs that are used for update detection ([MS-WUSP: SimpleAuth Web Service](/openspecs/windows_protocols/ms-wusp/61235469-6c2f-4c08-9749-e35d52c16899), [MS-WUSP: Client Web Service](/openspecs/windows_protocols/ms-wusp/69093c08-da97-445e-a944-af0bef36e4ec)):
 - System proxy is attempted (set using the `netsh` command).
-- If WUA fails to reach the service due to a certain proxy, service, or authentication error code, then user proxy is attempted (generally it is the logged-in user).
+- If WUA fails to reach the service due to a certain proxy, service, or authentication error code, then user proxy is attempted (generally it's the logged-in user).
 
     > [!Note]
     > For intranet WSUS update service URLs, we provide an option via Windows Update policy to select the proxy behavior.
@@ -130,13 +121,13 @@ Common update failure is caused due to network issues. To find the root of the i
    > [!NOTE]
    > If the search is against WSUS or Configuration Manager, you can ignore warning messages for the Service Locator Service. 
 
-- On sites that only use WSUS or Configuration Manager, the Service Locator Service might be blocked at the firewall. In this case the request will fail, and though the service can’t scan against Windows Update or Microsoft Update, it can still scan against WSUS or Configuration Manager, since it’s locally configured.
+- On sites that only use WSUS or Configuration Manager, the Service Locator Service might be blocked at the firewall. In this case the request will fail, and though the service can't scan against Windows Update or Microsoft Update, it can still scan against WSUS or Configuration Manager, since it's locally configured.
    ![Windows Update scan log 3.](images/update-scan-log-3.png)
    
 ## Downloading updates 
 ![Windows Update download step.](images/update-download-step.png)
 
-Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does operation in the background without interrupting your normal use of the device.  
+Once the Windows Update Orchestrator determines which updates apply to your computer, it begins downloading the updates, if you have selected the option to automatically download updates. It does operation in the background without interrupting your normal use of the device.  
 
 To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses Delivery Optimization, which downloads updates and reduces bandwidth consumption. 
  
diff --git a/windows/deployment/update/images/UC_tile_assessing.PNG b/windows/deployment/update/images/UC_tile_assessing.PNG
deleted file mode 100644
index 2709763570..0000000000
Binary files a/windows/deployment/update/images/UC_tile_assessing.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_tile_filled.PNG b/windows/deployment/update/images/UC_tile_filled.PNG
deleted file mode 100644
index f7e1bab284..0000000000
Binary files a/windows/deployment/update/images/UC_tile_filled.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_workspace_DO_status.PNG b/windows/deployment/update/images/UC_workspace_DO_status.PNG
deleted file mode 100644
index fa7550f0f5..0000000000
Binary files a/windows/deployment/update/images/UC_workspace_DO_status.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_workspace_FU_status.PNG b/windows/deployment/update/images/UC_workspace_FU_status.PNG
deleted file mode 100644
index 14966b1d8a..0000000000
Binary files a/windows/deployment/update/images/UC_workspace_FU_status.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_workspace_SU_status.PNG b/windows/deployment/update/images/UC_workspace_SU_status.PNG
deleted file mode 100644
index 3564c9b6e5..0000000000
Binary files a/windows/deployment/update/images/UC_workspace_SU_status.PNG and /dev/null differ
diff --git a/windows/deployment/update/images/UC_workspace_needs_attention.png b/windows/deployment/update/images/UC_workspace_needs_attention.png
deleted file mode 100644
index be8033a9d6..0000000000
Binary files a/windows/deployment/update/images/UC_workspace_needs_attention.png and /dev/null differ
diff --git a/windows/deployment/update/images/UC_workspace_safeguard_queries.png b/windows/deployment/update/images/UC_workspace_safeguard_queries.png
deleted file mode 100644
index 36bb54260b..0000000000
Binary files a/windows/deployment/update/images/UC_workspace_safeguard_queries.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-workspace-overview-blade.png b/windows/deployment/update/images/uc-workspace-overview-blade.png
deleted file mode 100644
index 18dce5e831..0000000000
Binary files a/windows/deployment/update/images/uc-workspace-overview-blade.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png b/windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png
deleted file mode 100644
index 4f11e64555..0000000000
Binary files a/windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png and /dev/null differ
diff --git a/windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png b/windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png
deleted file mode 100644
index b4c348b964..0000000000
Binary files a/windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png and /dev/null differ
diff --git a/windows/deployment/update/includes/wufb-reports-endpoints.md b/windows/deployment/update/includes/wufb-reports-endpoints.md
index 1975275322..388592c36c 100644
--- a/windows/deployment/update/includes/wufb-reports-endpoints.md
+++ b/windows/deployment/update/includes/wufb-reports-endpoints.md
@@ -5,7 +5,7 @@ manager: aaroncz
 ms.technology: itpro-updates
 ms.prod: windows-client
 ms.topic: include
-ms.date: 04/06/2022
+ms.date: 08/21/2023
 ms.localizationpriority: medium
 ---
 <!--This file is shared by updates/wufb-reports-prerequisites.md and the update/update-compliance-configuration-manual.md articles. Headings are driven by article context.  -->
@@ -14,10 +14,11 @@ Devices must be able to contact the following endpoints in order to authenticate
 
 | **Endpoint**  | **Function**  |
 |---------------------------------------------------------|-----------|
-| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Windows Update for Business reports. |
-| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
-| `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
-| `https://adl.windows.com` | Required for Windows Update functionality. |
-| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. |
-| `https://oca.telemetry.microsoft.com`  | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
-| `https://login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
+| `*v10c.events.data.microsoft.com` </br> </br> `eu-v10c.events.data.microsoft.com` for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn) <!--8141818--> | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Windows Update for Business reports. |
+| `umwatsonc.events.data.microsoft.com` </br> </br> `eu-watsonc.events.data.microsoft.com` for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn) | Windows Error Reporting (WER), used to provide more advanced error reporting if certain Feature Update deployment failures occur. |
+| `v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
+| `settings-win.data.microsoft.com` | Used by Windows components and applications to dynamically update their configuration. Required for Windows Update functionality. |
+| `adl.windows.com` | Required for Windows Update functionality. |
+| `oca.telemetry.microsoft.com`  | Online Crash Analysis, used to provide device-specific recommendations and detailed errors if there are certain crashes. |
+| `login.live.com` | This endpoint facilitates your Microsoft account access and is required to create the primary identifier we use for devices. Without this service, devices won't be visible in the solution. The Microsoft Account Sign-in Assistant service must also be running (wlidsvc). |
+| `*.blob.core.windows.net` | Azure blob data storage.|
\ No newline at end of file
diff --git a/windows/deployment/update/includes/wufb-reports-recommend.md b/windows/deployment/update/includes/wufb-reports-recommend.md
deleted file mode 100644
index afd3f56219..0000000000
--- a/windows/deployment/update/includes/wufb-reports-recommend.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
-ms.topic: include
-ms.date: 12/05/2022
-ms.localizationpriority: medium
----
-<!--This file is shared by all Update Compliance v1 articles.  -->
-
-> [!Important]
-> Update Compliance was [retired](/windows/whats-new/feature-lifecycle#terminology) on March 31, 2023 and the service has been [removed](/windows/whats-new/removed-features). Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md). Support for Update Compliance ended on March 31, 2023. <!--7748874-->
diff --git a/windows/deployment/update/includes/wufb-reports-script-error-codes.md b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
index 5dc0512de0..a6ca5fedc8 100644
--- a/windows/deployment/update/includes/wufb-reports-script-error-codes.md
+++ b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
@@ -5,58 +5,45 @@ manager: aaroncz
 ms.technology: itpro-updates
 ms.prod: windows-client
 ms.topic: include
-ms.date: 08/18/2022
+ms.date: 07/11/2023
 ms.localizationpriority: medium
 ---
-<!--This file is shared by updates/wufb-reports-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context.  -->
-|Error  |Description  |
-|---------|---------|
-| 1    | General unexpected error|
-| 6    | Invalid CommercialID|
-| 8    | Couldn't create registry key path to set up CommercialID|
-| 9    | Couldn't write CommercialID at registry key path|
-| 11    | Unexpected result when setting up CommercialID.|
-| 12    | CheckVortexConnectivity failed, check Log output for more information.|
+<!--This file is shared by updates/wufb-reports-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context. Updated with 8099827 -->
+| Error  | Description|
+|---|---|
+| 1    | Unexpected error |
+| 12    | CheckVortexConnectivity failed, check the log output for more information. |
 | 12    | Unexpected failure when running CheckVortexConnectivity.|
-| 16    | Reboot is pending on device, restart device and restart script.|
+| 16    | Reboot is pending on device. Restart the device then re rerun the script.|
 | 17    | Unexpected exception in CheckRebootRequired.|
 | 27    | Not system account. |
 | 30    | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
-| 34    | Unexpected exception when attempting to check  Proxy settings.|
-| 35    | Unexpected exception when checking User Proxy.|
-| 37    | Unexpected exception when collecting logs|
+| 34    | Unexpected exception when attempting to check proxy settings.|
+| 35    | Unexpected exception when checking user proxy.|
+| 37    | Unexpected exception when collecting logs.|
 | 40    | Unexpected exception when checking and setting telemetry.|
 | 41    | Unable to impersonate logged-on user.|
 | 42    | Unexpected exception when attempting to impersonate logged-on user.|
 | 43    | Unexpected exception when attempting to impersonate logged-on user.|
 | 44    | Error when running CheckDiagTrack service.|
 | 45    | DiagTrack.dll not found.|
-| 48    | CommercialID isn't a GUID|
 | 50    | DiagTrack service not running.|
-| 51    | Unexpected exception when attempting to run Census.exe|
-| 52    | Couldn't find Census.exe|
-| 53    | There are conflicting CommercialID values.|
+| 51    | Unexpected exception when attempting to run Census.exe. |
+| 52    | Couldn't find Census.exe. |
 | 54    | Microsoft Account Sign In Assistant (MSA) Service disabled.|
-| 55    | Failed to create new registry path for SetDeviceNameOptIn|
-| 56    | Failed to create property for SetDeviceNameOptIn at registry path|
-| 57    | Failed to update value for SetDeviceNameOptIn|
-| 58    | Unexpected exception in SetrDeviceNameOptIn|
+| 55    | Failed to create new registry path for SetDeviceNameOptIn.|
+| 56    | Failed to create property for SetDeviceNameOptIn at registry path.|
+| 57    | Failed to update value for SetDeviceNameOptIn. |
+| 58    | Unexpected exception in SetDeviceNameOptIn.|
 | 59    | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
 | 60    | Failed to delete registry key when attempting to clean up OneSettings.|
 | 61    | Unexpected exception when attempting to clean up OneSettings.|
-| 62    | AllowTelemetry registry key isn't of the correct type REG_DWORD|
+| 62    | AllowTelemetry registry key isn't the correct type of REG_DWORD.|
 | 63    | AllowTelemetry isn't set to the appropriate value and it couldn't be set by the script.|
-| 64    | AllowTelemetry isn't of the correct type REG_DWORD.|
+| 64    | AllowTelemetry isn't the correct type of REG_DWORD.|
 | 66    | Failed to verify UTC connectivity and recent uploads.|  
 | 67    | Unexpected failure when verifying UTC CSP.|
-| 91    | Failed to create new registry path for EnableAllowUCProcessing|
-| 92    | Failed to create property for EnableAllowUCProcessing at registry path|
-| 93    | Failed to update value for EnableAllowUCProcessing|
-| 94    | Unexpected exception in EnableAllowUCProcessing|
-| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
-| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
-| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
-| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
-| 99    | Device isn't Windows 10.|
-| 100 | Device must be AADJ or hybrid AADJ to use Windows Update for Business reports or Update Compliance |
-| 101 | Check AADJ failed with unexpected exception |
\ No newline at end of file
+| 99    | Device isn't Windows 10 or Windows 11.|
+| 100   | Device must be Azure AD joined or hybrid Azure AD joined to use Windows Update for Business reports.|
+| 101   | Check Azure AD join failed with unexpected exception.|
+| 102   | DisableOneSettingsDownloads policy shouldn't be enabled. Please disable this policy.|
diff --git a/windows/deployment/update/includes/wufb-reports-verify-device-configuration.md b/windows/deployment/update/includes/wufb-reports-verify-device-configuration.md
deleted file mode 100644
index 1818d4452d..0000000000
--- a/windows/deployment/update/includes/wufb-reports-verify-device-configuration.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.technology: itpro-updates
-ms.prod: windows-client
-ms.topic: include
-ms.date: 08/10/2022
-ms.localizationpriority: medium
----
-<!--This file is used by update/wufb-reports-configuration-script.md articles. It was dropped from updates/wufb-reports-help.md. Headings are driven by article context.  -->
-
-In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
-
-1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer).
-   1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
-   1. Under **View diagnostic data**, select **On** for the following option:
-
-       - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)**
-       - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)**
-
-1. Select **Open Diagnostic Data Viewer**.
-   - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer  from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
-   - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed.
-
-1. Check for software updates on the client device.
-    - Windows 11:
-       1. Go to **Start**, select **Settings** > **Windows Update**.
-       1. Select **Check for updates** then wait for the update check to complete.  
-    - Windows 10:  
-       1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**.
-       1. Select **Check for updates** then wait for the update check to complete.
-
-1. Run the **Diagnostic Data Viewer**.
-   1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
-   1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
-1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
-   - The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for [Windows Update for Business reports](../wufb-reports-overview.md), but the value may still be listed in this field.
-   - The **MSP** field value under **protocol** should be either `16` or `18`.
-   - If you need to send this data to Microsoft Support, select **Export data**.  
-
-   :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="../media/wufb-reports-diagnostic-data-viewer.png" lightbox="../media/wufb-reports-diagnostic-data-viewer.png"::: 
-
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
deleted file mode 100644
index 98552e3194..0000000000
--- a/windows/deployment/update/index.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Update Windows client in enterprise deployments
-description: Windows as a service provides an all-new way to think about building, deploying, and servicing Windows client.
-ms.prod: windows-client
-author: mestew
-manager: aaroncz
-ms.localizationpriority: high
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 12/31/2017
----
-
-# Update Windows client in enterprise deployments
-
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
-
-Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly. It spreads out the required effort into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. 
-
-
- 
-
-## In this section
-
-| Article | Description|
-| --- | --- |
-| [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the servicing model for Windows client. |
-| [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
-| [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy.  |
-| [Assign devices to servicing branches for Windows client updates](waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the General Availability Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
-| [Monitor Windows Updates with Windows Update for Business reports](wufb-reports-overview.md) | Explains how to use Windows Update for Business reports to monitor and manage Windows Updates on devices in your organization.  |
-| [Optimize update delivery](../do/waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
-| [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |
-| [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. |
-| [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates.  |
-| [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. |
-| [Manage more Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
-| [Windows Insider Program for Business](/windows-insider/business/register) | Explains how the Windows Insider Program for Business works and how to become an insider. |
-
->[!TIP]
->For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.
diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md
index c1312b6132..e2f3ab0e3c 100644
--- a/windows/deployment/update/media-dynamic-update.md
+++ b/windows/deployment/update/media-dynamic-update.md
@@ -1,25 +1,23 @@
 ---
 title: Update Windows installation media with Dynamic Update
-description: Learn how to deploy feature updates to your mission critical devices
+description: Learn how to acquire and apply Dynamic Update packages to existing Windows images prior to deployment
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 05/09/2023
 ms.reviewer: stevedia
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 07/17/2023
 ---
 
 # Update Windows installation media with Dynamic Update
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
-This topic explains how to acquire and apply Dynamic Update packages to existing Windows images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process.
+This article explains how to acquire and apply Dynamic Update packages to existing Windows images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process.
 
 Volume-licensed media is available for each release of Windows in the Volume Licensing Service Center (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. You can use Dynamic Update to ensure that Windows devices have the latest feature update packages as part of an in-place upgrade while preserving language pack and Features on Demand (FODs) that might have been previously installed. Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process.
 
@@ -29,7 +27,7 @@ Whenever installation of a feature update starts (whether from media or an envir
 
 - Updates to Setup.exe binaries or other files that Setup uses for feature updates
 - Updates for the "safe operating system" (SafeOS) that is used for the Windows recovery environment
-- Updates to the servicing stack necessary to complete the feature update (see [Servicing stack updates](servicing-stack-updates.md) for more information)
+- Updates to the servicing stack necessary to complete the feature update For more information, see [Servicing stack updates](servicing-stack-updates.md).
 - The latest cumulative (quality) update
 - Updates to applicable drivers already published by manufacturers specifically intended for Dynamic Update
 
@@ -39,20 +37,40 @@ Devices must be able to connect to the internet to obtain Dynamic Updates. In so
 
 ## Acquire Dynamic Update packages
 
-You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. For example, you could enter *1809 Dynamic Update x64*, which would return results like this:
+You can obtain Dynamic Update packages from the [Microsoft Update Catalog](https://catalog.update.microsoft.com). At that site, use the search bar in the upper right to find the Dynamic Update packages for a particular release. The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. Check various parts of the results to be sure you've identified the needed files. The following tables show the key values to search for or look for in the results. 
 
-![Table with columns labeled Title, Products, Classification, Last Updated, Version, and Size and four rows listing various dynamic updates and associated KB articles.](images/update-catalog.png)
+### Windows 11, version 22H2 Dynamic Update packages
+**Title** can distinguish each Dynamic Package. Cumulative updates have the servicing stack embedded. The servicing stack is published only if necessary for a given cumulative update.
 
-The various Dynamic Update packages might not all be present in the results from a single search, so you might have to search with different keywords to find all of the updates. And you'll need to check various parts of the results to be sure you've identified the needed files. This table shows in **bold** the key items to search for or look for in the results. For example, to find the relevant "Setup Dynamic Update," you'll have to check the detailed description for the download by selecting the link in the **Title** column of the search results.
+| Update packages                   |Title                                                          |
+|-----------------------------------|---------------------------------------------------------------|
+|Safe OS Dynamic Update             | YYYY-MM Safe OS Dynamic Update for Windows 11 Version 22H2    |
+|Setup Dynamic Update               | YYYY-MM Setup Dynamic Update for Windows 11 Version 22H2      |
+|Latest cumulative update           | YYYY-MM Cumulative Update for Windows 11 Version 22H2         |
+|Servicing stack Dynamic Update     | YYYY-MM Servicing Stack Update for Windows 11 Version 22H2    |
 
-|To find this Dynamic Update packages, search for or check the results here  |Title  |Product  |Description (select the **Title** link to see **Details**)  |
-|---------|---------|---------|---------|
-|Safe OS Dynamic Update      | 2019-08 Dynamic Update...        | Windows 10 Dynamic Update, Windows **Safe OS Dynamic Update**         | ComponentUpdate:        |
-|Setup Dynamic Update     | 2019-08 Dynamic Update...         | Windows 10 Dynamic Update        | **SetupUpdate**        |
-|Latest cumulative update     | 2019-08 **Cumulative Update for Windows 10**    |  Windows 10       |  Install this update to resolve issues in Windows...       |
-|Servicing stack Dynamic Update     | 2019-09 **Servicing Stack Update for Windows 10**        |  Windows 10...       | Install this update to resolve issues in Windows...        |
 
-If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, since Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image.
+### Windows 11, version 21H2 Dynamic Update packages
+**Title**, **Product** and **Description** are required to distinguish each Dynamic Package. Latest cumulative update has the servicing stack embedded. Servicing stack published separately only if necessary as a prerequisite for a given cumulative update.
+
+| Update packages                   |Title                                                          |Product                                       |Description       |
+|-----------------------------------|---------------------------------------------------------------|----------------------------------------------|------------------|
+|Safe OS Dynamic Update             | YYYY-MM Dynamic Update for Windows 11                         |Windows Safe OS Dynamic Update                | ComponentUpdate  |
+|Setup Dynamic Update               | YYYY-MM Dynamic Update for Windows 11                         |Windows 10 and later Dynamic Update           | SetupUpdate      |
+|Latest cumulative update           | YYYY-MM Cumulative Update for Windows 11                      |                                              |                  |
+|Servicing stack Dynamic Update     | YYYY-MM Servicing Stack Update for Windows 11 Version 21H2    |                                              |                  |
+
+### For Windows 10, version 22H2 Dynamic Update packages
+**Title**, **Product** and **Description** are required to distinguish each Dynamic Package. Latest cumulative update has the servicing stack embedded. Servicing stack published separately only if necessary as a prerequisite for a given cumulative update.
+
+| Update packages                   |Title                                                          |Product                                       |Description       |
+|-----------------------------------|---------------------------------------------------------------|----------------------------------------------|------------------|
+|Safe OS Dynamic Update             | YYYY-MM Dynamic Update for Windows 10 Version 22H2            |Windows Safe OS Dynamic Update                | ComponentUpdate  |
+|Setup Dynamic Update               | YYYY-MM Dynamic Update for Windows 10 Version 22H2            |Windows 10 and later Dynamic Update           | SetupUpdate      |
+|Latest cumulative update           | YYYY-MM Cumulative Update for Windows 10 Version 22H2         |                                              |                  |
+|Servicing stack Dynamic Update     | YYYY-MM Servicing Stack Update for Windows 10 Version 22H2    |                                              |                  |
+
+If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, if Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image.
 
 ## Update Windows installation media
 
@@ -63,56 +81,56 @@ Properly updating the installation media involves a large number of actions oper
 - Windows operating system: one or more editions of Windows stored in \sources\install.wim
 - Windows installation media: the complete collection of files and folders in the Windows installation media. For example, \sources folder, \boot folder, Setup.exe, and so on.
 
-This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26).
+This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding boot manager from WinPE to the new media (28).
 
-|Task  |WinRE (winre.wim)  |WinPE (boot.wim)  |Operating system (install.wim)  | New media |
-|---------|---------|---------|---------|------|
-|Add servicing stack Dynamic Update     |  1       | 9        | 18        |
-|Add language pack     | 2        |   10      |  19       |
-|Add localized optional packages     |  3       | 11        |         |
-|Add font support     |  4       |  12       |         |
-|Add text-to-speech      | 5        |   13      |         |
-|Update Lang.ini     |         |  14       |         |
-|Add Features on Demand     |         |         |  20       |
-|Add Safe OS Dynamic Update     | 6        |        |       |
-|Add Setup Dynamic Update     |         |         |         | 26
-|Add setup.exe from WinPE     |         |         |         | 27
-|Add boot manager from WinPE     |         |         |         | 28
-|Add latest cumulative update     |         | 15        | 21        |
-|Clean up the image     |  7       | 16        | 22        |
-|Add Optional Components     |         |         |  23       |
-|Add .NET and .NET cumulative updates     |         |        | 24        |
-|Export image     | 8        |  17       | 25        |
+|Task                               |WinRE (winre.wim)  |WinPE (boot.wim)  |Operating system (install.wim)  | New media |
+|-----------------------------------|-------------------|------------------|--------------------------------|-----------|
+|Add servicing stack Dynamic Update | 1                 | 9                | 18                             |           | 
+|Add language pack                  | 2                 | 10               | 19                             |           |
+|Add localized optional packages    | 3                 | 11               |                                |           |
+|Add font support                   | 4                 | 12               |                                |           |
+|Add text-to-speech                 | 5                 | 13               |                                |           |
+|Update Lang.ini                    |                   | 14               |                                |           |
+|Add Features on Demand             |                   |                  | 20                             |           |
+|Add Safe OS Dynamic Update         | 6                 |                  |                                |           |
+|Add Setup Dynamic Update           |                   |                  |                                | 26        |
+|Add setup.exe from WinPE           |                   |                  |                                | 27        |
+|Add boot manager from WinPE        |                   |                  |                                | 28        |
+|Add latest cumulative update       |                   | 15               | 21                             |           |
+|Clean up the image                 | 7                 | 16               | 22                             |           |
+|Add Optional Components            |                   |                  | 23                             |           |
+|Add .NET and .NET cumulative updates |                 |                  | 24                             |           |
+|Export image                       | 8                 | 17               | 25                             |           |
 
 > [!NOTE]
 > Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](./servicing-stack-updates.md).
 
 > [!NOTE]
-> Microsoft will remove the Flash component from Windows through KB4577586, “Update for Removal of Adobe Flash Player”. You can also remove Flash anytime by deploying the update in KB4577586 (available on the Catalog) between steps 20 and 21. As of July 2021, KB4577586, “Update for Removal of Adobe Flash Player” will be included in the latest cumulative update for Windows 10, versions 1607 and 1507. The update will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard. For more information, see [Update on Adobe Flash Player End of Support](https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/).
+> Microsoft will remove the Flash component from Windows through KB4577586, "Update for Removal of Adobe Flash Player". You can also remove Flash anytime by deploying the update in KB4577586 (available on the Catalog) between steps 20 and 21. As of July 2021, KB4577586, "Update for Removal of Adobe Flash Player" will be included in the latest cumulative update for Windows 10, versions 1607 and 1507. The update will also be included in the Monthly Rollup and the Security Only Update for Windows 8.1, Windows Server 2012, and Windows Embedded 8 Standard. For more information, see [Update on Adobe Flash Player End of Support](https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/).
 
 ### Multiple Windows editions
 
-The main operating system file (install.wim) contains multiple editions of Windows. It’s possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
+The main operating system file (install.wim) contains multiple editions of Windows. It's possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
 
 ### Additional languages and features
 
 You don't have to add more languages and features to the image to accomplish the updates, but it's an opportunity to customize the image with more languages, Optional Components, and Features on Demand beyond what is in your starting image. To do this, it's important to make these changes in the correct order: first apply servicing stack updates, followed by language additions, then by feature additions, and finally the latest cumulative update. The provided sample script installs a second language (in this case Japanese (ja-JP)). Since this language is backed by an lp.cab, there's no need to add a Language Experience Pack. Japanese is added to both the main operating system and to the recovery environment to allow the user to see the recovery screens in Japanese. This includes adding localized versions of the packages currently installed in the recovery image.
 
-Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid this. One option is to skip the image cleanup step, though that will result in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you will have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
+Optional Components, along with the .NET feature, can be installed offline, however doing so creates pending operations that require the device to restart. As a result, the call to perform image cleanup would fail. There are two options to avoid this. One option is to skip the image cleanup step, though that results in a larger install.wim. Another option is to install the .NET and Optional Components in a step after cleanup but before export. This is the option in the sample script. By doing this, you'll have to start with the original install.wim (with no pending actions) when you maintain or update the image the next time (for example, the next month).
 
 ## Windows PowerShell scripts to apply Dynamic Updates to an existing image
 
 These examples are for illustration only, and therefore lack error handling. The script assumes that the following packages are stored locally in this folder structure:
 
-|Folder  |Description  |
-|---------|---------|
-|C:\mediaRefresh     |  Parent folder that contains the PowerShell script       |
-|C:\mediaRefresh\oldMedia |  Folder that contains the original media that will be refreshed. For example, contains Setup.exe, and \sources folder.       |
-|C:\mediaRefresh\newMedia     | Folder that will contain the updated media. It is copied from \oldMedia, then used as the target for all update and cleanup operations.        |
+|Folder                     |Description                                                                                                                              |
+|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|
+|C:\mediaRefresh            | Parent folder that contains the PowerShell script                                                                                       |
+|C:\mediaRefresh\oldMedia   | Folder that contains the original media that will be refreshed. For example, contains Setup.exe, and \sources folder.                   |
+|C:\mediaRefresh\newMedia   | Folder that will contain the updated media. It's copied from \oldMedia, then used as the target for all update and cleanup operations. |
 
 ### Get started
 
-The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there is a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they are not read-only.
+The script starts by declaring global variables and creating folders to use for mounting images. Then, make a copy of the original media, from \oldMedia to \newMedia, keeping the original media in case there's a script error and it's necessary to start over from a known state. Also, it will provide a comparison of old versus new media to evaluate changes. To ensure that the new media updates, make sure they aren't read-only.
 
 ```powershell
 #Requires -RunAsAdministrator
@@ -126,8 +144,10 @@ $LANG  = "ja-jp"
 $LANG_FONT_CAPABILITY = "jpan"
 
 # Declare media for FOD and LPs
+# Note: Starting with Windows 11, version 21H2, the language pack (LANGPACK) ISO has been superseded by the FOD ISO.
+# Language packs and the \Windows Preinstallation Environment packages are part of the LOF ISO.
+# If you are using this script for Windows 10, modify to mount and use the LANGPACK ISO.
 $FOD_ISO_PATH    = "C:\mediaRefresh\packages\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso"
-$LP_ISO_PATH     = "C:\mediaRefresh\packages\CLIENTLANGPACKDVD_OEM_MULTI.iso"
 
 # Declare Dynamic Update packages
 $LCU_PATH        = "C:\mediaRefresh\packages\LCU.msu"
@@ -144,24 +164,23 @@ $MAIN_OS_MOUNT   = "C:\mediaRefresh\temp\MainOSMount"
 $WINRE_MOUNT     = "C:\mediaRefresh\temp\WinREMount"
 $WINPE_MOUNT     = "C:\mediaRefresh\temp\WinPEMount"
 
-# Mount the language pack ISO
-Write-Output "$(Get-TS): Mounting LP ISO"
-$LP_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
+# Mount the Features on Demand ISO
+Write-Output "$(Get-TS): Mounting FOD ISO"
+$FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
+
+# Note: Starting with Windows 11, version 21H2, the correct path for main OS language and optional features
+# moved to \LanguagesAndOptionalFeatures instead of the root. For Windows 10, use $FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\"
+$FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\LanguagesAndOptionalFeatures"
 
 # Declare language related cabs
-$WINPE_OC_PATH              = "$LP_ISO_DRIVE_LETTER`:\Windows Preinstallation Environment\x64\WinPE_OCs"
+$WINPE_OC_PATH              = "$FOD_ISO_DRIVE_LETTER`:\Windows Preinstallation Environment\x64\WinPE_OCs"
 $WINPE_OC_LANG_PATH         = "$WINPE_OC_PATH\$LANG"
 $WINPE_OC_LANG_CABS         = Get-ChildItem $WINPE_OC_LANG_PATH -Name
 $WINPE_OC_LP_PATH           = "$WINPE_OC_LANG_PATH\lp.cab"
 $WINPE_FONT_SUPPORT_PATH    = "$WINPE_OC_PATH\WinPE-FontSupport-$LANG.cab"
 $WINPE_SPEECH_TTS_PATH      = "$WINPE_OC_PATH\WinPE-Speech-TTS.cab"
 $WINPE_SPEECH_TTS_LANG_PATH = "$WINPE_OC_PATH\WinPE-Speech-TTS-$LANG.cab"
-$OS_LP_PATH                 = "$LP_ISO_DRIVE_LETTER`:\x64\langpacks\Microsoft-Windows-Client-Language-Pack_x64_$LANG.cab"
-
-# Mount the Features on Demand ISO
-Write-Output "$(Get-TS): Mounting FOD ISO"
-$FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter
-$FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\"
+$OS_LP_PATH                 = "$FOD_PATH\Microsoft-Windows-Client-Language-Pack_x64_$LANG.cab"
 
 # Create folders for mounting images and storing temporary files
 New-Item -ItemType directory -Path $WORKING_PATH -ErrorAction Stop | Out-Null
@@ -199,7 +218,7 @@ Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MO
 # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
 # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined 
 # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and 
-# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined 
+# Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined 
 # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined 
 # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the 
 # combined cumulative update can be installed. 
@@ -231,7 +250,7 @@ Catch
 }
 
 # The second approach for Step 1 is for Windows releases that have not adopted the combined cumulative update
-# but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+# but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
 # update. This second approach is commented out below.
 
 # Write-Output "$(Get-TS): Adding package $SSU_PATH"
@@ -288,7 +307,7 @@ Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SAFE_OS_DU_PATH -ErrorAction
 
 # Perform image cleanup
 Write-Output "$(Get-TS): Performing image cleanup on WinRE"
-DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
+DISM /image:$WINRE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
 
 # Dismount
 Dismount-WindowsImage -Path $WINRE_MOUNT  -Save -ErrorAction stop | Out-Null
@@ -301,7 +320,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim
 
 ### Update WinPE
 
-This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, it adds font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save the serviced boot manager files for later use in the script. Finally, the script cleans and exports Boot.wim, and copies it back to the new media.
+This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, it adds font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries aren't identical, Windows Setup will fail during installation. We'll also save the serviced boot manager files for later use in the script. Finally, the script cleans and exports Boot.wim, and copies it back to the new media.
 
 ```powershell
 #
@@ -322,7 +341,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
     # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined 
     # cumulative update that includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and 
-    # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published seperately; the combined 
+    # Windows 11, version 22H2 are examples. In these cases, the servicing stack update is not published separately; the combined 
     # cumulative update should be used for this step. However, in hopefully rare cases, there may breaking change in the combined 
     # cumulative update format, that requires a standalone servicing stack update to be published, and installed first before the 
     # combined cumulative update can be installed. 
@@ -354,7 +373,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
     }
 
     # The second approach for Step 9 is for Windows releases that have not adopted the combined cumulative update
-    # but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+    # but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
     # update. This second approach is commented out below.
 
     # Write-Output "$(Get-TS): Adding package $SSU_PATH"
@@ -415,7 +434,7 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
 
     # Perform image cleanup
     Write-Output "$(Get-TS): Performing image cleanup on WinPE"
-    DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
+    DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup /ResetBase /Defer | Out-Null
 
     if ($IMAGE.ImageIndex -eq "2") {
 
@@ -442,11 +461,11 @@ Move-Item -Path $WORKING_PATH"\boot2.wim" -Destination $MEDIA_NEW_PATH"\sources\
 
 ### Update the main operating system
 
-For this next phase, there is no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it leverages `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod).
+For this next phase, there's no need to mount the main operating system, since it was already mounted in the previous scripts. This script starts by applying the servicing stack Dynamic Update. Then, it adds Japanese language support and then the Japanese language features. Unlike the Dynamic Update packages, it uses `Add-WindowsCapability` to add these features. For a full list of such features, and their associated capability name, see [Available Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod).
 
 Now is the time to enable other Optional Components or add other Features on Demand. If such a feature has an associated cumulative update (for example, .NET), this is the time to apply those. The script then proceeds with applying the latest cumulative update. Finally, the script cleans and exports the image.
 
-You can install Optional Components, along with the .NET feature, offline, but that will require the device to be restarted. This is why the script installs .NET and Optional Components after cleanup and before export.
+You can install Optional Components, along with the .NET feature, offline, but that requires the device to be restarted. This is why the script installs .NET and Optional Components after cleanup and before export.
 
 ```powershell
 #
@@ -458,7 +477,7 @@ You can install Optional Components, along with the .NET feature, offline, but t
 # Depending on the Windows release that you are updating, there are 2 different approaches for updating the servicing stack
 # The first approach is to use the combined cumulative update. This is for Windows releases that are shipping a combined cumulative update that
 # includes the servicing stack updates (i.e. SSU + LCU are combined). Windows 11, version 21H2 and Windows 11, version 22H2 are examples. In these
-# cases, the servicing stack update is not published seperately; the combined cumulative update should be used for this step. However, in hopefully
+# cases, the servicing stack update is not published separately; the combined cumulative update should be used for this step. However, in hopefully
 # rare cases, there may breaking change in the combined cumulative update format, that requires a standalone servicing stack update to be published, 
 # and installed first before the combined cumulative update can be installed. 
 
@@ -471,7 +490,7 @@ Write-Output "$(Get-TS): Adding package $LCU_PATH"
 Add-WindowsPackage -Path $MAIN_OS_MOUNT -PackagePath $LCU_PATH | Out-Null  
 
 # The second approach for Step 18 is for Windows releases that have not adopted the combined cumulative update
-# but instead continue to have a seperate servicing stack update published. In this case, we'll install the SSU
+# but instead continue to have a separate servicing stack update published. In this case, we'll install the SSU
 # update. This second approach is commented out below.
 
 # Write-Output "$(Get-TS): Adding package $SSU_PATH"
@@ -590,7 +609,6 @@ Remove-Item -Path $WORKING_PATH -Recurse -Force -ErrorAction stop | Out-Null
 
 # Dismount ISO images
 Write-Output "$(Get-TS): Dismounting ISO images"
-Dismount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Out-Null
 Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Out-Null
 
 Write-Output "$(Get-TS): Media refresh completed!"
diff --git a/windows/deployment/update/media/33771278-update-deployment-status-table.png b/windows/deployment/update/media/33771278-update-deployment-status-table.png
deleted file mode 100644
index 858e340f73..0000000000
Binary files a/windows/deployment/update/media/33771278-update-deployment-status-table.png and /dev/null differ
diff --git a/windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png b/windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png
deleted file mode 100644
index 7f1dddf600..0000000000
Binary files a/windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png and /dev/null differ
diff --git a/windows/deployment/update/media/7760853-wufb-reports-time-generated.png b/windows/deployment/update/media/7760853-wufb-reports-time-generated.png
new file mode 100644
index 0000000000..1a51e83b84
Binary files /dev/null and b/windows/deployment/update/media/7760853-wufb-reports-time-generated.png differ
diff --git a/windows/deployment/update/media/7991583-update-seeker-enabled.png b/windows/deployment/update/media/7991583-update-seeker-enabled.png
new file mode 100644
index 0000000000..34e0e5e413
Binary files /dev/null and b/windows/deployment/update/media/7991583-update-seeker-enabled.png differ
diff --git a/windows/deployment/update/media/8037522-workbook-summary-tab-tiles.png b/windows/deployment/update/media/8037522-workbook-summary-tab-tiles.png
new file mode 100644
index 0000000000..ab21a1bcc0
Binary files /dev/null and b/windows/deployment/update/media/8037522-workbook-summary-tab-tiles.png differ
diff --git a/windows/deployment/update/media/wufb-do-overview.png b/windows/deployment/update/media/wufb-do-overview.png
index bacdb44d25..7428434353 100644
Binary files a/windows/deployment/update/media/wufb-do-overview.png and b/windows/deployment/update/media/wufb-do-overview.png differ
diff --git a/windows/deployment/update/media/wufb-reports-diagnostic-data-viewer.png b/windows/deployment/update/media/wufb-reports-diagnostic-data-viewer.png
deleted file mode 100644
index 3579eb86e9..0000000000
Binary files a/windows/deployment/update/media/wufb-reports-diagnostic-data-viewer.png and /dev/null differ
diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
deleted file mode 100644
index 06c5076a73..0000000000
--- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Olympia Corp Retirement
-description: Learn about the retirement of Olympia Corp and how to back up your data prior to October 31, 2022.
-ms.author: lizlong
-ms.topic: article
-ms.prod: windows-client
-author: lizgt2000
-manager: aaroncz
-ms.technology: itpro-updates
-ms.date: 12/31/2017
----
-
-# Olympia Corp
-<!-- 6472736 -->
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-## Retirement of Olympia Corp
-
-Olympia Corp, a virtual corporation was set up to reflect the IT infrastructure of real world businesses.</br>
-Olympia will be formally retired on October 31, 2022.</br>
-We'll begin unassigning Olympia licenses and deleting the Olympia feedback path on Feedback Hub. Olympia Corp will no longer be a part of Windows Insider Lab for Enterprise.
-
-> [!WARNING]
-> To prevent data loss, Olympia participants need to complete the following:
-> - If you're using the provided Olympia licenses, make a back up of any data as you'll lose data once we unassign the licenses.
-> - Please remove your device from Olympia before October 31, 2022.
-
-To remove the account from Azure Active Directory, follow the steps below:
-
-  1. Open the **Settings** app.
-  1. Go to **Accounts** > **Access work or school**.
-  1. Select the connected account that you want to remove, then select **Disconnect**.
-  1. To confirm device removal, select **Yes**.
-
-- After removing your account from Olympia, log in to your device using your local account.
-
-- If you're looking for another program to join, the program we recommend is the Windows Insider Program for Business. Follow the instructions below to register:
-[Register for the Windows 10 Insider Program for Business](/windows-insider/business/register)
-<!-- https://learn.microsoft.com/en-us/windows-insider/business/register -->
-Thank you for your participation in Olympia and email Windows Insider Lab for Enterprise [olympia@microsoft.com](mailto:olympia@microsoft.com) with any questions.
diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md
index b088d43792..1245ce7f59 100644
--- a/windows/deployment/update/optional-content.md
+++ b/windows/deployment/update/optional-content.md
@@ -1,20 +1,21 @@
 ---
 title: Migrating and acquiring optional Windows content
-description: Keep language resources and Features on Demand during operating system updates
+description: How to keep language resources and Features on Demand during operating system updates for your organization.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 03/15/2023
 ---
 
 # Migrating and acquiring optional Windows content during updates
 
-***(Applies to: Windows 11 & Windows 10)***
-
 This article provides some background on the problem of keeping language resources and Features on Demand during operating system updates and offers guidance to help you move forward in the short term and prepare for the long term.
 
 When you update the operating system, it's critical to keep language resources and Features on Demand (FODs). Many commercial organizations use Configuration Manager or other management tools to distribute and orchestrate Windows client setup using a local Windows image or WIM file (a *media-based* or *task-sequence-based* update). Others do in-place updates using an approved Windows client feature update by using Windows Server Update Services (WSUS), Configuration Manager, or equivalent tools (a *servicing-based* update). 
@@ -43,7 +44,7 @@ Windows Setup needs access to the optional content. Since optional content isn't
 
 ### User-initiated feature acquisition failure
 
-The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows client, either by using a clean installation or an in-place update. The user visits **Settings**, and attempts to install a second language, more language experience features, or other optional content. Again, since these features aren't in the operating system, the packages need to be acquired. For a typical user with internet access, Windows will acquire the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can't be found, users are frustrated, and another help desk call could result. This pain point is sometimes referred to as *failure to acquire optional content*.
+The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows client, either by using a clean installation or an in-place update. The user visits **Settings**, and attempts to install a second language, more language experience features, or other optional content. Again, since these features aren't in the operating system, the packages need to be acquired. For a typical user with internet access, Windows acquires the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can't be found, users are frustrated, and another help desk call could result. This pain point is sometimes referred to as *failure to acquire optional content*.
 
 ## Options for acquiring optional content
 
@@ -77,7 +78,7 @@ Consider moving to Windows Update for Business. Not only will the optional conte
 
 Starting in March 2023, UUP has been integrated with WSUS and Configuration Manager to bring the same optional content and acquisition benefits of Windows Update to on-premises management solutions. For example:
 
-- FODs and languages will automatically migrate for devices that perform an in-place update using an approved Windows 11, version 22H2 client feature update from WSUS. Similarly, updates such as the combined cumulative update, Setup updates, and Safe OS updates will be included and current based on the month that the feature update was approved.
+- FODs and languages will automatically migrate for devices that perform an in-place update using an approved Windows 11, version 22H2 client feature update from WSUS. Similarly, updates such as the combined cumulative update, Setup updates, and Safe OS updates are included and current based on the month that the feature update was approved.
 
 - Devices that upgrade using a local Windows image but use WSUS or Configuration Manager for approving the combined cumulative update will benefit by having support for optional content acquisition in the updated Windows OS, as well as OS self-healing.
 
@@ -94,9 +95,9 @@ If you're not ready to move to Windows Update, another option is to enable Dynam
 - **Latest cumulative update**: Installs the latest cumulative quality update.
 - **Driver updates**: Latest version of applicable drivers that have already been published by manufacturers into Windows Update and meant specifically for Dynamic Update.
 
-In addition to these updates for the new operating system, Dynamic Update will acquire optional content during the update process to ensure that the device has this content present when the update completes. So, although the device isn't connected to Windows Update, it will fetch content from a nearby Microsoft content download network (CDN). This approach addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this value with `setupconfig.ini`. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
+In addition to these updates for the new operating system, Dynamic Update acquires optional content during the update process to ensure that the device has this content present when the update completes. So, although the device isn't connected to Windows Update, it fetches content from a nearby Microsoft content download network (CDN). This approach addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this value with `setupconfig.ini`. See [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details.
 
-Dynamic Update can be configured with additional options. For example, you might want to have the benefits of optional content migration without automatically acquiring the latest quality update. You can do that with the /DynamicUpdate NoLCU option of Windows Setup. Afterward, you would separately follow your existing process for testing and approving monthly updates. The downside of this approach is the device will reboot again for the latest cumulative update since it wasn't available during the feature update.
+Dynamic Update can be configured with additional options. For example, you might want to have the benefits of optional content migration without automatically acquiring the latest quality update. You can do that with the /DynamicUpdate NoLCU option of Windows Setup. Afterward, you would separately follow your existing process for testing and approving monthly updates. The downside of this approach is the device reboots again for the latest cumulative update since it wasn't available during the feature update.
 
 One further consideration when using Dynamic Update is the effect on your network. One of the top blockers for this approach is the concern that each device will separately fetch this content from Microsoft. Setup downloads Dynamic Update content using Delivery Optimization when available. For devices that aren't connected to the internet, a subset of the Dynamic Update content is available by using WSUS and the Microsoft catalog.
 
@@ -120,7 +121,7 @@ The benefit of this option is that the Windows image can include those additiona
 
 A partial solution to address the first pain point of failing to migrate optional content during upgrade is to inject a subset of optional content during the upgrade process. This approach uses the Windows Setup option [/InstallLangPacks](/windows-hardware/manufacture/desktop/windows-setup-command-line-options#installlangpacks) to add Language Packs and language capabilities such as text-to-speech recognition from a folder that contains the packages. This approach lets an IT pro take a subset of optional content and stage them within their network. If you use the servicing-based approach, you can configure InstallLangPacks using `setupconfig.ini`. For more information, see [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview).
 
-When Setup runs, it will inject these packages into the new operating system during installation. It can be an alternative to enabling Dynamic Update or customizing the operating system image before deployment. You must take care with this approach, because the packages can't be renamed. Further, the content is coming from two separate release media ISOs. The key is to copy both the FOD packages and the FOD metadata .cab from the FOD ISO into the folder, and the architecture-specific Language Pack .cabs from the LPLIP ISO. <!--Also, starting with Windows 10, version 1903, the behavior changed. In Windows 10, version 1809 and earlier, failure to install the packages wasn't a fatal error. Starting with Windows 10, version 1903,--> We treat InstallLangPacks failures as fatal, and roll back the entire upgrade. The idea is to not leave the user in a bad state since media-based upgrades don't migrate FOD and languages (unless Dynamic Update is enabled).
+When Setup runs, it injects these packages into the new operating system during installation. It can be an alternative to enabling Dynamic Update or customizing the operating system image before deployment. You must take care with this approach, because the packages can't be renamed. Further, the content is coming from two separate release media ISOs. The key is to copy both the FOD packages and the FOD metadata .cab from the FOD ISO into the folder, and the architecture-specific Language Pack .cab files from the LPLIP ISO. <!--Also, starting with Windows 10, version 1903, the behavior changed. In Windows 10, version 1809 and earlier, failure to install the packages wasn't a fatal error. Starting with Windows 10, version 1903,--> We treat InstallLangPacks failures as fatal, and roll back the entire upgrade. The idea is to not leave the user in a bad state since media-based upgrades don't migrate FOD and languages (unless Dynamic Update is enabled).
 
 This approach has some interesting benefits. The original Windows image doesn't need to be modified, possibly saving time and scripting. 
 
@@ -134,12 +135,12 @@ Several of the options address ways to address optional content migration issues
 
 - The file path to the alternate source must be a fully qualified path; multiple locations can be separated by a semicolon.
 - This setting doesn't support installing language packs from an alternate source file path, only Features on Demand. If the policy is configured to acquire content from Windows Update, language packs will be acquired.
-- If this setting isn't configured or disabled, files will be downloaded from the default Windows Update location, for example Windows Update for Business or WSUS.
+- If this setting isn't configured or disabled, files are downloaded from the default Windows Update location, for example Windows Update for Business or WSUS.
 
 For more information, see [Configure a Windows Repair Source](/windows-hardware/manufacture/desktop/configure-a-windows-repair-source).
 
 
-## Learn more
+## More resources
 
 For more information about the Unified Update Platform and the approaches outlined in this article, see the following resources:
 
@@ -156,11 +157,11 @@ For more information about the Unified Update Platform and the approaches outlin
 
 ## Sample scripts
 
-Options 4 and 6 involve the most scripting. Sample scripts for Option 4 already exist, so we'll look at sample scripts for [Option 6](#option-6-install-optional-content-after-deployment): Install Optional Content after Deployment.
+Options 4 and 6 involve the most scripting. Sample scripts for Option 4 already exist, so let's look at sample scripts for [Option 6](#option-6-install-optional-content-after-deployment): Install Optional Content after Deployment.
 
 ### Creating an optional content repository
 
-To get started, we'll build a repository of optional content and host on a network share. This content is a subset of content from the FOD and language pack ISOs that ship with each release. We'll configure this repository or repo with only those FODs our organization needs, using DISM /Export. For example, a superset based on taking inventory of optional features installed on existing devices. In this case, we exclude the Windows Mixed Reality feature. In addition, we copy all language packs to the root of the repository. 
+To get started, we build a repository of optional content and host on a network share. This content is a subset of content from the FOD and language pack ISOs that ship with each release. We configure this repository or repo with only those FODs our organization needs, using DISM /Export. For example, a superset based on taking inventory of optional features installed on existing devices. In this case, we exclude the Windows Mixed Reality feature. In addition, we copy all language packs to the root of the repository. 
 
 
 
@@ -573,7 +574,7 @@ Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction ignore | Out-Null
 
 ### Saving optional content in the source operating system
 
-To save optional content state in the source operating system, we create a custom action script to run before the operating system installs. In this script, we save optional features and language resources to a file. We also make a local copy of the repo with only those files needed based on the languages installed on the source operating system. This action will limit the files to copy.
+To save optional content state in the source operating system, we create a custom action script to run before the operating system installs. In this script, we save optional features and language resources to a file. We also make a local copy of the repo with only those files needed based on the languages installed on the source operating system. This action limits the files to copy.
 
 
 ```powershell
diff --git a/windows/deployment/update/plan-define-readiness.md b/windows/deployment/update/plan-define-readiness.md
index cf56100362..3116459b20 100644
--- a/windows/deployment/update/plan-define-readiness.md
+++ b/windows/deployment/update/plan-define-readiness.md
@@ -1,26 +1,26 @@
 ---
 title: Define readiness criteria
-description: Identify important roles and figure out how to classify apps
+description: Identify important roles and figure out how to classify apps so you can plan and manage your deployment
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Define readiness criteria
 
-**Applies to**
-
--   Windows 10
--   Windows 11
+Planning and managing a deployment involves a variety of distinct activities and roles best suited to each activity. This article describes how to identify important roles and figure out how to classify apps.
 
 ## Figure out roles and personnel
 
-Planning and managing a deployment involves a variety of distinct activities and roles best suited to each. As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
+As you plan, it's worth figuring out which roles you'll need to carry out the deployment and who should fill them. Different roles are active at various phases of a deployment. Depending on the size and complexity of your organization, some of the roles could be filled by the same person. However, it's best to have an established *process manager*, who will oversee all of the tasks for the deployment.
 
 ### Process manager
 
@@ -50,13 +50,9 @@ This table sketches out one view of the other roles, with their responsibilities
 |Stakeholders     | Represent groups affected by updates, for example, heads of finance, end-user services, or change management        | Key decision maker for a business unit or department        | Plan, pilot deployment, broad deployment        |
 
 
-
-
-
-
 ## Set criteria for rating apps
 
-Some apps in your environment are fundamental to your core business activities. Other apps help workers perform their roles, but aren’t critical to your business operations. Before you start inventorying and assessing the apps in your environment, you should establish some criteria for categorizing your apps, and then determine a priority for each. This process will help you understand how best to deploy updates and how to resolve any issues that could arise.
+Some apps in your environment are fundamental to your core business activities. Other apps help workers perform their roles, but aren't critical to your business operations. Before you start inventorying and assessing the apps in your environment, you should establish some criteria for categorizing your apps, and then determine a priority for each. This process will help you understand how best to deploy updates and how to resolve any issues that could arise.
 
 In the Prepare phase, you'll apply the criteria you define now to every app in your organization.
 
@@ -78,7 +74,7 @@ Here's an example priority rating system; the specifics could vary for your orga
 |---------|---------|
 |1        | Any issues or risks identified must be investigated and resolved as soon as possible.        |
 |2     | Start investigating risks and issues within two business days and fix them *during* the current deployment cycle.    |
-|3     | Start investigating risks and issues within 10 business days. You don’t have to fix them all within the current deployment cycle. However, all issues must be fixed by the end of the next deployment cycle.        |
+|3     | Start investigating risks and issues within 10 business days. You don't have to fix them all within the current deployment cycle. However, all issues must be fixed by the end of the next deployment cycle.        |
 |4     | Start investigating risks and issues within 20 business days. You can fix them in the current or any future development cycle.        |
 
 Related to priority, but distinct, is the concept of severity. You should define a severity ranking as well, based on how you feel a problem with an app should affect the deployment cycle.
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index bc225337f8..9f3f2e92b7 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -1,45 +1,43 @@
 ---
 title: Define update strategy
-description: Two examples of a calendar-based approach to consistent update installation
+description: Example of using a calendar-based approach to achieve consistent update installation in your organization.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Define update strategy with a calendar
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
 
-Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an extra 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
+Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows release cycles, update mechanisms, and relevant tools to support this model. For more information about the Windows lifecycle, see [Windows lifecycle FAQ](/lifecycle/faq/windows).
 
-We encourage you to deploy every available release and maintain a fast cadence for some portion of your environment. We also recognize that you might have a large number of devices, and a need for little or no disruption. So, you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
+We encourage you to deploy every available release and maintain a fast cadence for some portion of your environment. We also recognize that you might have a large number of devices, and a need for little or no disruption. The lifecycle cadence lets you allow some portion of your environment to move faster while the majority can move less quickly.
 
 ## Calendar approaches
-You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they'll stop receiving the monthly security updates.
+You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they stop receiving the monthly security updates once a version is out of support.
 
-### Annual
-Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Configuration Manager and Microsoft 365 Apps release cycles:
+## Annual approach
+Here's a calendar showing an example schedule that applies one Windows feature update per calendar year, aligned with Microsoft Configuration Manager and Microsoft 365 Apps release cycles:
 
 [ ![Calendar showing an annual update cadence.](images/annual-calendar.png) ](images/annual-calendar.png#lightbox)
 
-This approach provides approximately 12 months of use from each feature update before the next update is due to be installed. By aligning to the Windows 10, version H2 feature update, each release will be serviced for 30 months from the time of availability, giving you more flexibility when applying future feature updates.
+This approach provides approximately 12 months of use from each feature update before the next update is due to be installed by aligning to the Windows H2 feature update. 
 
 This cadence might be most suitable for you if any of these conditions apply:
 
-- You're just starting your journey with the Windows 10 servicing process. If you're unfamiliar with new processes that support Windows 10 servicing, moving from a project happening once every three to five years to a twice-a-year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
+- You're just starting your journey with the Windows servicing process. If you're unfamiliar with new processes that support Windows servicing, moving from a project happening once every three to five years to a feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
 
-- You want to wait and see how successful other companies are at adopting a Windows 10 feature update.
+- You want to wait and see how successful other companies are at adopting a Windows feature update.
 
-- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get extra servicing for Windows 10 (30 months of servicing compared to 18 months).
+- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows serviced in case business priorities change. 
 
 
diff --git a/windows/deployment/update/plan-determine-app-readiness.md b/windows/deployment/update/plan-determine-app-readiness.md
index b25c48f947..735e5a3095 100644
--- a/windows/deployment/update/plan-determine-app-readiness.md
+++ b/windows/deployment/update/plan-determine-app-readiness.md
@@ -1,37 +1,35 @@
 ---
 title: Determine application readiness
-manager: aaroncz
-description: How to test your apps to know which need attention prior to deploying an update
+description: How to test your apps to identify which need attention prior to deploying an update in your organization.
 ms.prod: windows-client
-ms.localizationpriority: medium
-ms.topic: article
+ms.technology: itpro-updates
+ms.topic: conceptual
 ms.author: mstewart
 author: mestew
-ms.technology: itpro-updates
+manager: aaroncz
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Determine application readiness
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
 Before you deploy a Windows client update, you should know which apps will continue to work without problems, which need their own updates, and which just won't work and must be replaced. If you haven't already, it's worth [classifying your apps](plan-define-readiness.md) with respect to their criticality in your organization.
 
 ## Validation methods
 
-You can choose from a variety of methods to validate apps. Exactly which ones to use will depend on the specifics of your environment.
+You can choose from various methods to validate apps. Exactly which ones to use depends on the specifics of your environment.
 
 
 |Validation method  |Description  |
 |---------|---------|
-|Full regression     | A full quality assurance probing. Staff who know the application well and can validate its core functionality should do this.        |
-|Smoke testing     | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application they’re validating.        |
-|Automated testing     |  Software performs tests automatically. The software will let you know whether the tests have passed or failed, and will provide detailed reporting for you automatically.    |
-|Test in pilot     | You pre-select users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types.        |
-|Reactive response     | Applications are validated in late pilot, and no specific users are selected. These applications normally aren't installed on many devices and aren’t handled by enterprise application distribution.        |
+|Full regression     | A full quality assurance probing. Staff that know the application well and can validate its core functionality should do this validation.        |
+|Smoke testing     | The application goes through formal validation. That is, a user validates the application following a detailed plan, ideally with limited, or no knowledge of the application they're validating.        |
+|Automated testing     |  Software performs tests automatically. The software lets you know whether the tests have passed or failed, and provides detailed reporting for you automatically.    |
+|Test in pilot     | You preselect users to be in the pilot deployment group and carry out the same tasks they do on a day-to-day basis to validate the application. Normally you use this method in addition to one of the other validation types.        |
+|Reactive response     | Applications are validated in late pilot, and no specific users are selected. These applications normally aren't installed on many devices and aren't handled by enterprise application distribution.        |
 
 Combining the various validation methods with the app classifications you've previously established might look like this:
 
@@ -46,7 +44,7 @@ Combining the various validation methods with the app classifications you've pre
 
 ### Identify users
 
-Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you'll have to choose which users are best suited for validation testing. Some factors to consider include:
+Since your organization no doubt has a wide variety of users, each with different background and regular tasks, you have to choose which users are best suited for validation testing. Some factors to consider include:
 
 - **Location**: If users are in different physical locations, can you support them and get validation feedback from the region they're in?
 - **Application knowledge**: Do the users have appropriate knowledge of how the app is supposed to work?
@@ -56,10 +54,10 @@ You could seek volunteers who enjoy working with new features and include them i
 
 ### Identify and set up devices for validation
 
-In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection will include devices representing all of the hardware models in your environment.
+In addition to users, it's important to carefully choose devices to participate in app validation as well. For example, ideally, your selection includes devices representing all of the hardware models in your environment.
 
-There is more than one way to choose devices for app validation:
+There's more than one way to choose devices for app validation:
 
 - **Existing pilot devices**: You might already have a list of devices that you regularly use for testing updates as part of release cycles.
-- **Manual selection**: Some internal groups like operations will have expertise to help choose devices manually based on specifications, usage, or records of past support problems.
+- **Manual selection**: Some internal groups like operations have expertise to help choose devices manually based on specifications, usage, or records of past support problems.
 - **Data-driven analysis**: With appropriate tools, you can use diagnostic data from devices to inform your choices.
diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md
index a6c241bac8..ad9ebeff3a 100644
--- a/windows/deployment/update/prepare-deploy-windows.md
+++ b/windows/deployment/update/prepare-deploy-windows.md
@@ -2,28 +2,26 @@
 title: Prepare to deploy Windows
 description: Final steps to get ready to deploy Windows, including preparing infrastructure, environment, applications, devices, network, capability, and users
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Prepare to deploy Windows
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
-Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows client. The planning phase will have left you with these useful items:
+Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows client. The planning phase left you with these useful items:
 
 - A clear understanding of necessary personnel and their roles and criteria for [rating app readiness](plan-define-readiness.md)
 - A plan for [testing and validating](plan-determine-app-readiness.md) apps
 - An assessment of your [deployment infrastructure](eval-infra-tools.md) and definitions for operational readiness
-- A [deployment plan](create-deployment-plan.md) that defines the rings you want to use 
+- A [deployment plan](create-deployment-plan.md) that defines the rings you want to use
 
 Now you're ready to actually start making changes in your environment to get ready to deploy.
 
@@ -33,26 +31,26 @@ Now you're ready to actually start making changes in your environment to get rea
 - Update non-Microsoft security tools like security agents or servers.
 - Update non-Microsoft management tools like data loss prevention agents.
 
-Your infrastructure probably includes many different components and tools. You’ll need to ensure your environment isn’t affected by issues due to the changes you make to the various parts of the infrastructure. Follow these steps:
+Your infrastructure probably includes many different components and tools. You need to ensure your environment isn't affected by issues due to the changes you make to the various parts of the infrastructure. Follow these steps:
 
-1.	Review all of the infrastructure changes that you’ve identified in your plan. It’s important to understand the changes that need to be made and to detail how to implement them.  This process prevents problems later on.
+1.	Review all of the infrastructure changes that you've identified in your plan. It's important to understand the changes that need to be made and to detail how to implement them.  This process prevents problems later on.
 
-2.	Validate your changes. You’ll validate the changes for your infrastructure’s components and tools, to help you understand how your changes could affect your production environment. 
+2.	Validate your changes. You validate the changes for your infrastructure's components and tools, to help you understand how your changes could affect your production environment. 
 
 3.	Implement the changes. Once the changes have been validated, you can implement the changes across the wider infrastructure.
 
 
-You should also look at your organization’s environment’s configuration and outline how you’ll implement any necessary changes previously identified in the plan phase to support the update. Consider what you’ll need to do for the various settings and policies that currently underpin the environment. For example:
+You should also look at your organization's environment's configuration and outline how you'll implement any necessary changes previously identified in the plan phase to support the update. Consider what you need to do for the various settings and policies that currently underpin the environment. For example:
 
-- Implement new draft security guidance. New versions of Windows can include new features that improve your environment’s security. Your security teams will want to make appropriate changes to security-related configurations.
+- Implement new draft security guidance. New versions of Windows can include new features that improve your environment's security. Your security teams will want to make appropriate changes to security-related configurations.
 
 - Update security baselines. Security teams understand the relevant security baselines and will have to work to make sure all baselines fit into whatever guidance they have to adhere to.
 
-However, your configuration will consist of many different settings and policies. It’s important to only apply changes where they are necessary, and where you gain a clear improvement. Otherwise, your environment might face issues that will slow down the update process. You want to ensure your environment isn’t affected adversely because of changes you make. For example:
+However, your configuration will consist of many different settings and policies. It's important to only apply changes where they're necessary, and where you gain a clear improvement. Otherwise, your environment might face issues that slow down the update process. You want to ensure your environment isn't affected adversely because of changes you make. For example:
 
-1.	Review new security settings. Your security team will review the new security settings to understand how they can best be set to facilitate the update, and to also investigate the potential effects they might have on your environment.
+1.	Review new security settings. Your security team reviews the new security settings to understand how they can best be set to facilitate the update, and to also investigate the potential effects they might have on your environment.
 
-2.	Review security baselines for changes. Security teams will also review all the necessary security baselines, to ensure the changes can be implemented, and ensure your environment remains compliant.
+2.	Review security baselines for changes. Security teams also review all the necessary security baselines, to ensure the changes can be implemented, and ensure your environment remains compliant.
 
 3.	Implement and validate security settings and baseline changes. Your security teams will then implement all of the security settings and baselines, having addressed any potential outstanding issues.
 
@@ -142,9 +140,9 @@ You can also create and run scripts to perform additional cleanup actions on dev
 
 - Compact the operating system by running **Compact.exe /CompactOS:always**.
 
-- Remove Windows Features on Demand that the user doesn't need. See [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) for more guidance.
+- Remove Windows Features on Demand that the user doesn't need. For more information, see [Features on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities).
 
-- Move Windows Known Folders to OneDrive. See [Use Group Policy to control OneDrive sync settings](/onedrive/use-group-policy) for more information.
+- Move Windows Known Folders to OneDrive. For more information, see [Use Group Policy to control OneDrive sync settings](/onedrive/use-group-policy).
 
 - Clean up the Software Distribution folder. Try deploying these commands as a batch file to run on devices to reset the download state of Windows Updates:
 
@@ -167,9 +165,9 @@ You can also create and run scripts to perform additional cleanup actions on dev
 
 ## Prepare capability
 
-In the plan phase, you determined the specific infrastructure and configuration changes that needed to be implemented to add new capabilities to the environment. Now you can move on to implementing those changes defined in the plan phase. You'll need to complete these higher-level tasks to gain those new capabilities:
+In the plan phase, you determined the specific infrastructure and configuration changes that needed to be implemented to add new capabilities to the environment. Now you can move on to implementing those changes defined in the plan phase. You need to complete these higher-level tasks to gain those new capabilities:
 
-- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions will come with new policies that you use to update ADMX templates. 
+- Enable capabilities across the environment by implementing the changes. For example, implement updates to relevant ADMX templates in Active Directory. New Windows versions come with new policies that you use to update ADMX templates. 
 
 - Validate new changes to understand how they affect the wider environment.
 
@@ -177,12 +175,12 @@ In the plan phase, you determined the specific infrastructure and configuration
 
 ## Prepare users
 
-Users often feel like they are forced into updating their devices randomly. They often don't fully understand why an update is needed, and they don't know when updates would be applied to their devices ahead of time. It's best to ensure that upcoming updates are communicated clearly and with adequate warning.
+Users often feel like they're forced into updating their devices randomly. They often don't fully understand why an update is needed, and they don't know when updates would be applied to their devices ahead of time. It's best to ensure that upcoming updates are communicated clearly and with adequate warning.
 
-You can employ a variety of measures to achieve this goal, for example:
+You can employ various measures to achieve this goal, for example:
 
 - Send overview email about the update and how it will be deployed to the entire organization.
 - Send personalized emails to users about the update with specific details.
 - Set an opt-out deadline for employees that need to remain on the current version for a bit longer, due to a business need.
-- Provide the ability to voluntarily update at users’ convenience.
+- Provide the ability to voluntarily update at users' convenience.
 - Inform users of a mandatory installation date when the update will be installed on all devices.
diff --git a/windows/deployment/update/release-cycle.md b/windows/deployment/update/release-cycle.md
index 6061c9efab..bb6949ca8e 100644
--- a/windows/deployment/update/release-cycle.md
+++ b/windows/deployment/update/release-cycle.md
@@ -1,19 +1,21 @@
 ---
 title: Update release cycle for Windows clients
-description: Learn about the release cycle of updates for Windows clients to stay productive and protected.
+description: Learn about the release cycle for updates so Windows clients in your organization stay productive and protected.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 05/19/2023
 ---
 
 # Update release cycle for Windows clients
 <!--7696511-->
-***(Applies to: Windows 11 & Windows 10)***
 
 Windows updates help you to stay productive and protected. They provide your users and IT administrators with the security fixes they need, and protect devices so that unpatched vulnerabilities can't be exploited. Updates for the Windows client OS are typically cumulative. They include all previously released fixes to guard against fragmentation of the operating system. Reliability and vulnerability issues can occur when only a subset of fixes is installed.
 
@@ -23,11 +25,11 @@ This article provides details on the types of updates that Microsoft provides, a
 
 |Release type | Description | Release cycle |
 |---|---|---|
-| [Monthly security update release](#monthly-security-update-release)| A cumulative update release that includes both security and non-security content | Second Tuesday of each month, typically published at 10:00 AM Pacific Time (PST/PDT) |
-| [Optional non-security preview release](#optional-non-security-preview-release)| An optional cumulative update release that's typically used for early validation of the monthly security update release| Fourth Tuesday of each month, typically published at 10:00 AM Pacific Time (PST/PDT) |
+| [Monthly security update release](#monthly-security-update-release)| A cumulative update release that includes both security and nonsecurity content | Second Tuesday of each month, typically published at 10:00 AM Pacific Time (PST/PDT) |
+| [Optional nonsecurity preview release](#optional-nonsecurity-preview-release)| An optional cumulative update release that's typically used for early validation of the monthly security update release| Fourth Tuesday of each month, typically published at 10:00 AM Pacific Time (PST/PDT) |
 | [Out-of-band (OOB) release](#oob-releases) | Resolves a recently identified issue or vulnerability | As needed |
 | [Annual feature update](#annual-feature-updates) | An update with new features and enhancements that also changes the Windows version | Once a year in the second half of the calendar year |
-| [Continuous innovation for Windows 11](#continuous-innovation-for-windows-11)| Introduces new features and enhancements for Windows 11 | Periodically included in an optional non-security preview release then in the monthly security update releases |
+| [Continuous innovation for Windows 11](#continuous-innovation-for-windows-11)| Introduces new features and enhancements for Windows 11 | Periodically included in an optional nonsecurity preview release then in the monthly security update releases |
 
 
 ## Monthly security update release
@@ -42,7 +44,7 @@ Most people are familiar with the **monthly security update release**. The **mon
 - Latest cumulative update (LCU)
 
 
-**Monthly security update releases** are cumulative. The release includes both new and previously released security fixes, along with non-security content introduced in the prior month's [**Optional non-security preview release**](#optional-non-security-preview-release). These updates help keep Windows devices secure and compliant by deploying stability fixes and addressing security vulnerabilities. Most organizations consider monthly security update releases as mandatory.
+**Monthly security update releases** are cumulative. The release includes both new and previously released security fixes, along with nonsecurity content introduced in the prior month's [**Optional nonsecurity preview release**](#optional-nonsecurity-preview-release). These updates help keep Windows devices secure and compliant by deploying stability fixes and addressing security vulnerabilities. Most organizations consider monthly security update releases as mandatory.
 
 Monthly security update releases are available through the following channels:
 
@@ -52,11 +54,11 @@ Monthly security update releases are available through the following channels:
 
 Many update management tools, such as [Microsoft Configuration Manager](/mem/configmgr/) and [Microsoft Intune](/mem/intune/), rely on these channels for update deployment.
 
-## Optional non-security preview release
+## Optional nonsecurity preview release
 
-**Optional non-security preview releases** provide IT admins an opportunity for early validation of that content prior to the **monthly security update release**. Admins can test and validate production-quality releases ahead of the planned monthly security update release for the following month. These updates are optional, cumulative, non-security preview releases. New features might initially be deployed in the prior month's **optional non-security preview release**, then ship in the following **monthly security update release**. These releases are only offered to the most recent, supported versions of Windows.
+**Optional nonsecurity preview releases** provide IT admins an opportunity for early validation of that content prior to the **monthly security update release**. Admins can test and validate production-quality releases ahead of the planned monthly security update release for the following month. These updates are optional, cumulative, nonsecurity preview releases. New features might initially be deployed in the prior month's **optional nonsecurity preview release**, then ship in the following **monthly security update release**. These releases are only offered to the most recent, supported versions of Windows.
 
-**Optional non-security preview releases** might commonly be referred to as:
+**Optional nonsecurity preview releases** might commonly be referred to as:
 
 - C or D week releases (meaning the third or fourth week of the month)
 - Preview updates
@@ -64,9 +66,9 @@ Many update management tools, such as [Microsoft Configuration Manager](/mem/con
 - LCU preview
 
 > [!Important]
-> Starting in April 2023, all **optional non-security preview releases** will be released on the fourth Tuesday of the month. This change in release cadence gives admins a consistent time cycle for testing and validating fixes and features.
+> Starting in April 2023, all **optional nonsecurity preview releases** will be released on the fourth Tuesday of the month. This change in release cadence gives admins a consistent time cycle for testing and validating fixes and features.
 
-To access the optional non-security preview release:
+To access the optional nonsecurity preview release:
 - Navigate to **Settings** > **Update & Security** > **Windows Update** and select **Check for updates**. 
 - Use [Windows Insider Program for Business](https://insider.windows.com/for-business)
 - Use the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx).
@@ -78,16 +80,16 @@ To access the optional non-security preview release:
 Some key considerations about OOB releases include: 
 
 - OOB releases are always cumulative. 
-  - OOB releases supersede any prior monthly security update and optional non-security preview release. 
+  - OOB releases supersede any prior monthly security update and optional nonsecurity preview release. 
 - OOB releases generally require IT admins to deploy off-cycle.  
 - Some OOB releases are classified as critical.
   - Critical OOB releases are automatically available to WSUS and Windows Update for Business, just like the monthly security update releases.  
-- Some OOB releases are classified as non-critical.
-  - Non-critical releases only go to the Microsoft Update Catalog for users or organizations to voluntarily obtain the update.
+- Some OOB releases are classified as noncritical.
+  - Noncritical releases only go to the Microsoft Update Catalog for users or organizations to voluntarily obtain the update.
 
 ## Continuous innovation for Windows 11
 
-Starting with Windows 11, version 22H2, new features and enhancements are introduced periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an **optional non-security preview release** and gradually rolled out to unmanaged clients. These new features are released later as part of a **monthly security update release**.
+Starting with Windows 11, version 22H2, new features and enhancements are introduced periodically to provide continuous innovation for Windows 11. These features and enhancements use the normal update servicing channels you're already familiar with. At first, new features are introduced with an **optional nonsecurity preview release** and gradually rolled out to unmanaged clients. These new features are released later as part of a **monthly security update release**.
 
 Some of the new features may be disruptive to organizations. By default, these select features are turned off temporarily for all managed devices until the next annual feature update is installed. In this scenario, a device is considered managed if it uses one of the following to determine which updates to install:
 
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index 6535bc2084..86232917dd 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -1,31 +1,29 @@
 ---
-title: Safeguard holds
-description: What are safeguard holds, how can you tell if one is in effect, and what to do about it.
+title: Safeguard holds for Windows
+description: What are safeguard holds? How to can you tell if a safeguard hold is in effect, and what to do about it.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
 ms.collection:
   - highpri
   - tier2
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Safeguard holds
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply safeguard holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use safeguard holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe effect (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround isn't immediately available.
 
 Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client.
 
-The safeguard holds lifespan varies depending on the time required to investigate and fix an issue. During this time, Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the safeguard hold. Once we release the safeguard hold, Windows Update will resume offering new operating system versions to devices.
+The safeguard holds lifespan varies depending on the time required to investigate and fix an issue. During this time, Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the safeguard hold. Once we release the safeguard hold, Windows Update resumes offering new operating system versions to devices.
 
 Safeguard holds only affect devices that use the Windows Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments.
 
@@ -37,11 +35,11 @@ IT admins can use [Windows Update for Business reports](wufb-reports-overview.md
 
 Windows Update for Business reports identifies safeguard holds by their 8-digit identifiers. For safeguard holds associated with publicly discussed known issues, you can find more details about the issue on the [Windows release health](/windows/release-health/) dashboard by searching for the safeguard hold ID on the **Known issues** page for the relevant release.
 
-On devices that use Windows Update (but not Windows Update for Business), the **Windows Update** page in the Settings app displays a message stating that an update is on its way, but not ready for the device. Instead of the option to download and install the update, users will see this message:
+On devices that use Windows Update (but not Windows Update for Business), the **Windows Update** page in the Settings app displays a message stating that an update is on its way, but not ready for the device. Instead of the option to download and install the update, users see a message.
 
 ![Feature update message reading "The Windows 10 May 2020 Update is on its way. Once it's ready for your device, you'll see the update available on this page.](images/safeguard-hold-notification.png)
 
-This message means that the device is protected by one or more safeguard holds. When the issue is resolved and the update is safe to install, we'll release the safeguard hold and the update can resume safely.
+This message means that the device is protected by one or more safeguard holds. When the issue is resolved and the update is safe to install, we release the safeguard hold so the update can resume safely.
 
 ## What can I do?
 
diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md
index 96b29c913a..30227f3553 100644
--- a/windows/deployment/update/safeguard-opt-out.md
+++ b/windows/deployment/update/safeguard-opt-out.md
@@ -1,38 +1,35 @@
 ---
 title: Opt out of safeguard holds
-description: Steps to install an update even it if has a safeguard hold applied
+description: How to install an update in your organization even when a safeguard hold for a known issue has been applied to it. 
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 10/21/2020
 ---
 
 # Opt out of safeguard holds
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
 Safeguard holds prevent a device with a known compatibility issue from being offered a new Windows client feature update by using Windows Update. We use safeguard holds to protect the device and user from a failed or poor update experience. We renew the offering once a fix is issued and is verified on an affected device. For more information about safeguard holds, see [Safeguard holds](safeguard-holds.md).
 
 ## How can I opt out of safeguard holds?
 
-IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update and in Windows 11. 
+IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running the following operating systems:
+- Windows 11 
+- Windows 10, version 1809, or later, with the October 2020 security update.
 
 > [!CAUTION]
 > Opting out of a safeguard hold can put devices at risk from known performance issues. 
 
 We recommend opting out only in an IT environment and for validation purposes. You can also validate an upcoming Windows client feature update version without the safeguards being applied by using the Release Preview channel of the Windows Insider Program for Business.
 
-Disabling safeguards does not guarantee your device will be able to successfully update. The update might still fail and will likely result in a bad experience since you are bypassing the protection against known issues. 
+Disabling safeguards doesn't guarantee your device will be able to successfully update. The update might still fail and will likely result in a bad experience since you're bypassing the protection against known issues. 
 
 > [!NOTE]
-> After a device installs a new Windows client version, the **Disable safeguards for Feature Updates** Group Policy will revert to “not configured” even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update.  
-
-
-
+> After a device installs a new Windows client version, the **Disable safeguards for Feature Updates** Group Policy will revert to **Not configured** even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsoft's default protection from known issues for each new feature update.  
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 30228a83de..fd0efc4571 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -2,29 +2,26 @@
 title: Servicing stack updates
 description: In this article, learn how servicing stack updates improve the code that installs the other updates.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: high
 ms.author: mstewart
 manager: aaroncz
 ms.collection:
   - highpri
   - tier2
-ms.topic: conceptual
-ms.technology: itpro-updates
+ms.localizationpriority: high
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server </a>
 ms.date: 12/31/2017
 ---
 
 # Servicing stack updates
 
-
-**Applies to**
-
--   Windows 10
--   Windows 11
--   Windows Server
-
 ## What is a servicing stack update?
-Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.
+Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically doesn't have updates released every month.
 
 ## Why should servicing stack updates be installed and kept up to date?
   
@@ -34,8 +31,6 @@ Servicing stack updates improve the reliability of the update process to mitigat
 
 Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical."
 
->[!NOTE]
->You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001).
 
 ## What's the difference between a servicing stack update and a cumulative update?
 
@@ -49,18 +44,18 @@ Microsoft publishes all cumulative updates and SSUs for Windows 10, version 2004
 
 Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update.
 
-Typically, the improvements are reliability and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes.
+Typically, the improvements are reliability and performance improvements that don't require any specific special guidance. If there's any significant impact, it will be present in the release notes.
 
 ## Installation notes
 
 * Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
-* Installing servicing stack update does not require restarting the device, so installation should not be disruptive. 
+* Installing servicing stack update doesn't require restarting the device, so installation shouldn't be disruptive. 
 * Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
 * Servicing stack updates can be delivered with Windows Update, or you can perform a search to install the latest available at [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001).
-* Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine.
+* Once a servicing stack update is installed, it can't be removed or uninstalled from the machine.
 
 ## Simplifying on-premises deployment of servicing stack updates
 
-With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
+With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update includes the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you'll only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update is available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382.
 
 
diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md
index 9173c21e30..b534f09c0c 100644
--- a/windows/deployment/update/update-baseline.md
+++ b/windows/deployment/update/update-baseline.md
@@ -1,35 +1,35 @@
 ---
-title: Update Baseline
-description: Use an update baseline to optimize user experience and meet monthly update goals
+title: Windows 10 Update Baseline
+description: Use an update baseline to optimize user experience and meet monthly update goals in your organization.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Update Baseline
 
-**Applies to:** Windows 10
-
 > [!NOTE]
-> Update Baseline is not currently available for Windows 11.
+> Update Baseline isn't currently available for Windows 11.
 
 With the large number of different policies offered for Windows client, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. 
 
 ## Why is Update Baseline needed? 
 
-Update Baseline is an industry-tested solution that improves update adoption rates while also maintaining a high-quality user experience. Whether you are just starting out, or you have been configuring policies for years, Update Baseline can help get you to a known good state with an excellent user experience. Applying the baseline is especially helpful for organizations that have many years of policy configurations to clear out lingering misconfigurations. 
+Update Baseline is an industry-tested solution that improves update adoption rates while also maintaining a high-quality user experience. Whether you're just starting out, or you have been configuring policies for years, Update Baseline can help get you to a known good state with an excellent user experience. Applying the baseline is especially helpful for organizations that have many years of policy configurations to clear out lingering misconfigurations. 
 
 ## You can use Update Baseline to: 
 
 - Ensure that user and device configuration settings are compliant with the baseline. 
 - Set configuration settings. You can use Group Policy to configure a device with the setting values specified in the baseline. 
 
-Update Baseline doesn't affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices and when. 
+Update Baseline doesn't affect your offering policies, whether you're using deferrals or target version to manage which updates are offered to your devices and when. 
 
 ## Policies included in the Update Baseline 
 
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
deleted file mode 100644
index 8d6b9f249b..0000000000
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: Manually configuring devices for Update Compliance
-manager: aaroncz
-description: Manually configuring devices for Update Compliance
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Manually Configuring Devices for Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-
-There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows client. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
-
-The requirements are separated into different categories:
-
-1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
-2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Update Compliance. For example, devices in both main and satellite offices, which might have different network configurations must be able to reach the endpoints.
-3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It is recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
-
-
-## Required policies
-
-Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. They are enumerated below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
-
-- **Policy** corresponds to the location and name of the policy.
-- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
-- **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any.
-
-### Mobile Device Management policies
-
-Each MDM Policy links to its documentation in the CSP hierarchy, providing its exact location in the hierarchy and more details.
-
-| Policy | Data type | Value | Function |
-|--------------------------|-|-|------------------------------------------------------------|
-|**Provider/*ProviderID*/**[**CommercialID**](/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |String |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) |Identifies the device as belonging to your organization. |
-|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Sends basic device info, including quality-related data, app compatibility, and other similar data to keep the device secure and up-to-date. For more information, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization). |
-|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
-|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
-| **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. |
-| **System/**[AllowCommercialDataPipeline](/windows/client-management/mdm/policy-csp-system#system-allowcommercialdatapipeline) | Integer | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. |
- 
-### Group policies
-
-All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Policies>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.  
-
-| Policy | Value | Function |
-|---------------------------|-|-----------------------------------------------------------|
-|**Configure the Commercial ID** |[Your CommercialID](update-compliance-get-started.md#get-your-commercialid) | Identifies the device as belonging to your organization. |
-|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. See the following policy for more information. |
-|**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
-|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
-|**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. |
-| **Allow commercial data pipeline** | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. |
-
-
-## Required endpoints
-
-To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
-
-<!--Using include for endpoint access requirements-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/wufb-reports-endpoints.md)]
-
-## Required services
-
-Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It is recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
-
-
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
deleted file mode 100644
index 7f4c13868a..0000000000
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ /dev/null
@@ -1,87 +0,0 @@
----
-title: Configuring Microsoft Intune devices for Update Compliance
-manager: aaroncz
-description: Configuring devices that are enrolled in Intune for Update Compliance
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Configuring Microsoft Intune devices for Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-This article is specifically targeted at configuring devices enrolled to [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) for Update Compliance, within Microsoft Intune itself. Configuring devices for Update Compliance in Microsoft Intune breaks down to the following steps:
-
-1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured.
-1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. You can learn more in the broad section on [enrolling devices to Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance).
-
-> [!TIP]
-> If you need to troubleshoot client enrollment, consider deploying the [configuration script](#deploy-the-configuration-script) as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
-
-## Create a configuration profile
-
-Take the following steps to create a configuration profile that will set required policies for Update Compliance:
-
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices/Windows/Configuration profiles**.
-1. On the **Configuration profiles** view, select **Create a profile**.
-1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
-1. For **Template name**, select **Custom**, and then press **Create**.
-1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
-1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
-    1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid).
-    1. Add a setting for **Commercial ID** with the following values:
-        - **Name**: Commercial ID
-        - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
-        - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`
-        - **Data type**: String
-        - **Value**: *Set this value to your Commercial ID*
-    1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
-        - **Name**: Allow Telemetry
-        - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry`
-        - **Data type**: Integer
-        - **Value**: 1 (*all that is required is 1, but it can be safely set to a higher value*).
-    1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this setting isn't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
-        - **Name**: Disable Telemetry opt-in interface
-        - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
-        - **Data type**: Integer
-        - **Value**: 1
-    1. Add a setting to **Allow device name in diagnostic data**; otherwise, there will be no device name in Update Compliance:
-        - **Name**: Allow device name in Diagnostic Data
-        - **Description**: Allows device name in Diagnostic Data.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
-        - **Data type**: Integer
-        - **Value**: 1
-    1. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance:
-        - **Name**: Allow Update Compliance Processing
-        - **Description**: Opts device data into Update Compliance processing. Required to see data.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing`
-        - **Data type**: Integer
-        - **Value**: 16
-    1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
-        - **Name**: Allow commercial data pipeline
-        - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device.
-        - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline`
-        - **Data type**: Integer
-        - **Value**: 1
-
-1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
-1. Review and select **Create**.
-
-## Deploy the configuration script
-
-The [Update Compliance Configuration Script](update-compliance-configuration-script.md) is a useful tool for properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
-
-When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in Pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices that will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in Deployment mode as a Win32 app to all Update Compliance devices.
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
deleted file mode 100644
index 567ff4f6f1..0000000000
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Update Compliance Configuration Script
-manager: aaroncz
-description: Downloading and using the Update Compliance Configuration Script
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.topic: article
-ms.date: 04/01/2023
-ms.technology: itpro-updates
----
-
-# Configuring devices through the Update Compliance Configuration Script
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. 
-
-> [!NOTE]
-> The configuration script configures registry keys directly. Registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script does not reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md), device data might not appear in Update Compliance correctly. 
-
-You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
-
-## How this script is organized
-
-This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the `.bat` itself, which will then run `ConfigScript.ps1` with the parameters entered to `RunConfig.bat`. There are two ways of using the script: in **Pilot** mode or **Deployment** mode. 
-
-- In **Pilot** mode (`runMode=Pilot`), the script will enter a verbose mode with enhanced diagnostics, and save the results in the path defined with `logpath` in `RunConfig.bat`. Pilot mode is best for a pilot run of the script or for troubleshooting configuration.
-- In **Deployment** mode (`runMode=Deployment`), the script will run quietly. 
-
-
-## How to use this script
-
-Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
-
-1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
-2. Set `setCommercialID=true` and set the `commercialIDValue` to your [Commercial ID](update-compliance-get-started.md#get-your-commercialid).
-3. Run the script.
-4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
-5. If there are issues, gather the logs and provide them to Support.
-
-
-## Script errors
-
-<!--Using include for script errors-->
-[!INCLUDE [Update Compliance script error codes](./includes/wufb-reports-script-error-codes.md)]
-
-## Verify device configuration
-
-<!--Using include for verifying device configuration-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/wufb-reports-verify-device-configuration.md)]
-
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
deleted file mode 100644
index 6c6fe09823..0000000000
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Delivery Optimization in Update Compliance
-manager: aaroncz
-description: Learn how the Update Compliance solution provides you with information about your Delivery Optimization configuration.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Delivery Optimization in Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-:::image type="content" alt-text="Screenshot of Delivery Optimization information in Update Compliance." source="images/UC_workspace_DO_status.png" lightbox="images/UC_workspace_DO_status.png":::
-
-The Update Compliance solution provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
-
-## Delivery Optimization Status
- 
-The Delivery Optimization Status section includes three blades:
-
-- The **Device Configuration** blade shows a breakdown of download configuration for each device
-- The **Content Distribution (%)** blade shows the percentage of bandwidth savings for each category
-- The **Content Distribution (GB)** blade shows the total amount of data seen from each content type broken down by the download source (peers vs non-peers).
-
- 
-## Device Configuration blade
-Devices can be set to use different download modes; these download modes determine in what situations Delivery Optimization will use peer-to-peer distribution to accomplish the downloads. The top section shows the number of devices configured to use peer-to-peer distribution in *Peering On* compared to *Peering Off* modes. The table shows a breakdown of the various download mode configurations seen in your environment. For more information about the different configuration options, see [Configure Delivery Optimization for Windows client updates](../do/waas-delivery-optimization-setup.md).
- 
-## Content Distribution (%) blade
-The first of two blades showing information on content breakdown, this blade shows a ring chart summarizing **Bandwidth Savings %**, which is the percentage of data received from peer sources out of the total data downloaded (for any device that used peer-to-peer distribution).
-The table breaks down the Bandwidth Savings % into specific content categories along with the number of devices seen downloading the given content type that used peer-to-peer distribution.
- 
-## Content Distribution (GB) blade
-The second of two blades showing information on content breakdown, this blade shows a ring chart summarizing the total bytes downloaded by using peer-to-peer distribution compared to HTTP distribution. 
-The table breaks down the number of bytes from each download source into specific content categories, along with the number of devices seen downloading the given content type that used peer-to-peer distribution.
-
-The download sources that could be included are:
-- LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
-- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the "Group" download mode is used)
-- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or a Configuration Manager Distribution Point for Express Updates.
-
-<!--Using include file, waas-delivery-optimization-monitor.md, for shared content on DO monitoring-->
-[!INCLUDE [Monitor Delivery Optimization](../do/includes/waas-delivery-optimization-monitor.md)]
-
-For more information on Delivery Optimization, see [Set up Delivery Optimization for Windows](../do/waas-delivery-optimization-setup.md).
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
deleted file mode 100644
index 94fffb85ab..0000000000
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Update Compliance - Feature Update Status report
-manager: aaroncz
-description: Learn how the Feature Update Status report provides information about the status of feature updates across all devices.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Feature Update Status
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-[ ![The Feature Update Status report.](images/UC_workspace_FU_status.png) ](images/UC_workspace_FU_status.png#lightbox)
-
-The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels). 
-
-## Overall Feature Update Status
-
-The Overall Feature Update Status blade breaks down how many devices are up-to-date or not, with a special callout for how many devices are running a build that is not supported (for a full list of feature updates, check out the [Windows 10 Release Information](https://technet.microsoft.com/windows/release-info.aspx) page). The table beneath the visualization breaks devices down by Servicing Channel and operating system version, then defining whether this combination is *up-to-date*, *not up-to-date* or *out of support*. Finally, the table provides a count of devices that fall into this category.  
-
-## Deployment Status by Servicing Channel
-
-To effectively track deployment, **Deployment Status Blades** are divided into each Servicing Channel chosen for the device. This is because Deployment for each channel will happen at different periods in time and feature updates are targeted separately for each channel. Within each Deployment Status tile, devices are aggregated on their feature update distribution, and the columns list the states each device is in.
-
-Refer to the following list for what each state means:
-* **Installed** devices are devices that have completed installation for the given update.
-* When a device is counted as **In Progress**, it has begun the feature update installation. 
-* Devices that are **scheduled next 7 days** are all devices that were deferred from installing the Feature update using [Windows Update for Business Settings](waas-manage-updates-wufb.md) and are set to begin installation in the next 7 days.
-* Devices that have failed the given feature update installation are counted as **Update failed**.
-* If a device should be, in some way, progressing toward this security update, but its status cannot be inferred, it will count as **Status Unknown**. Devices not using Windows Update are the most likely devices to fall into this category.
-
-## Safeguard holds
-
-Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release. 
-
-### Queries for safeguard holds
-
-> [!TIP]
-> For a new Update Compliance report with additional information on safeguard holds for devices managed using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview), try the [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds).
-
-The Feature Update Status report offers two queries to help you retrieve data related to safeguard holds. These queries show data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
-
-The first query shows the device data for all devices that are affected by safeguard holds. The second query shows data specific to devices running the target build.
-
-![Left pane showing Need Attention, Security update status, feature update status, and Windows Defender AV status, with Need Attention selected. Right pane shows the list of queries relevant to the Need Attention status, with "Devices with a safeguard hold" and "Target build distribution of devices with a safeguard hold" queries highlighted](images/UC_workspace_safeguard_queries.png)
-
-Update Compliance reporting will display the safeguard hold IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard hold IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards.
-
-### Opt out of safeguard holds
-
-You can [opt out of safeguard holds](safeguard-opt-out.md) protecting against known issues by using the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update.  
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
deleted file mode 100644
index d5167f79ad..0000000000
--- a/windows/deployment/update/update-compliance-get-started.md
+++ /dev/null
@@ -1,129 +0,0 @@
----
-title: Get started with Update Compliance
-manager: aaroncz
-description: Prerequisites, Azure onboarding, and configuring devices for Update Compliance
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.collection:
-  - highpri
-  - tier2
-ms.topic: article
-ms.date: 04/01/2023
-ms.technology: itpro-updates
----
-
-# Get started with Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-This article introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
-
-1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance.
-2. [Add Update Compliance](#add-update-compliance-to-your-azure-subscription) to your Azure subscription.
-3. [Configure devices](#enroll-devices-in-update-compliance)  to send data to Update Compliance.
-
-After you add the solution to Azure and configuring devices, it can take some time before all devices appear. For more information, see the [enrollment section](#enroll-devices-in-update-compliance). Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
-
-## Update Compliance prerequisites
-
-> [!IMPORTANT]
-> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. 
-
-Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
-
-- **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, and [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
-- **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.
-- **Diagnostic data requirements**: Update Compliance requires devices to send diagnostic data at *Required* level (previously *Basic*). Some queries in Update Compliance require devices to send diagnostic data at *Optional* level (previously *Full*) for Windows 11 devices or *Enhanced* level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
-- **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These endpoints are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
-- **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names won't appear in Update Compliance unless you individually opt-in devices by using policy. The steps are outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
-- **Azure AD device join** or **hybrid Azure AD join**: All devices enrolled in Update Compliance must meet all prerequisites for enabling Windows diagnostic data processor configuration, including the Azure AD join requirement. This prerequisite will be enforced for Update Compliance starting on October 15, 2022.
-
-## Add Update Compliance to your Azure subscription
-
-Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. For the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
-
-> [!IMPORTANT]
-> Update Compliance is deprecated and no longer accepting any new onboarding requests. The instructions below are listed for verification and troubleshooting purposes only for existing Updates Compliance users. Update Compliance has been replaced by [Windows Update for Business reports](wufb-reports-overview.md) for monitoring compliance of updates.
-
-
-1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/). The solution was published by Microsoft and named **WaaSUpdateInsights**.
-2. Select **Get it now**.
-3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
-   - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
-4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created.
-
-Once the solution is in place, you can use one of the following Azure roles with Update Compliance:
-
-- To edit and write queries, we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role.
-
-- To read and only view data, we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role.
-
-|Compatible Log Analytics regions |
-| ------------------------------- |
-|Australia Central |
-|Australia East |
-|Australia Southeast |
-|Brazil South |
-|Canada Central |
-|Central India |
-|Central US |
-|East Asia |
-|East US |
-|East US 2 |
-|Eastus2euap(canary) |
-|France Central |
-|Japan East |
-|Korea Central |
-|North Central US |
-|North Europe |
-|South Africa North |
-|South Central US |
-|Southeast Asia |
-|Switzerland North |
-|Switzerland West |
-|UK West |
-|UK south |
-|West Central US |
-|West Europe |
-|West US |
-|West US 2 |
-
-> [!NOTE]
-> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription.
- 
-### Get your CommercialID
-
-A `CommercialID` is a globally unique identifier assigned to a specific Log Analytics workspace. The `CommercialID` is copied to an MDM or Group Policy and is used to identify devices in your environment. The `Commercial ID` directs your clients to the Update Compliance solution in your Log Analytics workspace. You'll need this ID when you configure clients to send data to Update Compliance.
-
-1. If needed, sign into the [Azure portal](https://portal.azure.com).
-1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
-1. Select **Log Analytics workspaces**.
-1. Select the Log Analytics workspace that you added the Update Compliance solution to.
-1. Select **Solutions** from the Log Analytics workspace, then select **WaaSUpdateInsights(&lt;Log Analytics workspace name>)** to go to the summary page for the solution. 
-1. Select **Update Compliance Settings** from the **WaaSUpdateInsights(&lt;Log Analytics workspace name>)** summary page.
-1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance.
-
-   > [!Warning]
-   > Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a Commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and can result in data loss.
-
-
-## Enroll devices in Update Compliance
-
-Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are a few steps to follow when enrolling devices to Update Compliance:
-
-1. Check the policies, services, and other device enrollment requirements in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
-2. If you use [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), you can follow the enrollment process documented at [Configuring devices for Update Compliance in Microsoft Intune](update-compliance-configuration-mem.md).
-3. Finally, you should run the [Update Compliance Configuration Script](update-compliance-configuration-script.md) on all devices to ensure they're appropriately configured and troubleshoot any enrollment issues.
-
-After you configure devices, diagnostic data they send will begin to be associated with your Azure AD organization ("tenant"). However, enrolling to Update Compliance doesn't influence the rate at which required data is uploaded from devices. Device connectivity to the internet and generally how active the device is highly influences how long it will take before the device appears in Update Compliance. Devices that are active and connected to the internet daily can expect to be fully uploaded within one week (usually less than 72 hours). Devices that are less active can take up to two weeks before data is fully available. 
-
-
-
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
deleted file mode 100644
index 4a047e610a..0000000000
--- a/windows/deployment/update/update-compliance-monitor.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Monitor Windows Updates and Microsoft Defender AV with Update Compliance
-manager: aaroncz
-description: You can use Update Compliance in Azure portal to monitor the progress of updates and key anti-malware protection features on devices in your network.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Monitor Windows Updates with Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-## Introduction
-
-Update Compliance enables organizations to:
-
-* Monitor security, quality, and feature updates for Windows 10 or Windows 11 Professional, Education, and Enterprise editions.
-* View a report of device and update issues related to compliance that need attention.
-* Check bandwidth savings incurred across multiple content types by using [Delivery Optimization](../do/waas-delivery-optimization.md).
-
-Update Compliance is offered through the Azure portal, and is included as part of Windows 10 or Windows 11 licenses listed in the [prerequisites](update-compliance-get-started.md#update-compliance-prerequisites). Azure Log Analytics ingestion and retention charges are not incurred on your Azure subscription for Update Compliance data.
-
-Update Compliance uses Windows client diagnostic data for all of its reporting. It collects system data including update deployment progress, [Windows Update for Business](waas-manage-updates-wufb.md) configuration data, and Delivery Optimization usage data, and then sends this data to a customer-owned [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace to power the experience.
-
-See the following articles in this guide for detailed information about configuring and using the Update Compliance solution:
-
-- [Get started with Update Compliance](update-compliance-get-started.md) provides directions on adding Update Compliance to your Azure subscription and configuring devices to send data to Update Compliance.
-- [Using Update Compliance](update-compliance-using.md) breaks down every aspect of the Update Compliance experience.
-
-## Related articles
-
-* [Get started with Update Compliance](update-compliance-get-started.md)
-* [Use Update Compliance to monitor Windows Updates](update-compliance-using.md)
-* [Update Compliance Schema Reference](update-compliance-schema.md)
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
deleted file mode 100644
index 51212b396d..0000000000
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ /dev/null
@@ -1,52 +0,0 @@
----
-title: Update Compliance - Need Attention! report
-manager: aaroncz
-description: Learn how the Need attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance.
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Needs attention!
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-![Needs attention section.](images/UC_workspace_needs_attention.png)
-
-The **Needs attention!** section provides a breakdown of all Windows client device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within breakdown the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but don't fit within any other main section. 
-
-> [!NOTE]
-> The summary tile counts the number of devices that have issues, while the blades within the section break down the issues encountered. A single device can have more than one issue, so these numbers might not add up.
-
-The different issues are broken down by Device Issues and Update Issues:
-
-## Device Issues
-
-* **Missing multiple security updates:** This issue occurs when a device is behind by two or more security updates. These devices might be more vulnerable and should be investigated and updated.
-* **Out of support OS Version:** This issue occurs when a device has fallen out of support due to the version of Windows client it's running. When a device has fallen out of support, it will no longer receive important security updates, and might be vulnerable. These devices should be updated to a supported version of Windows client.
-
-## Update Issues
-
-* **Failed:** This issue occurs when an error halts the process of downloading and applying an update on a device. Some of these errors might be transient, but should be investigated further to be sure.
-* **Canceled**: This issue occurs when a user cancels the update process.
-* **Rollback**: This issue occurs when a fatal error occurs during a feature update, and the device is rolled back to the previous version.
-* **Uninstalled**: This issue occurs when a feature update is uninstalled from a device by a user or an administrator. This might not be a problem if the uninstallation was intentional, but is highlighted as it might need attention.
-* **Progress stalled:** This issue occurs when an update is in progress, but hasn't completed over a period of 7 days.
-
-Selecting any of the issues will take you to a [Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) view with all devices that have the given issue.
-
-> [!NOTE]
-> This blade also has a link to the [Setup Diagnostic Tool](../upgrade/setupdiag.md), a standalone tool you can use to obtain details about why a Windows client feature update was unsuccessful. 
-
-## List of Queries
-
-The **List of Queries** blade is in the **Needs Attention** section of Update Compliance. This blade contains a list of queries with a description and a link to the query. These queries contain important meta-information that didn't fit within any specific section or were listed to serve as a good starting point for modification into custom queries.
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
deleted file mode 100644
index 345802748b..0000000000
--- a/windows/deployment/update/update-compliance-privacy.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Privacy in Update Compliance
-manager: aaroncz
-description: an overview of the Feature Update Status report
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Privacy in Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-
-Update Compliance is fully committed to privacy, centering on these tenets:
-
-- **Transparency:** Windows client diagnostic data events that are required for Update Compliance's operation are fully documented (see the links for additional information) so you can review them with your company's security and compliance teams. The Diagnostic Data Viewer lets you see diagnostic data sent from a given device (see [Diagnostic Data Viewer Overview](/windows/configuration/diagnostic-data-viewer-overview) for details).
-- **Control:** You ultimately control the level of diagnostic data you wish to share. In Windows 10, version 1709 we added a new policy to Limit enhanced diagnostic data to the minimum required by Windows Analytics.
-- **Security:** Your data is protected with strong security and encryption.
-- **Trust:** Update Compliance supports the Online Services Terms.
-
-> [!IMPORTANT]
-> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers. 
-
-## Data flow for Update Compliance
-
-The data flow sequence is as follows:
-
-1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
-2. An IT Administrator creates an Azure Log Analytics workspace. They then choose the location this workspace will store data and receives a Commercial ID for that workspace. The Commercial ID is added to each device in an organization by way of Group Policy, MDM or registry key.
-3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management Service, identifying devices by Commercial ID.
-4. These snapshots are copied to transient storage, used solely for Update Compliance where they are partitioned by Commercial ID.
-5. The snapshots are then copied to the appropriate Azure Log Analytics workspace, where the Update Compliance experience pulls the information from to populate visuals.
-
-## FAQ
-
-### Can Update Compliance be used without a direct client connection to the Microsoft Data Management Service?
-
-No, the entire service is powered by Windows diagnostic data, which requires that devices have this direct connectivity.
-
-### Can I choose the data center location?
-
-Yes for Azure Log Analytics, but no for the Microsoft Data Management Service (which is hosted in the US).
-
-## Related topics
-
-See related topics for additional background information on privacy and treatment of diagnostic data:
-
-- [Windows 10 and the GDPR for IT Decision Makers](/windows/privacy/gdpr-it-guidance)
-- [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
-- [Diagnostic Data Viewer Overview](/windows/configuration/diagnostic-data-viewer-overview)
-- [Licensing Terms and Documentation](https://www.microsoft.com/licensing/docs/)
-- [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/)
-- [Trust Center](https://www.microsoft.com/trustcenter)
diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md
deleted file mode 100644
index f74ace76b9..0000000000
--- a/windows/deployment/update/update-compliance-safeguard-holds.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Update Compliance - Safeguard Holds report
-manager: aaroncz
-description: Learn how the Safeguard Holds report provides information about safeguard holds in your population.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Safeguard Holds
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-The Safeguard Holds report provides information about devices in your population that are affected by a [safeguard hold](/windows/deployment/update/safeguard-holds). 
-
-Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
-
-As part of the Safeguard Holds report, Update Compliance provides aggregated and device-specific views into the safeguard holds that apply to devices in your population. These views will show data for all devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included. If your devices are not sending the required diagnostic data, they will be excluded from these views.
-
-The safeguard hold report can be found in a different location from the other Update Compliance reports. To access the safeguard hold report, follow the instructions below.
-
-1. Navigate to your Log Analytics workspace to which Update Compliance is deployed.
-2. In the left-hand menu, select **Solutions**.
-3. Select the solution named **WaaSUpdateInsights(\<your workspace name\>)**. (This summary page is also where the Update Compliance tile is located.)
-4. In the left-hand menu, select **Workbooks**.
-5. Under the subsection **WaaSUpdateInsights**, select the workbook named **Safeguard Holds**.
-
-This report shows information for devices that are managed using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview). To view information about safeguard holds for other devices, you can use the workbook named **WaaSUpdateInsights** or the [queries for safeguard holds](/windows/deployment/update/update-compliance-feature-update-status) in the Feature Update Status report.
-
-## Safeguard hold view
-
-![The safeguard hold view of the Safeguard Hold report.](images/uc-workspace-safeguard-holds-safeguard-hold-view.png)
-
-The safeguard hold view shows which safeguard holds apply to devices in your population, and how many devices are affected by each safeguard hold. You can use the **Safeguard hold ID(s)** dropdown at the top of the report to filter the chart and corresponding table to show only the selected safeguard hold IDs. Note that a device can be affected by more than one safeguard hold. 
-
-## Device view
-
-![The device view of the Safeguard Hold report.](images/uc-workspace-safeguard-holds-device-view.png)
-
-The device view shows which devices are affected by safeguard holds. In the **Safeguard Hold IDs** column of the table, you can find a list of the safeguard holds that apply to each device. You can also use the **Safeguard hold ID(s)** dropdown at the top of the report to filter the table to show only devices affected by the selected safeguard hold IDs.
-
-## Getting additional information about a safeguard hold
-
-For safeguard holds protecting devices against publicly discussed known issues, you can find their 8-digit identifier on the [Windows release health](/windows/release-health/) page under **Known issues** corresponding to the relevant release.
-
-Devices managed by the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) that are affected by a safeguard hold for a likely issue are listed in the report with the safeguard hold ID value **00000001**.
-
-## Opt out of safeguard holds
-
-To opt out of safeguard holds protecting against known issues, see [Opt out of safeguard holds](/windows/deployment/update/safeguard-opt-out).
-
-To opt out of safeguard holds protecting against likely issues (applicable to devices managed by the deployment service), see [Manage safeguards for a feature update deployment using the Windows Update for Business deployment service](/graph/windowsupdates-manage-safeguards).
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
deleted file mode 100644
index 07a33a985c..0000000000
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Update Compliance Schema - WaaSDeploymentStatus
-manager: aaroncz
-description: WaaSDeploymentStatus schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# WaaSDeploymentStatus
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-
-WaaSDeploymentStatus records track a specific update's installation progress on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, and one tracking a Windows Quality Update, at the same time.
-
-|Field |Type |Example |Description |
-|-|-|-----|------------------------|
-|**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enroll devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
-|**DeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |The deferral policy for this content type or `UpdateCategory` (Windows `Feature` or `Quality`). |
-|**DeploymentError** |[string](/azure/kusto/query/scalar-data-types/string) |`Disk Error` |A readable string describing the error, if any. If empty, there's either no string matching the error or there's no error. |
-|**DeploymentErrorCode** |[int](/azure/kusto/query/scalar-data-types/int) |`8003001E` |Microsoft internal error code for the error, if any. If empty, there's either no error or there's *no error code*, meaning that the issue raised doesn't correspond to an error, but some inferred issue. |
-|**DeploymentStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Failed` |The high-level status of installing this update on this device. Possible values are:<br><li> **Update completed**: Device has completed the update installation.<li> **In Progress**: Device is in one of the various stages of installing an update, detailed in `DetailedStatus`.<li> **Deferred**: A device's deferral policy is preventing the update from being offered by Windows Update.<li> **Canceled**: The update was canceled.<li> **Blocked**: There's a hard block on the update being completed. This could be that another update must be completed before this one, or some other task is blocking the installation of the update.<li> **Unknown**: Update Compliance generated WaaSDeploymentStatus records for devices as soon as it detects an update newer than the one installed on the device. Devices that haven't sent any deployment data for that update will have the status `Unknown`.<li> **Update paused**: Devices are paused via Windows Update for Business Pause policies, preventing the update from being offered by Windows Update. <li> **Failed**: Device encountered a failure in the update process, preventing it from installing the update. This may result in an automatic retry in the case of Windows Update, unless the `DeploymentError` indicates the issue requires action before the update can continue.<li> **Progress stalled**: The update is in progress, but has not completed over a period of 7 days.|
-|**DetailedStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`Reboot required` |A detailed status for the installation of this update on this device. Possible values are:<br><li> **Not Started**: Update hasn't started because the device isn't targeting the latest 2 builds<li> **Update deferred**: When a device's Windows Update for Business policy dictates the update is deferred.<li> **Update paused**: The device's Windows Update for Business policy dictates the update is paused from being offered.<li> **Update offered**: The device has been offered the update, but hasn't begun downloading it.<li> **Pre-Download tasks passed**: The device has finished all necessary tasks prior to downloading the update.<li> **Compatibility hold**: The device has been placed under a *compatibility hold* to ensure a smooth feature update experience and won't resume the update until the hold has been cleared. For more information, see [Feature Update Status report](update-compliance-feature-update-status.md#safeguard-holds).<li> **Download started**: The update has begun downloading on the device.<li> **Download Succeeded**: The update has successfully completed downloading. <li> **Pre-Install Tasks Passed**: Tasks that must be completed prior to installing the update have been completed.<li> **Install Started**: Installation of the update has begun.<li> **Reboot Required**: The device has finished installing the update, and a reboot is required before the update can be completed.<li> **Reboot Pending**: The device has a scheduled reboot to apply the update.<li> **Reboot Initiated**: The scheduled reboot has been initiated.<li> **Commit**: Changes are being committed post-reboot. This is another step of the installation process.<li> **Update Completed**: The update has successfully installed.|
-|**ExpectedInstallDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/28/2020, 1:00:01.318 PM`|Rather than the expected date this update will be installed, this should be interpreted as the minimum date Windows Update will make the update available for the device. This takes into account Deferrals. |
-|**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|The last point in time that this device sent Update Session data. |
-|**OriginBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build originally installed on the device when this Update Session began. |
-|**OSBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.719` |The build currently installed on the device. |
-|**OSRevisionNumber** |[int](/azure/kusto/query/scalar-data-types/int) |`719` |The revision of the OSBuild installed on the device. |
-|**OSServicingBranch** |[string](/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](./waas-overview.md#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
-|**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**PauseState** |[string](/azure/kusto/query/scalar-data-types/string) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.<br><li> **Expired**: The pause period has expired.<li> **NotConfigured**: Pause isn't configured.<li> **Paused**: The device was last reported to be pausing this content type.<li> **NotPaused**: The device was last reported to not have any pause on this content type. |
-|**RecommendedAction** |[string](/azure/kusto/query/scalar-data-types/string) | |The recommended action to take in the event this device needs attention, if any. |
-|**ReleaseName** |[string](/azure/kusto/query/scalar-data-types/string) |`KB4551762` |The KB Article corresponding to the TargetOSRevision, if any. |
-|**TargetBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.720` |The target OSBuild, the update being installed or considered as part of this WaaSDeploymentStatus record. |
-|**TargetOSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The target OSVersion. |
-|**TargetOSRevision** |[int](/azure/kusto/query/scalar-data-types/int) |`720` |The target OSRevisionNumber. |
-|**TimeGenerated** |[datetime](/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
-|**UpdateCategory** |[string](/azure/kusto/query/scalar-data-types/string) |`Quality` |The high-level category of content type this Windows Update belongs to. Possible values are **Feature** and **Quality**. |
-|**UpdateClassification** |[string](/azure/kusto/query/scalar-data-types/string) |`Security` |Similar to UpdateCategory, this more specifically determines whether a Quality update is a security update or not. |
-|**UpdateReleasedDate** |[datetime](/azure/kusto/query/scalar-data-types/datetime) |`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the time the update came available on Windows Update. |
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
deleted file mode 100644
index 0db7e2035a..0000000000
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Update Compliance Schema - WaaSInsiderStatus
-manager: aaroncz
-description: WaaSInsiderStatus schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# WaaSInsiderStatus
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-WaaSInsiderStatus records contain device-centric data and acts as the device record for devices on Windows Insider Program builds in Update Compliance. Each record provided in daily snapshots maps to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. Insider devices have fewer fields than [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md).
-
-
-|Field |Type |Example |Description |
-|--|--|---|--|
-|**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this value appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This value is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
-|**OSArchitecture** |[string](/azure/kusto/query/scalar-data-types/string) |`amd64` |The architecture of the Operating System. |
-|**OSName** |[string](/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This value will always be Windows 10 for Update Compliance. |
-|**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This value typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This value maps to the `Major` portion of OSBuild. |
-|**OSBuild** |[string](/azure/kusto/query/scalar-data-types/string) |`18363.720` |The currently installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](/windows/release-health/release-information). |
-|**OSRevisionNumber** |[int](/azure/kusto/query/scalar-data-types/int) |`720` |An integer value for the revision number of the currently installed Windows 10 OSBuild on the device. |
-|**OSEdition** |[string](/azure/kusto/query/scalar-data-types/string) |`Enterprise` |The Windows 10 Edition or SKU. |
-|**OSFamily** |[string](/azure/kusto/query/scalar-data-types/string) |`Windows.Desktop` |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
-|**OSServicingBranch** |[string](/azure/kusto/query/scalar-data-types/string) |`Semi-Annual` |The Servicing Branch or [Servicing Channel](./waas-overview.md#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
-|**TimeGenerated** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|3/22/`2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
-|**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|3/22/`2020, 2:00:00.436 AM`|A DateTime corresponding to the last time the device sent data to Microsoft. This value does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent; this value is more like a "heartbeat". |
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
deleted file mode 100644
index 6f885bf11a..0000000000
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-title: Update Compliance Schema - WaaSUpdateStatus
-manager: aaroncz
-description: WaaSUpdateStatus schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# WaaSUpdateStatus
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-WaaSUpdateStatus records contain device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots maps to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention.
-
-|Field |Type |Example |Description |
-|--|-|----|------------------------|
-|**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
-|**DownloadMode** |[string](/azure/kusto/query/scalar-data-types/string) |`Simple (99)` |The device's Delivery Optimization DownloadMode. To learn about possible values, see [Delivery Optimization Reference - Download mode](../do/waas-delivery-optimization-reference.md#download-mode) |
-|**FeatureDeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0`                        |The on-client Windows Update for Business Deferral Policy days.<br> - **<0**: A value below 0 indicates the policy is disabled. <br> - **0**: A value of 0 indicates the policy is enabled, but the deferral period is zero days.<br> - **1+**: A value of 1 and above indicates the deferral setting, in days. |
-|**FeaturePauseDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |*Deprecated* This provides the count of days left in a pause |
-|**FeaturePauseState** |[int](/azure/kusto/query/scalar-data-types/int) |`NotConfigured` |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Feature Updates.<br><li> **Expired**: The pause period has expired.<li> **NotConfigured**: Pause is not configured.<li> **Paused**: The device was last reported to be pausing this content type.<li> **NotPaused**: The device was last reported to not have any pause on this content type. |
-|**QualityDeferralDays** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |The on-client Windows Update for Business Deferral Policy days.<br><li> **<0**: A value below 0 indicates the policy is disabled. <li> **0**: A value of 0 indicates the policy is enabled, but the deferral period is zero days. <li> **1+**: A value of 1 and above indicates the deferral setting, in days. |
-|**QualityPauseDays**      |[int](/azure/kusto/query/scalar-data-types/int) |`0` |**Deprecated**. This provides the count of days left in a pause period.|
-|**QualityPauseState**     |[string](/azure/kusto/query/scalar-data-types/string)  |`NotConfigured`            |The on-client Windows Update for Business Pause state. Reflects whether or not a device has paused Quality Updates.<br><li>**Expired**: The pause period has expired.<li> **NotConfigured**: Pause is not configured.<li>**Paused**: The device was last reported to be pausing this content type.<li>**NotPaused**: The device was last reported to not have any pause on this content type. |
-|**NeedAttentionStatus**   |[string](/azure/kusto/query/scalar-data-types/string)  | |Indicates any reason a device needs attention; if empty, there are no [Device Issues](./update-compliance-need-attention.md#device-issues) for this device. |
-|**OSArchitecture**        |[string](/azure/kusto/query/scalar-data-types/string)  |`amd64` |The architecture of the Operating System. |
-|**OSName**                |[string](/azure/kusto/query/scalar-data-types/string)  |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
-|**OSVersion**             |[string](/azure/kusto/query/scalar-data-types/string)  |`1909` |The version of Windows 10. This value typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild. |
-|**OSBuild**               |[string](/azure/kusto/query/scalar-data-types/string)  |`18363.720`                |The currently installed Windows 10 Build, in the format `Major`.`Revision`. `Major` corresponds to which Feature Update the device is on, whereas `Revision` corresponds to which quality update the device is on. Mappings between Feature release and Major, as well as Revision and KBs, are available at [aka.ms/win10releaseinfo](/windows/release-health/release-information). |
-|**OSRevisionNumber**      |[int](/azure/kusto/query/scalar-data-types/int)     |`720`                      |An integer value for the revision number of the currently installed Windows 10 OSBuild on the device. |
-|**OSCurrentStatus**       |[string](/azure/kusto/query/scalar-data-types/string)  |`Current`                  |*Deprecated* Whether or not the device is on the latest Windows Feature Update available, and the latest Quality Update for that Feature Update. |
-|**OSEdition**             |[string](/azure/kusto/query/scalar-data-types/string)  |`Enterprise`               |The Windows 10 Edition or SKU.  |
-|**OSFamily**              |[string](/azure/kusto/query/scalar-data-types/string)  |`Windows.Desktop`          |The Device Family of the device. Only `Windows.Desktop` is currently supported. |
-|**OSFeatureUpdateStatus** |[string](/azure/kusto/query/scalar-data-types/string)  |`Up-to-date`               |Indicates whether or not the device is on the latest available Windows 10 Feature Update. |
-|**OSQualityUpdateStatus** |[string](/azure/kusto/query/scalar-data-types/string)  |`Up-to-date`               |Indicates whether or not the device is on the latest available Windows 10 Quality Update (for its Feature Update). |
-|**OSSecurityUpdateStatus**|[string](/azure/kusto/query/scalar-data-types/string)  |`Up-to-date`               |Indicates whether or not the device is on the latest available Windows 10 Quality Update **that is classified as containing security fixes**. |
-|**OSServicingBranch**     |[string](/azure/kusto/query/scalar-data-types/string)  |`Semi-Annual`              |The Servicing Branch or [Servicing Channel](./waas-overview.md#servicing-channels) the device is on. Dictates which Windows updates the device receives and the cadence of those updates. |
-|**TimeGenerated**         |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 1:00:01.318 PM`|A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
-|**LastScan**              |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`3/22/2020, 2:00:00.436 AM`|A DateTime corresponding to the last time the device sent data to Microsoft. This DateTime information does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent; this is more like a "heartbeat". |
diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
deleted file mode 100644
index 901babfe34..0000000000
--- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Update Compliance Schema - WUDOAggregatedStatus
-manager: aaroncz
-description: WUDOAggregatedStatus schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# WUDOAggregatedStatus
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-
-WUDOAggregatedStatus records provide information, across all devices, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), over the past 28 days.
-
-These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](../do/waas-delivery-optimization-reference.md).
-
-|Field |Type |Example |Description |
-|-|-|-|-|
-|**DeviceCount** |[int](/azure/kusto/query/scalar-data-types/int) |`9999` |Total number of devices in this aggregated record. |
-|**BWOptPercent28Days** |[real](/azure/kusto/query/scalar-data-types/real) |`68.72` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *across all devices*, computed on a rolling 28-day basis. |
-|**BWOptPercent7Days** |[real](/azure/kusto/query/scalar-data-types/real) |`13.58` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *across all devices*, computed on a rolling 7-day basis. |
-|**BytesFromCDN** |[long](/azure/kusto/query/scalar-data-types/long) |`254139` |Total number of bytes downloaded from a CDN versus a Peer. This counts against bandwidth optimization.|
-|**BytesFromGroupPeers** |[long](/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. |
-|**BytesFromIntPeers** |[long](/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. |
-|**BytesFromPeers** |[long](/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. |
-|**ContentType** |[int](/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded.|
-|**DownloadMode** |[string](/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](../do/waas-delivery-optimization-reference.md#download-mode) configuration for this device. |
-|**TimeGenerated** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace.|
diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md
deleted file mode 100644
index 3cd9bfa64f..0000000000
--- a/windows/deployment/update/update-compliance-schema-wudostatus.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Update Compliance Schema - WUDOStatus
-manager: aaroncz
-description: WUDOStatus schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# WUDOStatus
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-> [!NOTE]
-> Currently all location-based fields are not working properly. This is a known issue.
-
-WUDOStatus records provide information, for a single device, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), and other information to create more detailed reports and splice on certain common characteristics.
-
-These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](../do/waas-delivery-optimization-reference.md).
-
-|Field |Type |Example |Description |
-|-|-|-|-|
-|**Computer** |[string](/azure/kusto/query/scalar-data-types/string) |`JohnPC-Contoso` |User or Organization-provided device name. If this appears as '#', then Device Name may not be sent through telemetry. To enable Device Name to be sent with telemetry, see [Enabling Device Name in Telemetry](./update-compliance-get-started.md). |
-|**ComputerID** |[string](/azure/kusto/query/scalar-data-types/string) |`g:6755412281299915` |Microsoft Global Device Identifier. This is an internal identifier used by Microsoft. A connection to the end-user managed service account is required for this identifier to be populated; no device data will be present in Update Compliance without this identifier. |
-|**City** |[string](/azure/kusto/query/scalar-data-types/string) | |Approximate city device was in while downloading content, based on IP Address. |
-|**Country** |[string](/azure/kusto/query/scalar-data-types/string) | |Approximate country device was in while downloading content, based on IP Address. |
-|**ISP** |[string](/azure/kusto/query/scalar-data-types/string) | |The Internet Service Provider estimation. |
-|**BWOptPercent28Days** |[real](/azure/kusto/query/scalar-data-types/real) |`68.72` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *for this device*, computed on a rolling 28-day basis. |
-|**BWOptPercent7Days** |[real](/azure/kusto/query/scalar-data-types/real) |`13.58` |Bandwidth optimization (as a percentage of savings of total bandwidth otherwise incurred) as a result of using Delivery Optimization *for this device*, computed on a rolling 7-day basis. |
-|**BytesFromCDN** |[long](/azure/kusto/query/scalar-data-types/long) |`254139` |Total number of bytes downloaded from a CDN versus a Peer. This counts against bandwidth optimization. |
-|**BytesFromGroupPeers** |[long](/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. |
-|**BytesFromIntPeers** |[long](/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. |
-|**BytesFromPeers** |[long](/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. |
-|**ContentDownloadMode** |[int](/azure/kusto/query/scalar-data-types/int) |`0` |Device's Delivery Optimization [Download Mode](../do/waas-delivery-optimization-reference.md#download-mode) configuration for this content. |
-|**ContentType** |[int](/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded. |
-|**DOStatusDescription** |[string](/azure/kusto/query/scalar-data-types/string) | |A short description of DO's status, if any. |
-|**DownloadMode** |[string](/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](../do/waas-delivery-optimization-reference.md#download-mode) configuration for this device. |
-|**DownloadModeSrc** |[string](/azure/kusto/query/scalar-data-types/string) |`Default` |The source of the DownloadMode configuration. |
-|**GroupID** |[string](/azure/kusto/query/scalar-data-types/string) | |The DO Group ID. |
-|**NoPeersCount** |[long](/azure/kusto/query/scalar-data-types/long) | |The number of peers this device interacted with. |
-|**OSName** |[string](/azure/kusto/query/scalar-data-types/string) |`Windows 10` |The name of the Operating System. This will always be Windows 10 for Update Compliance. |
-|**OSVersion** |[string](/azure/kusto/query/scalar-data-types/string) |`1909` |The version of Windows 10. This typically is of the format of the year of the version's release, following the month. In this example, `1909` corresponds to 2019-09 (September). This maps to the `Major` portion of OSBuild.  |
-|**PeerEligibleTransfers** |[long](/azure/kusto/query/scalar-data-types/long) |`0` |Total number of eligible transfers by Peers. |
-|**PeeringStatus** |[string](/azure/kusto/query/scalar-data-types/string) |`On` |The DO Peering Status |
-|**PeersCannotConnectCount**|[long](/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers this device was unable to connect to. |
-|**PeersSuccessCount** |[long](/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers this device successfully connected to. |
-|**PeersUnknownCount** |[long](/azure/kusto/query/scalar-data-types/long) |`0` |The number of peers for which there is an unknown relation. |
-|**LastScan** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the last time the device sent data to Microsoft. This does not necessarily mean all data that is needed to populate all fields Update Compliance uses was sent, this is more like a "heartbeat". |
-|**TimeGenerated** |[datetime](/azure/kusto/query/scalar-data-types/datetime)|`1601-01-01T00:00:00Z` |A DateTime corresponding to the moment Azure Monitor Logs ingested this record to your Log Analytics workspace. |
-|**TotalTimeForDownload** |[string](/azure/kusto/query/scalar-data-types/string) |`0:00:00` |The total time it took to download the content. |
-|**TotalTransfers** |[long](/azure/kusto/query/scalar-data-types/long) |`0` |The total number of data transfers to download this content. |
diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md
deleted file mode 100644
index 163144290a..0000000000
--- a/windows/deployment/update/update-compliance-schema.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: Update Compliance Data Schema
-manager: aaroncz
-description: an overview of Update Compliance data schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Update Compliance Schema
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-
-When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
-
-The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries).
-
-> [!NOTE]
-> Data is collected daily. The TimeGenerated field shows the time data was collected. It's added by Log Analytics when data is collected. Device data from the past 28 days is collected, even if no new data has been generated since the last time. LastScan is a clearer indicator of data freshness (that is, the last time the values were updated), while TimeGenerated indicates the freshness of data within Log Analytics.
-
-|Table |Category |Description |
-|--|--|--|
-|[**WaaSUpdateStatus**](update-compliance-schema-waasupdatestatus.md) |Device record |This table houses device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots maps to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. |
-|[**WaaSInsiderStatus**](update-compliance-schema-waasinsiderstatus.md) |Device record |This table houses device-centric data specifically for devices enrolled to the Windows Insider Program. Devices enrolled to the Windows Insider Program do not currently have any WaaSDeploymentStatus records, so do not have Update Session data to report on update deployment progress. |
-|[**WaaSDeploymentStatus**](update-compliance-schema-waasdeploymentstatus.md) |Update Session record |This table tracks a specific update on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, as well as one tracking a Windows Quality Update, at the same time. |
-|[**WUDOStatus**](update-compliance-schema-wudostatus.md) |Delivery Optimization record |This table provides information, for a single device, on their bandwidth utilization across content types in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq). |
-|[**WUDOAggregatedStatus**](update-compliance-schema-wudoaggregatedstatus.md) |Delivery Optimization record |This table aggregates all individual WUDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled to Delivery Optimization. |
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
deleted file mode 100644
index 874e7b6ff9..0000000000
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ /dev/null
@@ -1,31 +0,0 @@
----
-title: Update Compliance - Security Update Status report
-manager: aaroncz
-description: Learn how the Security Update Status section provides information about security updates across all devices.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Security Update Status
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-![The Security Update Status report.](images/UC_workspace_SU_status.png)
-
-The Security Update Status section provides information about [security updates](waas-quick-start.md#definitions) across all devices. The section tile within the [Overview Blade](update-compliance-using.md#overview-blade) lists the percentage of devices on the latest security update available. Meanwhile, the blades within show the percentage of devices on the latest security update for each Windows client version and the deployment progress toward the latest two security updates.  
-
-The **Overall Security Update Status** blade provides a visualization of devices that are and do not have the latest security updates. Below the visualization are all devices further broken down by operating system version and a count of devices that are up to date and not up to date. The **Not up to date** column also provides a count of update failures.
- 
-The **Latest Security Update Status** and **Previous Security Update Status** tiles are stacked to form one blade. The **Latest Security Update Status** provides a visualization of the different deployment states devices are in regarding the latest update for each build (or version) of Windows client, along with the revision of that update. The **Previous Security Update Status** blade provides the same information without the accompanying visualization. 
-
-The rows of each tile in this section are interactive; selecting them will navigate you to the query that is representative of that row and section. 
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
deleted file mode 100644
index 4220a931ba..0000000000
--- a/windows/deployment/update/update-compliance-using.md
+++ /dev/null
@@ -1,92 +0,0 @@
----
-title: Using Update Compliance
-manager: aaroncz
-description: Learn how to use Update Compliance to monitor your device's Windows updates.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 04/01/2023
----
-
-# Use Update Compliance
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
-[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
-
-In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
-
-
-Update Compliance:
-- Provides detailed deployment monitoring for Windows client feature and quality updates.
-- Reports when devices need attention due to issues related to update deployment.
-- Shows bandwidth usage and savings for devices that are configured to use [Delivery Optimization](../do/waas-delivery-optimization.md).
-- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
-
-## The Update Compliance tile
-After Update Compliance is successfully [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you can navigate to your log analytics workspace, select your Update Compliance deployment in the **Solutions** section, and then select  **Summary** to see this tile:
-
-:::image type="content" alt-text="Update Compliance tile no data." source="images/UC_tile_assessing.png":::
-
-When the solution is added, data is not immediately available. Data will begin to be collected after data is sent up that belongs to the Commercial ID associated with the device. This process assumes that Windows diagnostic data is enabled and data sharing is enabled as described in [Enrolling devices in Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance). After Microsoft has collected and processed any device data associated with your Commercial ID, the tile will be replaced with the following summary:
-
-:::image type="content" alt-text="Update Compliance tile with data." source="images/UC_tile_filled.png":::
-
-The summary details the total number of devices that Microsoft has received data from with your Commercial ID. It also provides the number of devices that need attention if any. Finally, it details the last point at which your Update Compliance workspace was refreshed.
-
-## The Update Compliance workspace
-
-:::image type="content" alt-text="Update Compliance workspace view." source="images/UC_workspace_needs_attention.png" lightbox="images/UC_workspace_needs_attention.png":::
-
-When you select this tile, you will be redirected to the Update Compliance workspace. The workspace is organized with the Overview blade providing a hub from which to navigate to different reports of your devices' data. 
-
-### Overview blade
-
-![The Overview blade.](images/uc-workspace-overview-blade.png)
-
-Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. Update Compliance displays distribution for all devices to help you determine if they are up to date on the following items:
-* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows client.
-* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. 
-
-The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency). 
-
-The following is a breakdown of the different sections available in Update Compliance:
-* [Need Attention!](update-compliance-need-attention.md) - This section is the default section when arriving to your Update Compliance workspace. It provides a summary of the different issues devices are facing relative to Windows client updates.
-* [Security Update Status](update-compliance-security-update-status.md) - This section lists the percentage of devices that are on the latest security update released for the version of Windows client it is running. Selecting this section provides blades that summarize the overall status of security updates across all devices and a summary of their deployment progress towards the latest two security updates. 
-* [Feature Update Status](update-compliance-feature-update-status.md) - This section lists the percentage of devices that are on the latest feature update that is applicable to a given device. Selecting this section provides blades that summarize the overall feature update status across all devices and a summary of deployment status for different versions of Windows client in your environment.
-* [Delivery Optimization Status](update-compliance-delivery-optimization.md) - This section summarizes bandwidth savings incurred by utilizing Delivery Optimization in your environment. It provides a breakdown of Delivery Optimization configuration across devices, and summarizes bandwidth savings and utilization across multiple content types.
-
-## Update Compliance data latency
-Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear.
-
-The data powering Update Compliance is refreshed every 24 hours. The last 28 days worth of data from all devices in your organization are refreshed. The entire set of data is refreshed in each daily snapshot, which means that the same data can be re-ingested even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data.  
-
-| Data Type | Data upload rate from device | Data Latency |
-|--|--|--|
-|WaaSUpdateStatus | Once per day |4 hours |
-|WaaSInsiderStatus| Once per day |4 hours |
-|WaaSDeploymentStatus|Every update event (Download, install, etc.)|24-36 hours |
-|WUDOAggregatedStatus|On update event, aggregated over time|24-36 hours |
-|WUDOStatus|Once per day|12 hours |
-
-This means you should generally expect to see new data device data every 24 hours, except for WaaSDeploymentStatus and WUDOAggregatedStatus, which may take 36-48 hours.
-
-## Using Log Analytics
-
-Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance. 
-
-See below for a few topics related to Log Analytics: 
-* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](/azure/log-analytics/log-analytics-log-searches).
-* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](/azure/log-analytics/log-analytics-dashboards). 
-* [Gain an overview of Log Analytics' alerts](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about. 
-
-## Related topics
-
-[Get started with Update Compliance](update-compliance-get-started.md)
diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md
index 1eb791b4fd..b7fa2d5094 100644
--- a/windows/deployment/update/update-policies.md
+++ b/windows/deployment/update/update-policies.md
@@ -1,23 +1,21 @@
 ---
-title: Policies for update compliance, activity, and user experience
-description: Explanation and recommendations for settings
+title: Policies for update compliance and user experience
+description: Explanation and recommendations for update compliance, activity, and user experience for your organization.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Policies for update compliance, activity, and user experience
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 Keeping devices up to date is the best way to keep them working smoothly and securely. 
 
 ## Deadlines for update compliance
@@ -30,19 +28,19 @@ deadline approaches, and then prioritize velocity as the deadline nears, while s
 Beginning with Windows 10, version 1903 and with the August 2019 security update for Windows 10, version 1709
 and later (including Windows 11), a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**.
 
-The older policies started enforcing deadlines once the device reached a “restart pending” state for
+The older policies started enforcing deadlines once the device reached a `restart pending` state for
 an update. The new policy starts the countdown for the update installation deadline from when the
 update is published plus any deferral. In addition, this policy includes a configurable grace period and the option
 to opt out of automatic restarts until the deadline is reached (although we recommend always allowing automatic
 restarts for maximum update velocity).
 
 We recommend you set deadlines as follows:
-- Quality update deadline, in days: 3
-- Feature update deadline, in days: 7
+- Quality update deadline, in days: 2
+- Feature update deadline, in days: 2
 
 Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded
 later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you
-do **not** set any notification policies, because they are automatically configured with appropriate defaults. An exception is if you
+do **not** set any notification policies, because they're automatically configured with appropriate defaults. An exception is if you
 have kiosks or digital signage.
 
 While three days for quality updates and seven days for feature updates is our recommendation, you might decide
@@ -57,12 +55,12 @@ to a minimum of two days.
 ### Grace periods
 
 You can set a period of days for Windows to find a minimally disruptive automatic restart time before the restart is enforced. This
-is especially useful in cases where a user has been away for many days (for example, on vacation) so that the device will not
+is especially useful in cases where a user has been away for many days (for example, on vacation) so that the device won't
 be forced to update immediately when the user returns.
 
 We recommend you set the following:
 
-- Grace period, in days: 2
+- Grace period, in days: 5
 
 Once the deadline and grace period have passed, updates are applied automatically, and a restart occurs
 regardless of [active hours](#active-hours).
@@ -79,15 +77,15 @@ automatic restart. To take advantage of this feature, ensure **ConfigureDeadline
 Windows typically requires that a device is active and connected to the internet for at least six hours, with at least two
 of continuous activity, in order to successfully complete a system update. The device could have other
 physical circumstances that prevent successful installation of an update--for example, if a laptop is running low
-on battery power, or the user has shut down the device before active hours end and the device cannot comply
+on battery power, or the user has shut down the device before active hours end and the device can't comply
 with the deadline.
 
-You can use the settings in this section to ensure that devices are actually available to install updates during the update compliance period.
+You can use the settings in this section to ensure that devices are available to install updates during the update compliance period.
 
 ### Active hours
 
-"Active hours" identify the period of time when a device is expected to be in use. Normally, restarts will occur outside of
-these hours. Windows 10, version 1903 introduced "intelligent active hours," which allow the system to learn active hours based on a user’s activities, rather than you as an administrator having to make decisions for your organization or allowing the user to choose active hours that minimize the period when the system can install an update.
+"Active hours" identify the period of time when a device is expected to be in use. Normally, restarts occur outside of
+these hours. Windows 10, version 1903 introduced "intelligent active hours," which allow the system to learn active hours based on a user's activities, rather than you as an administrator having to make decisions for your organization or allowing the user to choose active hours that minimize the period when the system can install an update.
 
 > [!IMPORTANT]
 > If you used the **Configure Active Hours** setting in previous versions of Windows 10, these
@@ -96,14 +94,12 @@ options must be **Disabled** in order to take advantage of intelligent active ho
 If you do set active hours, we recommend setting the following policies to **Disabled** in order to increase update
 velocity:
 
-- [Delay automatic reboot](waas-restart.md#delay-automatic-reboot). While it’s possible to set the system to delay restarts for users who are logged
-in, this might delay an update indefinitely if a user is always either logged in or shut down. Instead, we
-recommend setting the following polices to **Disabled**:
+- [Delay automatic reboot](waas-restart.md#delay-automatic-reboot). While it's possible to set the system to delay restarts for users who are logged in, this setting might delay an update indefinitely if a user is always either logged in or shut down. Instead, we recommend setting the following polices to **Disabled**:
     - **Turn off auto-restart during active hours**
     - **No auto-restart with logged on users for scheduled automatic updates**
 
-    - [Limit restart delays](waas-restart.md#limit-restart-delays). By using compliance deadlines, your users will receive notifications that
-updates will occur, so we recommend that you set this policy to **Disabled**, to allow compliance deadlines to eliminate the user’s ability to delay a restart outside of compliance deadline settings.
+    - [Limit restart delays](waas-restart.md#limit-restart-delays). By using compliance deadlines, your users receive notifications that
+updates will occur, so we recommend that you set this policy to **Disabled**, to allow compliance deadlines to eliminate the user's ability to delay a restart outside of compliance deadline settings.
 
 - **Do not allow users to approve updates and reboots**. Letting users approve or engage with the update process outside of the deadline policies decreases update velocity and increases risk. These policies should be set to **Disabled**:
     - [Update/RequireUpdateApproval](/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
@@ -113,8 +109,8 @@ updates will occur, so we recommend that you set this policy to **Disabled**, to
     - [Update/EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-engagedrestartsnoozescheduleforfeatureupdates)
     - [Update/EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-csp-update#update-engagedrestarttransitionschedule)
 
-- [Configure automatic update](waas-wu-settings.md#configure-automatic-updates). By properly setting policies to configure automatic updates, you can increase update velocity by having clients contact a Windows Server Update Services (WSUS) server so it can manage them. We recommend that you set this policy to **Disabled**. However, if you need to provide values, ensure that you set downloads to install automatically by setting the [Group Policy](waas-manage-updates-wsus.md#configure-automatic-updates-and-update-service-location) to **4**. If you’re using Microsoft Intune, setting the value to [Reset to Default](/mem/intune/protect/windows-update-settings#user-experience-settings).
-- **Allow auto Windows Update to download over metered networks**. Since more and more devices primarily use cellular data and do not have wi-fi access, consider allowing users to automatically download updates from a metered network. Though the default setting does not allow download over a metered network, setting this value to **1** can increase velocity by enabling users to get updates whether they are connected to the internet or not, provided they have cellular service. 
+- [Configure automatic update](waas-wu-settings.md#configure-automatic-updates). By properly setting policies to configure automatic updates, you can increase update velocity by having clients contact a Windows Server Update Services (WSUS) server so it can manage them. We recommend that you set this policy to **Disabled**. However, if you need to provide values, ensure that you set downloads to install automatically by setting the [Group Policy](waas-manage-updates-wsus.md#configure-automatic-updates-and-update-service-location) to **4**. If you're using Microsoft Intune, setting the value to [Reset to Default](/mem/intune/protect/windows-update-settings#user-experience-settings).
+- **Allow auto Windows Update to download over metered networks**. Since more devices primarily use cellular data and don't have wi-fi access, consider allowing users to automatically download updates from a metered network. Though the default setting doesn't allow download over a metered network, setting this value to **1** can increase velocity by enabling users to get updates whether they're connected to the internet or not, provided they have cellular service. 
 
 > [!IMPORTANT]
 > Older versions of Windows don't support intelligent active hours. If your device runs a version of Windows prior to Windows 10, version 1903, we recommend setting the following policies:
@@ -127,11 +123,11 @@ recommend setting this value to **3** (corresponding to 3 AM). If 3:00 AM is in
 
 ### Power policies
 
-Devices must actually be available during non-active hours in order to an update. They can't do this if power policies prevent them from waking up. In our organization, we strive to set a balance between security and eco-friendly configurations. We recommend the following settings to achieve what we feel are the appropriate tradeoffs:
+Devices must actually be available during nonactive hours in order to an update. They can't do this if power policies prevent them from waking up. In our organization, we strive to set a balance between security and eco-friendly configurations. We recommend the following settings to achieve what we feel are the appropriate tradeoffs:
 
-To a user, a device is either on or off, but for Windows, there are states that will allow an update to occur (active) and states that do not (inactive). Some states are considered active (sleep), but the user may think the device is off. Also, there are power statuses (plugged in/battery) that Windows checks before starting an update.
+To a user, a device is either on or off, but for Windows, there are states that allow an update to occur (active) and states that don't (inactive). Some states are considered active (sleep), but the user may think the device is off. Also, there are power statuses (plugged in/battery) that Windows checks before starting an update.
 
-You can override the default settings and prevent users from changing them in order to ensure that devices are available for updates during non-active hours.
+You can override the default settings and prevent users from changing them in order to ensure that devices are available for updates during nonactive hours.
 
 > [!NOTE]
 > One way to ensure that devices can install updates when you need them to is to educate your users to keep devices plugged in during non-active hours. Even with the best policies, a device that isn't plugged in will not be updated, even in sleep mode.
@@ -139,13 +135,12 @@ You can override the default settings and prevent users from changing them in or
 We recommend these power management settings:
 
 - Sleep mode (S1 or S0 Low Power Idle or [Modern Standby](/windows-hardware/design/device-experiences/modern-standby)). When a device is in sleep mode, the system
-appears to be off but if an update is available, it can wake the device up in order to take an update. The
+appears to be off but if an update is available, it can wake up the device in order to take an update. The
 power consumption in sleep mode is between working (system fully usable) and hibernate (S4 - lowest
-power level before shutdown). When a device is not being used, the system will generally move to sleep
+power level before shutdown). When a device isn't being used, the system will generally move to sleep
 mode before it goes to hibernate. Issues in velocity arise when the time between sleep and hibernate is
-too short and Windows does not have time to complete an update. Sleep mode is an important setting
-because the system can wake the system from sleep in order to start the update process, as long as there
-is enough power.
+too short and Windows doesn't have time to complete an update. Sleep mode is an important setting
+because the system can wake the system from sleep in order to start the update process, as long as there's enough power.
 
 Set the following policies to **Enable** or **Do Not Configure** in order to allow the device to use sleep mode:
 - [Power/AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#power-allowstandbystateswhensleepingonbattery)
@@ -156,15 +151,15 @@ sleep mode and the device has an opportunity to take an update:
 - [Power/SelectLidCloseActionOnBattery](/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactiononbattery)
 - [Power/SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#power-selectlidcloseactionpluggedin)
 
-- **Hibernate**. When a device is hibernating, power consumption is very low and the system cannot wake up
-without user intervention, like pressing the power button. If a device is in this state, it cannot be updated
+- **Hibernate**. When a device is hibernating, power consumption is low and the system can't wake up
+without user intervention, like pressing the power button. If a device is in this state, it can't be updated
 unless it supports an ACPI Time and Alarm Device (TAD). That said, if a device supporting Traditional Sleep
-(S3) is plugged in, and a Windows update is available, a hibernate state will be delayed until the update is complete.
+(S3) is plugged in, and a Windows update is available, a hibernate state is delayed until the update is complete.
 
 > [!NOTE]
 > This does not apply to devices that support Modern Standby (S0 Low Power Idle). You can check which system sleep state (S3 or S0 Low Power Idle) a device supports by running `powercfg /a` at a command prompt. For more, see [Powercfg options](/windows-hardware/design/device-experiences/powercfg-command-line-options#option_availablesleepstates).
 
-The default timeout on devices that support traditional sleep is set to three hours. We recommend that you do not reduce these policies in order to allow Windows Update the opportunity to restart the device before sending it into hibernation:
+The default timeout on devices that support traditional sleep is set to three hours. We recommend that you don't reduce these policies in order to allow Windows Update the opportunity to restart the device before sending it into hibernation:
 
 - [Power/HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#power-hibernatetimeoutonbattery)
 - [Power/HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#power-hibernatetimeoutpluggedin)
@@ -177,7 +172,7 @@ Each release of Windows client can introduce new policies to make the experience
 > If you are using Group Policy, note that we don't update the old ADMX templates and you must use the newer (1903) ADMX template in order to use the newer policy. Also, if you are
 > using an MDM tool (Microsoft or non-Microsoft), you can't use the new policy until it's available in the tool interface.
 
-As administrators, you have set up and expect certain behaviors, so we expressly do not remove older policies since they were set up for your particular use cases. However, if you set a new policy without disabling a similar older policy, you could have conflicting behavior and updates might not perform as expected.
+As administrators, you have set up and expect certain behaviors, so we expressly don't remove older policies since they were set up for your particular use cases. However, if you set a new policy without disabling a similar older policy, you could have conflicting behavior and updates might not perform as expected.
 
 > [!IMPORTANT] 
 > We sometimes find that administrators set devices to get both Group Policy settings and MDM settings from an MDM server such as Microsoft Intune. Policy conflicts are handled differently, depending on how they are ultimately set up:
@@ -192,11 +187,11 @@ As administrators, you have set up and expect certain behaviors, so we expressly
 
 The following are policies that you might want to disable because they could decrease update velocity or there are better policies to use that might conflict:
 - **Defer Feature Updates Period in Days**. For maximum update velocity, it's best to set this to **0** (no
-deferral) so that the feature update can complete and monthly security updates will be offered again. Even if there is an urgent quality update that must be quickly deployed, it is best to use **Pause Feature
+deferral) so that the feature update can complete and monthly security updates are offered again. Even if there's an urgent quality update that must be quickly deployed, it's best to use **Pause Feature
 Updates** rather than setting a deferral policy. You can choose a longer period if you don't want to stay up to date with the latest feature update.
 - **Defer Quality Updates Period in Days**. To minimize risk and maximize update velocity, the maximum time you might want to consider while evaluating the update with a different ring of devices is two to three days.
 - **Pause Feature Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution.
-- **Pause Quality Updates Start Time**. Set to **Disabled** unless there is a known issue requiring time for a resolution.
-- **Deadline No Auto Reboot**. Default is **Disabled – Set to 0** . We recommend that devices automatically try to restart when an update is received. Windows uses user interactions to dynamically identify the least disruptive time to restart.
+- **Pause Quality Updates Start Time**. Set to **Disabled** unless there's a known issue requiring time for a resolution.
+- **Deadline No Auto Reboot**. Default is **Disabled - Set to 0** . We recommend that devices automatically try to restart when an update is received. Windows uses user interactions to dynamically identify the least disruptive time to restart.
 
-There are additional policies are no longer supported or have been superseded.
+There are also additional policies are no longer supported or have been superseded.
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 1329d93a6b..840ea3d5a7 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -2,31 +2,28 @@
 title: Configure BranchCache for Windows client updates
 description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Configure BranchCache for Windows client updates
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it's easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode. 
 
 - Distributed Cache mode operates like the [Delivery Optimization](../do/waas-delivery-optimization.md) feature in Windows client: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file. 
 
-    >[!TIP]
-    >Distributed Cache mode is preferred to Hosted Cache mode for Windows clients updates to get the most benefit from peer-to-peer distribution. 
+    > [!TIP]
+    > Distributed Cache mode is preferred to Hosted Cache mode for Windows clients updates to get the most benefit from peer-to-peer distribution. 
 
 - In Hosted Cache mode, designated servers at specific locations act as a cache for files requested by clients in its area. Then, rather than clients retrieving files from a latent source, the hosted cache server provides the content on its behalf. 
 
@@ -36,7 +33,7 @@ For detailed information about how Distributed Cache mode and Hosted Cache mode
 
 Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](/previous-versions/windows/it-pro/windows-7/dd637820(v=ws.10)) in the [BranchCache Early Adopter's Guide](/previous-versions/windows/it-pro/windows-7/dd637762(v=ws.10)).
 
-In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, simply set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
+In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows client, set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
 
 ## Configure servers for BranchCache
 
@@ -44,8 +41,8 @@ You can use WSUS and Configuration Manager with BranchCache in Distributed Cache
 
 For a step-by-step guide to configuring BranchCache on Windows Server devices, see the [BranchCache Deployment Guide (Windows Server 2012)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj572990(v=ws.11)) or [BranchCache Deployment Guide (Windows Server 2016)](/windows-server/networking/branchcache/deploy/branchcache-deployment-guide).
 
-In addition to these steps, there is one requirement for WSUS to be able to use BranchCache in either operating mode: the WSUS server must be configured to download updates locally on the server to a shared folder. This way, you can select BranchCache publication for the share. For Configuration Manager, you can enable BranchCache on distribution points; no other server-side configuration is necessary for Distributed Cache mode.
+In addition to these steps, there's one requirement for WSUS to be able to use BranchCache in either operating mode: the WSUS server must be configured to download updates locally on the server to a shared folder. This way, you can select BranchCache publication for the share. For Configuration Manager, you can enable BranchCache on distribution points; no other server-side configuration is necessary for Distributed Cache mode.
 
->[!NOTE]
->Configuration Manager only supports Distributed Cache mode.
+> [!NOTE]
+> Configuration Manager only supports Distributed Cache mode.
 
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index c6c7a89a58..6af6c31910 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -6,22 +6,21 @@ ms.prod: windows-client
 author: mestew
 ms.localizationpriority: medium
 ms.author: mstewart
-ms.topic: article
+ms.topic: conceptual
 ms.technology: itpro-updates
-ms.date: 05/19/2023
+ms.collection:
+  - tier1
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
+ms.date: 08/22/2023
 ---
 
 # Configure Windows Update for Business
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-- Windows Server 2022
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 > [!NOTE]
@@ -162,7 +161,7 @@ In cases where the pause policy is first applied after the configured start date
 | MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
 | MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
 
-You can check the date that quality updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**. 
+You can check the date that quality updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
 
 The local group policy editor (GPEdit.msc) won't reflect whether the quality update pause period has expired. Although the device will resume quality updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
 
@@ -210,6 +209,43 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
 | GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate  |
 | MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
 
+## Enable optional updates
+<!--7991583-->
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy.
+
+To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. 
+
+:::image type="content" source="media/7991583-update-seeker-enabled.png" alt-text="Screenshot of the Get the latest updates as soon as they're available option in the Windows updates page of Settings." lightbox="media/7991583-update-seeker-enabled.png":::
+
+The following options are available for the policy:
+
+- **Automatically receive optional updates (including CFRs)**:
+   - The latest optional nonsecurity updates and CFRs are automatically installed on the device. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option is selected and users can't change the setting.
+   - Devices will receive CFRs in early phases of the rollout.
+
+- **Automatically receive optional updates**:
+   - The latest optional nonsecurity updates are automatically installed on the device but CFRs aren't. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option isn't selected and users can't change the setting.
+
+- **Users can select which optional updates to receive**:
+   - Users can select which optional updates to install from **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Optional updates**.
+     - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled.  
+     - CFRs are offered to the device, but not necessarily in the early phases of the rollout.
+   - Users can enable the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. If the user enables the **Get the latest updates as soon as they're available**, then:
+     - The device will receive CFRs in early phases of the rollout.
+     - Optional updates are automatically installed on the device.
+
+- **Not configured** (default):
+  - Optional updates aren't installed on the device and the **Get the latest updates as soon as they're available** option is disabled.
+
+**Policies to enable optional updates**
+
+| Policy | Sets registry key under HKLM\Software |
+| --- | --- |
+| GPO for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > **Enable optional updates**| \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+| MDM for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: </br>./Device/Vendor/MSFT/Policy/Config/Update/</br>**[AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent)** | \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+
 ## Enable features that are behind temporary enterprise feature control
 <!--6544872-->
 
@@ -221,8 +257,8 @@ The features that are behind temporary enterprise feature control will be enable
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\AllowTemporaryEnterpriseFeatureControl  |
-| MDM for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl |
+| GPO for Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\AllowTemporaryEnterpriseFeatureControl  |
+| MDM for Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>./Device/Vendor/MSFT/Policy/Config/Update/</br>**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl |
 
 
 ## Summary: MDM and Group Policy settings for Windows 10, version 1703 and later
@@ -233,6 +269,7 @@ The following are quick-reference tables of the supported policy values for Wind
 
 | GPO Key |	Key type | Value |
 | --- | --- | --- |
+| AllowOptionalContent</br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs)</br> 2: Automatically receive optional updates </br> 3: Users can select which optional updates to receive </br> Other value or absent: Don't receive optional updates|
 | AllowTemporaryEnterpriseFeatureControl </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled.</br> Other value or absent: Features that are shipped turned off by default will remain off |
 | BranchReadinessLevel	| REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast </br> 4: Systems take feature updates for the Windows Insider build - Slow </br> 8: Systems take feature updates for the Release Windows Insider build </br></br> Other value or absent: Receive all applicable updates |
 | DeferFeatureUpdates | REG_DWORD | 1: Defer feature updates</br>Other value or absent: Don't defer feature updates |
@@ -248,6 +285,7 @@ The following are quick-reference tables of the supported policy values for Wind
 
 | MDM Key | Key type | Value |
 | --- | --- | --- |
+| AllowOptionalContent </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs)</br> 2: Automatically receive optional updates </br> 3: Users can select which optional updates to receive </br> Other value or absent: Don't receive optional updates|
 | AllowTemporaryEnterpriseFeatureControl </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled.</br> Other value or absent: Features that are shipped turned off by default will remain off |
 | BranchReadinessLevel | REG_DWORD |2: Systems take feature updates for the Windows Insider build - Fast </br> 4: Systems take feature updates for the Windows Insider build - Slow </br> 8: Systems take feature updates for the Release Windows Insider build  </br>32: Systems take feature updates from General Availability Channel </br>Note: Other value or absent: Receive all applicable updates |
 | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
@@ -272,3 +310,4 @@ When a device running a newer version sees an update available on Windows Update
 | PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
 | PauseQualityUpdates | PauseQualityUpdatesStartTime |
 
+ 
\ No newline at end of file
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 007f114627..d94af9011d 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -2,23 +2,20 @@
 title: Integrate Windows Update for Business
 description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
 # Integrate Windows Update for Business with management solutions
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
@@ -28,8 +25,8 @@ You can integrate Windows Update for Business deployments with existing manageme
 
 For Windows 10, version 1607 and later, devices can be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS).  In a joint WSUS and Windows Update for Business setup:
 
-- Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
-- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies
+- Devices receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
+- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows won't follow your Windows Update for Business deferral policies
 
 ### Configuration example \#1: Deferring Windows Update updates with other update content hosted on WSUS
 
@@ -37,9 +34,9 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
 
 - Device is configured to defer Windows quality updates using Windows Update for Business
 - Device is also configured to be managed by WSUS
-- Device is not configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled)
+- Device isn't configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled)
 - Admin has opted to put updates to Office and other products on WSUS
-- Admin has also put 3rd party drivers on WSUS
+- Admin has also put third-party drivers on WSUS
 
 |Content|Metadata source|Payload source|Deferred?|
 |--- |--- |--- |--- |
@@ -70,12 +67,12 @@ For Windows 10, version 1607 and later, devices can be configured to receive upd
 **Configuration:**
 
 - Device is configured to defer quality updates using Windows Update for Business and to be managed by WSUS
-- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
+- Device is configured to **receive updates for other Microsoft products** along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
 - Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
 
-In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS were not enabled. 
+In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS weren't enabled. 
 - In a non-WSUS case, these updates would be deferred just as any update to Windows would be.  
-- However, with WSUS also configured, these updates are sourced from Microsoft but deferral policies are not applied.  
+- However, with WSUS also configured, these updates are sourced from Microsoft but deferral policies aren't applied.  
 
 |Content|Metadata source|Payload source|Deferred?|
 |--- |--- |--- |--- |
@@ -90,9 +87,9 @@ In this example, the deferral behavior for updates to Office and other non-Windo
 
 ## Integrate Windows Update for Business with Microsoft Configuration Manager
 
-For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
+For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices are visible in the Configuration Manager console, however they appear with a detection state of **Unknown**.
 
 :::image type="content" alt-text="Example of unknown devices." source="images/wufb-sccm.png" lightbox="images/wufb-sccm.png":::
 
-For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
+For more information, see [Integration with Windows Update for Business in Windows 10](/mem/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10).
 
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 93ab10c8bc..b1aee2ba14 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -1,33 +1,31 @@
 ---
-title: Deploy Windows client updates using Windows Server Update Services
+title: Deploy updates using Windows Server Update Services
 description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: how-to
 ms.collection:
   - highpri
   - tier2
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus > WSUS </a>	
 ms.date: 12/31/2017
 ---
 
 # Deploy Windows client updates using Windows Server Update Services (WSUS)
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 
-WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Configuration Manager provides.
+WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they're delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but doesn't provide all the scheduling options and deployment flexibility that Microsoft Configuration Manager provides.
 
-When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 11. 
+When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you're currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 11. 
 
 
 
@@ -46,7 +44,7 @@ To be able to use WSUS to manage and deploy Windows feature updates, you must us
 
 ## WSUS scalability
 
-To use WSUS to manage all Windows updates, some organizations may need access to WSUS from a perimeter network, or they might have some other complex scenario. WSUS is highly scalable and configurable for organizations of any size or site layout. For specific information about scaling WSUS, including upstream and downstream server configuration, branch offices, WSUS load balancing, and other complex scenarios, see [Choose a Type of WSUS Deployment](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc720448(v=ws.10)).
+To use WSUS to manage all Windows updates, some organizations may need access to WSUS from a perimeter network, or they might have some other complex scenario. WSUS is highly scalable and configurable for organizations of any size or site layout. For specific information about scaling WSUS, including upstream and downstream server configuration, branch offices, WSUS load balancing, and other complex scenarios, see [Deploy Windows Server Update Services](/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services).
  
 
 
@@ -68,19 +66,19 @@ When using WSUS to manage updates on Windows client devices, start by configurin
    >[!NOTE]
    >In this example, the **Configure Automatic Updates** and **Intranet Microsoft Update Service Location** Group Policy settings are specified for the entire domain. This is not a requirement; you can target these settings to any security group by using Security Filtering or a specific OU.
     
-4. In the **New GPO** dialog box, name the new GPO **WSUS – Auto Updates and Intranet Update Service Location**.
+4. In the **New GPO** dialog box, name the new GPO **WSUS - Auto Updates and Intranet Update Service Location**.
 
-5. Right-click the **WSUS – Auto Updates and Intranet Update Service Location** GPO, and then click **Edit**.
+5. Right-click the **WSUS - Auto Updates and Intranet Update Service Location** GPO, and then select **Edit**.
 
 6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
 
-7. Right-click the **Configure Automatic Updates** setting, and then click **Edit**.
+7. Right-click the **Configure Automatic Updates** setting, and then select **Edit**.
 
    ![Configure Automatic Updates in the UI.](images/waas-wsus-fig4.png)
     
 8. In the **Configure Automatic Updates** dialog box, select **Enable**.
 
-9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then click **OK**.
+9. Under **Options**, from the **Configure automatic updating** list, select **3 - Auto download and notify for install**, and then select **OK**.
 
    ![Select Auto download and notify for install in the UI.](images/waas-wsus-fig5.png)
    
@@ -88,7 +86,7 @@ When using WSUS to manage updates on Windows client devices, start by configurin
    > Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations
     
    > [!NOTE]
-   > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc720539(v=ws.10)). 
+   > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates). 
     
 10. Right-click the **Specify intranet Microsoft update service location** setting, and then select **Edit**. 
 
@@ -117,13 +115,13 @@ You can use computer groups to target a subset of devices that have specific qua
 
 1. Open the WSUS Administration Console. 
 
-2. Go to *Server_Name*\Computers\All Computers, and then click **Add Computer Group**. 
+2. Go to *Server_Name*\Computers\All Computers, and then select **Add Computer Group**. 
 
     ![Add Computer Group in the WSUS Administration UI.](images/waas-wsus-fig7.png)
     
-3. Type **Ring 2 Pilot Business Users** for the name, and then click **Add**.
+3. Type **Ring 2 Pilot Business Users** for the name, and then select **Add**.
 
-4. Repeat these steps for the **Ring 3 Broad IT** and **Ring 4 Broad Business Users** groups. When you’re finished, there should be three deployment ring groups.
+4. Repeat these steps for the **Ring 3 Broad IT** and **Ring 4 Broad Business Users** groups. When you're finished, there should be three deployment ring groups.
 
 Now that the groups have been created, add the computers to the computer groups that align with the desired deployment rings. You can do this through [Group Policy](#wsus-gp) or manually by using the [WSUS Administration Console](#wsus-admin).
 
@@ -143,15 +141,15 @@ When new computers communicate with WSUS, they appear in the **Unassigned Comput
 
 1. In the WSUS Administration Console, go to *Server_Name*\Computers\All Computers\Unassigned Computers.
 
-    Here, you see the new computers that have received the GPO you created in the previous section and started communicating with WSUS. This example has only two computers; depending on how broadly you deployed your policy, you will likely have many computers here.
+    Here, you see the new computers that have received the GPO you created in the previous section and started communicating with WSUS. This example has only two computers; depending on how broadly you deployed your policy, you'll likely have many computers here.
 
-2. Select both computers, right-click the selection, and then click **Change Membership**.
+2. Select both computers, right-click the selection, and then select **Change Membership**.
 
     ![Select Change Membership in the UI.](images/waas-wsus-fig8.png)
 
-3. In the **Set Computer Group Membership** dialog box, select the **Ring 2 Pilot Business Users** deployment ring, and then click **OK**.
+3. In the **Set Computer Group Membership** dialog box, select the **Ring 2 Pilot Business Users** deployment ring, and then select **OK**.
 
-    Because they were assigned to a group, the computers are no longer in the **Unassigned Computers** group. If you select the **Ring 2 Pilot Business Users** computer group, you will see both computers there.
+    Because they were assigned to a group, the computers are no longer in the **Unassigned Computers** group. If you select the **Ring 2 Pilot Business Users** computer group, you'll see both computers there.
 
 ### Search for multiple computers to add to groups
 
@@ -159,15 +157,15 @@ Another way to add multiple computers to a deployment ring in the WSUS Administr
 
 **To search for multiple computers**
 
-1. In the WSUS Administration Console, go to *Server_Name*\Computers\All Computers, right-click **All Computers**, and then click **Search**.
+1. In the WSUS Administration Console, go to *Server_Name*\Computers\All Computers, right-click **All Computers**, and then select **Search**.
 
 2. In the search box, type **WIN10**.
 
-3. In the search results, select the computers, right-click the selection, and then click **Change Membership**.
+3. In the search results, select the computers, right-click the selection, and then select **Change Membership**.
 
     ![Select Change Membership to search for multiple computers in the UI.](images/waas-wsus-fig9.png)
     
-4. Select the **Ring 3 Broad IT** deployment ring, and then click **OK**.
+4. Select the **Ring 3 Broad IT** deployment ring, and then select **OK**.
 
 You can now see these computers in the **Ring 3 Broad IT** computer group.
 
@@ -180,11 +178,11 @@ The WSUS Administration Console provides a friendly interface from which you can
 
 **To configure WSUS to allow client-side targeting from Group Policy**
 
-1. Open the WSUS Administration Console, and go to *Server_Name*\Options, and then click **Computers**.
+1. Open the WSUS Administration Console, and go to *Server_Name*\Options, and then select **Computers**.
 
      ![Select Comptuers in the WSUS Administration Console.](images/waas-wsus-fig10.png)
      
-2. In the **Computers** dialog box, select **Use Group Policy or registry settings on computers**, and then click **OK**.
+2. In the **Computers** dialog box, select **Use Group Policy or registry settings on computers**, and then select **OK**.
 
     >[!NOTE]
     >This option is exclusively either-or. When you enable WSUS to use Group Policy for group assignment, you can no longer manually add computers through the WSUS Administration Console until you change the option back. 
@@ -194,23 +192,23 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
 **To configure client-side targeting**
 
 >[!TIP]
->When using client-side targeting, consider giving security groups the same names as your deployment rings. Doing so simplifies the policy-creation process and helps ensure that you don’t add computers to the incorrect rings.
+>When using client-side targeting, consider giving security groups the same names as your deployment rings. Doing so simplifies the policy-creation process and helps ensure that you don't add computers to the incorrect rings.
 
 1. Open Group Policy Management Console (gpmc.msc).
 
 2. Expand Forest\Domains\\*Your_Domain*.
 
-3. Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**.
+3. Right-click *Your_Domain*, and then select **Create a GPO in this domain, and Link it here**.
 
-4. In the **New GPO** dialog box, type **WSUS – Client Targeting – Ring 4 Broad Business Users** for the name of the new GPO.
+4. In the **New GPO** dialog box, type **WSUS - Client Targeting - Ring 4 Broad Business Users** for the name of the new GPO.
 
-5. Right-click the **WSUS – Client Targeting – Ring 4 Broad Business Users** GPO, and then click **Edit**.
+5. Right-click the **WSUS - Client Targeting - Ring 4 Broad Business Users** GPO, and then select **Edit**.
 
     ![Select the WSUS ring 4 and edit in group policy.](images/waas-wsus-fig11.png)
     
 6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
 
-7. Right-click **Enable client-side targeting**, and then click **Edit**.
+7. Right-click **Enable client-side targeting**, and then select **Edit**.
 
 8. In the **Enable client-side targeting** dialog box, select **Enable**.
 
@@ -223,23 +221,23 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
 
 10. Close the Group Policy Management Editor.
 
-Now you’re ready to deploy this GPO to the correct computer security group for the **Ring 4 Broad Business Users** deployment ring. 
+Now you're ready to deploy this GPO to the correct computer security group for the **Ring 4 Broad Business Users** deployment ring. 
 
 **To scope the GPO to a group**
 
-1. In GPMC, select the **WSUS – Client Targeting – Ring 4 Broad Business Users** policy.
+1. In GPMC, select the **WSUS - Client Targeting - Ring 4 Broad Business Users** policy.
 
-2. Click the **Scope** tab.
+2. Select the **Scope** tab.
 
 3. Under **Security Filtering**, remove the default **AUTHENTICATED USERS** security group, and then add the **Ring 4 Broad Business Users** group.
 
     ![Remove the default AUTHENTICATED USERS security group in group policy.](images/waas-wsus-fig13.png)
     
-The next time the clients in the **Ring 4 Broad Business Users** security group receive their computer policy and contact WSUS, they will be added to the **Ring 4 Broad Business Users** deployment ring. 
+The next time the clients in the **Ring 4 Broad Business Users** security group receive their computer policy and contact WSUS, they'll be added to the **Ring 4 Broad Business Users** deployment ring. 
 
 ## Automatically approve and deploy feature updates
 
-For clients that should have their feature updates approved as soon as they’re available, you can configure Automatic Approval rules in WSUS.
+For clients that should have their feature updates approved as soon as they're available, you can configure Automatic Approval rules in WSUS.
 
 >[!NOTE]
 >WSUS respects the client device's servicing branch. If you approve a feature update while it is still in one branch, such as Insider Preview, WSUS will install the update only on devices that are in that servicing branch. When Microsoft releases the build for the [General Availability Channel](waas-overview.md#general-availability-channel), the devices in that will install it. Windows Update for Business branch settings do not apply to feature updates through WSUS.
@@ -250,32 +248,32 @@ This example uses Windows 10, but the process is the same for Windows 11.
 
 1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Options, and then select **Automatic Approvals**.
 
-2. On the **Update Rules** tab, click **New Rule**.
+2. On the **Update Rules** tab, select **New Rule**.
 
 3. In the **Add Rule** dialog box, select the **When an update is in a specific classification**, **When an update is in a specific product**, and **Set a deadline for the approval** check boxes.
 
      ![Select the update and deadline check boxes in the WSUS Administration Console.](images/waas-wsus-fig14.png)
      
-4. In the **Edit the properties** area, select **any classification**. Clear everything except **Upgrades**, and then click **OK**.
+4. In the **Edit the properties** area, select **any classification**. Clear everything except **Upgrades**, and then select **OK**.
 
-5. In the **Edit the properties area**, click the **any product** link. Clear all check boxes except **Windows 10**, and then click **OK**.
+5. In the **Edit the properties area**, select the **any product** link. Clear all check boxes except **Windows 10**, and then select **OK**.
 
     Windows 10 is under All Products\Microsoft\Windows.
     
-6. In the **Edit the properties** area, click the **all computers** link. Clear all the computer group check boxes except **Ring 3 Broad IT**, and then click **OK**.
+6. In the **Edit the properties** area, select the **all computers** link. Clear all the computer group check boxes except **Ring 3 Broad IT**, and then select **OK**.
 
 7. Leave the deadline set for **7 days after the approval at 3:00 AM**.
 
-8. In the **Step 3: Specify a name** box, type **Windows 10 Upgrade Auto-approval for Ring 3 Broad IT**, and then click **OK**.
+8. In the **Step 3: Specify a name** box, type **Windows 10 Upgrade Auto-approval for Ring 3 Broad IT**, and then select **OK**.
 
     ![Enter the ring 3 deployment name.](images/waas-wsus-fig15.png)
     
-9. In the **Automatic Approvals** dialog box, click **OK**.
+9. In the **Automatic Approvals** dialog box, select **OK**.
 
     >[!NOTE]
-    >WSUS does not honor any existing month/week/day [deferral settings](waas-configure-wufb.md#configure-when-devices-receive-feature-updates). That said, if you’re using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait.
+    >WSUS does not honor any existing month/week/day [deferral settings](waas-configure-wufb.md#configure-when-devices-receive-feature-updates). That said, if you're using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait.
 
-Now, whenever Windows client feature updates are published to WSUS, they will automatically be approved for the **Ring 3 Broad IT** deployment ring with an installation deadline of 1 week.
+Now, whenever Windows client feature updates are published to WSUS, they'll automatically be approved for the **Ring 3 Broad IT** deployment ring with an installation deadline of 1 week.
 
 > [!WARNING]
 > The auto approval rule runs after synchronization occurs. This means that the *next* upgrade for each Windows client version will be approved. If you select **Run Rule**, all possible updates that meet the criteria will be approved, potentially including older updates that you don't actually want--which can be a problem when the download sizes are very large.
@@ -291,17 +289,17 @@ To simplify the manual approval process, start by creating a software update vie
 
 **To approve and deploy feature updates manually**
 
-1.	 In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates. In the **Action** pane, click **New Update View**.
+1.	 In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates. In the **Action** pane, select **New Update View**.
 
 2. In the **Add Update View** dialog box, select **Updates are in a specific classification** and **Updates are for a specific product**.
 
-3. Under **Step 2: Edit the properties**, click **any classification**. Clear all check boxes except **Upgrades**, and then click **OK**.
+3. Under **Step 2: Edit the properties**, select **any classification**. Clear all check boxes except **Upgrades**, and then select **OK**.
 
-4. Under **Step 2: Edit the properties**, click **any product**. Clear all check boxes except **Windows 10**, and then click **OK**.
+4. Under **Step 2: Edit the properties**, select **any product**. Clear all check boxes except **Windows 10**, and then select **OK**.
 
     Windows 10 is under All Products\Microsoft\Windows.
     
-5. In the **Step 3: Specify a name** box, type **All Windows 10 Upgrades**, and then click **OK**.
+5. In the **Step 3: Specify a name** box, type **All Windows 10 Upgrades**, and then select **OK**.
 
      ![Enter All Windows 10 Upgrades for the name in the WSUS admin console.](images/waas-wsus-fig16.png)
 
@@ -309,7 +307,7 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 
 1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates\All Windows 10 Upgrades.
 
-2. Right-click the feature update you want to deploy, and then click **Approve**.
+2. Right-click the feature update you want to deploy, and then select **Approve**.
 
       ![Approve the feature you want to deploy in WSUS admin console.](images/waas-wsus-fig17.png)  
       
@@ -317,30 +315,17 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 
       ![Select Approve for install in the WSUS admin console.](images/waas-wsus-fig18.png) 
       
-4. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, click **Deadline**, click **One Week**, and then click **OK**. 
+4. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, select **Deadline**, select **One Week**, and then select **OK**. 
 
       ![Select a one week deadline in the WSUS admin console.](images/waas-wsus-fig19.png) 
       
-5. If the **Microsoft Software License Terms** dialog box opens, click **Accept**.
+5. If the **Microsoft Software License Terms** dialog box opens, select **Accept**.
 
     If the deployment is successful, you should receive a successful progress report.
     
     ![A sample successful deployment.](images/waas-wsus-fig20.png) 
 
-6. In the **Approval Progress** dialog box, click **Close**.
-
-</br>
-
-## Steps to manage updates for Windows client
-
-|&nbsp; |&nbsp; |
-| --- | --- |
-| ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) |
-| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Optimize update delivery for Windows client updates](../do/waas-optimize-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows client updates using Windows Server Update Services (this topic)</br>or [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
+6. In the **Approval Progress** dialog box, select **Close**.
 
 
 
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 54da439aad..58343cf36e 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -3,30 +3,27 @@ title: Windows Update for Business
 manager: aaroncz
 description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
 ms.topic: overview
+author: mestew
+ms.author: mstewart
 ms.collection:
   - highpri
   - tier2
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
 # What is Windows Update for Business?
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-Windows Update for Business is a free service that is available for all premium editions including Windows 10 and Windows 11 Pro, Enterprise, Pro for Workstation, and Education editions. 
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
+Windows Update for Business is a free service that is available for the following editions of Windows 10 and Windows 11:
+- Pro, including Pro for Workstations
+- Education
+- Enterprise, including Enterprise LTSC, IoT Enterprise, and IoT Enterprise LTSC
 
 Windows Update for Business enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
   
@@ -36,7 +33,7 @@ Specifically, Windows Update for Business lets you control update offerings and
 
 Windows Update for Business enables commercial customers to manage which Windows Updates are received when as well as the experience a device has when it receives them.
 
-You can control Windows Update for Business policies by using either Mobile Device Management (MDM) tools such as Microsoft Intune or Group Policy management tools such as local group policy or the Group Policy Management Console (GPMC), as well as a variety of other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud policy).
+You can control Windows Update for Business policies by using either Mobile Device Management (MDM) tools such as Microsoft Intune or Group Policy management tools such as local group policy or the Group Policy Management Console (GPMC), as well as various other non-Microsoft management tools. MDMs use Configuration Service Provider (CSP) policies instead of Group Policy. Intune additionally uses Cloud Policies. Not all policies are available in all formats (CSP, Group Policy, or Cloud policy).
 
 
 ### Manage deployment of Windows Updates 
@@ -49,7 +46,7 @@ Windows Update for Business enables an IT administrator to receive and manage a
 
 Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
 
-- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available.
+- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available. Feature updates aren't available for LTSC devices.
 - **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates.
 - **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer. 
 - **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
@@ -61,10 +58,11 @@ You can control when updates are applied, for example by deferring when an updat
 ### Manage when updates are offered
 You can defer or pause the installation of updates for a set period of time.
 
-#### Enroll in pre-release updates
+#### Enroll in prerelease updates
 
-The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
+The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both prerelease and released updates:
 
+- Windows Insider Canary
 - Windows Insider Dev
 - Windows Insider Beta
 - Windows Insider Preview
@@ -73,14 +71,14 @@ The branch readiness level enables administrators to specify which channel of fe
 
 #### Defer an update
 
-A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
+A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they're pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it's offered to a device. That is, if you set a feature update deferral period of 365 days, the device won't install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
 
 
 |Category  |Maximum deferral period  |
 |---------|---------|
 |Feature updates     |  365 days       |
 |Quality updates     | 30 days        |
-|Non-deferrable     |   none      |
+|Nondeferrable     |   none      |
 
 <!--Example: Using deferrals to deploy in waves
       [Insert graphic with the deferrals set to different values showing a feature update rollout)--> 
@@ -106,7 +104,7 @@ For the best experience with Windows Update, follow these guidelines:
 
 ### Manage the end-user experience when receiving Windows Updates
 
-Windows Update for Business provides controls to help meet your organization’s security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience. 
+Windows Update for Business provides controls to help meet your organization's security standards as well as provide a great end-user experience. We do this by enabling you to set automatic updates at times that work well for people in your organization and set deadlines for quality and feature updates. Because Windows Update includes built-in intelligence, it's better to use fewer controls to manage the user experience. 
 
 #### Recommended experience settings
 
diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md
deleted file mode 100644
index 641b7046a9..0000000000
--- a/windows/deployment/update/waas-morenews.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Windows as a service news & resources
-description: The latest news for Windows as a service with resources to help you learn more about them.
-ms.prod: windows-client
-ms.topic: article
-author: mestew
-ms.author: mstewart
-manager: aaroncz
-ms.localizationpriority: high
-ms.technology: itpro-updates
-ms.date: 12/31/2017
----
-# Windows as a service - More news
-
-Here's more news about [Windows as a service](windows-as-a-service.md):
-
-<ul>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445">Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization  </a> - June 25, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Updating-Windows-10-version-1903-using-Configuration-Manager-or/ba-p/639100">Updating Windows 10, version 1903 using Configuration Manager or WSUS</a> - May 23, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-in-Windows-Update-for-Business-in-Windows-10-version/ba-p/622064">What's new in Windows Update for Business in Windows 10, version 1903</a> - May 21, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1903/ba-p/622024">What's new for IT pros in Windows 10, version 1903</a> - May 21, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update">How to get the Windows 10 May 2019 Update</a> - May 21, 2019</li>
- <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847">The benefits of Windows 10 Dynamic Update</a> - April 17, 2019</li>
-  <li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
-  <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience">Data, insights and listening to improve the customer experience</a> - March 6, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079">Getting to know the Windows update history pages</a> - February 21, 2019</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523">Windows Update for Business and the retirement of SAC-T</a> - February 14, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2019/01/15/application-compatibility-in-the-windows-ecosystem/#A8urpp1QEp6DHzmP.97">Application compatibility in the Windows ecosystem</a> - January 15, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/12/10/windows-monthly-security-and-quality-updates-overview/#UJJpisSpvyLokbHm.97">Windows monthly security and quality updates overview</a> - January 10, 2019</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/12/19/driver-quality-in-the-windows-ecosystem/#ktuodfovWAMAkssM.97">Driver quality in the Windows ecosystem</a> - December 19, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Measuring-Delivery-Optimization-and-its-impact-to-your-network/ba-p/301809#M409">Measuring Delivery Optimization and its impact to your network</a> - December 13, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/LTSC-What-is-it-and-when-should-it-be-used/ba-p/293181">LTSC: What is it, and when should it be used?</a> - November 29, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Local-Experience-Packs-What-are-they-and-when-should-you-use/ba-p/286841">Local Experience Packs: What are they and when should you use them?</a> - November 14, 2018</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/11/13/resuming-the-rollout-of-the-windows-10-october-2018-update/#amAFU5YS1igMQRoB.97">Resuming the Rollout of the Windows 10 October 2018 Update</a> - November 13, 2018</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/11/13/windows-10-quality-approach-for-a-complex-ecosystem/#9VlPpT2qGIlPAg5a.97">Windows 10 Quality Approach for a Complex Ecosystem</a> - November 13, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Delivery-Optimization-Scenarios-and-configuration-options/ba-p/280195">Delivery Optimization: Scenarios and Configuration Options</a> - October 30, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Language-pack-acquisition-and-retention-for-enterprise-devices/ba-p/275404">Language Pack Acquisition and Retention for Enterprise Devices</a> - October 18, 2018</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/10/09/updated-version-of-windows-10-october-2018-update-released-to-windows-insiders/#MDZYGkj6ZehHyF1g.97">Updated Version of Windows 10 October 2018 Update Released to Windows Insiders</a> - October 9, 2018</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/10/02/how-to-get-the-windows-10-october-2018-update/#T4LJQ3OzDkCR72em.97">How to get the Windows 10 October 2018 Update</a> - October 2, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Reduced-Windows-10-package-size-downloads-for-x64-systems/ba-p/262386">Reducing Windows 10 Package Size Downloads for x64 Systems</a> - September 26, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434">Windows 7 Servicing Stack Updates: Managing Change and Appreciating Cumulative Updates</a> - September 21, 2018</li>
-<li><a href="https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/">Helping customers shift to a modern desktop</a> - September 6, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-next-for-Windows-10-and-Windows-Server-quality-updates/ba-p/229461">What&#39;s next for Windows 10 and Windows Server quality updates</a> - August 16, 2018</li>
-<li><a href="https://www.youtube.com/watch?v=BwB10v55WSk">Windows 10 monthly updates</a> - August 1, 2018 (<strong>video</strong>)</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376">Windows 10 update servicing cadence</a> - August 1, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426">Windows 10 quality updates explained and the end of delta updates</a> - July 11, 2018</li>
-<li><a href="https://blogs.windows.com/windowsexperience/2018/06/14/ai-powers-windows-10-april-2018-update-rollout/#67LrSyWdwgTyciSG.97">AI Powers Windows 10 April 2018 Update Rollout</a> - June 14, 2018</li>
-<li><a href="https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/">Windows Server 2008 SP2 Servicing Changes</a> - June 12, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-Enhancements-diagnostics/ba-p/201978">Windows Update for Business - Enhancements, diagnostics, configuration</a> - June 7, 2018</li>
-<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747">Windows 10 and the disappearing SAC-T</a> - May 31, 2018
-<li><a href="https://www.youtube.com/watch?v=EVzFIg_MhaE&t=5s">Manage update download size using Windows as a service</a> - March 30, 2018</li>
-</ul>
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 2585696606..6f20706c2e 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -2,39 +2,36 @@
 title: Overview of Windows as a service
 description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: overview
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: overview
+ms.localizationpriority: medium
 ms.collection:
   - highpri
   - tier2
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
 # Overview of Windows as a service
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. 
 
 ## Building
 
-Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn’t work in today’s rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two times per year, around March and September, to help address these issues.
+Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features — a scenario that doesn't work in today's rapidly changing world, a world in which new security, management, and deployment capabilities are necessary to address challenges. 
 
-In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features will be delivered to the [Windows Insider community](https://insider.windows.com/) as soon as possible — during the development cycle, through a process called *flighting* — so that organizations can see exactly what Microsoft is developing and start their testing as soon as possible. 
+In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features are delivered to the [Windows Insider community](/windows-insider/business/register) as soon as possible, during the development cycle, through a process called *flighting*. Organizations can see exactly what Microsoft is developing and start their testing as soon as possible. 
 
 Microsoft also depends on receiving feedback from organizations throughout the development process so that it can make adjustments as quickly as possible rather than waiting until after release. For more information about the Windows Insider Program and how to sign up, see the section [Windows Insider](#windows-insider).
 
-Of course Microsoft also performs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program. 
+Of course, Microsoft also performs extensive internal testing, with engineering teams installing new builds daily, and larger groups of employees installing builds frequently, all before those builds are ever released to the Windows Insider Program. 
 
 ## Deploying
 
@@ -43,13 +40,13 @@ Deploying Windows 10 and Windows 11 is simpler than with previous versions of Wi
 
 ### Application compatibility
 
-Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. 
+Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. For the most important business-critical applications, organizations should still perform testing regularly to validate compatibility with new builds. 
 
 ## Servicing
 
 Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes. 
 
-Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that leverages servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md). 
+Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that uses servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md). 
 
 For information about each servicing tool, see [Servicing tools](#servicing-tools).
 
@@ -58,7 +55,7 @@ There are three servicing channels, each of which provides different levels of f
 
 There are currently three release channels for Windows clients:
 
-- The **General Availability Channel** receives feature updates as soon as they are available. 
+- The **General Availability Channel** receives feature updates as soon as they're available. 
 - The **Long-Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
 - The **Windows Insider Program** provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update.
 
@@ -75,9 +72,9 @@ New features are packaged into feature updates that you can deploy using existin
 
 ### Quality updates
 
-Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes.
+Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn't, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of nonsecurity fixes.
 
-Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
+Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month's update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
 
 ## Servicing channels 
 
@@ -88,9 +85,9 @@ There are three servicing channels. The [Windows Insider Program](#windows-insid
 
 ### General Availability Channel
 
-In the General Availability Channel, feature updates are available annually. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
+In the General Availability Channel, feature updates are available annually. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features. Once the latest release has gone through pilot deployment and testing, you'll be able to choose the timing at which it goes into broad deployment.
 
-When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
+When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel is available but not necessarily immediately mandatory, depending on the policy of the management system. For more information about servicing tools, see [Servicing tools](#servicing-tools).
 
 
 > [!NOTE]
@@ -102,7 +99,7 @@ When Microsoft officially releases a feature update, we make it available to any
 
 ### Long-term Servicing Channel
 
-Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Enterprise LTSC devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSC clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
+Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don't need feature updates as frequently as other devices in the organization. It's more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Enterprise LTSC devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSC clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
 
 > [!NOTE]
 >
@@ -113,12 +110,12 @@ Microsoft never publishes feature updates through Windows Update on devices that
 > [!NOTE]
 > LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows).
 
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSC editions, even if you install by using sideloading.
+The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
 
 
 ### Windows Insider
 
-For many IT pros, gaining visibility into feature updates early--before they’re available to the General Availability Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next General Availability release. Windows Insiders can consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
+For many IT pros, gaining visibility into feature updates early can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next General Availability release. Windows Insiders can consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
 
 Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/business/register).
 
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index 825676e789..f027e7d657 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -2,38 +2,35 @@
 title: Quick guide to Windows as a service (Windows 10)
 description: In Windows 10, Microsoft has streamlined servicing to make operating system updates simpler to test, manage, and deploy.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: high
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: high
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
 # Quick guide to Windows as a service
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-Here is a quick guide to the most important concepts in Windows as a service. For more information, see the [extensive set of documentation](index.md).
+Here's a quick guide to the most important concepts in Windows as a service. For more information, see the [extensive set of documentation](index.md).
 
 ## Definitions
 
 Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean.
 
 - **Feature updates** are released annually. As the name suggests, these updates add new features, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
-- **Quality updates** deliver both security and non-security fixes. They are typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
+- **Quality updates** deliver both security and nonsecurity fixes. They're typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they're important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
 - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
 - **Servicing channels** allow organizations to choose when to deploy new features. 
   - The **General Availability Channel** receives feature updates annually.
   - The **Long-Term Servicing Channel**, which is meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATMs, receives new feature releases every two to three years.
 - **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. 
 
-See [Overview of Windows as a service](waas-overview.md) for more information.
+For more information, see [Overview of Windows as a service](waas-overview.md).
 
 For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](PSFxWhitepaper.md).
 
@@ -41,15 +38,15 @@ For some interesting in-depth information about how cumulative updates work, see
 
 With each release in the General Availability Channel, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. 
 
-Windows 10 Enterprise LTSC are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
+Windows Enterprise LTSC versions are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
 
 For more information, see [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md).
 
 ## Staying up to date
 
-To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
+To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Configuration Manager, and non-Microsoft products to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
 
-Extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
+Extensive advanced testing isn't required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
 
 This process repeats with each new feature update. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
 
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index e95825d0c0..007852b8af 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -1,36 +1,33 @@
 ---
 title: Manage device restarts after updates
-description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows 10 update is installed.
+description: Use Group Policy settings, mobile device management (MDM), or Registry to configure when devices will restart after a Windows update is installed.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: how-to
 ms.collection:
   - highpri
   - tier2
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Manage device restarts after updates
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
-You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
+You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts won't occur, or you can do both.
 
 ## Schedule update installation
 
 In Group Policy, within **Configure Automatic Updates**, you can configure a forced restart after a specified installation time.
 
-To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installation will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
+To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installation occurs during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
 
 **Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur.
 
@@ -40,25 +37,25 @@ For a detailed description of these registry keys, see [Registry keys used to ma
 
 ## Delay automatic reboot
 
-When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installation:
+When **Configure Automatic Updates** is enabled in Group Policy, you can also enable one of the following policies to delay an automatic reboot after update installation:
 
 - **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours.
-- **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
+- **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device restarts at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
 
 > [!NOTE]
 > When using Remote Desktop Protocol connections, only active RDP sessions are considered as logged on users. Devices that do not have locally logged on users, or active RDP sessions, will be restarted. 
 
-You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting.
+You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it overrides this setting.
 
 For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
 
 ## Configure active hours
 
-*Active hours* identify the period of time when you expect the device to be in use. Automatic restarts after an update will occur outside of the active hours.
+*Active hours* identify the period of time when you expect the device to be in use. Automatic restarts after an update occur outside of the active hours.
 
 By default, active hours are from 8 AM to 5 PM on PCs and from 5 AM to 11 PM on phones. Users can change the active hours manually.
 
-Starting with Windows 10, version 1703, you can also specify the max active hours range. The specified range will be counted from the active hours start time.
+Starting with Windows 10, version 1703, you can also specify the max active hours range. The specified range is counted from the active hours start time.
 
 Administrators can use multiple ways to set active hours for managed devices:
 
@@ -78,7 +75,7 @@ MDM uses the [Update/ActiveHoursStart and Update/ActiveHoursEnd](/windows/client
 
 ### Configuring active hours through Registry
 
-This method is not recommended, and should only be used when you can't use Group Policy or MDM.
+This method isn't recommended, and should only be used when you can't use Group Policy or MDM.
 Any settings configured through Registry may conflict with any existing configuration that uses any of the methods mentioned above.
 
 Configure active hours by setting a combination of the following registry values:
@@ -102,7 +99,7 @@ To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRan
 
 ## Limit restart delays
 
-After an update is installed, Windows attempts automatic restart outside of active hours. If the restart does not succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between two and 14.
+After an update is installed, Windows attempts automatic restart outside of active hours. If the restart doesn't succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between 2 and 14.
 
 ## Control restart notifications
 
@@ -120,15 +117,15 @@ Starting in Windows 11, version 22H2, **Apply only during active hours** was add
 
 To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-csp-update#update-NoUpdateNotificationDuringActiveHours).
 
-### Auto-restart notifications
+### Auto restart notifications
 
-Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically. This setting was added in Windows 10, version 1703.
+Administrators can override the default behavior for the auto restart required notification. By default, this notification dismisses automatically. This setting was added in Windows 10, version 1703.
 
 To configure this behavior through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and select **Configure auto-restart required notification for updates**. When configured to **2 - User Action**, a user that gets this notification must manually dismiss it.
 
 To configure this behavior through MDM, use [**Update/AutoRestartRequiredNotificationDismissal**](/windows/client-management/mdm/policy-configuration-service-provider#update-AutoRestartRequiredNotificationDismissal)
 
-You can also configure the period prior to an update that this notification will show up on. The default value is 15 minutes.
+You can also configure the period prior to an update that this notification shows up. The default value is 15 minutes.
 
 To change it through Group Policy, select **Configure auto-restart-reminder notifications for updates** under **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and select the period in minutes.
 
@@ -141,20 +138,20 @@ To do so through Group Policy, go to **Computer Configuration\Administrative Tem
 
 To do so through MDM, use [**Update/SetAutoRestartNotificationDisable**](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable).
 
-### Scheduled auto-restart warnings
+### Scheduled auto restart warnings
 
-Since users are not able to postpone a scheduled restart once the deadline has been reached, you can configure a warning reminder prior to the scheduled restart. You can also configure a warning prior to the restart, to notify users once the restart is imminent and allow them to save their work.
+Since users aren't able to postpone a scheduled restart once the deadline has been reached, you can configure a warning reminder prior to the scheduled restart. You can also configure a warning prior to the restart, to notify users once the restart is imminent and allow them to save their work.
 
-To configure both through Group Policy, find **Configure auto-restart warning notifications schedule for updates** under **Computer Configuration\Administrative Templates\Windows Components\Windows Update**. The warning reminder can be configured by **Reminder (hours)** and the warning prior to an imminent auto-restart can be configured by **Warning (mins)**.
+To configure both through Group Policy, find **Configure auto-restart warning notifications schedule for updates** under **Computer Configuration\Administrative Templates\Windows Components\Windows Update**. The warning reminder can be configured by **Reminder (hours)** and the warning prior to an imminent auto restart can be configured by **Warning (mins)**.
 
-In MDM, the warning reminder is configured using [**Update/ScheduleRestartWarning**](/windows/client-management/mdm/policy-configuration-service-provider#update-ScheduleRestartWarning) and the auto-restart imminent warning is configured using [**Update/ScheduleImminentRestartWarning**](/windows/client-management/mdm/policy-configuration-service-provider#update-ScheduleImminentRestartWarning).
+In MDM, the warning reminder is configured using [**Update/ScheduleRestartWarning**](/windows/client-management/mdm/policy-configuration-service-provider#update-ScheduleRestartWarning) and the auto restart imminent warning is configured using [**Update/ScheduleImminentRestartWarning**](/windows/client-management/mdm/policy-configuration-service-provider#update-ScheduleImminentRestartWarning).
 
 ### Engaged restart
 
-Engaged restart is the period of time when users are required to schedule a restart. Initially, Windows will auto-restart outside of working hours. Once the set period ends (seven days by default), Windows transitions to user scheduled restarts.
+Engaged restart is the period of time when users are required to schedule a restart. Initially, Windows auto-restarts outside of working hours. Once the set period ends (seven days by default), Windows transitions to user scheduled restarts.
 
 The following settings can be adjusted for engaged restart:
-* Period of time before auto-restart transitions to engaged restart.
+* Period of time before auto restart transitions to engaged restart.
 * The number of days that users can snooze engaged restart reminder notifications.
 * The number of days before a pending restart automatically executes outside of working hours.
 
@@ -164,17 +161,17 @@ In MDM, use [**Update/EngagedRestartTransitionSchedule**](/windows/client-manage
 
 ## Group Policy settings for restart
 
-In the Group Policy editor, you will see a number of policy settings that pertain to restart behavior in **Computer Configuration\Administrative Templates\Windows Components\Windows Update**. The following table shows which policies apply to Windows 10.
+In the Group Policy editor, you'll see policy settings that pertain to restart behavior in **Computer Configuration\Administrative Templates\Windows Components\Windows Update**. The following table shows which policies apply to Windows 10.
 
 | Policy | Applies to Windows 10 | Notes |
 | --- | --- | --- |
-| Turn off auto-restart for updates during active hours | ![yes.](images/checkmark.png) | Use this policy to configure active hours, during which the device will not be restarted. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** or **Always automatically restart at the scheduled time** policies are enabled.  |
-| Always automatically restart at the scheduled time | ![yes.](images/checkmark.png) | Use this policy to configure a restart timer (between 15 and 180 minutes) that will start immediately after Windows Update installs important updates. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** policy is enabled. |
-| Specify deadline before auto-restart for update installation | ![yes.](images/checkmark.png)  | Use this policy to specify how many days (between 2 and 14) an automatic restart can be delayed. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** or **Always automatically restart at the scheduled time** policies are enabled.  |
-| No auto-restart with logged on users for scheduled automatic updates installations | ![yes.](images/checkmark.png) | Use this policy to prevent automatic restart when a user is logged on. This policy applies only when the **Configure Automatic Updates** policy is configured to perform scheduled installations of updates. |
-| Re-prompt for restart with scheduled installations | ![no.](images/crossmark.png) |   |
-| Delay Restart for scheduled installations | ![no.](images/crossmark.png) |   |
-| Reschedule Automatic Updates scheduled installations | ![no.](images/crossmark.png) |   |
+| Turn off auto-restart for updates during active hours | Yes | Use this policy to configure active hours, during which the device won't be restarted. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** or **Always automatically restart at the scheduled time** policies are enabled.  |
+| Always automatically restart at the scheduled time | Yes | Use this policy to configure a restart timer (between 15 and 180 minutes) that will start immediately after Windows Update installs important updates. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** policy is enabled. |
+| Specify deadline before auto-restart for update installation | Yes | Use this policy to specify how many days (between 2 and 14) an automatic restart can be delayed. This policy has no effect if the **No auto-restart with logged on users for scheduled automatic updates installations** or **Always automatically restart at the scheduled time** policies are enabled.  |
+| No auto-restart with logged on users for scheduled automatic updates installations | Yes | Use this policy to prevent automatic restart when a user is logged on. This policy applies only when the **Configure Automatic Updates** policy is configured to perform scheduled installations of updates. |
+| Re-prompt for restart with scheduled installations | No |   |
+| Delay Restart for scheduled installations | No |   |
+| Reschedule Automatic Updates scheduled installations | No |   |
 
 
 >[!NOTE]
@@ -190,8 +187,8 @@ The following tables list registry values that correspond to the Group Policy se
 
 | Registry key |	Key type | Value |
 | --- | --- | --- |
-| ActiveHoursEnd	| REG_DWORD | 0-23: set active hours to end at a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) |
-| ActiveHoursStart | REG_DWORD | 0-23: set active hours to start at a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) |
+| ActiveHoursEnd	| REG_DWORD | 0-23: set active hours to end at a specific hour </br> starts with 12 AM (0) and ends with 11 PM (23) |
+| ActiveHoursStart | REG_DWORD | 0-23: set active hours to start at a specific hour </br> starts with 12 AM (0) and ends with 11 PM (23) |
 | SetActiveHours | REG_DWORD | 0: disable automatic restart after updates outside of active hours</br>1: enable automatic restart after updates outside of active hours |
 
 **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**
@@ -201,8 +198,8 @@ The following tables list registry values that correspond to the Group Policy se
 | AlwaysAutoRebootAtScheduledTime | REG_DWORD | 0: disable automatic reboot after update installation at scheduled time</br>1: enable automatic reboot after update installation at a scheduled time |
 | AlwaysAutoRebootAtScheduledTimeMinutes | REG_DWORD | 15-180: set automatic reboot to occur after given minutes |
 | AUOptions | REG_DWORD | 2: notify for download and notify for installation of updates</br>3: automatically download and notify for installation of updates</br>4: Automatically download and schedule installation of updates</br>5: allow the local admin to configure these settings</br>**Note:** To configure restart behavior, set this value to **4** |
-| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable do not reboot if users are logged on</br>1: do not reboot after an update installation if a user is logged on</br>**Note:** If disabled: Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation  |
-| ScheduledInstallTime | REG_DWORD | 0-23: schedule update installation time to a specific hour</br>starts with 12 AM (0) and ends with 11 PM (23) |
+| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable don't reboot if users are logged on</br>1: don't reboot after an update installation if a user is logged on</br>**Note:** If disabled: Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation  |
+| ScheduledInstallTime | REG_DWORD | 0-23: schedule update installation time to a specific hour </br> starts with 12 AM (0) and ends with 11 PM (23) |
 
 There are three different registry combinations for controlling restart behavior:
 
@@ -210,7 +207,7 @@ There are three different registry combinations for controlling restart behavior
 - To schedule a specific installation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, and **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
 - To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**.
 
-## Related articles
+## More resources
 
 - [Update Windows in the enterprise](index.md)
 - [Overview of Windows as a service](waas-overview.md)
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index 82f1a7f953..3fd3990153 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -1,24 +1,20 @@
 ---
-title: Assign devices to servicing channels for Windows client updates
+title: Assign devices to servicing channels for updates
 description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
-# Assign devices to servicing channels for Windows 10 updates
-
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
+# Assign devices to servicing channels for Windows updates
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
@@ -29,12 +25,12 @@ The General Availability Channel is the default servicing channel for all Window
 
 | Edition | General Availability Channel | Long-Term Servicing Channel | Insider Program |
 | --- | --- | --- | --- |
-| Home | ![no.](images/crossmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
-| Pro | ![yes.](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
-| Enterprise  | ![yes.](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
-| Enterprise LTSC  | ![no.](images/crossmark.png) | ![yes](images/checkmark.png) | ![no](images/crossmark.png) |
-| Pro Education | ![yes.](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
-| Education  | ![yes.](images/checkmark.png) | ![no](images/crossmark.png) | ![yes](images/checkmark.png) |
+| Home | No | No | Yes |
+| Pro | Yes | No | Yes |
+| Enterprise  | Yes | No | Yes |
+| Enterprise LTSC  | No | Yes | No |
+| Pro Education | Yes | No | Yes |
+| Education  | Yes | No | Yes |
 
 
 >[!NOTE]
@@ -46,7 +42,7 @@ The General Availability Channel is the default servicing channel for all Window
 
 ## Enroll devices in the Windows Insider Program
 
-To get started with the Windows Insider Program for Business, follows these steps:
+To get started with the Windows Insider Program for Business, follow these steps:
 
 1. On the [Windows Insider](https://www.microsoft.com/windowsinsider/for-business) website, select **Register** to register your organizational Azure AD account.
 2. Follow the prompts to register your tenant.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register.
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 278ccbed60..31038c9fc0 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -2,40 +2,36 @@
 title: Prepare a servicing strategy for Windows client updates
 description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
 # Prepare a servicing strategy for Windows client updates
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-Here’s an example of what this process might look like:
+Here's an example of what this process might look like:
 
-- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
+- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they're available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate prerelease builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
 - **Identify excluded devices.** For some organizations, special-purpose devices, like devices that control factory or medical equipment or run ATMs, require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
-- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
-- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
-- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
+- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you're looking for feedback rather than people to just "try it out" and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
+- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain needs to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for "ADMX download for Windows build xxxx". For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
+- **Choose a servicing tool.** Decide which product you'll use to manage the Windows updates in your environment. If you're currently using Windows Server Update Services (WSUS) or Microsoft Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you'll use, consider how you'll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
 - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). 
 
 
 Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
 
-1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test devices step of the previous section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase.
-2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the “Recruit volunteers” step of the previous section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it. 
-3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. 
+1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier "Configure test devices" step of the previous section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase.
+2. **Target and react to feedback.** Microsoft expects application and device compatibility to be high, but it's still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity represents most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the General Availability Channel that you identified in the "Recruit volunteers" step of the previous section. Be sure to communicate clearly that you're looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it. 
+3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don't prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. 
 
 
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index 0c088b2aee..5ffafc24a9 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -1,23 +1,24 @@
 ---
 title: Manage additional Windows Update settings
-description: In this article, learn about additional settings to control the behavior of Windows Update.
+description: In this article, learn about additional settings to control the behavior of Windows Update in your organization.
 ms.prod: windows-client
-ms.localizationpriority: medium
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 manager: aaroncz
-ms.topic: how-to
 ms.collection:
   - highpri
   - tier2
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 04/25/2023
 ---
 
 # Manage additional Windows Update settings
 
-***(Applies to: Windows 11 & Windows 10)***
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
 You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
diff --git a/windows/deployment/update/waas-wufb-csp-mdm.md b/windows/deployment/update/waas-wufb-csp-mdm.md
index fbbb54d9b6..3d79d66cd5 100644
--- a/windows/deployment/update/waas-wufb-csp-mdm.md
+++ b/windows/deployment/update/waas-wufb-csp-mdm.md
@@ -2,23 +2,20 @@
 title: Configure Windows Update for Business by using CSPs and MDM
 description: Walk through demonstration of how to configure Windows Update for Business settings using Configuration Service Providers and MDM.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 02/28/2023
 ---
 
 # Walkthrough: Use CSPs and MDMs to configure Windows Update for Business
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 
@@ -176,9 +173,9 @@ There are additional settings that affect the notifications.
 
 We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that aren't met by the default notification settings, you can use the [Update/UpdateNotificationLevel](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel) policy with these values:
 
-**0** (default) – Use the default Windows Update notifications<br/>
-**1** – Turn off all notifications, excluding restart warnings<br/>
-**2** – Turn off all notifications, including restart warnings
+**0** (default) - Use the default Windows Update notifications<br/>
+**1** - Turn off all notifications, excluding restart warnings<br/>
+**2** - Turn off all notifications, including restart warnings
 
 > [!NOTE]
 > Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 7d696f704d..7c431a1818 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -1,28 +1,28 @@
 ---
 title: Configure Windows Update for Business via Group Policy
-description: Walk through of how to configure Windows Update for Business settings using Group Policy.
+description: Walk through of how to configure Windows Update for Business settings using Group Policy to update devices.
 ms.prod: windows-client
+ms.technology: itpro-updates
+manager: aaroncz
+ms.topic: conceptual
 author: mestew
 ms.localizationpriority: medium
 ms.author: mstewart
 ms.collection:
   - highpri
   - tier2
-manager: aaroncz
-ms.topic: how-to
-ms.technology: itpro-updates
-ms.date: 02/28/2023
+appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
+ms.date: 08/22/2023
 ---
 
 # Walkthrough: Use Group Policy to configure Windows Update for Business
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
 ## Overview 
 
@@ -195,11 +195,42 @@ Still more options are available in **Computer Configuration > Administrative Te
 
 Every Windows device provides users with various controls they can use to manage Windows Updates. They can access these controls by Search to find Windows Updates or by going selecting **Updates and Security** in **Settings**. We provide the ability to disable a variety of these controls that are accessible to users.
  
-Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to “Pause updates**.
+Users with access to update pause settings can prevent both feature and quality updates for 7 days. You can prevent users from pausing updates through the Windows Update settings page by using **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to Pause updates**.
 When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
 
 If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.
 
+#### I want to enable optional updates
+<!--7991583-->
+(*Starting in Windows 11, version 22H2 or later*)
+
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > Enable optional updates** policy.
+
+To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](waas-configure-wufb.md#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. 
+
+The following options are available for the policy:
+
+- **Automatically receive optional updates (including CFRs)**:
+   - The latest optional nonsecurity updates and CFRs are automatically installed on the device. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option is selected and users can't change the setting.
+   - Devices will receive CFRs in early phases of the rollout.
+
+- **Automatically receive optional updates**:
+   - The latest optional nonsecurity updates are automatically installed on the device but CFRs aren't. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option isn't selected and users can't change the setting.
+
+- **Users can select which optional updates to receive**:
+   - Users can select which optional updates to install from **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Optional updates**.
+     - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled.  
+     - CFRs are offered to the device, but not necessarily in the early phases of the rollout.
+   - Users can enable the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. If the user enables the **Get the latest updates as soon as they're available**, then:
+     - The device will receive CFRs in early phases of the rollout.
+     - Optional updates are automatically installed on the device.
+
+- **Not configured** (default):
+  - Optional updates aren't installed on the device and the **Get the latest updates as soon as they're available** option is disabled.
+
+
 #### I want to enable features introduced via servicing that are off by default
 <!--6544872-->
 (*Starting in Windows 11, version 22H2 or later*)
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
deleted file mode 100644
index 078c5cb3e0..0000000000
--- a/windows/deployment/update/windows-as-a-service.md
+++ /dev/null
@@ -1,106 +0,0 @@
----
-title: Windows as a service
-ms.prod: windows-client
-ms.topic: article
-author: mestew
-ms.author: mstewart
-description: Discover the latest news articles, videos, and podcasts about Windows as a service. Find resources for using Windows as a service within your organization.
-manager: aaroncz
-ms.localizationpriority: high
-ms.technology: itpro-updates
-ms.date: 12/31/2017
----
-
-# Windows as a service
-
-Find the tools and resources you need to help deploy and support Windows as a service in your organization.
-
-## Latest news, videos, & podcasts
-
-Find the latest and greatest news on Windows 10 deployment and servicing.
-
-**Discovering the Windows 10 Update history pages**
-> [!VIDEO https://www.youtube-nocookie.com/embed/mTnAb9XjMPY]
-
-Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. Bookmark the [Windows release health dashboard](/windows/release-health/) for near real-time information on known issues, workarounds, and resolutions--as well as the current status of the latest feature update rollout.
-
-The latest news:
-
-- [How to get Extended Security Updates for eligible Windows devices](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/How-to-get-Extended-Security-Updates-for-eligible-Windows/ba-p/917807) - October 17, 2019
-- [End of service reminders for Windows 10, versions 1703 and 1803](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/End-of-service-reminders-for-Windows-10-versions-1703-and-1803/ba-p/903715) - October 9, 2019
-- [Using machine learning to improve the Windows 10 update experience](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Using-machine-learning-to-improve-the-Windows-10-update/ba-p/877860) - September 26, 2019
-- [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054) - September 24, 2019
-- [New extended support dates for MDOP tools](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-extended-support-dates-for-MDOP-tools/ba-p/837312) - September 4, 2019
-- [FastTrack for Windows 10 deployment and other migration resources](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/FastTrack-for-Windows-10-deployment-and-other-migration/ba-p/800406) - August 12, 2019
-- [Tactical considerations for creating Windows deployment rings](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979) - July 10, 2019
-- [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrading-Windows-10-devices-with-installation-media-different/ba-p/746126) - July 9, 2019
-- [Moving to the next Windows 10 feature update for commercial customers](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Moving-to-the-next-Windows-10-feature-update-for-commercial/ba-p/732968) - July 1, 2019
-
-
-[See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog).
-
-## IT pro champs corner
-Written by IT pros for IT pros, sharing real world examples and scenarios for Windows 10 deployment and servicing.
-
-<img src="images/champs-2.png" alt="Champs" width="640" height="320">
-
-[**NEW** Tactical considerations for creating Windows deployment rings](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979)
-
-[**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445)
-
-[Deployment rings: The hidden [strategic] gem of Windows as a service](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622)
-
-[Classifying Windows updates in common deployment tools](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Classifying-Windows-updates-in-common-deployment-tools/ba-p/331175)
-
-[Express updates for Windows Server 2016 re-enabled for November 2018 update](/windows-server/get-started/express-updates)
-
-[2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/)
-
-[What is Windows Update for Business?](waas-manage-updates-wufb.md)
-
-## Discover
-
-Learn more about Windows as a service and its value to your organization.
-
-<img src="images/discover-land.png" alt="Discover">
-
-[Overview of Windows as a service](waas-overview.md)
-
-[Quick guide to Windows as a service](waas-quick-start.md)
-
-
-[What's new in Windows 10 deployment](../deploy-whats-new.md)
-
-[Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios)</font>
-
-## Plan
-
-Prepare to implement Windows as a service effectively using the right tools, products, and strategies.
-
-<img src="images/plan-land.png" alt="Plan" />
-
-[Simplified updates](https://www.microsoft.com/windowsforbusiness/simplified-updates)
-
-[Windows 10 end user readiness](https://www.microsoft.com/itpro/windows-10/end-user-readiness)
-
-[Ready for Windows](https://developer.microsoft.com/windows/ready-for-windows#/)
-
-[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview)
-
-[Preparing your organization for a seamless Windows 10 deployment](https://www.microsoft.com/itshowcase/windows10deployment)
-
-## Deploy
-
-Secure your organization's deployment investment.
-
-<img src="images/deploy-land.png" alt="Deploy" />
-
-[Update Windows 10 in the enterprise](index.md)
-
-[Deploying as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade)
-
-[Configure Windows Update for Business](waas-configure-wufb.md)
-
-[Express update delivery](../do/waas-optimize-windows-10-updates.md#express-update-delivery)
-
-[Windows 10 deployment considerations](../planning/windows-10-deployment-considerations.md)
diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md
index 2280794391..c37d7cc3d2 100644
--- a/windows/deployment/update/windows-update-error-reference.md
+++ b/windows/deployment/update/windows-update-error-reference.md
@@ -2,95 +2,92 @@
 title: Windows Update error code list by component
 description: Learn about reference information for Windows Update error codes, including automatic update errors, UI errors, and reporter errors.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 09/18/2018
-ms.topic: article
-ms.technology: itpro-updates
 ---
 
 # Windows Update error codes by component
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
-
 This section lists the error codes for Microsoft Windows Update. 
 
 ## Automatic Update Errors
 
 | Error code |            Message              |                                              Description                                               |
 |------------|---------------------------------|--------------------------------------------------------------------------------------------------------|
-| 0x80243FFF |  `WU_E_AUCLIENT_UNEXPECTED`     |          There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code.         |
-| 0x8024A000 |      `WU_E_AU_NOSERVICE`        |                      Automatic Updates was unable to service incoming requests.                        |
-| 0x8024A002 |   `WU_E_AU_NONLEGACYSERVER`     | The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded. |
-| 0x8024A003 | `WU_E_AU_LEGACYCLIENTDISABLED`  |                      The old version of the Automatic Updates client was disabled.                     |
-| 0x8024A004 |       `WU_E_AU_PAUSED`          |            Automatic Updates was unable to process incoming requests because it was paused.            |
-| 0x8024A005 | `WU_E_AU_NO_REGISTERED_SERVICE` |                               No unmanaged service is registered with `AU`.                            |
-| 0x8024AFFF |      `WU_E_AU_UNEXPECTED`       |                   An Automatic Updates error not covered by another `WU_E_AU*` code.                   |
+| `0x80243FFF` |  `WU_E_AUCLIENT_UNEXPECTED`     |          There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code.         |
+| `0x8024A000` |      `WU_E_AU_NOSERVICE`        |                      Automatic Updates was unable to service incoming requests.                        |
+| `0x8024A002` |   `WU_E_AU_NONLEGACYSERVER`     | The old version of the Automatic Updates client has stopped because the WSUS server has been upgraded. |
+| `0x8024A003` | `WU_E_AU_LEGACYCLIENTDISABLED`  |                      The old version of the Automatic Updates client was disabled.                     |
+| `0x8024A004` |       `WU_E_AU_PAUSED`          |            Automatic Updates was unable to process incoming requests because it was paused.            |
+| `0x8024A005` | `WU_E_AU_NO_REGISTERED_SERVICE` |                               No unmanaged service is registered with `AU`.                            |
+| `0x8024AFFF` |      `WU_E_AU_UNEXPECTED`       |                   An Automatic Updates error not covered by another `WU_E_AU*` code.                   |
 
 ## Windows Update UI errors
 
 | Error code |                  Message                    |                                                       Description                                                        |
 |------------|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|
-| 0x80243001 | `WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION` | The results of download and installation could not be read from the registry due to an unrecognized data format version. |
-| 0x80243002 |  `WU_E_INSTALLATION_RESULTS_INVALID_DATA`   |       The results of download and installation could not be read from the registry due to an invalid data format.        |
-| 0x80243003 |    `WU_E_INSTALLATION_RESULTS_NOT_FOUND`    |           The results of download and installation are not available; the operation may have failed to start.            |
-| 0x80243004 |           `WU_E_TRAYICON_FAILURE`           |                    A failure occurred when trying to create an icon in the taskbar notification area.                    |
-| 0x80243FFD |              `WU_E_NON_UI_MODE`             |                    Unable to show UI when in non-UI mode; Windows Update client UI modules may not be installed.                     |
-| 0x80243FFE |     `WU_E_WUCLTUI_UNSUPPORTED_VERSION`      |                                 Unsupported version of Windows Update client UI exported functions.                                  |
-| 0x80243FFF |          `WU_E_AUCLIENT_UNEXPECTED`         |                   There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code.                  |
-| 0x8024043D |          `WU_E_SERVICEPROP_NOTAVAIL`         |                   The requested service property is not available.                  |
+| `0x80243001` | `WU_E_INSTALLATION_RESULTS_UNKNOWN_VERSION` | The results of download and installation couldn't be read from the registry due to an unrecognized data format version. |
+| `0x80243002` |  `WU_E_INSTALLATION_RESULTS_INVALID_DATA`   |       The results of download and installation couldn't be read from the registry due to an invalid data format.        |
+| `0x80243003` |    `WU_E_INSTALLATION_RESULTS_NOT_FOUND`    |           The results of download and installation aren't available; the operation may have failed to start.            |
+| `0x80243004` |           `WU_E_TRAYICON_FAILURE`           |                    A failure occurred when trying to create an icon in the taskbar notification area.                    |
+| `0x80243FFD` |              `WU_E_NON_UI_MODE`             |                    Unable to show UI when in non-UI mode; Windows Update client UI modules may not be installed.                     |
+| `0x80243FFE` |     `WU_E_WUCLTUI_UNSUPPORTED_VERSION`      |                                 Unsupported version of Windows Update client UI exported functions.                                  |
+| `0x80243FFF` |          `WU_E_AUCLIENT_UNEXPECTED`         |                   There was a user interface error not covered by another `WU_E_AUCLIENT_*` error code.                  |
+| `0x8024043D` |          `WU_E_SERVICEPROP_NOTAVAIL`         |                   The requested service property isn't available.                  |
 
 ## Inventory errors
 
 | Error code |                  Message                   |                                  Description                                  |
 |------------|--------------------------------------------|-------------------------------------------------------------------------------|
-| 0x80249001 |        `WU_E_INVENTORY_PARSEFAILED`        |                       Parsing of the rule file failed.                        |
-| 0x80249002 | `WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED` |          Failed to get the requested inventory type from the server.          |
-| 0x80249003 |    `WU_E_INVENTORY_RESULT_UPLOAD_FAILED`   |               Failed to upload inventory result to the server.                |
-| 0x80249004 |         `WU_E_INVENTORY_UNEXPECTED`        |        There was an inventory error not covered by another error code.        |
-| 0x80249005 |          `WU_E_INVENTORY_WMI_ERROR`        |  A WMI error occurred when enumerating the instances for a particular class.  |
+| `0x80249001` |        `WU_E_INVENTORY_PARSEFAILED`        |                       Parsing of the rule file failed.                        |
+| `0x80249002` | `WU_E_INVENTORY_GET_INVENTORY_TYPE_FAILED` |          Failed to get the requested inventory type from the server.          |
+| `0x80249003` |    `WU_E_INVENTORY_RESULT_UPLOAD_FAILED`   |               Failed to upload inventory result to the server.                |
+| `0x80249004` |         `WU_E_INVENTORY_UNEXPECTED`        |        There was an inventory error not covered by another error code.        |
+| `0x80249005` |          `WU_E_INVENTORY_WMI_ERROR`        |  A WMI error occurred when enumerating the instances for a particular class.  |
 
 ## Expression evaluator errors
 
 | Error code |            Message              |                                                          Description                                                           |
 |------------|---------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
-| 0x8024E001 |  `WU_E_EE_UNKNOWN_EXPRESSION`   |                An expression evaluator operation could not be completed because an expression was unrecognized.                |
-| 0x8024E002 |  `WU_E_EE_INVALID_EXPRESSION`   |                  An expression evaluator operation could not be completed because an expression was invalid.                   |
-| 0x8024E003 |   `WU_E_EE_MISSING_METADATA`    | An expression evaluator operation could not be completed because an expression contains an incorrect number of metadata nodes. |
-| 0x8024E004 |    `WU_E_EE_INVALID_VERSION`    |   An expression evaluator operation could not be completed because the version of the serialized expression data is invalid.   |
-| 0x8024E005 |    `WU_E_EE_NOT_INITIALIZED`    |                                       The expression evaluator could not be initialized.                                       |
-| 0x8024E006 | `WU_E_EE_INVALID_ATTRIBUTEDATA` |                An expression evaluator operation could not be completed because there was an invalid attribute.                |
-| 0x8024E007 |     `WU_E_EE_CLUSTER_ERROR`     |  An expression evaluator operation could not be completed because the cluster state of the computer could not be determined.   |
-| 0x8024EFFF |       `WU_E_EE_UNEXPECTED`      |                     There was an expression evaluator error not covered by another `WU_E_EE_*` error code.                     |
+| `0x8024E001` |  `WU_E_EE_UNKNOWN_EXPRESSION`   |                An expression evaluator operation couldn't be completed because an expression was unrecognized.                |
+| `0x8024E002` |  `WU_E_EE_INVALID_EXPRESSION`   |                  An expression evaluator operation couldn't be completed because an expression was invalid.                   |
+| `0x8024E003` |   `WU_E_EE_MISSING_METADATA`    | An expression evaluator operation couldn't be completed because an expression contains an incorrect number of metadata nodes. |
+| `0x8024E004` |    `WU_E_EE_INVALID_VERSION`    |   An expression evaluator operation couldn't be completed because the version of the serialized expression data is invalid.   |
+| `0x8024E005` |    `WU_E_EE_NOT_INITIALIZED`    |                                       The expression evaluator couldn't be initialized.                                       |
+| `0x8024E006` | `WU_E_EE_INVALID_ATTRIBUTEDATA` |                An expression evaluator operation couldn't be completed because there was an invalid attribute.                |
+| `0x8024E007` |     `WU_E_EE_CLUSTER_ERROR`     |  An expression evaluator operation couldn't be completed because the cluster state of the computer couldn't be determined.   |
+| `0x8024EFFF` |       `WU_E_EE_UNEXPECTED`      |                     There was an expression evaluator error not covered by another `WU_E_EE_*` error code.                     |
  
 ## Reporter errors
 
 | Error code |                 Message                   |                                                     Description                                                      |
 |------------|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
-| 0x80247001 |        `WU_E_OL_INVALID_SCANFILE`         |                      An operation could not be completed because the scan package was invalid.                       |
-| 0x80247002 |       `WU_E_OL_NEWCLIENT_REQUIRED`        | An operation could not be completed because the scan package requires a greater version of the Windows Update Agent. |
-| 0x80247FFF |           `WU_E_OL_UNEXPECTED`            |                                        Search using the scan package failed.                                         |
-| 0x8024F001 |     `WU_E_REPORTER_EVENTCACHECORRUPT`     |                                         The event cache file was defective.                                          |
-| 0x8024F002 | `WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED` |                            The XML in the event namespace descriptor could not be parsed.                            |
-| 0x8024F003 |           `WU_E_INVALID_EVENT`            |                            The XML in the event namespace descriptor could not be parsed.                            |
-| 0x8024F004 |            `WU_E_SERVER_BUSY`             |                            The server rejected an event because the server was too busy.                             |
-| 0x8024FFFF |         `WU_E_REPORTER_UNEXPECTED`        |                            There was a reporter error not covered by another error code.                             |
+| `0x80247001` |        `WU_E_OL_INVALID_SCANFILE`         |                      An operation couldn't be completed because the scan package was invalid.                       |
+| `0x80247002` |       `WU_E_OL_NEWCLIENT_REQUIRED`        | An operation couldn't be completed because the scan package requires a greater version of the Windows Update Agent. |
+| `0x80247FFF` |           `WU_E_OL_UNEXPECTED`            |                                        Search using the scan package failed.                                         |
+| `0x8024F001` |     `WU_E_REPORTER_EVENTCACHECORRUPT`     |                                         The event cache file was defective.                                          |
+| `0x8024F002` | `WU_E_REPORTER_EVENTNAMESPACEPARSEFAILED` |                            The XML in the event namespace descriptor couldn't be parsed.                            |
+| `0x8024F003` |           `WU_E_INVALID_EVENT`            |                            The XML in the event namespace descriptor couldn't be parsed.                            |
+| `0x8024F004` |            `WU_E_SERVER_BUSY`             |                            The server rejected an event because the server was too busy.                             |
+| `0x8024FFFF` |         `WU_E_REPORTER_UNEXPECTED`        |                            There was a reporter error not covered by another error code.                             |
 
 ## Redirector errors
 The components that download the `Wuredir.cab` file and then parse the `Wuredir.cab` file generate the following errors. 
 
 | Error code |      Message                 | Description                                                                              |
 |----------- |------------------------------|------------------------------------------------------------------------------------------|
-| 0x80245001 | `WU_E_REDIRECTOR_LOAD_XML`   | The redirector XML document could not be loaded into the DOM class.                      |
-| 0x80245002 | `WU_E_REDIRECTOR_S_FALSE`    | The redirector XML document is missing some required information.                        |
-| 0x80245003 | `WU_E_REDIRECTOR_ID_SMALLER` | The redirectorId in the downloaded redirector cab is less than in the cached cab.        |
-| 0x80245FFF | `WU_E_REDIRECTOR_UNEXPECTED` | The redirector failed for reasons not covered by another `WU_E_REDIRECTOR_*` error code. |
+| `0x80245001` | `WU_E_REDIRECTOR_LOAD_XML`   | The redirector XML document couldn't be loaded into the DOM class.                      |
+| `0x80245002` | `WU_E_REDIRECTOR_S_FALSE`    | The redirector XML document is missing some required information.                        |
+| `0x80245003` | `WU_E_REDIRECTOR_ID_SMALLER` | The redirectorId in the downloaded redirector cab is less than in the cached cab.        |
+| `0x80245FFF` | `WU_E_REDIRECTOR_UNEXPECTED` | The redirector failed for reasons not covered by another `WU_E_REDIRECTOR_*` error code. |
 
 ## Protocol Talker errors
 The following errors map to `SOAPCLIENT_ERROR`s through the `Atlsoap.h` file. These errors are obtained when the `CClientWebService` object calls the `GetClientError()` method.  
@@ -98,271 +95,271 @@ The following errors map to `SOAPCLIENT_ERROR`s through the `Atlsoap.h` file. Th
 
 | Error code |             Message              |                                                              Description                                                              |
 |------------|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
-| 0x80244000 |    `WU_E_PT_SOAPCLIENT_BASE`     |                      `WU_E_PT_SOAPCLIENT_*` error codes map to the `SOAPCLIENT_ERROR` enum of the ATL Server Library.                 |
-| 0x80244001 | `WU_E_PT_SOAPCLIENT_INITIALIZE`  | Same as `SOAPCLIENT_INITIALIZE_ERROR` - initialization of the `SOAP` client failed possibly because of an MSXML installation failure. |
-| 0x80244002 | `WU_E_PT_SOAPCLIENT_OUTOFMEMORY` |                         Same as `SOAPCLIENT_OUTOFMEMORY` - `SOAP` client failed because it ran out of memory.                         |
-| 0x80244003 |  `WU_E_PT_SOAPCLIENT_GENERATE`   |                           Same as `SOAPCLIENT_GENERATE_ERROR` - `SOAP` client failed to generate the request.                         |
-| 0x80244004 |   `WU_E_PT_SOAPCLIENT_CONNECT`   |                          Same as `SOAPCLIENT_CONNECT_ERROR` - `SOAP` client failed to connect to the server.                          |
-| 0x80244005 |    `WU_E_PT_SOAPCLIENT_SEND`     |          Same as `SOAPCLIENT_SEND_ERROR` - `SOAP` client failed to send a message for reasons of `WU_E_WINHTTP_*` error codes.        |
-| 0x80244006 |   `WU_E_PT_SOAPCLIENT_SERVER`    |                       Same as `SOAPCLIENT_SERVER_ERROR` - `SOAP` client failed because there was a server error.                      |
-| 0x80244007 |  `WU_E_PT_SOAPCLIENT_SOAPFAULT`  |    Same as `SOAPCLIENT_SOAPFAULT` - `SOAP` client failed because there was a SOAP fault for reasons of `WU_E_PT_SOAP_*` error codes.  |
-| 0x80244008 | `WU_E_PT_SOAPCLIENT_PARSEFAULT`  |                           Same as `SOAPCLIENT_PARSEFAULT_ERROR` - `SOAP` client failed to parse a `SOAP` fault.                       |
-| 0x80244009 |    `WU_E_PT_SOAPCLIENT_READ`     |                   Same as `SOAPCLIENT_READ_ERROR` - `SOAP` client failed while reading the response from the server.                  |
-| 0x8024400A |    `WU_E_PT_SOAPCLIENT_PARSE`    |                     Same as `SOAPCLIENT_PARSE_ERROR` - `SOAP` client failed to parse the response from the server.                    |
+| `0x80244000` |    `WU_E_PT_SOAPCLIENT_BASE`     |                      `WU_E_PT_SOAPCLIENT_*` error codes map to the `SOAPCLIENT_ERROR` enum of the ATL Server Library.                 |
+| `0x80244001` | `WU_E_PT_SOAPCLIENT_INITIALIZE`  | Same as `SOAPCLIENT_INITIALIZE_ERROR` - initialization of the `SOAP` client failed possibly because of an MSXML installation failure. |
+| `0x80244002` | `WU_E_PT_SOAPCLIENT_OUTOFMEMORY` |                         Same as `SOAPCLIENT_OUTOFMEMORY` - `SOAP` client failed because it ran out of memory.                         |
+| `0x80244003` |  `WU_E_PT_SOAPCLIENT_GENERATE`   |                           Same as `SOAPCLIENT_GENERATE_ERROR` - `SOAP` client failed to generate the request.                         |
+| `0x80244004` |   `WU_E_PT_SOAPCLIENT_CONNECT`   |                          Same as `SOAPCLIENT_CONNECT_ERROR` - `SOAP` client failed to connect to the server.                          |
+| `0x80244005` |    `WU_E_PT_SOAPCLIENT_SEND`     |          Same as `SOAPCLIENT_SEND_ERROR` - `SOAP` client failed to send a message for reasons of `WU_E_WINHTTP_*` error codes.        |
+| `0x80244006` |   `WU_E_PT_SOAPCLIENT_SERVER`    |                       Same as `SOAPCLIENT_SERVER_ERROR` - `SOAP` client failed because there was a server error.                      |
+| `0x80244007` |  `WU_E_PT_SOAPCLIENT_SOAPFAULT`  |    Same as `SOAPCLIENT_SOAPFAULT` - `SOAP` client failed because there was a SOAP fault for reasons of `WU_E_PT_SOAP_*` error codes.  |
+| `0x80244008` | `WU_E_PT_SOAPCLIENT_PARSEFAULT`  |                           Same as `SOAPCLIENT_PARSEFAULT_ERROR` - `SOAP` client failed to parse a `SOAP` fault.                       |
+| `0x80244009` |    `WU_E_PT_SOAPCLIENT_READ`     |                   Same as `SOAPCLIENT_READ_ERROR` - `SOAP` client failed while reading the response from the server.                  |
+| `x8024400A` |    `WU_E_PT_SOAPCLIENT_PARSE`    |                     Same as `SOAPCLIENT_PARSE_ERROR` - `SOAP` client failed to parse the response from the server.                    |
 
 ## Other Protocol Talker errors
-The following errors map to `SOAP_ERROR_CODE`s from the `Atlsoap.h` file. These errors are obtained from the `m_fault.m_soapErrCode` member of the `CClientWebService` object when `GetClientError()` returns `SOAPCLIENT_SOAPFAULT`. 
 
+The following errors map to `SOAP_ERROR_CODE`s from the `Atlsoap.h` file. These errors are obtained from the `m_fault.m_soapErrCode` member of the `CClientWebService` object when `GetClientError()` returns `SOAPCLIENT_SOAPFAULT`.
 
-| Error code |                   Message                    |                                                                                   Description                                                                                    |
-|------------|----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0x8024400B |            `WU_E_PT_SOAP_VERSION`            |                                    Same as `SOAP_E_VERSION_MISMATCH` - `SOAP` client found an unrecognizable namespace for the `SOAP` envelope.                                  |
-| 0x8024400C |        `WU_E_PT_SOAP_MUST_UNDERSTAND`        |                                               Same as `SOAP_E_MUST_UNDERSTAND` - `SOAP` client was unable to understand a header.                                                |
-| 0x8024400D |            `WU_E_PT_SOAP_CLIENT`             |                                            Same as `SOAP_E_CLIENT` - `SOAP` client found the message was malformed; fix before resending.                                        |
-| 0x8024400E |            `WU_E_PT_SOAP_SERVER`             |                                       Same as `SOAP_E_SERVER` - The `SOAP` message could not be processed due to a server error; resend later.                                   |
-| 0x8024400F |             `WU_E_PT_WMI_ERROR`              |                                                     There was an unspecified Windows Management Instrumentation (WMI) error.                                                     |
-| 0x80244010 |     `WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS`      |                                                       The number of round trips to the server exceeded the maximum limit.                                                        |
-| 0x80244011 |         `WU_E_PT_SUS_SERVER_NOT_SET`         |                                                                WUServer policy value is missing in the registry.                                                                 |
-| 0x80244012 |       `WU_E_PT_DOUBLE_INITIALIZATION`        |                                                        Initialization failed because the object was already initialized.                                                         |
-| 0x80244013 |       `WU_E_PT_INVALID_COMPUTER_NAME`        |                                                                    The computer name could not be determined.                                                                    |
-| 0x80244015 |       `WU_E_PT_REFRESH_CACHE_REQUIRED`       |                   The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry.                  |
-| 0x80244016 |      `WU_E_PT_HTTP_STATUS_BAD_REQUEST`       |                                            Same as HTTP status 400 - the server could not process the request due to invalid syntax.                                             |
-| 0x80244017 |         `WU_E_PT_HTTP_STATUS_DENIED`         |                                                  Same as HTTP status 401 - the requested resource requires user authentication.                                                  |
-| 0x80244018 |       `WU_E_PT_HTTP_STATUS_FORBIDDEN`        |                                                Same as HTTP status 403 - server understood the request but declined to fulfill it.                                               |
-| 0x80244019 |       `WU_E_PT_HTTP_STATUS_NOT_FOUND`        |                                        Same as HTTP status 404 - the server cannot find the requested URI (Uniform Resource Identifier).                                         |
-| 0x8024401A |       `WU_E_PT_HTTP_STATUS_BAD_METHOD`       |                                                            Same as HTTP status 405 - the HTTP method is not allowed.                                                             |
-| 0x8024401B |     `WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ`     |                                                           Same as HTTP status 407 - proxy authentication is required.                                                            |
-| 0x8024401C |    `WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT`     |                                                     Same as HTTP status 408 - the server timed out waiting for the request.                                                      |
-| 0x8024401D |        `WU_E_PT_HTTP_STATUS_CONFLICT`        |                                Same as HTTP status 409 - the request was not completed due to a conflict with the current state of the resource.                                 |
-| 0x8024401E |          `WU_E_PT_HTTP_STATUS_GONE`          |                                                Same as HTTP status 410 - requested resource is no longer available at the server.                                                |
-| 0x8024401F |      `WU_E_PT_HTTP_STATUS_SERVER_ERROR`      |                                           Same as HTTP status 500 - an error internal to the server prevented fulfilling the request.                                            |
-| 0x80244020 |     `WU_E_PT_HTTP_STATUS_NOT_SUPPORTED`      |                                       Same as HTTP status 500 - server does not support the functionality required to fulfill the request.                                       |
-| 0x80244021 |      `WU_E_PT_HTTP_STATUS_BAD_GATEWAY`       | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfill the request. |
-| 0x80244022 |    `WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL`     |                                                         Same as HTTP status 503 - the service is temporarily overloaded.                                                         |
-| 0x80244023 |    `WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT`     |                                                    Same as HTTP status 503 - the request was timed out waiting for a gateway.                                                    |
-| 0x80244024 |    `WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP`     |                                      Same as HTTP status 505 - the server does not support the HTTP protocol version used for the request.                                       |
-| 0x80244025 |       `WU_E_PT_FILE_LOCATIONS_CHANGED`       |                                                Operation failed due to a changed file location; refresh internal state and resend.                                               |
-| 0x80244026 |     `WU_E_PT_REGISTRATION_NOT_SUPPORTED`     |                                       Operation failed because Windows Update Agent does not support registration with a non-WSUS server.                                        |
-| 0x80244027 |     `WU_E_PT_NO_AUTH_PLUGINS_REQUESTED`      |                                                          The server returned an empty authentication information list.                                                           |
-| 0x80244028 |      `WU_E_PT_NO_AUTH_COOKIES_CREATED`       |                                                   Windows Update Agent was unable to create any valid authentication cookies.                                                    |
-| 0x80244029 |        `WU_E_PT_INVALID_CONFIG_PROP`         |                                                                    A configuration property value was wrong.                                                                     |
-| 0x8024402A |        `WU_E_PT_CONFIG_PROP_MISSING`         |                                                                   A configuration property value was missing.                                                                    |
-| 0x8024402B |       `WU_E_PT_HTTP_STATUS_NOT_MAPPED`       |                               The HTTP request could not be completed and the reason did not correspond to any of the `WU_E_PT_HTTP_*` error codes.                              |
-| 0x8024402C |     `WU_E_PT_WINHTTP_NAME_NOT_RESOLVED`      |                                       Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name cannot be resolved.                                       |
-| 0x8024402F |     `WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS`      |                                                             External cab file processing completed with some errors.                                                             |
-| 0x80244030 |          `WU_E_PT_ECP_INIT_FAILED`           |                                                           The external cab processor initialization did not complete.                                                            |
-| 0x80244031 |      `WU_E_PT_ECP_INVALID_FILE_FORMAT`       |                                                                    The format of a metadata file was invalid.                                                                    |
-| 0x80244032 |        `WU_E_PT_ECP_INVALID_METADATA`        |                                                                  External cab processor found invalid metadata.                                                                  |
-| 0x80244033 |   `WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST`    |                                                        The file digest could not be extracted from an external cab file.                                                         |
-| 0x80244034 | `WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE` |                                                                 An external cab file could not be decompressed.                                                                  |
-| 0x80244035 |      `WU_E_PT_ECP_FILE_LOCATION_ERROR`       |                                                             External cab processor was unable to get file locations.                                                             |
-| 0x80244FFF |             `WU_E_PT_UNEXPECTED`             |                                                       A communication error not covered by another `WU_E_PT_*` error code.                                                       |
-| 0x8024502D |           `WU_E_PT_SAME_REDIR_ID`            |                       Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery.                       |
-| 0x8024502E |         `WU_E_PT_NO_MANAGED_RECOVER`         |                                                   A redirector recovery action did not complete because the server is managed.                                                   |
+| Error code |             Message              |                                                              Description                                                              |
+|------------|----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
+| `0x8024400B` |            `WU_E_PT_SOAP_VERSION`            |                                    Same as `SOAP_E_VERSION_MISMATCH` - `SOAP` client found an unrecognizable namespace for the `SOAP` envelope.                                  |
+| `0x8024400C` |        `WU_E_PT_SOAP_MUST_UNDERSTAND`        |                                               Same as `SOAP_E_MUST_UNDERSTAND` - `SOAP` client was unable to understand a header.                                                |
+| `0x8024400D` |            `WU_E_PT_SOAP_CLIENT`             |                                            Same as `SOAP_E_CLIENT` - `SOAP` client found the message was malformed; fix before resending.                                        |
+|`0x8024400E` |            `WU_E_PT_SOAP_SERVER`             |                                       Same as `SOAP_E_SERVER` - The `SOAP` message couldn't be processed due to a server error; resend later.                                   |
+| `0x8024400F` |             `WU_E_PT_WMI_ERROR`              |                                                     There was an unspecified Windows Management Instrumentation (WMI) error.                                                     |
+| `0x80244010` |     `WU_E_PT_EXCEEDED_MAX_SERVER_TRIPS`      |                                                       The number of round trips to the server exceeded the maximum limit.                                                        |
+| `0x80244011` |         `WU_E_PT_SUS_SERVER_NOT_SET`         |                                                                WUServer policy value is missing in the registry.                                                                 |
+| `0x80244012` |       `WU_E_PT_DOUBLE_INITIALIZATION`        |                                                        Initialization failed because the object was already initialized.                                                         |
+| `0x80244013` |       `WU_E_PT_INVALID_COMPUTER_NAME`        |                                                                    The computer name couldn't be determined.                                                                    |
+| `0x80244015` |       `WU_E_PT_REFRESH_CACHE_REQUIRED`       |                   The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry.                  |
+| `0x80244016` |      `WU_E_PT_HTTP_STATUS_BAD_REQUEST`       |                                            Same as HTTP status 400 - the server couldn't process the request due to invalid syntax.                                             |
+| `0x80244017` |         `WU_E_PT_HTTP_STATUS_DENIED`         |                                                  Same as HTTP status 401 - the requested resource requires user authentication.                                                  |
+| `0x80244018` |       `WU_E_PT_HTTP_STATUS_FORBIDDEN`        |                                                Same as HTTP status 403 - server understood the request but declined to fulfill it.                                               |
+| `0x80244019` |       `WU_E_PT_HTTP_STATUS_NOT_FOUND`        |                                        Same as HTTP status 404 - the server can't find the requested URI (Uniform Resource Identifier).                                         |
+| `0x8024401A` |       `WU_E_PT_HTTP_STATUS_BAD_METHOD`       |                                                            Same as HTTP status 405 - the HTTP method isn't allowed.                                                             |
+| `0x8024401B` |     `WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ`     |                                                           Same as HTTP status 407 - proxy authentication is required.                                                            |
+| `0x8024401C` |    `WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT`     |                                                     Same as HTTP status 408 - the server timed out waiting for the request.                                                      |
+| `0x8024401D` |        `WU_E_PT_HTTP_STATUS_CONFLICT`        |                                Same as HTTP status 409 - the request wasn't completed due to a conflict with the current state of the resource.                                 |
+| `0x8024401E` |          `WU_E_PT_HTTP_STATUS_GONE`          |                                                Same as HTTP status 410 - requested resource is no longer available at the server.                                                |
+| `0x8024401F` |      `WU_E_PT_HTTP_STATUS_SERVER_ERROR`      |                                           Same as HTTP status 500 - an error internal to the server prevented fulfilling the request.                                            |
+| `0x80244020` |     `WU_E_PT_HTTP_STATUS_NOT_SUPPORTED`      |                                       Same as HTTP status 500 - server doesn't support the functionality required to fulfill the request.                                       |
+|`0x80244021` |      `WU_E_PT_HTTP_STATUS_BAD_GATEWAY`       | Same as HTTP status 502 - the server while acting as a gateway or a proxy received an invalid response from the upstream server it accessed in attempting to fulfill the request. |
+| `0x80244022` |    `WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL`     |                                                         Same as HTTP status 503 - the service is temporarily overloaded.                                                         |
+| `0x80244023` |    `WU_E_PT_HTTP_STATUS_GATEWAY_TIMEOUT`     |                                                    Same as HTTP status 503 - the request was timed out waiting for a gateway.                                                    |
+| `0x80244024` |    `WU_E_PT_HTTP_STATUS_VERSION_NOT_SUP`     |                                      Same as HTTP status 505 - the server doesn't support the HTTP protocol version used for the request.                                       |
+| `0x80244025` |       `WU_E_PT_FILE_LOCATIONS_CHANGED`       |                                                Operation failed due to a changed file location; refresh internal state and resend.                                               |
+| `0x80244026` |     `WU_E_PT_REGISTRATION_NOT_SUPPORTED`     |                                       Operation failed because Windows Update Agent doesn't support registration with a non-WSUS server.                                        |
+| `0x80244027` |     `WU_E_PT_NO_AUTH_PLUGINS_REQUESTED`      |                                                          The server returned an empty authentication information list.                                                           |
+| `0x80244028` |      `WU_E_PT_NO_AUTH_COOKIES_CREATED`       |                                                   Windows Update Agent was unable to create any valid authentication cookies.                                                    |
+| `0x80244029` |        `WU_E_PT_INVALID_CONFIG_PROP`         |                                                                    A configuration property value was wrong.                                                                     |
+| `0x8024402A` |        `WU_E_PT_CONFIG_PROP_MISSING`         |                                                                   A configuration property value was missing.                                                                    |
+| `0x8024402B` |       `WU_E_PT_HTTP_STATUS_NOT_MAPPED`       |                               The HTTP request couldn't be completed and the reason didn't correspond to any of the `WU_E_PT_HTTP_*` error codes.                              |
+| `0x8024402C` |     `WU_E_PT_WINHTTP_NAME_NOT_RESOLVED`      |                                       Same as ERROR_WINHTTP_NAME_NOT_RESOLVED - the proxy server or target server name can't be resolved.                                       |
+| `0x8024402F` |     `WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS`      |                                                             External cab file processing completed with some errors.                                                             |
+| `0x80244030` |          `WU_E_PT_ECP_INIT_FAILED`           |                                                           The external cab processor initialization didn't complete.                                                            |
+| `0x80244031` |      `WU_E_PT_ECP_INVALID_FILE_FORMAT`       |                                                                    The format of a metadata file was invalid.                                                                    |
+| `0x80244032` |        `WU_E_PT_ECP_INVALID_METADATA`        |                                                                  External cab processor found invalid metadata.                                                                  |
+| `0x80244033` |   `WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST`    |                                                        The file digest couldn't be extracted from an external cab file.                                                         |
+| `0x80244034` | `WU_E_PT_ECP_FAILURE_TO_DECOMPRESS_CAB_FILE` |                                                                 An external cab file couldn't be decompressed.                                                                  |
+| `0x80244035` |      `WU_E_PT_ECP_FILE_LOCATION_ERROR`       |                                                             External cab processor was unable to get file locations.                                                             |
+| `0x80244FFF` |             `WU_E_PT_UNEXPECTED`             |                                                       A communication error not covered by another `WU_E_PT_*` error code.                                                       |
+| `0x8024502D` |           `WU_E_PT_SAME_REDIR_ID`            |                       Windows Update Agent failed to download a redirector cabinet file with a new redirectorId value from the server during the recovery.                       |
+| `0x8024502E` |         `WU_E_PT_NO_MANAGED_RECOVER`         |                                                   A redirector recovery action didn't complete because the server is managed.                                                   |
 
 ## Download Manager errors
 
 | Error code |             Message               |                                                                Description                                                                 |
 |------------|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|
-| 0x80246001 |     `WU_E_DM_URLNOTAVAILABLE`     |                    A download manager operation could not be completed because the requested file does not have a URL.                     |
-| 0x80246002 |    `WU_E_DM_INCORRECTFILEHASH`    |                      A download manager operation could not be completed because the file digest was not recognized.                       |
-| 0x80246003 |    `WU_E_DM_UNKNOWNALGORITHM`     |          A download manager operation could not be completed because the file metadata requested an unrecognized hash algorithm.           |
-| 0x80246004 |   `WU_E_DM_NEEDDOWNLOADREQUEST`   |                   An operation could not be completed because a download request is required from the download handler.                    |
-| 0x80246005 |        `WU_E_DM_NONETWORK`        |                    A download manager operation could not be completed because the network connection was unavailable.                     |
-| 0x80246006 |    `WU_E_DM_WRONGBITSVERSION`     | A download manager operation could not be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. |
-| 0x80246007 |      `WU_E_DM_NOTDOWNLOADED`      |                                                    The update has not been downloaded.                                                     |
-| 0x80246008 |   `WU_E_DM_FAILTOCONNECTTOBITS`   | A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). |
-| 0x80246009 |   `WU_E_DM_BITSTRANSFERERROR`     |    A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error.     |
-| 0x8024600A | `WU_E_DM_DOWNLOADLOCATIONCHANGED` |                        A download must be restarted because the location of the source of the download has changed.                        |
-| 0x8024600B |     `WU_E_DM_CONTENTCHANGED`      |                            A download must be restarted because the update content changed in a new revision.                              |
-| 0x80246FFF |       `WU_E_DM_UNEXPECTED`        |                             There was a download manager error not covered by another `WU_E_DM_*` error code.                              |
+| `0x80246001` |     `WU_E_DM_URLNOTAVAILABLE`     |                    A download manager operation couldn't be completed because the requested file doesn't have a URL.                     |
+| `0x80246002` |    `WU_E_DM_INCORRECTFILEHASH`    |                      A download manager operation couldn't be completed because the file digest wasn't recognized.                       |
+| `0x80246003` |    `WU_E_DM_UNKNOWNALGORITHM`     |          A download manager operation couldn't be completed because the file metadata requested an unrecognized hash algorithm.           |
+| `0x80246004` |   `WU_E_DM_NEEDDOWNLOADREQUEST`   |                   An operation couldn't be completed because a download request is required from the download handler.                    |
+| `0x80246005` |        `WU_E_DM_NONETWORK`        |                    A download manager operation couldn't be completed because the network connection was unavailable.                     |
+| `0x80246006` |    `WU_E_DM_WRONGBITSVERSION`     | A download manager operation couldn't be completed because the version of Background Intelligent Transfer Service (BITS) is incompatible. |
+| `0x80246007` |      `WU_E_DM_NOTDOWNLOADED`      |                                                    The update hasn't been downloaded.                                                     |
+| `0x80246008` |   `WU_E_DM_FAILTOCONNECTTOBITS`   | A download manager operation failed because the download manager was unable to connect the Background Intelligent Transfer Service (BITS). |
+| `0x80246009` |   `WU_E_DM_BITSTRANSFERERROR`     |    A download manager operation failed because there was an unspecified Background Intelligent Transfer Service (BITS) transfer error.     |
+| `0x8024600A` | `WU_E_DM_DOWNLOADLOCATIONCHANGED` |                        A download must be restarted because the location of the source of the download has changed.                        |
+| `0x8024600B` |     `WU_E_DM_CONTENTCHANGED`      |                            A download must be restarted because the update content changed in a new revision.                              |
+| `0x80246FFF` |       `WU_E_DM_UNEXPECTED`        |                             There was a download manager error not covered by another `WU_E_DM_*` error code.                              |
 
 ## Update Handler errors
 
 | Error code |                Message                 |                                                                 Description                                                                 |
 |------------|----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
-| 0x80242000 |      `WU_E_UH_REMOTEUNAVAILABLE`       |                     A request for a remote update handler could not be completed because no remote process is available.                    |
-| 0x80242001 |          `WU_E_UH_LOCALONLY`           |                       A request for a remote update handler could not be completed because the handler is local only.                       |
-| 0x80242002 |        `WU_E_UH_UNKNOWNHANDLER`        |                     A request for an update handler could not be completed because the handler could not be recognized.                     |
-| 0x80242003 |     `WU_E_UH_REMOTEALREADYACTIVE`      |                                  A remote update handler could not be created because one already exists.                                   |
-| 0x80242004 |     `WU_E_UH_DOESNOTSUPPORTACTION`     |  A request for the handler to install (uninstall) an update could not be completed because the update does not support install (uninstall). |
-| 0x80242005 |         `WU_E_UH_WRONGHANDLER`         |                                   An operation did not complete because the wrong handler was specified.                                    |
-| 0x80242006 |       `WU_E_UH_INVALIDMETADATA`        |                          A handler operation could not be completed because the update contains invalid metadata.                           |
-| 0x80242007 |        `WU_E_UH_INSTALLERHUNG`         |                             An operation could not be completed because the installer exceeded the time limit.                              |
-| 0x80242008 |      `WU_E_UH_OPERATIONCANCELLED`      |                                        An operation being done by the update handler was canceled.                                          |
-| 0x80242009 |        `WU_E_UH_BADHANDLERXML`         |                            An operation could not be completed because the handler-specific metadata is invalid.                            |
-| 0x8024200A |       `WU_E_UH_CANREQUIREINPUT`        |                A request to the handler to install an update could not be completed because the update requires user input.                 |
-| 0x8024200B |       `WU_E_UH_INSTALLERFAILURE`       |                                      The installer failed to install (uninstall) one or more updates.                                       |
-| 0x8024200C |   `WU_E_UH_FALLBACKTOSELFCONTAINED`    |               The update handler should download self-contained content rather than delta-compressed content for the update.                |
-| 0x8024200D |     `WU_E_UH_NEEDANOTHERDOWNLOAD`      |                           The update handler did not install the update because it needs to be downloaded again.                            |
-| 0x8024200E |        `WU_E_UH_NOTIFYFAILURE`         |                     The update handler failed to send notification of the status of the install (uninstall) operation.                      |
-| 0x8024200F |   `WU_E_UH_INCONSISTENT_FILE_NAMES`    |                         The file names contained in the update metadata and in the update package are inconsistent.                         |
-| 0x80242010 |        `WU_E_UH_FALLBACKERROR`         |                                    The update handler failed to fall back to the self-contained content.                                    |
-| 0x80242011 |   `WU_E_UH_TOOMANYDOWNLOADREQUESTS`    |                                  The update handler has exceeded the maximum number of download requests.                                   |
-| 0x80242012 |    `WU_E_UH_UNEXPECTEDCBSRESPONSE`     |                                      The update handler has received an unexpected response from CBS.                                       |
-| 0x80242013 |       `WU_E_UH_BADCBSPACKAGEID`        |                                       The update metadata contains an invalid CBS package identifier.                                       |
-| 0x80242014 |    `WU_E_UH_POSTREBOOTSTILLPENDING`    |                                       The post-reboot operation for the update is still in progress.                                        |
-| 0x80242015 |   `WU_E_UH_POSTREBOOTRESULTUNKNOWN`    |                               The result of the post-reboot operation for the update could not be determined.                               |
-| 0x80242016 |  `WU_E_UH_POSTREBOOTUNEXPECTEDSTATE`   |                            The state of the update after its post-reboot operation has completed is unexpected.                             |
-| 0x80242017 | `WU_E_UH_NEW_SERVICING_STACK_REQUIRED` |                            The OS servicing stack must be updated before this update is downloaded or installed.                            |
-| 0x80242FFF |          `WU_E_UH_UNEXPECTED`          |                                       An update handler error not covered by another `WU_E_UH_*` code.                                      |
+| `0x80242000` |      `WU_E_UH_REMOTEUNAVAILABLE`       |                     A request for a remote update handler couldn't be completed because no remote process is available.                    |
+| `0x80242001`|          `WU_E_UH_LOCALONLY`           |                       A request for a remote update handler couldn't be completed because the handler is local only.                       |
+| `0x80242002` |        `WU_E_UH_UNKNOWNHANDLER`        |                     A request for an update handler couldn't be completed because the handler couldn't be recognized.                     |
+| `0x80242003` |     `WU_E_UH_REMOTEALREADYACTIVE`      |                                  A remote update handler couldn't be created because one already exists.                                   |
+| `0x80242004` |     `WU_E_UH_DOESNOTSUPPORTACTION`     |  A request for the handler to install (uninstall) an update couldn't be completed because the update doesn't support install (uninstall). |
+|`0x80242005` |         `WU_E_UH_WRONGHANDLER`         |                                   An operation didn't complete because the wrong handler was specified.                                    |
+| `0x80242006` |       `WU_E_UH_INVALIDMETADATA`        |                          A handler operation couldn't be completed because the update contains invalid metadata.                           |
+| `0x80242007` |        `WU_E_UH_INSTALLERHUNG`         |                             An operation couldn't be completed because the installer exceeded the time limit.                              |
+| `0x80242008` |      `WU_E_UH_OPERATIONCANCELLED`      |                                        An operation being done by the update handler was canceled.                                          |
+| `0x80242009` |        `WU_E_UH_BADHANDLERXML`         |                            An operation couldn't be completed because the handler-specific metadata is invalid.                            |
+| `0x8024200A` |       `WU_E_UH_CANREQUIREINPUT`        |                A request to the handler to install an update couldn't be completed because the update requires user input.                 |
+| `0x8024200B` |       `WU_E_UH_INSTALLERFAILURE`       |                                      The installer failed to install (uninstall) one or more updates.                                       |
+| `0x8024200C` |   `WU_E_UH_FALLBACKTOSELFCONTAINED`    |               The update handler should download self-contained content rather than delta-compressed content for the update.                |
+| `0x8024200D` |     `WU_E_UH_NEEDANOTHERDOWNLOAD`      |                           The update handler didn't install the update because it needs to be downloaded again.                            |
+| `0x8024200E` |        `WU_E_UH_NOTIFYFAILURE`         |                     The update handler failed to send notification of the status of the install (uninstall) operation.                      |
+| `0x8024200F` |   `WU_E_UH_INCONSISTENT_FILE_NAMES`    |                         The file names contained in the update metadata and in the update package are inconsistent.                         |
+| `0x80242010` |        `WU_E_UH_FALLBACKERROR`         |                                    The update handler failed to fall back to the self-contained content.                                    |
+| `0x80242011` |   `WU_E_UH_TOOMANYDOWNLOADREQUESTS`    |                                  The update handler has exceeded the maximum number of download requests.                                   |
+| `0x80242012` |    `WU_E_UH_UNEXPECTEDCBSRESPONSE`     |                                      The update handler has received an unexpected response from CBS.                                       |
+| `0x80242013` |       `WU_E_UH_BADCBSPACKAGEID`        |                                       The update metadata contains an invalid CBS package identifier.                                       |
+| `0x80242014` |    `WU_E_UH_POSTREBOOTSTILLPENDING`    |                                       The post-reboot operation for the update is still in progress.                                        |
+| `0x80242015` |   `WU_E_UH_POSTREBOOTRESULTUNKNOWN`    |                               The result of the post-reboot operation for the update couldn't be determined.                               |
+| `0x80242016` |  `WU_E_UH_POSTREBOOTUNEXPECTEDSTATE`   |                            The state of the update after its post-reboot operation has completed is unexpected.                             |
+| `0x80242017` | `WU_E_UH_NEW_SERVICING_STACK_REQUIRED` |                            The OS servicing stack must be updated before this update is downloaded or installed.                            |
+| `0x80242FFF` |          `WU_E_UH_UNEXPECTED`          |                                       An update handler error not covered by another `WU_E_UH_*` code.                                      |
 
 ## Data Store errors
 
 | Error code |            Message             |                                                                                               Description                                                                                              |
 |------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0x80248000 |       `WU_E_DS_SHUTDOWN`       |                                                                   An operation failed because Windows Update Agent is shutting down.                                                                   |
-| 0x80248001 |        `WU_E_DS_INUSE`         |                                                                          An operation failed because the data store was in use.                                                                        |
-| 0x80248002 |       `WU_E_DS_INVALID`        |                                                                     The current and expected states of the data store do not match.                                                                    |
-| 0x80248003 |     `WU_E_DS_TABLEMISSING`     |                                                                                   The data store is missing a table.                                                                                   |
-| 0x80248004 |    `WU_E_DS_TABLEINCORRECT`    |                                                                        The data store contains a table with unexpected columns.                                                                        |
-| 0x80248005 |   `WU_E_DS_INVALIDTABLENAME`   |                                                                 A table could not be opened because the table is not in the data store.                                                                |
-| 0x80248006 |      `WU_E_DS_BADVERSION`      |                                                                    The current and expected versions of the data store do not match.                                                                   |
-| 0x80248007 |        `WU_E_DS_NODATA`        |                                                                           The information requested is not in the data store.                                                                          |
-| 0x80248008 |     `WU_E_DS_MISSINGDATA`      |                                             The data store is missing required information or has a NULL in a table column that requires a non-null value.                                             |
-| 0x80248009 |      `WU_E_DS_MISSINGREF`      |                                    The data store is missing required information or has a reference to missing license terms file localized property or linked row.                                   |
-| 0x8024800A |    `WU_E_DS_UNKNOWNHANDLER`    |                                                            The update was not processed because its update handler could not be recognized.                                                            |
-| 0x8024800B |      `WU_E_DS_CANTDELETE`      |                                                           The update was not deleted because it is still referenced by one or more services.                                                           |
-| 0x8024800C |  `WU_E_DS_LOCKTIMEOUTEXPIRED`  |                                                                  The data store section could not be locked within the allotted time.                                                                  |
-| 0x8024800D |     `WU_E_DS_NOCATEGORIES`     |                                               The category was not added because it contains no parent categories and is not a top-level category itself.                                              |
-| 0x8024800E |      `WU_E_DS_ROWEXISTS`       |                                                                 The row was not added because an existing row has the same primary key.                                                                |
-| 0x8024800F |   `WU_E_DS_STOREFILELOCKED`    |                                                            The data store could not be initialized because it was locked by another process.                                                           |
-| 0x80248010 |    `WU_E_DS_CANNOTREGISTER`    |                                                             The data store is not allowed to be registered with COM in the current process.                                                            |
-| 0x80248011 |    `WU_E_DS_UNABLETOSTART`     |                                                                        Could not create a data store object in another process.                                                                        |
-| 0x80248013 |  `WU_E_DS_DUPLICATEUPDATEID`   |                                                             The server sent the same update to the client with two different revision IDs.                                                             |
-| 0x80248014 |   `WU_E_DS_UNKNOWNSERVICE`     |                                                               An operation did not complete because the service is not in the data store.                                                              |
-| 0x80248015 |   `WU_E_DS_SERVICEEXPIRED`     |                                                           An operation did not complete because the registration of the service has expired.                                                           |
-| 0x80248016 |  `WU_E_DS_DECLINENOTALLOWED`   |                                          A request to hide an update was declined because it is a mandatory update or because it was deployed with a deadline.                                         |
-| 0x80248017 | `WU_E_DS_TABLESESSIONMISMATCH` |                                                                  A table was not closed because it is not associated with the session.                                                                 |
-| 0x80248018 | `WU_E_DS_SESSIONLOCKMISMATCH`  |                                                                  A table was not closed because it is not associated with the session.                                                                 |
-| 0x80248019 |  `WU_E_DS_NEEDWINDOWSSERVICE`  |  A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it is a built-in service and/or Automatic Updates cannot fall back to another service. |
-| 0x8024801A |   `WU_E_DS_INVALIDOPERATION`   |                                                                      A request was declined because the operation is not allowed.                                                                      |
-| 0x8024801B |    `WU_E_DS_SCHEMAMISMATCH`    |                                                  The schema of the current data store and the schema of a table in a backup XML document do not match.                                                 |
-| 0x8024801C |    `WU_E_DS_RESETREQUIRED`     |                                                       The data store requires a session reset; release the session and retry with a new session.                                                       |
-| 0x8024801D |     `WU_E_DS_IMPERSONATED`     |                                                     A data store operation did not complete because it was requested with an impersonated identity.                                                    |
-| 0x80248FFF |      `WU_E_DS_UNEXPECTED`      |                                                                       A data store error not covered by another `WU_E_DS_*` code.                                                                      |
+| `0x80248000` |       `WU_E_DS_SHUTDOWN`       |                                                                   An operation failed because Windows Update Agent is shutting down.                                                                   |
+| `0x80248001` |        `WU_E_DS_INUSE`         |                                                                          An operation failed because the data store was in use.                                                                        |
+| `0x80248002` |       `WU_E_DS_INVALID`        |                                                                     The current and expected states of the data store don't match.                                                                    |
+| `0x80248003` |     `WU_E_DS_TABLEMISSING`     |                                                                                   The data store is missing a table.                                                                                   |
+| `0x80248004` |    `WU_E_DS_TABLEINCORRECT`    |                                                                        The data store contains a table with unexpected columns.                                                                        |
+| `0x80248005` |   `WU_E_DS_INVALIDTABLENAME`   |                                                                 A table couldn't be opened because the table isn't in the data store.                                                                |
+| `0x80248006` |      `WU_E_DS_BADVERSION`      |                                                                    The current and expected versions of the data store don't match.                                                                   |
+| `0x80248007` |        `WU_E_DS_NODATA`        |                                                                           The information requested isn't in the data store.                                                                          |
+| `0x80248008` |     `WU_E_DS_MISSINGDATA`      |                                             The data store is missing required information or has a NULL in a table column that requires a non-null value.                                             |
+| `0x80248009` |      `WU_E_DS_MISSINGREF`      |                                    The data store is missing required information or has a reference to missing license terms file localized property or linked row.                                   |
+| `0x8024800A` |    `WU_E_DS_UNKNOWNHANDLER`    |                                                            The update wasn't processed because its update handler couldn't be recognized.                                                            |
+| `0x8024800B` |      `WU_E_DS_CANTDELETE`      |                                                           The update wasn't deleted because it's still referenced by one or more services.                                                           |
+| `0x8024800C` |  `WU_E_DS_LOCKTIMEOUTEXPIRED`  |                                                                  The data store section couldn't be locked within the allotted time.                                                                  |
+| `0x8024800D` |     `WU_E_DS_NOCATEGORIES`     |                                               The category wasn't added because it contains no parent categories and isn't a top-level category itself.                                              |
+| `0x8024800E` |      `WU_E_DS_ROWEXISTS`       |                                                                 The row wasn't added because an existing row has the same primary key.                                                                |
+| `0x8024800F` |   `WU_E_DS_STOREFILELOCKED`    |                                                            The data store couldn't be initialized because it was locked by another process.                                                           |
+| `0x80248010` |    `WU_E_DS_CANNOTREGISTER`    |                                                             The data store isn't allowed to be registered with COM in the current process.                                                            |
+| `0x80248011` |    `WU_E_DS_UNABLETOSTART`     |                                                                        Couldn't create a data store object in another process.                                                                        |
+| `0x80248013` |  `WU_E_DS_DUPLICATEUPDATEID`   |                                                             The server sent the same update to the client with two different revision IDs.                                                             |
+| `0x80248014` |   `WU_E_DS_UNKNOWNSERVICE`     |                                                               An operation didn't complete because the service isn't in the data store.                                                              |
+| `0x80248015` |   `WU_E_DS_SERVICEEXPIRED`     |                                                           An operation didn't complete because the registration of the service has expired.                                                           |
+| `0x80248016` |  `WU_E_DS_DECLINENOTALLOWED`   |                                          A request to hide an update was declined because it's a mandatory update or because it was deployed with a deadline.                                         |
+| `0x80248017` | `WU_E_DS_TABLESESSIONMISMATCH` |                                                                  A table wasn't closed because it isn't associated with the session.                                                                 |
+| `0x80248018` | `WU_E_DS_SESSIONLOCKMISMATCH`  |                                                                  A table wasn't closed because it isn't associated with the session.                                                                 |
+| `0x80248019` |  `WU_E_DS_NEEDWINDOWSSERVICE`  |  A request to remove the Windows Update service or to unregister it with Automatic Updates was declined because it's a built-in service and/or Automatic Updates can't fall back to another service. |
+| `0x8024801A` |   `WU_E_DS_INVALIDOPERATION`   |                                                                      A request was declined because the operation isn't allowed.                                                                      |
+| `0x8024801B` |    `WU_E_DS_SCHEMAMISMATCH`    |                                                  The schema of the current data store and the schema of a table in a backup XML document don't match.                                                 |
+| `0x8024801C` |    `WU_E_DS_RESETREQUIRED`     |                                                       The data store requires a session reset; release the session and retry with a new session.                                                       |
+| `0x8024801D` |     `WU_E_DS_IMPERSONATED`     |                                                     A data store operation didn't complete because it was requested with an impersonated identity.                                                    |
+| `0x80248FFF` |      `WU_E_DS_UNEXPECTED`      |                                                                       A data store error not covered by another `WU_E_DS_*` code.                                                                      |
 
 ## Driver Util errors
-The PnP enumerated device is removed from the System Spec because one of the hardware IDs or the compatible IDs matches an installed printer driver. This is not a fatal error, and the device is merely skipped. 
+The PnP enumerated device is removed from the System Spec because one of the hardware IDs or the compatible IDs matches an installed printer driver. This isn't a fatal error, and the device is merely skipped. 
 
 | Error code |  Message                      | Description                                                                                    |
 |------------|-------------------------------|------------------------------------------------------------------------------------------------|
-| 0x8024C001 | `WU_E_DRV_PRUNED`             | A driver was skipped.                                                                          |
-| 0x8024C002 | `WU_E_DRV_NOPROP_OR_LEGACY`   | A property for the driver could not be found. It may not conform with required specifications. |
-| 0x8024C003 | `WU_E_DRV_REG_MISMATCH`       | The registry type read for the driver does not match the expected type.                        |
-| 0x8024C004 | `WU_E_DRV_NO_METADATA`        | The driver update is missing metadata.                                                         |
-| 0x8024C005 | `WU_E_DRV_MISSING_ATTRIBUTE`  | The driver update is missing a required attribute.                                             |
-| 0x8024C006 | `WU_E_DRV_SYNC_FAILED`        | Driver synchronization failed.                                                                 |
-| 0x8024C007 | `WU_E_DRV_NO_PRINTER_CONTENT` | Information required for the synchronization of applicable printers is missing.                |
-| 0x8024CFFF | `WU_E_DRV_UNEXPECTED`         | A driver error not covered by another `WU_E_DRV_*` code.                                       |
+| `0x8024C001` | `WU_E_DRV_PRUNED`             | A driver was skipped.                                                                          |
+| `0x8024C002` | `WU_E_DRV_NOPROP_OR_LEGACY`   | A property for the driver couldn't be found. It may not conform with required specifications. |
+| `0x8024C003` | `WU_E_DRV_REG_MISMATCH`       | The registry type read for the driver doesn't match the expected type.                        |
+| `0x8024C004` | `WU_E_DRV_NO_METADATA`        | The driver update is missing metadata.                                                         |
+| `0x8024C005` | `WU_E_DRV_MISSING_ATTRIBUTE`  | The driver update is missing a required attribute.                                             |
+| `0x8024C006` | `WU_E_DRV_SYNC_FAILED`        | Driver synchronization failed.                                                                 |
+| `0x8024C007` | `WU_E_DRV_NO_PRINTER_CONTENT` | Information required for the synchronization of applicable printers is missing.                |
+| `0x8024CFFF` | `WU_E_DRV_UNEXPECTED`         | A driver error not covered by another `WU_E_DRV_*` code.                                       |
 
 ## Windows Update error codes
 
 | Error code |  Message                          | Description                                                  |
 |------------|-----------------------------------|--------------------------------------------------------------|
-| 0x80240001 | `WU_E_NO_SERVICE`                 | Windows Update Agent was unable to provide the service.
-| 0x80240002 | `WU_E_MAX_CAPACITY_REACHED`       | The maximum capacity of the service was exceeded.
-| 0x80240003 | `WU_E_UNKNOWN_ID`                 | An ID cannot be found.
-| 0x80240004 | `WU_E_NOT_INITIALIZED`            | The object could not be initialized.
-| 0x80240005 | `WU_E_RANGEOVERLAP`               | The update handler requested a byte range overlapping a previously requested range.
-| 0x80240006 | `WU_E_TOOMANYRANGES`              | The requested number of byte ranges exceeds the maximum number (2^31 - 1).
-| 0x80240007 | `WU_E_INVALIDINDEX`               | The index to a collection was invalid.
-| 0x80240008 | `WU_E_ITEMNOTFOUND`               | The key for the item queried could not be found.
-| 0x80240009 | `WU_E_OPERATIONINPROGRESS`        | Another conflicting operation was in progress. Some operations such as installation cannot be performed twice simultaneously.
-| 0x8024000A | `WU_E_COULDNOTCANCEL`             | Cancellation of the operation was not allowed.
-| 0x8024000B | `WU_E_CALL_CANCELLED`             | Operation was canceled.
-| 0x8024000C | `WU_E_NOOP`                       | No operation was required.
-| 0x8024000D | `WU_E_XML_MISSINGDATA`            | Windows Update Agent could not find required information in the update's XML data.
-| 0x8024000E | `WU_E_XML_INVALID`                | Windows Update Agent found invalid information in the update's XML data.
-| 0x8024000F | `WU_E_CYCLE_DETECTED`             | Circular update relationships were detected in the metadata.
-| 0x80240010 | `WU_E_TOO_DEEP_RELATION`          | Update relationships too deep to evaluate were evaluated.
-| 0x80240011 | `WU_E_INVALID_RELATIONSHIP`       | An invalid update relationship was detected.
-| 0x80240012 | `WU_E_REG_VALUE_INVALID`          | An invalid registry value was read.
-| 0x80240013 | `WU_E_DUPLICATE_ITEM`             | Operation tried to add a duplicate item to a list.  
-| 0x80240016 | `WU_E_INSTALL_NOT_ALLOWED`        | Operation tried to install while another installation was in progress or the system was pending a mandatory restart.
-| 0x80240017 | `WU_E_NOT_APPLICABLE`             | Operation was not performed because there are no applicable updates.
-| 0x80240018 | `WU_E_NO_USERTOKEN`               | Operation failed because a required user token is missing.
-| 0x80240019 | `WU_E_EXCLUSIVE_INSTALL_CONFLICT` | An exclusive update cannot be installed with other updates at the same time.
-| 0x8024001A | `WU_E_POLICY_NOT_SET`             | A policy value was not set.  
-| 0x8024001B | `WU_E_SELFUPDATE_IN_PROGRESS`     | The operation could not be performed because the Windows Update Agent is self-updating.
-| 0x8024001D | `WU_E_INVALID_UPDATE`             | An update contains invalid metadata.
-| 0x8024001E | `WU_E_SERVICE_STOP`               | Operation did not complete because the service or system was being shut down.
-| 0x8024001F | `WU_E_NO_CONNECTION`              | Operation did not complete because the network connection was unavailable.
-| 0x80240020 | `WU_E_NO_INTERACTIVE_USER`        | Operation did not complete because there is no logged-on interactive user.
-| 0x80240021 | `WU_E_TIME_OUT`                   | Operation did not complete because it timed out.
-| 0x80240022 | `WU_E_ALL_UPDATES_FAILED`         | Operation failed for all the updates.
-| 0x80240023 | `WU_E_EULAS_DECLINED`             | The license terms for all updates were declined.
-| 0x80240024 | `WU_E_NO_UPDATE`                  | There are no updates.
-| 0x80240025 | `WU_E_USER_ACCESS_DISABLED`       | Group Policy settings prevented access to Windows Update.
-| 0x80240026 | `WU_E_INVALID_UPDATE_TYPE`        | The type of update is invalid.
-| 0x80240027 | `WU_E_URL_TOO_LONG`               | The URL exceeded the maximum length.  
-| 0x80240028 | `WU_E_UNINSTALL_NOT_ALLOWED`      | The update could not be uninstalled because the request did not originate from a WSUS server.
-| 0x80240029 | `WU_E_INVALID_PRODUCT_LICENSE`    | Search may have missed some updates before there is an unlicensed application on the system.
-| 0x8024002A | `WU_E_MISSING_HANDLER`            | A component required to detect applicable updates was missing.
-| 0x8024002B | `WU_E_LEGACYSERVER`               | An operation did not complete because it requires a newer version of server.
-| 0x8024002C | `WU_E_BIN_SOURCE_ABSENT`          | A delta-compressed update could not be installed because it required the source.
-| 0x8024002D | `WU_E_SOURCE_ABSENT`              | A full-file update could not be installed because it required the source.
-| 0x8024002E | `WU_E_WU_DISABLED`                | Access to an unmanaged server is not allowed.
-| 0x8024002F | `WU_E_CALL_CANCELLED_BY_POLICY`   | Operation did not complete because the DisableWindowsUpdateAccess policy was set.
-| 0x80240030 | `WU_E_INVALID_PROXY_SERVER`       | The format of the proxy list was invalid.
-| 0x80240031 | `WU_E_INVALID_FILE`               | The file is in the wrong format.
-| 0x80240032 | `WU_E_INVALID_CRITERIA`           | The search criteria string was invalid.
-| 0x80240033 | `WU_E_EULA_UNAVAILABLE`           | License terms could not be downloaded.
-| 0x80240034 | `WU_E_DOWNLOAD_FAILED`            | Update failed to download.
-| 0x80240035 | `WU_E_UPDATE_NOT_PROCESSED`       | The update was not processed.
-| 0x80240036 | `WU_E_INVALID_OPERATION`          | The object's current state did not allow the operation.
-| 0x80240037 | `WU_E_NOT_SUPPORTED`              | The functionality for the operation is not supported.
-| 0x80240038 | `WU_E_WINHTTP_INVALID_FILE`       | The downloaded file has an unexpected content type.
-| 0x80240039 | `WU_E_TOO_MANY_RESYNC`            | Agent is asked by server to resync too many times.
-| 0x80240040 | `WU_E_NO_SERVER_CORE_SUPPORT`     | `WUA API` method does not run on Server Core installation.
-| 0x80240041 | `WU_E_SYSPREP_IN_PROGRESS`        | Service is not available while sysprep is running.
-| 0x80240042 | `WU_E_UNKNOWN_SERVICE`            | The update service is no longer registered with `AU`.
-| 0x80240043 | `WU_E_NO_UI_SUPPORT`              | There is no support for `WUA UI`.
-| 0x80240FFF | `WU_E_UNEXPECTED`                 | An operation failed due to reasons not covered by another error code.
-| 0x80070422 |                                   | Windows Update service stopped working or is not running.
+| `0x80240001` | `WU_E_NO_SERVICE`                 | Windows Update Agent was unable to provide the service.
+| `0x80240002` | `WU_E_MAX_CAPACITY_REACHED`       | The maximum capacity of the service was exceeded.
+| `0x80240003` | `WU_E_UNKNOWN_ID`                 | An ID can't be found.
+| `0x80240004` | `WU_E_NOT_INITIALIZED`            | The object couldn't be initialized.
+| `0x80240005` | `WU_E_RANGEOVERLAP`               | The update handler requested a byte range overlapping a previously requested range.
+| `0x80240006` | `WU_E_TOOMANYRANGES`              | The requested number of byte ranges exceeds the maximum number (2^31 - 1).
+| `0x80240007` | `WU_E_INVALIDINDEX`               | The index to a collection was invalid.
+| `0x80240008` | `WU_E_ITEMNOTFOUND`               | The key for the item queried couldn't be found.
+| `0x80240009` | `WU_E_OPERATIONINPROGRESS`        | Another conflicting operation was in progress. Some operations such as installation can't be performed twice simultaneously.
+| `0x8024000A` | `WU_E_COULDNOTCANCEL`             | Cancellation of the operation wasn't allowed.
+| `0x8024000B` | `WU_E_CALL_CANCELLED`             | Operation was canceled.
+| `0x8024000C` | `WU_E_NOOP`                       | No operation was required.
+| `0x8024000D` | `WU_E_XML_MISSINGDATA`            | Windows Update Agent couldn't find required information in the update's XML data.
+| `0x8024000E` | `WU_E_XML_INVALID`                | Windows Update Agent found invalid information in the update's XML data.
+| `0x8024000F` | `WU_E_CYCLE_DETECTED`             | Circular update relationships were detected in the metadata.
+| `0x80240010` | `WU_E_TOO_DEEP_RELATION`          | Update relationships too deep to evaluate were evaluated.
+| `0x80240011` | `WU_E_INVALID_RELATIONSHIP`       | An invalid update relationship was detected.
+| `0x80240012` | `WU_E_REG_VALUE_INVALID`          | An invalid registry value was read.
+| `0x80240013` | `WU_E_DUPLICATE_ITEM`             | Operation tried to add a duplicate item to a list.  
+| `0x80240016` | `WU_E_INSTALL_NOT_ALLOWED`        | Operation tried to install while another installation was in progress or the system was pending a mandatory restart.
+| `0x80240017` | `WU_E_NOT_APPLICABLE`             | Operation wasn't performed because there are no applicable updates.
+| `0x80240018` | `WU_E_NO_USERTOKEN`               | Operation failed because a required user token is missing.
+| `0x80240019` | `WU_E_EXCLUSIVE_INSTALL_CONFLICT` | An exclusive update can't be installed with other updates at the same time.
+| `0x8024001A` | `WU_E_POLICY_NOT_SET`             | A policy value wasn't set.  
+| `0x8024001B` | `WU_E_SELFUPDATE_IN_PROGRESS`     | The operation couldn't be performed because the Windows Update Agent is self-updating.
+| `0x8024001D` | `WU_E_INVALID_UPDATE`             | An update contains invalid metadata.
+| `0x8024001E` | `WU_E_SERVICE_STOP`               | Operation didn't complete because the service or system was being shut down.
+| `0x8024001F` | `WU_E_NO_CONNECTION`              | Operation didn't complete because the network connection was unavailable.
+| `0x80240020` | `WU_E_NO_INTERACTIVE_USER`        | Operation didn't complete because there's no logged-on interactive user.
+| `0x80240021` | `WU_E_TIME_OUT`                   | Operation didn't complete because it timed out.
+| `0x80240022` | `WU_E_ALL_UPDATES_FAILED`         | Operation failed for all the updates.
+| `0x80240023` | `WU_E_EULAS_DECLINED`             | The license terms for all updates were declined.
+| `0x80240024` | `WU_E_NO_UPDATE`                  | There are no updates.
+| `0x80240025` | `WU_E_USER_ACCESS_DISABLED`       | Group Policy settings prevented access to Windows Update.
+| `0x80240026` | `WU_E_INVALID_UPDATE_TYPE`        | The type of update is invalid.
+| `0x80240027` | `WU_E_URL_TOO_LONG`               | The URL exceeded the maximum length.  
+| `0x80240028` | `WU_E_UNINSTALL_NOT_ALLOWED`      | The update couldn't be uninstalled because the request didn't originate from a WSUS server.
+| `0x80240029` | `WU_E_INVALID_PRODUCT_LICENSE`    | Search may have missed some updates before there's an unlicensed application on the system.
+| `0x8024002A` | `WU_E_MISSING_HANDLER`            | A component required to detect applicable updates was missing.
+| `0x8024002B` | `WU_E_LEGACYSERVER`               | An operation didn't complete because it requires a newer version of server.
+| `0x8024002C` | `WU_E_BIN_SOURCE_ABSENT`          | A delta-compressed update couldn't be installed because it required the source.
+| `0x8024002D` | `WU_E_SOURCE_ABSENT`              | A full-file update couldn't be installed because it required the source.
+| `0x8024002E` | `WU_E_WU_DISABLED`                | Access to an unmanaged server isn't allowed.
+| `0x8024002F` | `WU_E_CALL_CANCELLED_BY_POLICY`   | Operation didn't complete because the DisableWindowsUpdateAccess policy was set.
+| `0x80240030` | `WU_E_INVALID_PROXY_SERVER`       | The format of the proxy list was invalid.
+| `0x80240031` | `WU_E_INVALID_FILE`               | The file is in the wrong format.
+| `0x80240032` | `WU_E_INVALID_CRITERIA`           | The search criteria string was invalid.
+| `0x80240033` | `WU_E_EULA_UNAVAILABLE`           | License terms couldn't be downloaded.
+| `0x80240034` | `WU_E_DOWNLOAD_FAILED`            | Update failed to download.
+| `0x80240035` | `WU_E_UPDATE_NOT_PROCESSED`       | The update wasn't processed.
+| `0x80240036` | `WU_E_INVALID_OPERATION`          | The object's current state didn't allow the operation.
+| `0x80240037` | `WU_E_NOT_SUPPORTED`              | The functionality for the operation isn't supported.
+| `0x80240038` | `WU_E_WINHTTP_INVALID_FILE`       | The downloaded file has an unexpected content type.
+| `0x80240039` | `WU_E_TOO_MANY_RESYNC`            | Agent is asked by server to resync too many times.
+| `0x80240040` | `WU_E_NO_SERVER_CORE_SUPPORT`     | `WUA API` method doesn't run on Server Core installation.
+| `0x80240041` | `WU_E_SYSPREP_IN_PROGRESS`        | Service isn't available while sysprep is running.
+| `0x80240042` | `WU_E_UNKNOWN_SERVICE`            | The update service is no longer registered with `AU`.
+| `0x80240043` | `WU_E_NO_UI_SUPPORT`              | There's no support for `WUA UI`.
+| `0x80240FFF` | `WU_E_UNEXPECTED`                 | An operation failed due to reasons not covered by another error code.
+| `0x80070422` |                                   | Windows Update service stopped working or isn't running.
 
 ## Windows Update success codes
 
 | Error code |  Message                     | Description                                                                                                                         |
 |------------|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
-| 0x00240001 | `WU_S_SERVICE_STOP`          | Windows Update Agent was stopped successfully.                                                                                      |
-| 0x00240002 | `WU_S_SELFUPDATE`            | Windows Update Agent updated itself.                                                                                                |
-| 0x00240003 | `WU_S_UPDATE_ERROR`          | Operation completed successfully but there were errors applying the updates.                                                        |
-| 0x00240004 | `WU_S_MARKED_FOR_DISCONNECT` | A callback was marked to be disconnected later because the request to disconnect the operation came while a callback was executing. |
-| 0x00240005 | `WU_S_REBOOT_REQUIRED`       | The system must be restarted to complete installation of the update.                                                                |
-| 0x00240006 | `WU_S_ALREADY_INSTALLED`     | The update to be installed is already installed on the system.                                                                      |
-| 0x00240007 | `WU_S_ALREADY_UNINSTALLED`   | The update to be removed is not installed on the system.                                                                            |
-| 0x00240008 | `WU_S_ALREADY_DOWNLOADED`    | The update to be downloaded has already been downloaded.                                                                            |
+| `0x00240001` | `WU_S_SERVICE_STOP`          | Windows Update Agent was stopped successfully.                                                                                      |
+| `0x00240002` | `WU_S_SELFUPDATE`            | Windows Update Agent updated itself.                                                                                                |
+| `0x00240003` | `WU_S_UPDATE_ERROR`          | Operation completed successfully but there were errors applying the updates.                                                        |
+| `0x00240004` | `WU_S_MARKED_FOR_DISCONNECT` | A callback was marked to be disconnected later because the request to disconnect the operation came while a callback was executing. |
+| `0x00240005` | `WU_S_REBOOT_REQUIRED`       | The system must be restarted to complete installation of the update.                                                                |
+| `0x00240006` | `WU_S_ALREADY_INSTALLED`     | The update to be installed is already installed on the system.                                                                      |
+| `0x00240007` | `WU_S_ALREADY_UNINSTALLED`   | The update to be removed isn't installed on the system.                                                                            |
+| `0x00240008` | `WU_S_ALREADY_DOWNLOADED`    | The update to be downloaded has already been downloaded.                                                                            |
 
 ## Windows Installer minor errors
-The following errors are used to indicate that part of a search fails because of Windows Installer problems. Another part of the search may successfully return updates. All Windows Installer minor codes must share the same error code range so that the caller can tell that they are related to Windows Installer.  
+The following errors are used to indicate that part of a search fails because of Windows Installer problems. Another part of the search may successfully return updates. All Windows Installer minor codes must share the same error code range so that the caller can tell that they're related to Windows Installer.  
 
 | Error code |  Message                     | Description                                                                                 |
 |------------|------------------------------|---------------------------------------------------------------------------------------------|
-| 0x80241001 | `WU_E_MSI_WRONG_VERSION`     | Search may have missed some updates because the Windows Installer is less than version 3.1. |
-| 0x80241002 | `WU_E_MSI_NOT_CONFIGURED`    | Search may have missed some updates because the Windows Installer is not configured.        |
-| 0x80241003 | `WU_E_MSP_DISABLED`          | Search may have missed some updates because policy has disabled Windows Installer patching. |
-| 0x80241004 | `WU_E_MSI_WRONG_APP_CONTEXT` | An update could not be applied because the application is installed per-user.               |
-| 0x80241FFF | `WU_E_MSP_UNEXPECTED`        | Search may have missed some updates because there was a failure of the Windows Installer.   |
+| `0x80241001` | `WU_E_MSI_WRONG_VERSION`     | Search may have missed some updates because the Windows Installer is less than version 3.1. |
+| `0x80241002` | `WU_E_MSI_NOT_CONFIGURED`    | Search may have missed some updates because the Windows Installer isn't configured.        |
+| `0x80241003` | `WU_E_MSP_DISABLED`          | Search may have missed some updates because policy has disabled Windows Installer patching. |
+| `0x80241004` | `WU_E_MSI_WRONG_APP_CONTEXT` | An update couldn't be applied because the application is installed per-user.               |
+| `0x80241FFF` | `WU_E_MSP_UNEXPECTED`        | Search may have missed some updates because there was a failure of the Windows Installer.   |
  
 ## Windows Update Agent update and setup errors
 
 | Error code |  Message                               | Description                                                                                                                       |
 |------------|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
-| 0x8024D001 | `WU_E_SETUP_INVALID_INFDATA`           | Windows Update Agent could not be updated because an INF file contains invalid information.                                       |
-| 0x8024D002 | `WU_E_SETUP_INVALID_IDENTDATA`         | Windows Update Agent could not be updated because the `wuident.cab` file contains invalid information.                            |
-| 0x8024D003 | `WU_E_SETUP_ALREADY_INITIALIZED`       | Windows Update Agent could not be updated because of an internal error that caused setup initialization to be performed twice.    |
-| 0x8024D004 | `WU_E_SETUP_NOT_INITIALIZED`           | Windows Update Agent could not be updated because setup initialization never completed successfully.                              |
-| 0x8024D005 | `WU_E_SETUP_SOURCE_VERSION_MISMATCH`   | Windows Update Agent could not be updated because the versions specified in the INF do not match the actual source file versions. |
-| 0x8024D006 | `WU_E_SETUP_TARGET_VERSION_GREATER`    | Windows Update Agent could not be updated because a WUA file on the target system is newer than the corresponding source file.    |
-| 0x8024D007 | `WU_E_SETUP_REGISTRATION_FAILED`       | Windows Update Agent could not be updated because `regsvr32.exe` returned an error.                                               |
-| 0x8024D009 | `WU_E_SETUP_SKIP_UPDATE`               | An update to the Windows Update Agent was skipped due to a directive in the `wuident.cab` file.                                   |
-| 0x8024D00A | `WU_E_SETUP_UNSUPPORTED_CONFIGURATION` | Windows Update Agent could not be updated because the current system configuration is not supported.                              |
-| 0x8024D00B | `WU_E_SETUP_BLOCKED_CONFIGURATION`     | Windows Update Agent could not be updated because the system is configured to block the update.                                   |
-| 0x8024D00C | `WU_E_SETUP_REBOOT_TO_FIX`             | Windows Update Agent could not be updated because a restart of the system is required.                                            |
-| 0x8024D00D | `WU_E_SETUP_ALREADYRUNNING`            | Windows Update Agent setup is already running.                                                                                    |
-| 0x8024D00E | `WU_E_SETUP_REBOOTREQUIRED`            | Windows Update Agent setup package requires a reboot to complete installation.                                                    |
-| 0x8024D00F | `WU_E_SETUP_HANDLER_EXEC_FAILURE`      | Windows Update Agent could not be updated because the setup handler failed during execution.                                      |
-| 0x8024D010 | `WU_E_SETUP_INVALID_REGISTRY_DATA`     | Windows Update Agent could not be updated because the registry contains invalid information.                                      |
-| 0x8024D013 | `WU_E_SETUP_WRONG_SERVER_VERSION`      | Windows Update Agent could not be updated because the server does not contain update information for this version.                |
-| 0x8024DFFF | `WU_E_SETUP_UNEXPECTED`                | Windows Update Agent could not be updated because of an error not covered by another `WU_E_SETUP_*` error code.                   |
+| `0x8024D001` | `WU_E_SETUP_INVALID_INFDATA`           | Windows Update Agent couldn't be updated because an INF file contains invalid information.                                       |
+| `0x8024D002` | `WU_E_SETUP_INVALID_IDENTDATA`         | Windows Update Agent couldn't be updated because the `wuident.cab` file contains invalid information.                            |
+| `0x8024D003` | `WU_E_SETUP_ALREADY_INITIALIZED`       | Windows Update Agent couldn't be updated because of an internal error that caused setup initialization to be performed twice.    |
+| `0x8024D004` | `WU_E_SETUP_NOT_INITIALIZED`           | Windows Update Agent couldn't be updated because setup initialization never completed successfully.                              |
+| `0x8024D005` | `WU_E_SETUP_SOURCE_VERSION_MISMATCH`   | Windows Update Agent couldn't be updated because the versions specified in the INF don't match the actual source file versions. |
+| `0x8024D006` | `WU_E_SETUP_TARGET_VERSION_GREATER`    | Windows Update Agent couldn't be updated because a WUA file on the target system is newer than the corresponding source file.    |
+| `0x8024D007` | `WU_E_SETUP_REGISTRATION_FAILED`       | Windows Update Agent couldn't be updated because `regsvr32.exe` returned an error.                                               |
+| `0x8024D009` | `WU_E_SETUP_SKIP_UPDATE`               | An update to the Windows Update Agent was skipped due to a directive in the `wuident.cab` file.                                   |
+| `0x8024D00A` | `WU_E_SETUP_UNSUPPORTED_CONFIGURATION` | Windows Update Agent couldn't be updated because the current system configuration isn't supported.                              |
+| `0x8024D00B` | `WU_E_SETUP_BLOCKED_CONFIGURATION`     | Windows Update Agent couldn't be updated because the system is configured to block the update.                                   |
+| `0x8024D00C` | `WU_E_SETUP_REBOOT_TO_FIX`             | Windows Update Agent couldn't be updated because a restart of the system is required.                                            |
+| `0x8024D00D` | `WU_E_SETUP_ALREADYRUNNING`            | Windows Update Agent setup is already running.                                                                                    |
+| `0x8024D00E` | `WU_E_SETUP_REBOOTREQUIRED`            | Windows Update Agent setup package requires a reboot to complete installation.                                                    |
+| `0x8024D00F` | `WU_E_SETUP_HANDLER_EXEC_FAILURE`      | Windows Update Agent couldn't be updated because the setup handler failed during execution.                                      |
+| `0x8024D010` | `WU_E_SETUP_INVALID_REGISTRY_DATA`     | Windows Update Agent couldn't be updated because the registry contains invalid information.                                      |
+| `0x8024D013` | `WU_E_SETUP_WRONG_SERVER_VERSION`      | Windows Update Agent couldn't be updated because the server doesn't contain update information for this version.                |
+| `0x8024DFFF` | `WU_E_SETUP_UNEXPECTED`                | Windows Update Agent couldn't be updated because of an error not covered by another `WU_E_SETUP_*` error code.                   |
diff --git a/windows/deployment/update/windows-update-logs.md b/windows/deployment/update/windows-update-logs.md
index b4ab1cd282..2279f4318c 100644
--- a/windows/deployment/update/windows-update-logs.md
+++ b/windows/deployment/update/windows-update-logs.md
@@ -2,20 +2,22 @@
 title: Windows Update log files
 description: Learn about the Windows Update log files and how to merge and convert Windows Update trace files (.etl files) into a single readable WindowsUpdate.log file.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: troubleshooting
 author: mestew
 ms.author: mstewart
 manager: aaroncz
-ms.topic: troubleshooting
 ms.collection:
   - highpri
   - tier2
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 12/31/2017
 ---
 
 # Windows Update log files
 
->Applies to: Windows 10
 
 The following table describes the log files created by Windows Update.
 
diff --git a/windows/deployment/update/windows-update-overview.md b/windows/deployment/update/windows-update-overview.md
index cf56c12408..7965aa2782 100644
--- a/windows/deployment/update/windows-update-overview.md
+++ b/windows/deployment/update/windows-update-overview.md
@@ -2,12 +2,15 @@
 title: Get started with Windows Update
 description: An overview of learning resources for Windows Update, including documents on architecture, log files, and common errors.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 09/18/2018
-ms.topic: article
-ms.technology: itpro-updates
 ---
 
 # Get started with Windows Update
@@ -31,7 +34,7 @@ To understand the changes to the Windows Update architecture that UUP introduces
 
 ![Windows Update terminology.](images/update-terminology.png)
 
-- **Update UI** – The user interface to initiate Windows Update check and history. Available under **Settings --> Update & Security --> Windows Update**. 
+- **Update UI** - The user interface to initiate Windows Update check and history. Available under **Settings --> Update & Security --> Windows Update**. 
 - **Update Session Orchestrator (USO)**- A Windows OS component that orchestrates the sequence of downloading and installing various update types from Windows Update.  
 
    Update types- 
@@ -51,5 +54,5 @@ To understand the changes to the Windows Update architecture that UUP introduces
  
 Additional components include the following- 
 
-- **CompDB** – A generic term to refer to the XML describing information about target build composition, available diff packages, and conditional rules. 
-- **Action List** – The payload and additional information needed to perform an update. The action list is consumed by the UpdateAgent, as well as other installers to determine what payload to download. It's also consumed by the "Install Agent" to determine what actions need to be taken, such as installing or removing packages.  
+- **CompDB** - A generic term to refer to the XML describing information about target build composition, available diff packages, and conditional rules. 
+- **Action List** - The payload and additional information needed to perform an update. The action list is consumed by the UpdateAgent, as well as other installers to determine what payload to download. It's also consumed by the "Install Agent" to determine what actions need to be taken, such as installing or removing packages.  
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
index 9cf0c08919..ab1ed81b28 100644
--- a/windows/deployment/update/windows-update-security.md
+++ b/windows/deployment/update/windows-update-security.md
@@ -1,13 +1,16 @@
 ---
 title: Windows Update security
 manager: aaroncz
-description: Overview of the security for Windows Update.
+description: Overview of the security for Windows Update including security for the metadata exchange and content download.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
-ms.topic: article
-ms.date: 10/25/2022
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+ms.date: 08/28/2023
 ---
 
 # Windows Update security
diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md
index 3549b7bdb6..e29c2d0a8e 100644
--- a/windows/deployment/update/wufb-compliancedeadlines.md
+++ b/windows/deployment/update/wufb-compliancedeadlines.md
@@ -1,22 +1,21 @@
 ---
-title: Enforce compliance deadlines with policies in Windows Update for Business (Windows 10)
+title: Enforce compliance deadlines with policies
+titleSuffix: Windows Update for Business
 description: This article contains information on how to enforce compliance deadlines using Windows Update for Business.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 05/12/2023
 ---
 # Enforcing compliance deadlines for updates
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
 
 With a current version, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and later: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
@@ -26,17 +25,17 @@ With a current version, it's best to use the new policy introduced in June 2019
 - Update/ConfigureDeadlineGracePeriod
 - Update/ConfigureDeadlineNoAutoReboot
 
-### Policy setting overview
+## Policy setting overview
 
 |Policy|Description |
 |-|-|
 | (Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | This policy includes a deadline and a configurable grace period with the option to opt out of automatic restarts until the deadline is reached. This is the recommended policy for Windows 10, version 1709 and later.|
 
-### Suggested configurations
+## Suggested configurations
 
 |Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days|
 |-|-|-|-|-|
-|(Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts    | 3 | 7 | 2 |
+|(Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts    | 2 | 2 | 5 |
 
 When **Specify deadlines for automatic updates and restarts** is set (Windows 10, version 1709 and later):
 
diff --git a/windows/deployment/update/wufb-reports-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md
index 8d7b1f616c..0e0b313437 100644
--- a/windows/deployment/update/wufb-reports-admin-center.md
+++ b/windows/deployment/update/wufb-reports-admin-center.md
@@ -1,19 +1,24 @@
 ---
 title: Microsoft 365 admin center software updates page
+titleSuffix: Windows Update for Business reports
 manager: aaroncz
 description: Microsoft admin center populates Windows Update for Business reports data into the software updates page.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
 ms.localizationpriority: medium
-ms.topic: article
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows Update for Business reports</a>	
+- ✅ <a href=https://learn.microsoft.com/microsoft-365/admin/admin-overview/admin-center-overview >Microsoft 365 admin center</a>	
 ms.date: 04/26/2023
-ms.technology: itpro-updates
 ---
 
 # Microsoft 365 admin center software updates page
 <!--37063317, 30141258, 37063041, ID2616577, ID2582518 -->
-***(Applies to: Windows 11 & Windows 10 using [Windows Update for Business reports](wufb-reports-overview.md) and the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview))***
 
 The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. [Quality updates](quality-updates.md) that contain security fixes are typically released on the second Tuesday of each month. Ensuring these updates are installed is important because they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices.
 
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index eb4aec825a..395856651d 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -1,20 +1,21 @@
 ---
-title: Configuring Microsoft Intune devices for Windows Update for Business reports
-manager: aaroncz
-description: Configuring devices that are enrolled in Microsoft Intune for Windows Update for Business reports
+title: Configure devices using Microsoft Intune
+titleSuffix: Windows Update for Business reports
+description: How to configure devices to use Windows Update for Business reports from Microsoft Intune.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
+manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: article
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11 and Windows 10</a> devices managed by <a href=https://learn.microsoft.com/mem/intune/fundamentals/what-is-intune target=_blank>Microsoft Intune</a>
 ms.date: 03/08/2023
-ms.technology: itpro-updates
 ---
 
 # Configuring Microsoft Intune devices for Windows Update for Business reports
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Intune](/mem/intune/fundamentals/what-is-intune)***
-
 
 This article is targeted at configuring devices enrolled to [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) for Windows Update for Business reports, within Microsoft Intune itself. Configuring devices for Windows Update for Business reports in Microsoft Intune breaks down to the following steps:
 
@@ -23,7 +24,7 @@ This article is targeted at configuring devices enrolled to [Microsoft Intune](/
 
 > [!TIP]
 > - If you need to troubleshoot client enrollment, consider deploying the [configuration script](#deploy-the-configuration-script) as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
-> - Intune provides compliance reports and they have their own prerequisites for use. The number of devices that appear in the Intune reports may also vary from the Windows Update for Business reports. For more information, see [Intune compliance reports for updates](/mem/intune/protect/windows-update-compliance-reports).
+> - Intune provides compliance reports and they have their own prerequisites for use. The number of devices that appear in the Intune reports may also vary from the Windows Update for Business reports. For more information, see [Intune compliance reports for updates](/mem/intune/protect/windows-update-reports).
 
 ## Create a configuration profile
 
diff --git a/windows/deployment/update/wufb-reports-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
index 1d156ad5b7..3f3c8c7937 100644
--- a/windows/deployment/update/wufb-reports-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -1,19 +1,22 @@
 ---
-title: Manually configuring devices for Windows Update for Business reports
-manager: aaroncz
-description: How to manually configure devices for Windows Update for Business reports
+title: Manually configure devices to send data
+titleSuffix: Windows Update for Business reports
+description: How to manually configure devices for Windows Update for Business reports using a PowerShell script.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
+manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: article
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 11/15/2022
-ms.technology: itpro-updates
 ---
 
 # Manually configuring devices for Windows Update for Business reports
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
 
 There are a number of requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with newer versions of Windows client. The [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
 
diff --git a/windows/deployment/update/wufb-reports-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
index a521c8c546..10af47e205 100644
--- a/windows/deployment/update/wufb-reports-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -1,19 +1,22 @@
 ---
-title: Windows Update for Business reports configuration script
-manager: aaroncz
-description: Downloading and using the Windows Update for Business reports configuration script
+title: Configure clients with a script
+titleSuffix: Windows Update for Business reports
+description: How to get and use the Windows Update for Business reports configuration script to configure devices for Windows Update for Business reports.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
+manager: aaroncz
 ms.localizationpriority: medium
-ms.topic: article
-ms.date: 02/10/2023
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+ms.date: 07/11/2023
 ---
 
 # Configuring devices through the Windows Update for Business reports configuration script
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
 
 The Windows Update for Business reports configuration script is the recommended method of configuring devices to send data to Microsoft for use with Windows Update for Business reports. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configure devices for Windows Update for Business reports](wufb-reports-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured.
 
@@ -25,23 +28,23 @@ You can download the script from the [Microsoft Download Center](https://www.mic
 
 ## How this script is organized
 
-This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the `.bat` itself, which will then run `ConfigScript.ps1` with the parameters entered to `RunConfig.bat`. There are two ways of using the script: in **Pilot** mode or **Deployment** mode. 
-
-- In **Pilot** mode (`runMode=Pilot`), the script will enter a verbose mode with enhanced diagnostics, and save the results in the path defined with `logpath` in `RunConfig.bat`. Pilot mode is best for a pilot run of the script or for troubleshooting configuration.
-- In **Deployment** mode (`runMode=Deployment`), the script will run quietly.
+This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the `.bat` itself, which will then run `ConfigScript.ps1` with the parameters entered to `RunConfig.bat`. There are two ways of using the script: in **Pilot** mode or **Deployment** mode.
 
 > [!Important]
 > [PsExec](/sysinternals/downloads/psexec) is used to run the script in the system context. Once the device is configured, remove PsExec.exe from the device.
 
 ## How to use this script
 
-Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
+Edit the `RunConfig.bat` file to configure the following variables, then run the edited .bat file:
 
-1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
-1. Don't modify the [Commercial ID](update-compliance-get-started.md#get-your-commercialid) values since they're used for the earlier version of Windows Update for Business reports (Update Compliance). Leave `setCommercialID=false` and the `commercialIDValue=Unknown`.
-1. Run the script.
-1. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
-1. If there are issues, gather the logs and provide them to Microsoft Support.
+| Variable | Allowed values and description | Example |
+|---|---|---|
+| runMode | **Pilot** (default): Verbose mode with additional diagnostics with additional logging. Pilot mode is best for a testing run of the script or for troubleshooting. <br> **Deployment**: Doesn't run any additional diagnostics or add extra logging | `runMode=Pilot` |
+| logPath | Path where the logs will be saved. The default location of the logs is `.\UCLogs`. | `logPath=C:\temp\logs` |
+| logMode | **0**: Log to the console only </br> **1** (default): Log to file and console. </br> **2**: Log to file only. | `logMode=2` |
+| DeviceNameOptIn | **true** (default): Device name is sent to Microsoft. </br> **false**: Device name isn't sent to Microsoft. | `DeviceNameOptIn=true` |
+| ClientProxy | **Direct** (default): No proxy is used. The connection to the endpoints is direct. </br> **System**: The system proxy, without authentication, is used. This type of proxy is typically configured with [netsh](/windows-server/networking/technologies/netsh/netsh-contexts) and can be verified using `netsh winhttp show proxy`.  </br> **User**: The proxy is configured through IE and it might or might not require user authentication. </br> </br> For more information, see [How the Windows Update client determines which proxy server to use to connect to the Windows Update website](https://support.microsoft.com/en-us/topic/how-the-windows-update-client-determines-which-proxy-server-to-use-to-connect-to-the-windows-update-website-08612ae5-3722-886c-f1e1-d012516c22a1) | `ClientProxy=Direct` | 
+| source | Used by the .bat file and PowerShell script to locate dependencies. It's recommended that you don't change this value. | `source=%~dp0` |
 
 
 ## Script errors
diff --git a/windows/deployment/update/wufb-reports-do.md b/windows/deployment/update/wufb-reports-do.md
index 9c2455ffd2..05cfa795ab 100644
--- a/windows/deployment/update/wufb-reports-do.md
+++ b/windows/deployment/update/wufb-reports-do.md
@@ -1,27 +1,32 @@
 ---
-title: Delivery Optimization data in Windows Update for Business reports
-manager: aaroncz
-description: Provides information about Delivery Optimization data in Windows Update for Business reports 
+title: Delivery Optimization data in reports
+titleSuffix: Windows Update for Business reports
+description: This article provides information about Delivery Optimization data in Windows Update for Business reports. 
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
-ms.topic: article
+manager: aaroncz
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 04/12/2023
-ms.technology: itpro-updates
 ---
 
 # Delivery Optimization data in Windows Update for Business reports
 <!--7715481-->
-***(Applies to: Windows 11 & Windows 10)***
 
-[Delivery Optimization](../do/waas-delivery-optimization.md) (DO) is a Windows feature that can be used to reduce bandwidth consumption by sharing the work of downloading updates among multiple devices in your environment. You can use DO with many other deployment methods, but it's a cloud-managed solution, and access to the DO cloud services is a requirement. 
+[Delivery Optimization](../do/waas-delivery-optimization.md) (DO) is a Windows feature that can be used to reduce bandwidth consumption by sharing the work of downloading updates among multiple devices in your environment. You can use DO with many other deployment methods, but it's a cloud-managed solution, and access to the DO cloud services is a requirement.
 
 Windows Update for Business reports provides Delivery Optimization information in the following places:
+
 - The Windows Update for Business reports [workbook](wufb-reports-workbook.md)
 - [UCDOAggregatedStatus](wufb-reports-schema-ucdoaggregatedstatus.md)
 - [UCDOStatus](wufb-reports-schema-ucdostatus.md)
 
-Windows Update for Business reports doesn't include Delivery Optimization data for Windows Insider devices. 
+Windows Update for Business reports doesn't include Delivery Optimization data for Windows Insider devices.
 
 ## Delivery Optimization terms
 
@@ -29,23 +34,24 @@ Windows Update for Business reports uses the following Delivery Optimization ter
 
 - **Peer**: A device in the solution
 - **Peering 'ON'** - Devices where DO peer-to-peer is enabled in one of the following modes:
-   - LAN (1)
-   - Group (2)
-   - Internet (3)
+  - LAN (1)
+  - Group (2)
+  - Internet (3)
+  
 - **Peering 'OFF'**: Devices where DO peer-to-peer is disabled, set to one of the following modes:
-   - HTTP Only (0)
-   - Simple Mode (99)
-   - Bypass (100), deprecated in Windows 11
+  - HTTP Only (0)
+  - Simple Mode (99)
+  - Bypass (100), deprecated in Windows 11
 - **Bandwidth savings**: The percentage of bandwidth that was downloaded from alternate sources (Peers or Microsoft Connected Cache (MCC) out of the total amount of data downloaded.
-   - If bandwidth savings are <= 60%, a *Warning* icon is displayed
-   - When bandwidth savings are <10%, an *Error* icon is displayed.
+- If bandwidth savings are <= 60%, a *Warning* icon is displayed
+- When bandwidth savings are <10%, an *Error* icon is displayed.
 - **Configurations**: Based on the DownloadMode configuration set via MDM, Group Policy, or end-user via the user interface.
 - **P2P Device Count**: The device count is the number of devices configured to use peering.
 - **Microsoft Connected Cache (MCC)**: Microsoft Connected Cache is a software-only caching solution that delivers Microsoft content. For more information, see [Microsoft Connected Cache overview](../do/waas-microsoft-connected-cache.md).
 - **MCC Device Count**: The device count is the number of devices that have received bytes from the cache server, for supported content types.
 - **Total # of Devices**: The total number of devices with activity in last 28 days.
 - **LAN Bytes**: Bytes delivered from LAN peers.
-- **Group Bytes**: Bytes from Group peers. If a device is using Group DownloadMode, Delivery Optimization will first look for peers on the LAN and then in the Group. Therefore, if bytes are delivered from LAN peers, they'll be calculated in 'LAN Bytes'.
+- **Group Bytes**: Bytes from Group peers. If a device is using Group DownloadMode, Delivery Optimization first looks for peers on the LAN and then in the Group. Therefore, if bytes are delivered from LAN peers, they are calculated in 'LAN Bytes'.
 - **CDN Bytes**: Bytes delivered from Content Delivery Network (CDN).
 - **City**: City is determined based on the location of the device where the maximum amount of data is downloaded.
 - **Country**: Country is determined based on the location of the device where the maximum amount of data is downloaded.
@@ -53,16 +59,16 @@ Windows Update for Business reports uses the following Delivery Optimization ter
 
 ## Calculations for Delivery Optimization
 
-There are several calculated values that appear on the Delivery Optimization report. Listed below each calculation is the table that's used for it:
+Each calculated values used in the Delivery Optimization report are listed below.
 
 **Efficiency (%) Calculations**:
- 
+
 - Bandwidth Savings (BW SAV%) = 100 * (BytesFromPeers + BytesFromGroupPeers + BytesFromCache) /
 (BytesFromPeers + BytesFromGroupPeers+BytesFromCDN + BytesFromCache)
   - [UCDOAggregatedStatus](wufb-reports-schema-ucdostatus.md) table
 - % P2P Efficiency = 100 * (BytesFromPeers + BytesFromGroupPeers) / (BytesFromPeers + BytesFromGroupPeers+BytesFromCDN+BytesFromCache)
   - [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
-- % MCC Efficiency = 100 * BytesFromCache / (BytesFromPeers + BytesFromGroupPeers+BytesFromCDN+BytesFromCache) 
+- % MCC Efficiency = 100 * BytesFromCache / (BytesFromPeers + BytesFromGroupPeers+BytesFromCDN+BytesFromCache)
   - [UCDOStatus](wufb-reports-schema-ucdostatus.md) table
 
 **Bytes Calculations**:
@@ -92,7 +98,7 @@ There are several calculated values that appear on the Delivery Optimization rep
 In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of original to encoded GroupIDs using the following PowerShell example:
 
 ```powershell
-$text = "<myEncodedGroupID>`0"; (the null-terminator (`0) must be included in the string hash)
+$text = "<myOriginalGroupID>`0" ; # The `0 null terminator is required
 
 $hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64"
 ```
@@ -106,8 +112,8 @@ Get-DeliveryOptimizationLog -Flush | Set-Content C:\dosvc.log
 The below two lines are together in verbose logs:
 
 ```text
-2023-02-15T12:33:11.3811337Z 1514  1F4          {CGlobalConfigManager::GetGroupId} Using groupID = **<myEncodedGroupId>**
-2023-02-15T12:33:11.3811432Z 1514  1F4          {CGlobalConfigManager::GetGroupId} Hashed groupID = **<myDecodedGroupId>**
+2023-02-15T12:33:11.3811337Z 1514  1F4          {CGlobalConfigManager::GetGroupId} Using groupID = **<myOriginalGroupId>**
+2023-02-15T12:33:11.3811432Z 1514  1F4          {CGlobalConfigManager::GetGroupId} Hashed groupID = **<myEncodedGroupId>**
 ```
 
 ## Sample queries
@@ -142,6 +148,19 @@ DeviceCount = count_distinct(GlobalDeviceId) by GroupID | top 10 by DeviceCount
 | project  GroupID , P2PPercentage , MCCPercentage ,  VolumeBytesFromPeers , VolumeBytesFromMCC ,VolumeByCDN , DeviceCount
 ```
 
+### Delivery Optimization Supported Content Types
+
+There are many Microsoft [content types](waas-delivery-optimization.md#types-of-download-content-supported-by-delivery-optimization) that are supported by Delivery Optimization. All of these content types show up in the 'Content Distribution' section in the Delivery Optimization report. See the [complete table](waas-delivery-optimization.md#windows-client) for P2P/MCC support types.
+
+| Content Category | Content Types Included |
+| --- | --- |
+| Apps | Windows 10 Store apps,  Windows 10 Store for Business apps, Windows 11 UWP Store apps |
+| Driver Updates | Windows Update [Driver updates](get-started-updates-channels-tools.md#types-of-updates) |
+| Feature Updates | Windows Update [Feature updates](get-started-updates-channels-tools.md#types-of-updates) |
+| Office | Microsoft 365 Apps and updates |
+| Other | Windows Language Packs, Windows Defender definition updates, Intune Win32 apps, Edge Browser updates, Configuration Manager Express updates, Dynamic updates, MDM Agent, Xbox Game Pass (PC), Windows Package Manager, MSIX Installer (includes Windows 11 Store Win32 apps, Windows 11 Teams updates) |
+| Quality Updates | Windows Updates [Quality updates](get-started-updates-channels-tools.md#types-of-updates)) |
+
 ## Frequency Asked Questions
 
 - **What time period does the Delivery Optimization data include?**
@@ -157,13 +176,19 @@ The top groups are represented by the number of devices in a particular group, f
 The GroupID values are encoded for data protection telemetry requirements. You can find more information in the 'Mapping GroupIDs' section above.
 
 - **How can I see data for device in the office vs. out of the office?**
-Today, we don't have a distinction for data that was downloaded by location. 
+Today, we don't have a distinction for data that was downloaded by location.
 
 - **What does the data in UCDOStatus table represent?**
-A row in UCDOStatus represents data downloaded by a combination of a single device ID (AzureADDeviceId) by content type (ContentType). 
+A row in UCDOStatus represents data downloaded by a combination of a single device ID (AzureADDeviceId) by content type (ContentType).
 
 - **What does the data in UCDOAggregatedStatus table represent?**
 A row in UCDOAggregatedStatus represents data summarized at the tenant level (AzureADTenantID) for each content type (ContentType).
 
 - **How are BytesFromCache calculated when there's a Connected Cache server used by my ISP?**
-If there's a Connected Cache server at the ISP level, BytesFromCache will filter out any bytes coming the ISP's Connected Cache.
+If there's a Connected Cache server at the ISP level, BytesFromCache filters out any bytes coming the ISP's Connected Cache.
+
+- **How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?**
+[Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-setup.md#monitor-delivery-optimization) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization telemetry events.
+
+- **The report represents the last 28 days of data, why do some queries include >= seven days?**
+The data in the report does represent the last 28 days of data. The query for last seven days is just to get the data for the latest snapshot from past seven days. It's possible that data is delayed for sometime and not available for current day, so we look for past 7 day snapshot in log analytics and show the latest snapshot.
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
index df307acd3d..27a5b5ad14 100644
--- a/windows/deployment/update/wufb-reports-enable.md
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -1,19 +1,21 @@
 ---
 title: Enable Windows Update for Business reports
-manager: aaroncz
-description: How to enable Windows Update for Business reports through the Azure portal
+titleSuffix: Windows Update for Business reports
+description: How to enable the Windows Update for Business reports service through the Azure portal or the Microsoft 365 admin center.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
-ms.topic: article
-ms.date: 04/26/2023
-ms.technology: itpro-updates
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+ms.date: 07/11/2023
 ---
 
 # Enable Windows Update for Business reports
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 After verifying the [prerequisites](wufb-reports-prerequisites.md) are met, you can start to set up Windows Update for Business reports. The two main steps for setting up  Windows Update for Business reports are:
 
 1. [Add Windows Update for Business reports](#bkmk_add) to your Azure subscription. This step has the following phases:
@@ -52,9 +54,7 @@ Windows Update for Business reports uses an [Azure Log Analytics workspaces](/az
 
 ## <a name="bkmk_enroll"></a> Enroll into Windows Update for Business reports
 
-Enroll into Windows Update for Business reports by configuring its settings through either the Azure Workbook or from the Microsoft 365 admin center. Completing the Windows Update for Business reports configuration removes needing to specify [`CommercialID`](update-compliance-get-started.md#get-your-commercialid), which was needed by Update Compliance, the predecessor of Windows Update for Business reports.
-
-Use one of the following methods to enroll into Windows Update for Business reports:
+Enroll into Windows Update for Business reports by configuring its settings through either the Azure Workbook or from the Microsoft 365 admin center. Use one of the following methods to enroll into Windows Update for Business reports:
 
 ##### <a name="bkmk_enroll-workbook"></a> Enroll through the Azure Workbook (recommended method)
 
diff --git a/windows/deployment/update/wufb-reports-faq.yml b/windows/deployment/update/wufb-reports-faq.yml
new file mode 100644
index 0000000000..60f9460966
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-faq.yml
@@ -0,0 +1,183 @@
+### YamlMime:FAQ
+metadata:
+  title: Frequently Asked Questions (FAQ)
+  titleSuffix: Windows Update for Business reports
+  description: Answers to frequently asked questions about Windows Update for Business reports.
+  ms.prod: windows-client
+  ms.technology: itpro-updates
+  ms.topic: faq
+  manager: aaroncz
+  author: mestew
+  ms.author: mstewart
+  ms.date: 06/20/2023
+title: Frequently Asked Questions about Windows Update for Business reports
+summary: |
+  This article answers frequently asked questions about Windows Update for Business reports. <!--7760853-->
+
+  **General questions**:
+
+  - [What is Windows Update for Business reports?](#what-is-windows-update-for-business-reports)
+  - [Is Windows Update for Business reports free?](#is-windows-update-for-business-reports-free)
+  - [What Windows versions are supported?](#what-windows-versions-are-supported)
+
+  **Setup questions**:
+
+  - [How do you set up Windows Update for Business reports?](#how-do-you-set-up-windows-update-for-business-reports)
+  - [Why is "Waiting for Windows Update for Business reports data" displayed on the page](#why-is--waiting-for-windows-update-for-business-reports-data--displayed-on-the-page)
+  - [Why am I getting the error "400 Bad Request: The specified resource already exists"?](#why-am-i-getting-the-error--400-bad-request--the-specified-resource-already-exists-)
+
+  **Questions about using Windows Update for Business reports**:
+
+  - [Why is the device name null(#)?](#why-is-the-device-name-null---)
+  - [Why am I missing devices in reports?](#why-am-i-missing-devices-in-reports)
+  - [What is the difference between OS version and target version?](#what-is-the-difference-between-os-version-and-target-version)
+  - [Why are there multiple records for the same device?](#why-are-there-multiple-records-for-the-same-device)
+  - [When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?](#when-should-i-use-the-ucclient--ucclientupdatestatus--or-ucupdatealert-tables)
+  - [What is the difference between quality and security updates?](#what-is-the-difference-between-quality-and-security-updates)
+  - [How do I confirm that devices are sending data?](#how-do-i-confirm-that-devices-are-sending-data)
+  - [Why isn't the workbook displaying data even though my UCClient table has data?](#why-isn-t-the-workbook-displaying-data-even-though-my-ucclient-table-has-data)
+
+  **Delivery Optimization data**:
+
+  - [What time period does the Delivery Optimization data include?](#what-time-period-does-the-delivery-optimization-data-include)
+  - [Data is showing as "Unknown", what does that mean?](#data-is-showing-as--unknown---what-does-that-mean)
+  - [How are the 'Top 10' groups identified?](#how-are-the--top-10--groups-identified)
+  - [The GroupIDs don't look familiar, why are they different?](#the-groupids-don-t-look-familiar--why-are-they-different)
+  - [How can I see data for device in the office vs. out of the office?](#how-can-i-see-data-for-device-in-the-office-vs--out-of-the-office)
+  - [What does the data in UCDOStatus table represent?](#what-does-the-data-in-ucdostatus-table-represent)
+  - [What does the data in UCDOAggregatedStatus table represent?](#what-does-the-data-in-ucdoaggregatedstatus-table-represent)
+  - [How are BytesFromCache calculated when there's a Connected Cache server used by my ISP?](#how-are-bytesfromcache-calculated-when-there-s-a-connected-cache-server-used-by-my-isp)
+  - [How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?](#how-do-the-results-from-the-delivery-optimization-powershell-cmdlets-compare-to-the-results-in-the-report)
+  - [The report represents the last 28 days of data, why do some queries include >= seven days?](#the-report-represents-the-last-28-days-of-data--why-do-some-queries-include----seven-days)  
+
+sections:
+  - name: General
+    questions:
+      - question: What is Windows Update for Business reports?
+        answer: |
+          Windows Update for Business reports is a cloud-based solution that provides information about your Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses.  
+      - question: Is Windows Update for Business reports free?
+        answer: |
+          Data ingested into your Log Analytics workspace can be retained at no charge for up to first 31 days (or 90 days if [Microsoft Sentinel](/azure/sentinel/overview) is enabled on the workspace). Data ingested into [Application Insights](/azure/azure-monitor/app/app-insights-overview), either classic or workspace-based, is retained for 90 days without any charge.
+          Data retained beyond these no-charge periods are charged for each GB of data retained for a month, pro-rated daily. For more information, see **Log Data Retention** in [Azure Monitor pricing](https://azure.microsoft.com/en-us/pricing/details/monitor/#pricing).
+      - question: What Windows versions are supported?
+        answer: |
+          Windows Update for Business reports supports clients running a [supported version of Windows 10 or Windows 11](/windows/release-health/supported-versions-windows-client) Professional, Education, Enterprise, and Enterprise multi-session editions. Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+
+  - name: Setup questions
+    questions:
+      - question: How do you set up Windows Update for Business reports?
+        answer: |
+          After verifying the [prerequisites](wufb-reports-prerequisites.md) are met, you can start to set up Windows Update for Business reports. 
+          The two main steps for setting up  Windows Update for Business reports are:
+
+          1. [Add Windows Update for Business reports](wufb-reports-enable.md#bkmk_add) to your Azure subscription. This step has the following phases:
+            1. [Select or create a new Log Analytics workspace](wufb-reports-enable.md#bkmk_workspace) for use with Windows Update for Business reports.
+            1. Enroll into Windows Update for Business reports using one of the following methods:
+              - Enroll through the [Azure Workbook](wufb-reports-enable.md#bkmk_enroll) (preferred method)
+              - Enroll from the [Microsoft 365 admin center](wufb-reports-enable.md#bkmk_admin-center).
+          1. Configure the clients to send data to Windows Update for Business reports. You can configure clients in the following three ways:
+              - Use a [script](wufb-reports-configuration-script.md)
+              - Use [Microsoft Intune](wufb-reports-configuration-intune.md)
+              - Configure [manually](wufb-reports-configuration-manual.md)    
+      - question: Why is `Waiting for Windows Update for Business reports data` displayed on the page?
+        answer: |
+          Typically, the **Waiting for Windows Update for Business reports data** message is displayed because: 
+          - You may not have the correct [permissions](wufb-reports-prerequisites.md#permissions) to display the data. 
+          - The initial enrollment may not be complete yet.
+          - It's possible that devices aren't sharing data. If you received a successful save message during enrollment but still haven't seen any data after 48 hours, try using the [configuration script](wufb-reports-configuration-script.md) on devices to ensure they're configured properly.
+          If you've verified the above items, but still aren't seeing data, you can unenroll then re-enroll. However, it takes another 24-48 hours for the enrollment to complete. If the issue persists, [contact support](wufb-reports-help.md).  
+      - question: "Why am I getting the error `400 Bad Request: The specified resource already exists`?"
+        answer: |
+          A `400 Bad Request: The specified resource already exists` error message indicates that the service already has a subscription and workspace mapping saved. If you're trying to re-enroll with the same configuration settings, wait a few minutes, then refresh the page before saving your subscription and workspace again. Sometimes it can take time to register the save, so it's important to not re-enroll too quickly.
+  - name: Using Windows Update for Business reports
+    questions:
+      - question: Why is the device name null(#)?
+        answer: |
+          If you're seeing the device ID but not the device name, it's possible that the required policy for displaying the device name isn't set on the client. Ensure clients have the policy configured.
+          - CSP: [System/AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#allowdevicenameindiagnosticdata)
+          - Group Policy: Allow device name to be sent in Windows diagnostic data
+            - Located in **Computer Configuration** > **Administrative Templates** > **Windows Components** >**Data Collection and Preview Builds**. It can take up to 21 days for all device names to show in up in reports assuming they're powered on and active.
+      - question: Why am I missing devices in reports?
+        answer: |
+          Here are some reasons why you may not be seeing devices in reports:
+
+          - **The device isn't enrolled with Azure Active Directory**: A [prerequisite](wufb-reports-prerequisites.md#azure-and-azure-active-directory) for devices is that they're either [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
+          - **The device isn't sending data**: It's possible devices aren't sharing data due to a policy being incorrectly configured or a proxy or firewall configuration. Try using the [configuration script](wufb-reports-configuration-script.md) on devices to ensure they're configured properly.
+          - **The device isn't active enough**: Clients must be active and connected to the internet to scan against Microsoft Update. Ensure devices are powered on and have been active at least once in the past 28 days.
+          - **The workbook has limited the results**: The default limit for rows in Azure workbooks is set to 1000. This limit is to avoid any delay in the load time for the interface. If you noticed that you can't find a specific device, you can export the output in Excel, or open the results in the logs view for the full result by selecting the three dots beside each component.
+      - question: Why are there multiple records for the same device?
+        answer: |
+          Devices have multiple records when the `UCClientUpdateStatus` or `UCClientServiceStatus` tables are queried. These tables contain multiple records because they have the history for all devices that have discovered applicable updates within the past 28 days. For example, it's possible that a device has discovered multiple security updates, each with different update states, at various times over the past 28 days. It's also possible that a device can be in multiple deployments, so multiple records are displayed.    
+      - question: What is the difference between OS version and target version?
+        answer: |
+          The word *target* in data labels refers to the update version, build or KB the client intends to update to. Typically, the fields starting with *OS*, such as OSbuild and OSversion, represents what the device is currently running.
+      - question: When should I use the UCClient, UCClientUpdateStatus, or UCUpdateAlert tables?
+        answer: |
+          These tables can be used for the following information:
+
+          - **UCClient**: Represents an individual device's record. It contains data such as the device's name, currently installed build, and the OS Edition. Each device has one record in this table. Use this table to get the overall compliance status of your devices.
+            - To display information for a specific device by Azure AD device ID: </br>
+              `UCClient where AzureADDeviceId contains "01234567-89ab-cdef-0123-456789abcdef"`
+            - To display all device records for devices running any Windows 11 OS version:</br>
+              `UCClient | where OSVersion contains "Windows 11"`
+
+          - **UCClientUpdateStatus**: Contains records for every update the device determined was applicable. There can be multiple records for a device if it's discovered multiple applicable updates in the past 60 days. Use this table if you want to get detailed update status for your active deployments. There will typically be 3 update status records per device for the latest 3 security updates.    
+            - To find device records for devices that determined the March 14, 2023 update was applicable:</br>
+              `UCClientUpdateStatus | where UpdateCategory =="WindowsQualityUpdate" and UpdateReleaseTime == "3/14/2023"`  
+            - To display devices that are in the restart required substate:</br>
+              `UCClientUpdateStatus |where ClientSubstate =="RestartRequired"`
+          
+          - **UCUpdateAlert**: Use this table to understand update failures and act on devices through alert recommendations. This table contains information that needs attention, relative to one device, one update and one deployment (if relevant).  
+            - To display information about an error code: 
+              `UCUpdateAlert|where ErrorCode =="0X8024000b"`
+            - To display a count of devices with active alerts by subtype:
+              `UCUpdateAlert |where AlertStatus =="Active"|summarize Devices=count() by AlertSubtype`
+      - question: What is the difference between quality and security updates?
+        answer: |
+          Windows quality updates are monthly updates that are [released on the second or fourth Tuesday of the month](release-cycle.md). The cumulative updates released on the second Tuesday of the month can contain both security updates and nonsecurity updates. Cumulative updates released on the fourth Tuesday of the month are optional nonsecurity preview releases. Use the fields within the [UCClient table](wufb-reports-schema-ucclient.md) for additional information, such as:
+            
+            - **OSSecurityUpdateStatus**: Indicates the status of the monthly update that's released on the second Tuesday
+            - **OSQualityUpdateStatus**: Indicates the status of the monthly update that's released on the fourth Tuesday
+      - question: How do I confirm that devices are sending data?
+        answer: |
+          Once enrollment is done and devices are properly configured to share data, wait for 48 hours for data to start showing up in reports. It can take up to 14 days for all of your devices to show up in reports in some cases where devices aren't active much. You can check to see if the Log Analytics tables are being populated in your workspace. The data is ingested by the service daily to generate reports. If you notice a day is missing, it's possible that the reports service missed an ingestion. To confirm devices are sending data, [query](wufb-reports-use.md#display-windows-update-for-business-reports-data) the [UCClient table](wufb-reports-schema-ucclient.md). The following query shows total enrolled device count per time-generated: 
+
+          `UCClient | summarize count() by TimeGenerated`
+
+          :::image type="content" source="media/7760853-wufb-reports-time-generated.png" alt-text="Screenshot of using a Kusto (KQL) query for time generated on Windows Update for Business reports data in Log Analytics." lightbox="media/7760853-wufb-reports-time-generated.png":::
+      - question: Why isn't the workbook displaying data even though my UCClient table has data?
+        answer: |
+          If the [UCClient table](wufb-reports-schema-ucclient.md) has data, but the [workbook](wufb-reports-workbook.md) isn't displaying data, ensure that the user has correct permissions to read the data. The [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role is needed to view the data in the workbooks. The [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role is needed to do any edits to the queries and workbooks.
+  - name: Delivery Optimization data
+    questions:  
+      - question: What time period does the Delivery Optimization data include?
+        answer: |
+          Data is aggregated for the last 28 days for active devices.
+      - question: Data is showing as 'Unknown', what does that mean?
+        answer: |
+          You may see data in the report listed as 'Unknown'. This status indicates that the Delivery Optimization DownloadMode setting is either invalid or empty.
+      - question: How are the 'Top 10' groups identified?
+        answer: |
+          The top groups are represented by the number of devices in a particular group, for any of the four group types (GroupID, City, Country, and ISP).
+      - question: The GroupIDs don't look familiar, why are they different?
+        answer: |
+          The GroupID values are encoded for data protection requirements. For more information, see [Mapping GroupIDs](wufb-reports-do.md#mapping-groupid).
+      - question: How can I see data for device in the office vs. out of the office?
+        answer: |
+          Today, we don't have a distinction for data that was downloaded by location. 
+      - question: What does the data in UCDOStatus table represent?
+        answer: |
+          A row in UCDOStatus represents data downloaded by a combination of a single device ID (AzureADDeviceId) by content type (ContentType).
+      - question: What does the data in UCDOAggregatedStatus table represent?
+        answer: |
+          A row in UCDOAggregatedStatus represents data summarized at the tenant level (AzureADTenantID) for each content type (ContentType).
+      - question: How are BytesFromCache calculated when there's a Connected Cache server used by my ISP?
+        answer: |
+            If there's a Connected Cache server at the ISP level, BytesFromCache filters out any bytes coming the ISP's Connected Cache.
+      - question: How do the results from the Delivery Optimization PowerShell cmdlets compare to the results in the report?
+        answer: |
+            [Delivery Optimization PowerShell cmdlets](waas-delivery-optimization-setup.md#monitor-delivery-optimization) can be a powerful tool used to monitor Delivery Optimization data on the device. These cmdlets use the cache on the device. The data calculated in the report is taken from the Delivery Optimization events.
+      - question: The report represents the last 28 days of data, why do some queries include >= seven days?
+        answer: |
+            The data in the report does represent the last 28 days of data. The query for last seven days is just to get the data for the latest snapshot from past seven days. It's possible that data is delayed for sometime and not available for current day, so we look for past seven day snapshot in log analytics and show the latest snapshot.
\ No newline at end of file
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index a29bce0bb7..49268fb5a7 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -1,27 +1,27 @@
 ---
-title: Windows Update for Business reports feedback, support, and troubleshooting
-manager: aaroncz
-description: Windows Update for Business reports support information.
+title: Feedback, support, and troubleshooting
+titleSuffix: Windows Update for Business reports
+description: Windows Update for Business reports support, feedback, and troubleshooting information.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: article
 author: mestew
 ms.author: mstewart
-ms.topic: article
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 02/10/2023
-ms.technology: itpro-updates
 ---
 
 # Windows Update for Business reports feedback, support, and troubleshooting
-
 <!-- MAX6325272, OS33771278 -->
-***(Applies to: Windows 11 & Windows 10)***
-
 There are several resources that you can use to find help with Windows Update for Business reports. Whether you're just getting started or an experienced administrator, use the following resources when you need help with Windows Update for Business reports:
 
 - Send [product feedback about Windows Update for Business reports](#send-product-feedback)
 - Open a [Microsoft support case](#open-a-microsoft-support-case)
 
 - [Documentation feedback](#documentation-feedback)
-- [Troubleshooting tips](#troubleshooting-tips) for Windows Update for Business reports
 - Follow the [Windows IT Pro blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) to learn about upcoming changes to Windows Update for Business reports
 - Use Microsoft Q&A to [ask product questions](/answers/products/)
 
@@ -82,19 +82,3 @@ If you create an issue for something not related to documentation, Microsoft wil
 - [Support requests](#open-a-microsoft-support-case) for Windows Update for Business reports
 
 To share feedback about the Microsoft Learn platform, see [Microsoft Learn feedback](https://aka.ms/sitefeedback). The platform includes all of the wrapper components such as the header, table of contents, and right menu. Also how the articles render in the browser, such as the font, alert boxes, and page anchors.
-
-## Troubleshooting tips
-
-Use the following troubleshooting tips to resolve the most common problems when using Windows Update for Business reports:
-
-### Ensuring devices are configured correctly to send data
-
-The first step in troubleshooting Windows Update for Business reports is ensuring that devices are configured. Review [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md) for the settings. We recommend using the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) for troubleshooting and configuring devices.
-
-### Devices have been correctly configured but aren't showing up in Windows Update for Business reports
-
-It takes some time for data to appear in Windows Update for Business reports for the first time, or if you moved to a new Log Analytics workspace. To learn more about data latencies for Windows Update for Business reports, review [Windows Update for Business reports data latency](wufb-reports-use.md#data-latency).
-
-### Devices are appearing, but without a device name
-
-Device Name is  an opt-in via policy. Review the required policies for enabling device name in the [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md) article.
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
index 13c5e19777..a4321c74d6 100644
--- a/windows/deployment/update/wufb-reports-overview.md
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -1,19 +1,21 @@
 ---
 title: Windows Update for Business reports overview
-manager: aaroncz
+titleSuffix: Windows Update for Business reports
 description: Overview of Windows Update for Business reports to explain what it's used for and the cloud services it relies on.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: overview
 author: mestew
 ms.author: mstewart
-ms.topic: article
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 11/15/2022
-ms.technology: itpro-updates
 ---
 
 # Windows Update for Business reports overview
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 Windows Update for Business reports is a cloud-based solution that provides information about your Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Windows Update for Business reports helps you:
 
 - Monitor security, quality, driver, and feature updates for Windows 11 and Windows 10 devices
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
index f9951294d8..b418f74af8 100644
--- a/windows/deployment/update/wufb-reports-prerequisites.md
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -1,19 +1,21 @@
 ---
-title: Windows Update for Business reports prerequisites
-manager: aaroncz
-description: Prerequisites for Windows Update for Business reports
+title: Prerequisites for Windows Update for Business reports
+titleSuffix: Windows Update for Business reports
+description: List of prerequisites for enabling and using Windows Update for Business reports in your organization.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
-ms.topic: article
-ms.date: 04/26/2023
-ms.technology: itpro-updates
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+ms.date: 08/30/2023
 ---
 
 # Windows Update for Business reports prerequisites
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 Before you begin the process of adding Windows Update for Business reports to your Azure subscription, ensure you meet the prerequisites.
 
 ## Azure and Azure Active Directory
@@ -49,12 +51,11 @@ Windows Update for Business reports supports Windows client devices on the follo
 
 ## Diagnostic data requirements
 
-At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319). 
+At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). For more information about what's included in different diagnostic levels, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
 
-For some queries, such as Windows 11 eligibility reporting, Windows Update for Business reports requires devices to send diagnostic data at the following levels:
-
-- *Optional* level  for Windows 11 devices (previously *Full*)
-- *Enhanced* level for Windows 10 devices
+The following levels are recommended, but not required:
+- The *Enhanced* level for Windows 10 devices
+- The *Optional* level for Windows 11 devices (previously *Full*) <!--8027083-->
 
 Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using a policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:
 
@@ -62,9 +63,14 @@ Device names don't appear in Windows Update for Business reports unless you indi
  - CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
  - Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
 
- Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices.  For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
 
-## Data transmission requirements
+> [!TIP]
+> Windows Update for Business reports uses [services configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-svccfg), also called OneSettings. Disabling the services configuration can cause some of the client data to be incorrect or missing in reports. For more information, see the [DisableOneSettingsDownloads](/windows/client-management/mdm/policy-csp-system#disableonesettingsdownloads) policy settings.
+
+
+Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices.  For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
+
+## Endpoints
 
 <!--Using include for endpoint access requirements-->
 [!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)]
diff --git a/windows/deployment/update/wufb-reports-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
index 3b460f113f..6cf7e6e2a8 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -1,55 +1,59 @@
 ---
-title: Windows Update for Business reports Data Schema - UCClient
-manager: aaroncz
-description: UCClient schema
+title: UCClient data schema
+titleSuffix: Windows Update for Business reports
+description: UCClient schema for Windows Update for Business reports. UCClient acts as an individual device's record.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
-ms.date: 06/06/2022
-ms.technology: itpro-updates
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 08/09/2023
 ---
 
 # UCClient
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS edition, and active hours (quantitative).
 
+## Schema for UCClient
+
 |Field |Type |Example |Description |
 |---|---|---|---|
 | **AzureADDeviceId** |  [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID |
 | **AzureADTenantId** |  [string](/azure/kusto/query/scalar-data-types/string) | `69ca04b0-703d-4b3a-9184-c4e3c15d6f5e` | Azure AD Tenant ID |
-| **Country** |  [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country), based on IP address. Shown as country code. |
+| **Country** |  [string](/azure/kusto/query/scalar-data-types/string) | `US` | The last-reported location of device (country or region), based on IP address. Shown as country code. |
 | **DeviceFamily** |  [string](/azure/kusto/query/scalar-data-types/string) | `PC, Phone` | The device family such as PC, Phone. |
 | **DeviceName** |  [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name |
 | **GlobalDeviceId** |  [string](/azure/kusto/query/scalar-data-types/string) | `g:9832741921341` | The global device identifier |
 | **LastCensusScanTime** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful census scan, if any. |
 | **LastWUScanTime** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The last time this device performed a successful Windows Update scan, if any. |
 | **OSArchitecture** |  [string](/azure/kusto/query/scalar-data-types/string) | `x86` | The architecture of the operating system (not the device) this device is currently on. |
-| **OSBuild** |  [string](/azure/kusto/query/scalar-data-types/string) | `10.0.18363.836` | The full operating system build installed on this device, such as Major.Minor.Build.Revision  |
-| **OSBuildNumber** |  [int](/azure/kusto/query/scalar-data-types/int) | `da` | The major build number, in int format, the device is using. |
+| **OSBuild** |  [string](/azure/kusto/query/scalar-data-types/string) | `10.0.22621.1702` | The full operating system build installed on this device, such as Major.Minor.Build.Revision  |
+| **OSBuildNumber** |  [int](/azure/kusto/query/scalar-data-types/int) | `22621` | The major build number, in int format, the device is using. |
 | **OSEdition** |  [string](/azure/kusto/query/scalar-data-types/string) | `Professional` | The Windows edition |
-| **OSFeatureUpdateComplianceStatus** |  [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest feature update being offered by the Windows Update for Business deployment service, else NotApplicable. |
+| **OSFeatureUpdateComplianceStatus** |  [string](/azure/kusto/query/scalar-data-types/string)| `Compliant` | Whether or not the device is on the latest feature update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
 | **OSFeatureUpdateEOSTime** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The end of service date of the feature update currently installed on the device. |
 | **OSFeatureUpdateReleaseTime** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the feature update currently installed on the device. |
 | **OSFeatureUpdateStatus** |  [string](/azure/kusto/query/scalar-data-types/string) | `InService;EndOfService` | Whether or not the device is on the latest available feature update, for its feature update. |
-| **OSQualityUpdateComplianceStatus** |  [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update being offered by the Windows Update for Business deployment service, else NotApplicable. |
+| **OSQualityUpdateComplianceStatus** |  [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest quality update that's offered from the Windows Update for Business deployment service, else NotApplicable. |
 | **OSQualityUpdateReleaseTime** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The release date of the quality update currently installed on the device. |
 | **OSQualityUpdateStatus** |  [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest` | Whether or not the device is on the latest available quality update, for its feature update. | 
 | **OSRevisionNumber** |  [int](/azure/kusto/query/scalar-data-types/int) | `836` | The revision, in int format, this device is on. |
-| **OSSecurityUpdateComplianceStatus** |  [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) being offered by the Windows Update for Business deployment service, else NotApplicable. |
+| **OSSecurityUpdateComplianceStatus** |  [string](/azure/kusto/query/scalar-data-types/string) | `NotCompliant` | Whether or not the device is on the latest security update (quality update where the Classification=Security) that's offered from the Windows Update for Business deployment service, else NotApplicable. |
 | **OSSecurityUpdateStatus** |  [string](/azure/kusto/query/scalar-data-types/string)| `Latest;NotLatest;MultipleSecurityUpdatesMissing` | Whether or not the device is on the latest available security update, for its feature update. |
 | **OSServicingChannel** |  [string](/azure/kusto/query/scalar-data-types/string) | `SAC` | The elected Windows 10 servicing channel of the device. |
 | **OSVersion** |  [string](/azure/kusto/query/scalar-data-types/string) | `1909` | The Windows 10 operating system version currently installed on the device, such as 19H2, 20H1, 20H2. |
 | **SCCMClientId** |  [string](/azure/kusto/query/scalar-data-types/string) | `5AB72FAC-93AB-4954-9AB0-6557D0EFA245` | Configuration Manager client ID, if available. |
-| **TimeGenerated** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This is to determine to which batch snapshot this record belongs. |
+| **TimeGenerated** |  [datetime](/azure/kusto/query/scalar-data-types/datetime) | `2020-05-14 09:26:03.478039` | The time the snapshot generated this specific record. This field is to determine to which batch snapshot this record belongs. |
 | **Type** |  [string](/azure/kusto/query/scalar-data-types/string) | `DeviceEvent` | The EntityType. |
-| **WUFeatureDeadlineDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows update feature update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
-| **WUFeatureDeferralDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The Windows update feature update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values >0 indicate the policy setting. |
-| **WUFeatureGracePeriodDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
+| **WUFeatureDeadlineDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: ConfigureDeadlineForFeatureUpdates. The Windows update feature update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. |
+| **WUFeatureDeferralDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `0` | CSP: DeferFeatureUpdates. The Windows update feature update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the policy setting. |
+| **WUFeatureGracePeriodDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `7` | The Windows Update grace period for feature update in days. -1 indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. |
 | **WUFeaturePauseState** |  [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for feature updates, possible values are Paused, NotPaused, NotConfigured. |
-| **WUQualityDeadlineDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values > 0 indicate the deadline in days. |
-| **WUQualityDeferralDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. -1 indicates not configured, 0 indicates configured but set to 0. Values greater than 0 indicate the policy setting. |
-| **WUQualityGracePeriodDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. -1 indicates not configured, 0 indicates configured and set to 0. Values greater than 0 indicate the grace period in days. |
+| **WUQualityDeadlineDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `7` | CSP: ConfigureDeadlineForQualityUpdates. The Windows update quality update deadline configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values > `0` indicate the deadline in days. |
+| **WUQualityDeferralDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `-1` | CSP: DeferQualityUpdates. The Windows Update quality update deferral configuration in days. `-1` indicates not configured, `0` indicates configured but set to `0`. Values greater than `0` indicate the policy setting. |
+| **WUQualityGracePeriodDays** |  [int](/azure/kusto/query/scalar-data-types/int) | `0` | The Windows Update grace period for quality update in days. `-1` indicates not configured, `0` indicates configured and set to `0`. Values greater than `0` indicate the grace period in days. |
 | **WUQualityPauseState** |  [string](/azure/kusto/query/scalar-data-types/string) | `NotConfigured` | Indicates pause status of device for quality updates, possible values are Paused, NotPaused, NotConfigured. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index de73ebfc5b..2e6bcaa89c 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -1,21 +1,26 @@
 ---
-title: Windows Update for Business reports Data Schema - UCClientReadinessStatus
-manager: aaroncz
-description: UCClientReadinessStatus schema
+title: UCClientReadinessStatus data schema
+titleSuffix: Windows Update for Business reports
+description: UCClientReadinessStatus schema for Windows Update for Business reports. UCClientReadinessStatus is an individual device's record about Windows 11 readiness.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 06/06/2022
-ms.technology: itpro-updates
 ---
 
 # UCClientReadinessStatus
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 10)***
 
 UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) the device doesn't meet.
 
+## Schema for UCClientReadinessStatus
+
 |Field |Type |Example |Description |
 |---|---|---|---|
 | **DeviceName** |  [string](/azure/kusto/query/scalar-data-types/string) | `JohnPC-Contoso` | Client-provided device name |
diff --git a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 34cab456db..1373eed6d6 100644
--- a/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -1,21 +1,26 @@
 ---
-title: Windows Update for Business reports Data Schema - UCClientUpdateStatus
-manager: aaroncz
-description: UCClientUpdateStatus schema
+title: UCClientUpdateStatus data schema
+titleSuffix: Windows Update for Business reports
+description: UCClientUpdateStatus schema for Windows Update for Business reports. UCClientUpdateStatus combines the latest client-based data with the latest service data.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
-ms.date: 04/24/2023
-ms.technology: itpro-updates
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+ms.date: 06/05/2023
 ---
 
 # UCClientUpdateStatus
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
 
 Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update.
 
+## Schema for UCClientUpdateStatus
+
 | Field | Type | Example | Description |
 |---|---|---|---|
 | **AzureADDeviceId** |  [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | A string corresponding to the Azure AD tenant to which the device belongs. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index e515e80e13..435324d2db 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -1,21 +1,25 @@
 ---
-title: Windows Update for Business reports Data Schema - UCDeviceAlert
-manager: aaroncz
-description: UCDeviceAlert schema
+title: UCDeviceAlert data schema
+titleSuffix: Windows Update for Business reports
+description: UCDeviceAlert schema for Windows Update for Business reports. UCDeviceAlert is an individual device's record about an alert.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 06/06/2022
-ms.technology: itpro-updates
 ---
 
 # UCDeviceAlert
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in the Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered.
 
+## Schema for UCDeviceAlert
+
 |Field |Type |Example |Description |
 |---|---|---|---|
 | **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
index 25c5d1ae59..a7012d9409 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdoaggregatedstatus.md
@@ -1,22 +1,27 @@
 ---
-title: Windows Update for Business reports Data Schema - UCDOAggregatedStatus
-ms.reviewer: carmenf
-manager: aaroncz
-description: UCDOAggregatedStatus schema
+title: UCDOAggregatedStatus data schema
+titleSuffix: Windows Update for Business reports
+description: UCDOAggregatedStatus schema for Windows Update for Business reports. UCDOAggregatedStatus is an aggregation of all UDDOStatus records across the tenant.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+ms.reviewer: carmenf
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 11/17/2022
-ms.technology: itpro-updates
 ---
 
 # UCDOAggregatedStatus
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
 
 UCDOAggregatedStatus is an aggregation of all individual UDDOStatus records across the tenant and summarizes bandwidth savings across all devices enrolled using [Delivery Optimization and Microsoft Connected Cache](/windows/deployment/do).
 
+## Schema for UCDOAggregatedStatus
+
 |Field |Type |Example |Description |
 |---|---|---|---|
 | **AzureADDeviceId** |  [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID |
diff --git a/windows/deployment/update/wufb-reports-schema-ucdostatus.md b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
index 7897c27f1c..a76acc8512 100644
--- a/windows/deployment/update/wufb-reports-schema-ucdostatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdostatus.md
@@ -1,22 +1,25 @@
 ---
-title: Windows Update for Business reports Data Schema - UCDOStatus
-ms.reviewer: carmenf
-manager: aaroncz
-description: UCDOStatus schema
+title: UCDOStatus data schema
+titleSuffix: Windows Update for Business reports
+description: UCDOStatus schema for Windows Update for Business reports. UCDOStatus provides information, for a single device, on its DO and MCC bandwidth utilization.
 ms.prod: windows-client
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+ms.reviewer: carmenf
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 11/17/2022
-ms.technology: itpro-updates
 ---
 
 # UCDOStatus
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 UCDOStatus provides information, for a single device, on its bandwidth utilization across content types in the event they use [Delivery Optimization and Microsoft Connected Cache](/windows/deployment/do).
 
+## Data schema for UCDOStatus
+
 |Field |Type |Example |Description |
 |---|---|---|---|
 | **AzureADDeviceId** |  [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | Azure AD Device ID |
diff --git a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index 8e8e34ea82..52989b6baf 100644
--- a/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -1,21 +1,25 @@
 ---
-title: Windows Update for Business reports Data Schema - UCServiceUpdateStatus
-manager: aaroncz
-description: UCServiceUpdateStatus schema
+title: UCServiceUpdateStatus data schema
+titleSuffix: Windows Update for Business reports
+description: UCServiceUpdateStatus schema for Windows Update for Business reports. UCServiceUpdateStatus has service-side information for one device and one update.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 06/06/2022
-ms.technology: itpro-updates
 ---
 
 # UCServiceUpdateStatus
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real time.
 
+## Schema for UCServiceUpdateStatus
+
 | Field | Type | Example | Description |
 |---|---|---|---|
 | **AzureADDeviceId** | [string](/azure/kusto/query/scalar-data-types/string) | `71db1a1a-f1a6-4a25-b88f-79c2f513dae0` | If this DeviceUpdateEvent is from content deployed by a deployment scheduler service policy, this GUID will map to that policy, otherwise it will be empty. |
diff --git a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index db70047ed0..c85d070cc9 100644
--- a/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -1,21 +1,25 @@
 ---
-title: Windows Update for Business reports Data Schema - UCUpdateAlert
-manager: aaroncz
-description: UCUpdateAlert schema
+title: UCUpdateAlert data schema
+titleSuffix: Windows Update for Business reports
+description: UCUpdateAlert schema for Windows Update for Business reports. UCUpdateAlert is an alert for both client and service updates.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 06/06/2022
-ms.technology: itpro-updates
 ---
 
 # UCUpdateAlert
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 Alert for both client and service updates. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert won't necessarily contain client-side statuses.
 
+## Schema for UCUpdateAlert
+
 |Field |Type |Example |Description |
 |---|---|---|---|
 | **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
index cbcae6c319..8a4fc45ecb 100644
--- a/windows/deployment/update/wufb-reports-schema.md
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -1,22 +1,24 @@
 ---
 title: Windows Update for Business reports data schema
-manager: aaroncz
-description: An overview of Windows Update for Business reports data schema
+titleSuffix: Windows Update for Business reports
+description: An overview of Windows Update for Business reports data schema to power additional dashboards and data analysis tools.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: reference
 author: mestew
 ms.author: mstewart
-ms.topic: reference
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 11/15/2022
-ms.technology: itpro-updates
 ---
 
-# Windows Update for Business reports schema 
+# Windows Update for Business reports schema
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Windows Update for Business reports and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
 
-## Schema
+## Schemas for Windows Update for Business reports
 
 The following table summarizes the different tables that are part of the Windows Update for Business reports solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries).
 
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
index 6b58c8cffb..2b4f1b8b1a 100644
--- a/windows/deployment/update/wufb-reports-use.md
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -1,19 +1,21 @@
 ---
 title: Use the Windows Update for Business reports data
-manager: aaroncz
+titleSuffix: Windows Update for Business reports
 description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
-ms.topic: article
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
 ms.date: 11/15/2022
-ms.technology: itpro-updates
 ---
 
 # Use Windows Update for Business reports
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
 In this article, you'll learn how to use Windows Update for Business reports to monitor Windows updates for your devices. To configure your environment for use with Windows Update for Business reports, see [Enable Windows Update for Business reports](wufb-reports-enable.md).
 
 ## Display Windows Update for Business reports data
diff --git a/windows/deployment/update/wufb-reports-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
index 9756777253..d024ceda0d 100644
--- a/windows/deployment/update/wufb-reports-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -1,20 +1,21 @@
 ---
 title: Use the workbook for Windows Update for Business reports
-manager: aaroncz
-description: How to use the Windows Update for Business reports workbook.
+titleSuffix: Windows Update for Business reports
+description: How to use the Windows Update for Business reports workbook from the Azure portal.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
 ms.author: mstewart
-ms.topic: article
-ms.date: 04/26/2023
-ms.technology: itpro-updates
+manager: aaroncz
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 06/23/2023
 ---
 
 # Windows Update for Business reports workbook
 <!-- MAX6325272, OS33771278 -->
-***(Applies to: Windows 11 & Windows 10)***
-
-
 [Windows Update for Business reports](wufb-reports-overview.md) presents information commonly needed by updates administrators in an easy-to-use format. Windows Update for Business reports uses [Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started) to give you a visual representation of your compliance data. The workbook is broken down into tab sections:
 
 - [Summary](#summary-tab)
@@ -35,6 +36,7 @@ To access the Windows Update for Business reports workbook:
 1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
 1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Windows Update for Business reports](wufb-reports-enable.md).
 
+
 ## Summary tab
 
 The **Summary** tab gives you a brief high-level overview of the devices that you've enrolled into Windows Update for Business reports.  The **Summary** tab contains tiles above the **Overall security update status** chart.
@@ -43,13 +45,13 @@ The **Summary** tab gives you a brief high-level overview of the devices that yo
 
 Each of these tiles contains an option to **View details**. When **View details** is selected for a tile, a flyout appears with additional information.
 
-:::image type="content" source="media/33771278-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Windows Update for Business reports workbook":::
+:::image type="content" source="media/8037522-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Windows Update for Business reports workbook":::
 
 | Tile name | Description | View details description |
 |---|---|------|
 | **Enrolled devices** | Total number of devices that are enrolled into Windows Update for Business reports | Displays multiple charts about the operating systems (OS) for enrolled devices: </br> **OS Version** </br> **OS Edition** </br> **OS Servicing Channel** </br> **OS Architecture**|
-|**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. </br> </br> Select the count of **Devices** to display a table of the devices. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). </br> </br> Select an **AlertSubtype** to display a list containing: </br> - Each **Error Code** in the alert subtype </br>- A **Description** of the error code </br> - A **Recommendation** to help you remediate the error code </br> - A count of **Devices** with the specific error code |
-|  **Windows 11 eligibility** | Percentage of devices that are capable of running Windows 11 | Displays the following items: </br> - **Windows 11 Readiness Status** chart </br> - **Readiness Reason(s) Breakdown** chart that displays  Windows 11 requirements that aren't met. </br> - A table for **Readiness reason**. Select a reason to display a list of devices that don't meet a specific requirement for Windows 11. |
+|**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. </br> </br> Select the count of **Devices** to display a table of the devices. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). </br> </br> Select an **AlertSubtype** to display a list containing: </br> - Each **Error Code** in the alert subtype </br>- A **Description** of the error code </br> - A **Recommendation** to help you remediate the error code </br> - A count of **Devices** with the specific error code |
+|  **Windows 11 adoption** | Number of devices that are running Windows 11 | Displays the following items: </br> - **Windows 11 Device Count** chart, broken down by Windows 11 version </br> - **Windows 11 Eligibility Status** contains a **Readiness status** chart that lists the count of devices by OS version that are either capable or not capable of running Windows 11. </br> - The **Device List** allows you to choose a Windows 11 **Ineligibility Reason** to display devices that don't meet the selected requirement. <!--8037522-->|
 
 ### Summary tab charts
 
@@ -63,15 +65,14 @@ The charts displayed in the **Summary** tab give you a general idea of the overa
 
 ## Quality updates tab
 
-The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information:
-
-- **Latest security update**: Count of devices that have reported successful installation of the latest security update.
-- **Missing one security update**: Count of devices that haven't installed the latest security update.
-- **Missing multiple security updates**: Count of devices that are missing two or more security updates.
-- **Active alerts**: Count of active update and device alerts for quality updates.
-
-Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information and drill-down options:
 
+| Tile name | Description | Drill-in description |
+|---|---|---|
+|**Latest security update**| Count of devices that have reported successful installation of the latest security update. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). | 
+| **Missing one security update** | Count of devices that haven't installed the latest security update.| - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).|
+| **Missing multiple security updates** | Count of devices that are missing two or more security updates. | - Select **View details** to display a flyout with a chart that displays the first 1000 items. </br> - Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
+| **Expedite performance** | Overview of the progress for the expedited deployments of the latest security update. | - Select **View details** to display a flyout with a chart that displays the total progress of each deployment, number of alerts, and count of devices. </br> - Select the count from the **Alerts** column to display the alerts, by name, for the deployment. Selecting the device count for the alert name displays a list of devices with the alert. </br> - Select the count in the **TotalDevices** column to display a list of clients and their information for the deployment. <!--7626683-->|
 
 Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end users are impacted.
 
@@ -79,10 +80,9 @@ Below the tiles, the **Quality updates** tab is subdivided into **Update status*
 
 The **Update status** group for quality updates contains the following items:
 
-- **Update states for all security releases**: Chart containing the number of devices in a specific state, such as installing, for security updates.
+- **Update states for all security releases**: The update states for the last 3 security updates are used to populate this chart. The total number of update states is approximately 3 times the number of devices that have reported update data to Windows Update for Business reports in the past 30 days.
 - **Update alerts for all security releases**: Chart containing the count of active errors and warnings for security updates.
 
-:::image type="content" source="media/33771278-update-deployment-status-table.png" alt-text="Screenshot of the charts and table in the workbook's quality updates tab" lightbox="media/33771278-update-deployment-status-table.png":::
 
 The **Update deployment status** table displays the quality updates for each operating system version that were released within the last 60 days. For each update, drill-in further by selecting a value from the following columns:
 
@@ -90,7 +90,7 @@ The **Update deployment status** table displays the quality updates for each ope
 |---|---|---|
 |**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.  
 | **KB Number** | KB number for the update |  Selecting the KB number will open the support information webpage for the update.|
-| **Total devices** | Number of devices that have been offered the update, or are installing, have installed, or canceled the update. | Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).  |
+| **Total devices** | Number of devices that have been offered the update, or are installing, have installed, or canceled the update. | Selecting the device count opens a device list table. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).  |
 
 ### <a name="bkmk_device-group-quality"></a> Device status group for quality updates
 
@@ -99,7 +99,7 @@ The **Device status** group for quality updates contains the following items:
 - **OS build number**: Chart containing a count of devices by OS build that are getting security updates.
 - **Device alerts**: Chart containing the count of active device errors and warnings for quality updates.
 - **Device compliance status**: Table containing a list of devices getting security updates and update installation information including active alerts for the devices.
-  - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+  - This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ## Feature updates tab
 
@@ -110,7 +110,7 @@ The **Feature updates** tab displays generalized data at the top by using tiles.
 - **Nearing EOS** Count of devices that are within 18 months of their end of service date.
 - **Active alerts**: Count of active update and device alerts for feature updates.
 
-Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles. Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles. Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ### <a name="bkmk_update-group-feature"></a> Update status group for feature updates
 
@@ -120,13 +120,13 @@ The **Update status** group for feature updates contains the following items:
 - **Safeguard holds**: Chart containing count of devices per operating system version that are under a safeguard hold for a feature update
 - **Update alerts**: Chart containing the count of active errors and warnings for feature updates.
 
-**Update deployment status** table for feature updates displays the installation status by targeted operating system version. For each operating system version targeted the following columns are available:
+**Update deployment status** table for feature updates displays the installation status by targeted operating system version. For each operating system version targeted, the following columns are available:
 
 | Column name | Description | Drill-in description |
 |---|---|---|
 | **Total progress** | Percentage of devices that installed the targeted operating system version feature update within the last 30 days. | A bar graph is included in this column. Use the **Total devices** drill-in for additional information. |
 |**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.  |
-| **Total Devices** | Count of devices for each targeted operating system version that have been offered the update, or are installing, have installed, or canceled the feature update.| Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
+| **Total Devices** | Count of devices for each targeted operating system version that have been offered the update, or are installing, have installed, or canceled the feature update.| Selecting the device count opens a device list table. This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
 
 ### <a name="bkmk_device-group-feature"></a> Device status group for feature updates
 
@@ -135,7 +135,7 @@ The **Device status** group for feature updates contains the following items:
 - **Windows 11 readiness status**: Chart containing how many devices that have a status of capable, not capable, or unknown for Windows 11 readiness.
 - **Device alerts**: Count of active device alerts for feature updates in each alert classification.
 - **Device compliance status**: Table containing a list of devices getting a feature update and installation information including active alerts for the devices.
-  - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+  - This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ## Driver updates tab
 
@@ -146,7 +146,7 @@ The **Driver update** tab provides information on driver and firmware update dep
 **Total policies**: The total number of deployment polices for driver and firmware updates from [Windows Update for Business deployment service](deployment-service-overview.md)
 **Active alerts**: Count of active alerts for driver deployments
 
-Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 1000 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 :::image type="content" source="media/7539531-wufb-reports-workbook-drivers.png" alt-text="Screenshot of the update status tab for driver updates." lightbox="media/7539531-wufb-reports-workbook-drivers.png":::
 
@@ -168,7 +168,7 @@ The **Device status** group for driver updates contains the following items:
 
 - **Device alerts**: Count of active device alerts for driver updates in each alert classification.
 - **Device compliance status**: Table containing a list of devices getting a driver update and installation information including active alerts for the devices.
-  - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+  - This table is limited to the first 1000 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 ## <a name="bkmk_do"></a> Delivery Optimization
 
@@ -189,6 +189,17 @@ The Delivery Optimization tab is further divided into the following groups:
 
 :::image type="content" source="media/wufb-do-overview.png" alt-text="Screenshot of the summary tab in the Windows Update for Business reports workbook for Delivery Optimization." lightbox="media/wufb-do-overview.png":::
 
+## Understanding update states
+
+Updates can go though many phases from when they're initially deployed to being installed on the device. Transition from one state to another can be rapid, which makes some states less likely to be displayed in reports. The workbook can report the following high-level states for a device update: <!--8052067-->
+
+- **Offering**: The update is being offered to the device for installation
+- **Installing**: The update is in the process of being installed on the device
+- **Installed**: The update has been installed on the device
+- **Cancelled**: The update was cancelled from the [deployment service](deployment-service-overview.md) before it was installed
+- **Uninstalled**: The update was uninstalled from the device by either an admin or a user
+- **OnHold**: The update was put on hold from the [deployment service](deployment-service-overview.md) before it was installed
+- **Unknown**: This state occurs when there's a record for the device in the [UCClient](wufb-reports-schema-ucclient.md) table, but there isn't a record for the specific update for the specific device in the [UCClientUpdateStatus](wufb-reports-schema-ucclientupdatestatus.md) table. This means that there is no record of the update for the device in question.
 
 ## Customize the workbook
 
diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md
index 3196b89771..295f638ff4 100644
--- a/windows/deployment/update/wufb-wsus.md
+++ b/windows/deployment/update/wufb-wsus.md
@@ -2,22 +2,20 @@
 title: Use Windows Update for Business and Windows Server Update Services (WSUS) together
 description: Learn how to use Windows Update for Business and WSUS together using the new scan source policy.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
-ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>	
+ms.date: 01/13/2022
 ---
 
 # Use Windows Update for Business and WSUS together
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
 The Windows update scan source policy enables you to choose what types of updates to get from either [WSUS](waas-manage-updates-wsus.md) or Windows Update for Business service.
@@ -46,7 +44,7 @@ To help you better understand the scan source policy, see the default scan behav
 - If you configure only the WSUS server policy:
 
   - On Windows 10: All of your updates will come from WSUS.
-  - On Windows 11: All of your updates will still come from Windows Update unless you configure the specify scan source policy.
+  - On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy.
 
 - If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
 - If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.
@@ -70,13 +68,10 @@ The policy can be configured using the following two methods:
 2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor&lt;Update Type>**:
 
 > [!NOTE]
-> You should configure **all** of these policies if you are using CSPs.
+> - You should configure **all** of these policies if you are using CSPs.
+> - Editing the registry to change the behavior of update policies isn't recommended. Use Group Policy or the Configuration Service Provider (CSP) policy instead of directly writing to the registry. However, if you choose to edit the registry, ensure you've configured the `UseUpdateClassPolicySource` registry key too, or the scan source won't be altered. 
 
 - [Update/SetPolicyDrivenUpdateSourceForDriverUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourcefordriver)
 - [Update/SetPolicyDrivenUpdateSourceForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourceforfeature)
 - [Update/SetPolicyDrivenUpdateSourceForOtherUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourceforother)
 - [Update/SetPolicyDrivenUpdateSourceForQualityUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourceforquality)
-
-
-> [!NOTE]
-> Editing the registry to change the behavior of update policies isn't recommended. Use Group Policy or the Configuration Service Provider (CSP) policy instead of directly writing to the registry. However, if you choose to edit the registry, ensure you've configured the `UseUpdateClassPolicySource` registry key too, or the scan source won't be alterred. 
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 9d45ea81e3..81fcb592e6 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -7,7 +7,7 @@ ms.prod: windows-client
 author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
-ms.date: 10/28/2022
+ms.date: 08/09/2023
 ---
 
 # Windows upgrade and migration considerations
@@ -29,11 +29,16 @@ Windows Easy Transfer is a software wizard for transferring files and settings f
 With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you can't use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store.
 
 > [!NOTE]
+>
 > Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10).
 
 ### Migrate with the User State Migration Tool
 You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they're migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded.
 
+> [!IMPORTANT]
+>
+> USMT only supports devices that are joined to a local Active Directory domain. USMT doesn't support Azure AD joined devices. 
+
 ## Upgrade and migration considerations
 Whether you're upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
 
@@ -64,4 +69,4 @@ This feature is disabled if this registry key value exists and is configured to
 ## Related articles
 [User State Migration Tool (USMT) Overview Topics](../usmt/usmt-topics.md)<BR>
 [Windows 10 upgrade paths](windows-10-upgrade-paths.md)<BR>
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
\ No newline at end of file
+[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index b550aa4d52..9eebdd0921 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -18,37 +18,41 @@ This article outlines the general process that you should follow to migrate file
 
 1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
 
-2. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
+1. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
 
-3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+1. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
 
-4. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
+1. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
 
-5. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files.
+1. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files.
 
     > [!IMPORTANT]
     > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files.
 
     You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
 
-6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files:
+1. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, run the `ScanState.exe` command with the following options:
+    - [/genconfig](usmt-scanstate-syntax.md#migration-rule-options).
+    - [/i](usmt-scanstate-syntax.md#migration-rule-options) - as arguments specify the .xml files that you plan to use with `ScanState.exe`.
+   
+   For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files:
 
     ```cmd
     ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
     ```
 
-7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate.
+1. Open the `Config.xml` that was generated in the previous step. Review the migration state of each of the components listed in the `Config.xml` file. If necessary, edit the `Config.xml` file  and specify `migrate=no` for any components that you don't want to migrate.
 
 ## Step 2: Collect files and settings from the source computer
 
 1. Back up the source computer.
 
-2. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
+1. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
 
      > [!NOTE]
      > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `<ErrorControl>` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail.
 
-3. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example,
+1. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example,
 
      ```cmd
         ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
@@ -57,23 +61,23 @@ This article outlines the general process that you should follow to migrate file
      > [!NOTE]
      > If the source computer is running Windows 7, or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md).
 
-4. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted.
+1. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted.
 
 ## Step 3: Prepare the destination computer and restore files and settings
 
 1. Install the operating system on the destination computer.
 
-2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved.
+1. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved.
 
      > [!NOTE]
      > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft Office, which USMT can migrate from an older version to a newer version.
 
-3. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
+1. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
 
      > [!NOTE]
      > Use `/C` to continue your migration if errors are encountered, and use the `<ErrorControl>` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail.
 
-4. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md).
+1. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md).
 
     For example, the following command migrates the files and settings:
 
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index d36ddbbc92..98f95d0597 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -69,7 +69,7 @@ As the authorized administrator, it is your responsibility to protect the privac
 
 - **Maintain security of the file server and the deployment server**
 
-    We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
+    We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://www.microsoft.com/download/details.aspx?id=53353).
 
 - **Password Migration**
 
diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
index 2b5db81c9d..d7c0f5e4fd 100644
--- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
@@ -5,14 +5,14 @@ manager: aaroncz
 ms.author: frankroj
 ms.prod: windows-client
 author: frankroj
-ms.date: 11/01/2022
+ms.date: 09/18/2023
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Exclude files and settings
 
-When you specify the migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article.
+When you specify the migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition, you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article.
 
 Methods to customize the migration and include and exclude files and settings include:
 
@@ -33,7 +33,8 @@ We recommend that you create a custom .xml file instead of modifying the default
 The migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, contain the **&lt;component&gt;** element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the **&lt;include&gt;** and **&lt;exclude&gt;** elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md).
 
 > [!NOTE]
-> If you specify an **&lt;exclude&gt;** rule, always specify a corresponding **&lt;include&gt;** rule. Otherwise, if you do not specify an **&lt;include&gt;** rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied **&lt;exclude&gt;** rule is unnecessary.
+>
+> If you specify an **&lt;exclude&gt;** rule, always specify a corresponding **&lt;include&gt;** rule. Otherwise, if you don't specify an **&lt;include&gt;** rule, the specific files or settings aren't included. They're already excluded from the migration. Thus, an unaccompanied **&lt;exclude&gt;** rule is unnecessary.
 
 - [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files)
 
@@ -82,16 +83,16 @@ The following .xml file migrates all files and subfolders in `C:\Data`, except t
         <displayName _locID="miguser.sharedvideo">Test component</displayName>
         <role role="Data">
             <rules>
-         <include>
-            <objectSet>
-                 <pattern type="File">C:\Data\* [*]</pattern>
-            </objectSet>
-          </include>
-         <exclude>
-             <objectSet>
-                   <pattern type="File"> C:\Data\temp\* [*]</pattern>
-             </objectSet>
-         </exclude>  
+                <include>
+                    <objectSet>
+                        <pattern type="File">C:\Data\* [*]</pattern>
+                    </objectSet>
+                </include>
+                <exclude>
+                    <objectSet>
+                        <pattern type="File"> C:\Data\temp\* [*]</pattern>
+                    </objectSet>
+                </exclude>
             </rules>
         </role>
     </component>
@@ -104,23 +105,23 @@ The following .xml file migrates any subfolders in `C:\`EngineeringDrafts`, but
 
 ```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
-<component type="Documents" context="System">
-  <displayName>Component to migrate all Engineering Drafts Documents without subfolders</displayName>
-  <role role="Data">
-    <rules>
-         <include>
-            <objectSet>
-                 <pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
-            </objectSet>
-          </include>
-      <exclude>
-        <objectSet>
-          <pattern type="File"> C:\EngineeringDrafts\ [*]</pattern>
-        </objectSet>
-      </exclude>
-    </rules>
-  </role>
-</component>
+    <component type="Documents" context="System">
+        <displayName>Component to migrate all Engineering Drafts Documents without subfolders</displayName>
+        <role role="Data">
+            <rules>
+                <include>
+                    <objectSet>
+                        <pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
+                    </objectSet>
+                </include>
+                <exclude>
+                    <objectSet>
+                        <pattern type="File"> C:\EngineeringDrafts\ [*]</pattern>
+                    </objectSet>
+                </exclude>
+            </rules>
+        </role>
+    </component>
 </migration>
 ```
 
@@ -130,35 +131,35 @@ The following .xml file migrates all files and subfolders in `C:\EngineeringDraf
 
 ```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
-<component type="Documents" context="System">
-  <displayName>Component to migrate all Engineering Drafts Documents except Sample.doc</displayName>
-  <role role="Data">
-    <rules>
-         <include>
-            <objectSet>
-                 <pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
-            </objectSet>
-          </include>
-      <exclude>
-        <objectSet>
-          <pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
-        </objectSet>
-      </exclude>
-    </rules>
-  </role>
-</component>
+    <component type="Documents" context="System">
+        <displayName>Component to migrate all Engineering Drafts Documents except Sample.doc</displayName>
+        <role role="Data">
+            <rules>
+                <include>
+                    <objectSet>
+                        <pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
+                    </objectSet>
+                </include>
+                <exclude>
+                    <objectSet>
+                        <pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
+                    </objectSet>
+                </exclude>
+            </rules>
+        </role>
+    </component>
 </migration>
 ```
 
 ### Example 5: How to exclude a file from any location
 
-To exclude a Sample.doc file from any location on the C: drive, use the **&lt;pattern&gt;** element. If multiple files exist with the same name on the C: drive, all of these files will be excluded.
+To exclude a Sample.doc file from any location on the C: drive, use the **&lt;pattern&gt;** element. If multiple files exist with the same name on the C: drive, all of these files are excluded.
 
 ```xml
 <pattern type="File"> C:\* [Sample.doc] </pattern>
 ```
 
-To exclude a Sample.doc file from any drive on the computer, use the **&lt;script&gt;** element. If multiple files exist with the same name, all of these files will be excluded.
+To exclude a Sample.doc file from any drive on the computer, use the **&lt;script&gt;** element. If multiple files exist with the same name, all of these files are excluded.
 
 ```xml
 <script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script>
@@ -174,15 +175,15 @@ The following .xml file excludes all `.mp3` files from the migration:
 
 ```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/excludefiles">
-  <component context="System" type="Documents">
+    <component context="System" type="Documents">
         <displayName>Test</displayName>
         <role role="Data">
             <rules>
-             <unconditionalExclude>
-                        <objectSet>
-    <script>MigXmlHelper.GenerateDrivePatterns ("* [*.mp3]", "Fixed")</script>
-                        </objectSet> 
-             </unconditionalExclude>
+                <unconditionalExclude>
+                    <objectSet>
+                        <script>MigXmlHelper.GenerateDrivePatterns ("* [*.mp3]", "Fixed")</script>
+                    </objectSet>
+                </unconditionalExclude>
             </rules>
         </role>
     </component>
@@ -199,11 +200,11 @@ The following .xml file excludes only the files located on the C: drive.
         <displayName>Test</displayName>
         <role role="Data">
             <rules>
-  <unconditionalExclude>
+                <unconditionalExclude>
                     <objectSet>
-      <pattern type="File">c:\*[*]</pattern>
+                        <pattern type="File">c:\*[*]</pattern>
                     </objectSet>
-  </unconditionalExclude>
+                </unconditionalExclude>
             </rules>
         </role>
     </component>
@@ -217,53 +218,53 @@ The following .xml file unconditionally excludes the `HKEY_CURRENT_USER` registr
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/miguser">
-   <component type="Documents" context="User">
-      <displayName>Test</displayName>
-      <role role="Data">
-         <rules>
-            <include>
-               <objectSet>
-                  <pattern type="Registry">HKCU\testReg[*]</pattern>
-               </objectSet>
-            </include>
-            <unconditionalExclude>
-               <objectSet>
-                  <pattern type="Registry">HKCU\*[*]</pattern>
-               </objectSet>
-            </unconditionalExclude>
-         </rules>
-      </role>
-   </component>
+    <component type="Documents" context="User">
+        <displayName>Test</displayName>
+        <role role="Data">
+            <rules>
+                <include>
+                    <objectSet>
+                        <pattern type="Registry">HKCU\testReg[*]</pattern>
+                    </objectSet>
+                </include>
+                <unconditionalExclude>
+                    <objectSet>
+                        <pattern type="Registry">HKCU\*[*]</pattern>
+                    </objectSet>
+                </unconditionalExclude>
+            </rules>
+        </role>
+    </component>
 </migration>
 ```
 
 ##### Example 4: How to Exclude `C:\Windows` and `C:\Program Files`
 
-The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all `*.docx`, `*.xls` and `*.ppt` files won't be migrated because the **&lt;unconditionalExclude&gt;** element takes precedence over the **&lt;include&gt;** element.
+The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. All `*.docx`, `*.xls` and `*.ppt` files aren't migrated because the **&lt;unconditionalExclude&gt;** element takes precedence over the **&lt;include&gt;** element.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/miguser">
-   <component type="Documents" context="System">
-      <displayName>Test</displayName>
-      <role role="Data">
-         <rules>
-            <include>
-               <objectSet>
-    <script>MigXmlHelper.GenerateDrivePatterns ("* [*.doc]", "Fixed")</script>
-    <script>MigXmlHelper.GenerateDrivePatterns ("* [*.xls]", "Fixed")</script>
-    <script>MigXmlHelper.GenerateDrivePatterns ("* [*.ppt]", "Fixed")</script>
-               </objectSet>
-            </include>
-            <unconditionalExclude>
-               <objectSet>
-                  <pattern type="File">C:\Program Files\* [*]</pattern>
-<pattern type="File">C:\Windows\* [*]</pattern>
-               </objectSet>
-            </unconditionalExclude>
-         </rules>
-      </role>
-   </component>
+    <component type="Documents" context="System">
+        <displayName>Test</displayName>
+        <role role="Data">
+            <rules>
+                <include>
+                    <objectSet>
+                        <script>MigXmlHelper.GenerateDrivePatterns ("* [*.doc]", "Fixed")</script>
+                        <script>MigXmlHelper.GenerateDrivePatterns ("* [*.xls]", "Fixed")</script>
+                        <script>MigXmlHelper.GenerateDrivePatterns ("* [*.ppt]", "Fixed")</script>
+                    </objectSet>
+                </include>
+                <unconditionalExclude>
+                    <objectSet>
+                        <pattern type="File">C:\Program Files\* [*]</pattern>
+                        <pattern type="File">C:\Windows\* [*]</pattern>
+                    </objectSet>
+                </unconditionalExclude>
+            </rules>
+        </role>
+    </component>
 </migration>
 ```
 
@@ -275,12 +276,13 @@ You can create and modify a `Config.xml` file if you want to exclude components
 
 - **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the **&lt;WindowsComponents&gt;** section.
 
-- **To exclude My Documents:** Specify `migrate="no"` for **My Documents** under the **&lt;Documents&gt;** section. Note that any **&lt;include&gt;** rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files won't.
+- **To exclude My Documents:** Specify `migrate="no"` for **My Documents** under the **&lt;Documents&gt;** section. Any **&lt;include&gt;** rules in the .xml files are still applied. For example, if you have a rule that includes all the .docx files in My Documents, then .docx files are still migrated. However, any additional files that aren't .docx aren't migrated.
 
 For more information, see [Config.xml File](usmt-configxml-file.md).
 
 > [!NOTE]
-> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration.
+>
+> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file doesn't exclude the component from your migration.
 
 ## Related articles
 
diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
index f3d7c238f3..2dbac0a510 100644
--- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
+++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
@@ -16,10 +16,14 @@ ms.technology: itpro-fundamentals
 
 **Applies to:**
 
+- Windows 11
 - Windows 10
 - Windows 8.1
 - Windows 8
 - Windows 7
+- Windows Server 2022
+- Windows Server 2019
+- Windows Server 2016
 - Windows Server 2012 R2
 - Windows Server 2012
 - Windows Server 2008 R2
@@ -81,7 +85,7 @@ The KMS uses service (SRV) resource records in DNS to store and communicate the
 
 By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it.
 
-Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
+Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. All currently supported versions of Windows and Windows Server provide these priority and weight parameters.
 
 If the KMS host that a client computer selects doesn't respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host doesn't respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.
 
diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index 7f990d6a31..776d1007ab 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -44,7 +44,7 @@ To open PowerShell with administrative credentials, select **Start** and enter `
 For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter:
 
   ```powershell
-  cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0"
+  cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3"
   ```
 
 ### Import the VAMT PowerShell module
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 6849160ab4..5c34ff5222 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -40,6 +40,10 @@ The table below provides support details for specific deployment scenarios. Boot
 
 Alternatives to WDS, such as [Microsoft Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images.
 
+> [!NOTE]
+>
+> [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) only supports deployment of Windows 10. It doesn't support deployment of Windows 11. For more information, see [Supported platforms](/mem/configmgr/mdt/release-notes#supported-platforms).
+
 ## Not affected
 
 WDS PXE boot isn't affected by this change. You can still use WDS to PXE boot devices with custom boot images, but you can't use **boot.wim** as the boot image and run Windows Setup in WDS mode.
diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md
deleted file mode 100644
index 3ee6b7d8a5..0000000000
--- a/windows/deployment/windows-10-deployment-tools-reference.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Windows 10 deployment tools reference
-description: Learn about the tools available to deploy Windows 10, like Volume Activation Management Tool (VAMT) and User State Migration Tool (USMT).
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
-ms.prod: windows-client
-ms.date: 10/31/2022
-ms.topic: article
-ms.technology: itpro-deploy
----
-
-# Windows 10 deployment tools reference
-
-Learn about the tools available to deploy Windows 10.
-
-|Article |Description |
-|------|------------|
-|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. |
-|[Convert MBR partition to GPT](mbr-to-gpt.md) |This article provides detailed instructions for using the MBR2GPT partition conversion tool. |
-|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
-|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
-|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment. |
-|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows&reg;, Microsoft&reg; Office, and select other Microsoft products volume and retail-activation process. |
-|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md
deleted file mode 100644
index b4187d65df..0000000000
--- a/windows/deployment/windows-10-deployment-tools.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Windows 10 deployment tools
-description: Learn how to use Windows 10 deployment tools to successfully deploy Windows 10 to your organization.
-manager: aaroncz
-ms.author: frankroj
-author: frankroj
-ms.prod: windows-client
-ms.date: 10/31/2022
-ms.topic: article
-ms.technology: itpro-deploy
----
-
-# Windows 10 deployment tools
-
-Learn about the tools available to deploy Windows 10.
-
-|Article |Description |
-|------|------------|
-|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. |
-|[Convert MBR partition to GPT](mbr-to-gpt.md) |This article provides detailed instructions for using the MBR2GPT partition conversion tool. |
-|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
-|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
-|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment. |
-|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows&reg;, Microsoft&reg; Office, and select other Microsoft products volume and retail-activation process. |
-|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 5399593006..241c5344cc 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -54,9 +54,6 @@ In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offerin
 
 ## Compare Windows 10 Pro and Enterprise editions
 
-> [!NOTE]
-> The following table only lists Windows 10. More information will be available about differences between Windows 11 editions after Windows 11 is generally available.
-
 Windows 10 Enterprise edition has many features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
 
 ### Table 1. Windows 10 Enterprise features not found in Windows 10 Pro
@@ -64,7 +61,7 @@ Windows 10 Enterprise edition has many features that are unavailable in Windows
 |Feature|Description|
 |--- |--- |
 |Credential Guard|Credential Guard uses virtualization-based security to help protect security secrets so that only privileged system software can access them. Examples of security secrets that can be protected include NTLM password hashes and Kerberos Ticket Granting Tickets. This protection helps prevent Pass-the-Hash or Pass-the-Ticket attacks.<br><br>Credential Guard has the following features:<li>**Hardware-level security** - Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.<li>**Virtualization-based security** - Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.<li>**Improved protection against persistent threats** - Credential Guard works with other technologies (for example, Device Guard) to help provide further protection against attacks, no matter how persistent.<li>**Improved manageability** -  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.<br><br>For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).<br><br>*Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*|
-|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, they'll be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.<br><br>Device Guard protects in the following ways:<li>Helps protect against malware<li>Helps protect the Windows system core from vulnerability and zero-day exploits<li>Allows only trusted apps to run<br><br>For more information, see [Introduction to Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
+|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, they'll be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.<br><br>Device Guard protects in the following ways:<li>Helps protect against malware<li>Helps protect the Windows system core from vulnerability and zero-day exploits<li>Allows only trusted apps to run<br><br>For more information, see [Introduction to Device Guard](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
 |AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.<br><br>For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
 |Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users' devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.<br><br>For more information, see [Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started).|
 |User Experience Virtualization (UE-V)|With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share.<br><br>When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.<br><br>UE-V provides the following features:<li>Specify which application and Windows settings synchronize across user devices<li>Deliver the settings anytime and anywhere users work throughout the enterprise<li>Create custom templates for your third-party or line-of-business applications<li>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state<br><br>For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).|
@@ -123,7 +120,7 @@ Now that the devices have Windows 10/11 Enterprise, you can implement Device Gua
 
 For more information about implementing Device Guard, see:
 
-- [Windows Defender Application Control and virtualization-based protection of code integrity](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control)
+- [Windows Defender Application Control and virtualization-based protection of code integrity](/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control)
 - [Device Guard deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
 
 ### AppLocker management
diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index 7abdacbadc..e6232ddc8f 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -10,6 +10,8 @@
           href: overview/windows-autopatch-roles-responsibilities.md
         - name: Privacy
           href: overview/windows-autopatch-privacy.md
+        - name: Deployment guide
+          href: overview/windows-autopatch-deployment-guide.md
         - name: FAQ
           href: overview/windows-autopatch-faq.yml
     - name: Prepare
@@ -38,11 +40,9 @@
               href: deploy/windows-autopatch-device-registration-overview.md
             - name: Register your devices
               href: deploy/windows-autopatch-register-devices.md
-            - name: Windows Autopatch groups experience
-              href:
+            - name: Windows Autopatch groups overview
+              href: deploy/windows-autopatch-groups-overview.md
               items:
-                - name: Windows Autopatch groups overview
-                  href: deploy/windows-autopatch-groups-overview.md
                 - name: Manage Windows Autopatch groups
                   href: deploy/windows-autopatch-groups-manage-autopatch-groups.md
             - name: Post-device registration readiness checks
@@ -50,106 +50,67 @@
     - name: Operate
       href: 
       items:
-        - name: Windows Autopatch groups experience
-          href:
+        - name: Software update management
+          href: operate/windows-autopatch-groups-update-management.md
           items:
-            - name: Software update management
-              href: operate/windows-autopatch-groups-update-management.md
+              - name: Windows updates
+                href:
+                items:
+                  - name: Customize Windows Update settings
+                    href: operate/windows-autopatch-groups-windows-update.md
+                  - name: Windows quality updates
+                    href: operate/windows-autopatch-groups-windows-quality-update-overview.md
+                    items:
+                      - name: Windows quality update end user experience
+                        href: operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
+                      - name: Windows quality update signals
+                        href: operate/windows-autopatch-groups-windows-quality-update-signals.md
+                      - name: Windows quality update communications
+                        href: operate/windows-autopatch-groups-windows-quality-update-communications.md
+                  - name: Windows feature updates
+                    href: operate/windows-autopatch-groups-windows-feature-update-overview.md
+                    items:
+                      - name: Manage Windows feature updates
+                        href: operate/windows-autopatch-groups-manage-windows-feature-update-release.md
+              - name: Microsoft 365 Apps for enterprise
+                href: operate/windows-autopatch-microsoft-365-apps-enterprise.md
+              - name: Microsoft Edge
+                href: operate/windows-autopatch-edge.md
+              - name: Microsoft Teams
+                href: operate/windows-autopatch-teams.md
+        - name: Windows quality and feature update reports overview
+          href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
+          items:
+            - name: Windows quality update reports
+              href:
               items:
-                - name: Windows updates
-                  href:
-                  items:
-                    - name: Customize Windows Update settings
-                      href: operate/windows-autopatch-groups-windows-update.md
-                    - name: Windows quality updates
-                      href: operate/windows-autopatch-groups-windows-quality-update-overview.md
-                      items:
-                        - name: Windows quality update end user experience
-                          href: operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
-                        - name: Windows quality update signals
-                          href: operate/windows-autopatch-groups-windows-quality-update-signals.md
-                        - name: Windows quality update communications
-                          href: operate/windows-autopatch-groups-windows-quality-update-communications.md
-                    - name: Windows feature updates
-                      href: operate/windows-autopatch-groups-windows-feature-update-overview.md
-                      items:
-                        - name: Manage Windows feature updates
-                          href: operate/windows-autopatch-groups-manage-windows-feature-update-release.md
-            - name: Windows quality and feature update reports
-              href: operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
+                - name: Summary dashboard
+                  href: operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
+                - name: Quality update status report
+                  href: operate/windows-autopatch-groups-windows-quality-update-status-report.md
+                - name: Quality update trending report
+                  href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md
+            - name: Windows feature update reports
+              href:
               items:
-                - name: Windows quality update reports
-                  href:
-                  items:
-                    - name: Summary dashboard
-                      href: operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
-                    - name: Quality update status report
-                      href: operate/windows-autopatch-groups-windows-quality-update-status-report.md
-                    - name: Quality update trending report
-                      href: operate/windows-autopatch-groups-windows-quality-update-trending-report.md
-                - name: Windows feature update reports
-                  href:
-                  items:
-                    - name: Summary dashboard
-                      href: operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
-                    - name: Feature update status report
-                      href: operate/windows-autopatch-groups-windows-feature-update-status-report.md
-                    - name: Feature update trending report
-                      href: operate/windows-autopatch-groups-windows-feature-update-trending-report.md
-                - name: Windows quality and feature update device alerts
-                  href: operate/windows-autopatch-device-alerts.md
-        - name: Classic experience
-          href:
-          items:  
-            - name: Software update management
-              href: operate/windows-autopatch-update-management.md
-              items:
-                - name: Windows updates
-                  href:
-                  items:
-                    - name: Customize Windows Update settings
-                      href: operate/windows-autopatch-windows-update.md
-                    - name: Windows quality updates
-                      href: operate/windows-autopatch-windows-quality-update-overview.md
-                      items:
-                        - name: Windows quality update end user experience
-                          href: operate/windows-autopatch-windows-quality-update-end-user-exp.md
-                        - name: Windows quality update signals
-                          href: operate/windows-autopatch-windows-quality-update-signals.md
-                        - name: Windows quality update communications
-                          href: operate/windows-autopatch-windows-quality-update-communications.md
-                        - name: Windows quality update reports
-                          href: operate/windows-autopatch-windows-quality-update-reports-overview.md
-                          items:
-                            - name: Summary dashboard
-                              href: operate/windows-autopatch-windows-quality-update-summary-dashboard.md
-                            - name: All devices report
-                              href: operate/windows-autopatch-windows-quality-update-all-devices-report.md
-                            - name: All devices report—historical
-                              href: operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md
-                            - name: Eligible devices report—historical
-                              href: operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md
-                            - name: Ineligible devices report—historical
-                              href: operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md
-                    - name: Windows feature updates
-                      href: operate/windows-autopatch-windows-feature-update-overview.md
-                      items:
-                        - name: Windows feature update end user experience
-                          href: operate/windows-autopatch-windows-feature-update-end-user-exp.md
-                - name: Microsoft 365 Apps for enterprise
-                  href: operate/windows-autopatch-microsoft-365-apps-enterprise.md
-                - name: Microsoft Edge
-                  href: operate/windows-autopatch-edge.md
-                - name: Microsoft Teams
-                  href: operate/windows-autopatch-teams.md
+                - name: Summary dashboard
+                  href: operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
+                - name: Feature update status report
+                  href: operate/windows-autopatch-groups-windows-feature-update-status-report.md
+                - name: Feature update trending report
+                  href: operate/windows-autopatch-groups-windows-feature-update-trending-report.md
+            - name: Windows quality and feature update device alerts
+              href: operate/windows-autopatch-device-alerts.md
         - name: Policy health and remediation
           href: operate/windows-autopatch-policy-health-and-remediation.md
         - name: Maintain the Windows Autopatch environment
           href: operate/windows-autopatch-maintain-environment.md
+        - name: Manage driver and firmware updates
+          href: operate/windows-autopatch-manage-driver-and-firmware-updates.md
         - name: Submit a support request
           href: operate/windows-autopatch-support-request.md
-        - name: Deregister a device
-          href: operate/windows-autopatch-deregister-devices.md
+        - name: Exclude a device
+          href: operate/windows-autopatch-exclude-device.md
         - name: Unenroll your tenant
           href: operate/windows-autopatch-unenroll-tenant.md
     - name: References
@@ -162,10 +123,10 @@
               href: references/windows-autopatch-windows-update-unsupported-policies.md
             - name: Microsoft 365 Apps for enterprise update policies
               href: references/windows-autopatch-microsoft-365-policies.md
+            - name: Conflicting configurations
+              href: references/windows-autopatch-conflicting-configurations.md
         - name: Changes made at tenant enrollment
           href: references/windows-autopatch-changes-to-tenant.md
-        - name: Windows Autopatch groups public preview addendum
-          href: references/windows-autopatch-groups-public-preview-addendum.md
     - name: What's new
       href:
       items: 
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
index 4a3c6c4c86..3e70bd954a 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
@@ -1,7 +1,7 @@
 ---
 title: Add and verify admin contacts
 description: This article explains how to add and verify admin contacts
-ms.date: 05/30/2022
+ms.date: 09/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,6 +10,8 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - tier2
 ---
 
 # Add and verify admin contacts
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index f511e6481b..7bb3547dba 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Device registration overview
 description: This article provides an overview on how to register devices in Autopatch
-ms.date: 05/08/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Device registration overview
@@ -23,9 +26,7 @@ The overall device registration process is as follows:
 :::image type="content" source="../media/windows-autopatch-device-registration-overview.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-device-registration-overview.png":::
 
 1. IT admin reviews [Windows Autopatch device registration prerequisites](windows-autopatch-register-devices.md#prerequisites-for-device-registration) prior to register devices with Windows Autopatch.
-2. IT admin identifies devices to be managed by Windows Autopatch through either adding:
-    1. The devices into the Windows Autopatch Device Registration (classic) Azure Active Directory (AD) group.
-    2. Device-based Azure AD groups as part of the [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md) or the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md).
+2. IT admin identifies devices to be managed by Windows Autopatch through either adding device-based Azure AD groups as part of the [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md) or the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md).
 3. Windows Autopatch then:
     1. Performs device readiness prior registration (prerequisite checks).
     2. Calculates the deployment ring distribution.
@@ -45,7 +46,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
 | Step | Description |
 | ----- | ----- |
 | **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
-| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Azure AD assigned or dynamic groups into the **Windows Autopatch Device Registration** Azure AD assigned group when using the:<ul><li> [Classic device registration method](../deploy/windows-autopatch-register-devices.md#classic-device-registration-method), or </li><li>Adding existing device-based Azure AD groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
+| **Step 2: Add devices** | IT admin adds devices through Direct membership or nests other Azure AD assigned or dynamic groups into the **Windows Autopatch Device Registration** Azure AD assigned group when using adding existing device-based Azure AD groups while [creating](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group)/[editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) Custom Autopatch groups, or [editing](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) the Default Autopatch group</li></ul> |
 | **Step 3: Discover devices** | The Windows Autopatch Discover Devices function discovers devices (hourly) that were previously added by the IT admin into the **Windows Autopatch Device Registration** Azure AD assigned group or from Azure AD groups used with Autopatch groups in **step #2**. The Azure AD device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Azure AD when registering devices into its service.<ol><li>Once devices are discovered from the Azure AD group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Azure AD in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements prior to registration.</li></ol> |
 | **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**Serial number, model, and manufacturer.**</li><ol><li>Checks if the serial number already exists in the Windows Autopatch’s managed device database.</li></ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Azure AD device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune.</li><li>A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with it anymore. To remediate, [clean up any stale Azure AD device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn’t enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
 | **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
@@ -79,9 +80,6 @@ The following four Azure AD assigned groups are used to organize devices for the
 
 The five Azure AD assigned groups that are used to organize devices for the software update-based deployment ring set within the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition):
 
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
-
 | Software updates-based deployment ring | Description |
 | ----- | ----- |
 | Windows Autopatch - Test | Deployment ring for testing software updates-based deployments prior production rollout. |
@@ -115,13 +113,13 @@ The Windows Autopatch deployment ring calculation occurs during the device reg
 > [!NOTE]
 > You can customize the deployment ring calculation logic by editing the Default Autopatch group.
 
-| Deployment ring | Default device balancing percentage | Description |
-| ----- | ----- | ----- |
-| Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0–500** devices: minimum **one** device.</li><li>**500–5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
-| First |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
-| Fast | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
-| Broad | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.|
-| Last | **zero** | The Last ring is intended to be used for either specialized devices or devices that belong to VIP/executives in an organization. Windows Autopatch doesn't automatically add devices to this deployment ring. |
+| Service-based deployment ring | Default Autopatch group deployment ring | Default device balancing percentage | Description |
+| ----- | ----- | ----- | ----- |
+| Test | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0–500** devices: minimum **one** device.</li><li>**500–5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
+| First | Ring 1 |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
+| Fast | Ring 2 | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
+| Broad | Ring 3 | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.|
+| N/A | Last | **zero** | The Last ring is intended to be used for either specialized devices or devices that belong to VIP/executives in an organization. Windows Autopatch doesn't automatically add devices to this deployment ring. |
 
 ## Software update-based to service-based deployment ring mapping
 
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
index 9831d4850d..18ff0f2a4a 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
@@ -1,7 +1,7 @@
 ---
 title: Manage Windows Autopatch groups
 description: This article explains how to manage Autopatch groups
-ms.date: 05/11/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Manage Windows Autopatch groups (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Manage Windows Autopatch groups
 
 Autopatch groups help Microsoft Cloud-Managed services meet organizations where they are in their update management journey.
 
@@ -58,9 +58,6 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr
 > [!TIP]
 > [Update rings](/mem/intune/protect/windows-10-update-rings) and [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies that are created and managed by Windows Autopatch can be restored using the [Policy health](../operate/windows-autopatch-policy-health-and-remediation.md) feature. For more information on remediation actions, see [restore Windows update policies](../operate/windows-autopatch-policy-health-and-remediation.md#restore-windows-update-policies).
 
-> [!NOTE]
-> During the public preview, Autopatch groups opt-in page will show a banner to let you know when one or more prerequisites are failing. Once you remediate the issue to meet the prerequisites, it can take up to an hour for your tenant to have the "Use preview" button available.
-
 ## Create a Custom Autopatch group
 
 > [!NOTE]
@@ -71,10 +68,7 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Devices** from the left navigation menu.
 1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release management** blade, select **Autopatch groups (preview)**.
-1. Only during the public preview:
-    1. Review the [Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md) and the [Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md).
-    1. Select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Autopatch groups. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).
+1. In the **Release management** blade, select **Autopatch groups**.
 1. In the **Autopatch groups** blade, select **Create**.
 1. In **Basics** page, enter a **name** and a **description** then select **Next: Deployment rings**.
     1. Enter up to 64 characters for the Autopatch group name and 150 characters maximum for the description. The Autopatch group name is appended to both the update rings and the DSS policy names that get created once the Custom Autopatch group is created.
@@ -99,6 +93,10 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr
 
 ## Edit the Default or a Custom Autopatch group
 
+> [!TIP]
+> You can't edit an Autopatch group when there's one or more Windows feature update releases targeted to it. If you try to edit an Autopatch group with one or more ongoing Windows feature update releases targeted to it, you get the following informational banner message: "**Some settings are not allowed to be modified as there’s one or more on-going Windows feature update release targeted to this Autopatch group.**"
+> See [Manage Windows feature update releases](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md) for more information on release and phase statuses.
+
 **To edit either the Default or a Custom Autopatch group:**
 
 1. Select the **horizontal ellipses (…)** > **Edit** for the Autopatch group you want to edit.
@@ -111,6 +109,18 @@ Before you start managing Autopatch groups, ensure you’ve met the following pr
 > [!IMPORTANT]
 > Windows Autopatch creates the device-based Azure AD assigned groups based on the choices made in the deployment ring composition page. Additionally, the service assigns the update ring policies for each deployment ring created in the Autopatch group based on the choices made in the Windows Update settings page as part of the Autopatch group guided end-user experience.
 
+## Rename a Custom Autopatch group
+
+You **can’t** rename the Default Autopatch group. However, you can rename a Custom Autopatch group.
+
+**To rename a Custom Autopatch group:**
+
+1. Select the **horizontal ellipses (…)** > **Rename** for the Custom Autopatch group you want to rename. The **Rename Autopatch group** fly-in opens.
+1. In the **New Autopatch group name**, enter the new Autopatch group name of your choice, then click **Rename group**.
+
+> [!IMPORTANT]
+> Autopatch supports up to 64 characters for the custom Autopatch group name. Additionally, when you rename a custom Autopatch group all [update rings for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-update-rings) and [feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates) associated with the custom Autopatch group are renamed to include the new Autopatch group name you define in its name string. Also, when renaming a custom Autopatch group all Azure AD groups representing the custom Autopatch group's deployment rings are renamed to include the new Autopatch group name you define in its name string.
+
 ## Delete a Custom Autopatch group
 
 You **can’t** delete the Default Autopatch group. However, you can delete a Custom Autopatch group.  
@@ -125,10 +135,6 @@ You **can’t** delete the Default Autopatch group. However, you can delete a Cu
 
 ## Manage device conflict scenarios when using Autopatch groups
 
-> [!IMPORTANT]
-> The Windows Autopatch groups functionaliy is in **public preview**. This feature is being actively developed and not all device conflict detection and resolution scenarios are working as expected.
-> For more information on what to expect for this scenario during public preview, see [Known issues](#known-issues).
-
 Overlap in device membership is a common scenario when working with device-based Azure AD groups since sometimes dynamic queries can be large in scope or the same assigned device membership can be used across different Azure AD groups.
 
 Since Autopatch groups allow you to use your existing Azure AD groups to create your own deployment ring composition, the service takes on the responsibility of monitoring and automatically solving some of the device conflict scenarios that may occur.
@@ -164,7 +170,7 @@ Device conflict across different deployment rings in different Autopatch groups
 | -----  | ----- |
 | You, the IT admin at Contoso Ltd., are using several Custom Autopatch groups. While navigating through devices in the Windows Autopatch Devices blade (**Not ready** tab), you notice that the same device is part of different deployment rings across several different Custom Autopatch groups. | You must resolve this conflict.<p>Autopatch groups informs you about the device conflict in the **Devices** > **Not ready** tab. You’re required to manually indicate which of the existing Custom Autopatch groups the device should exclusively belong to.</p> |
 
-#### Device conflict prior device registration
+#### Device conflict prior to device registration
 
 When you create or edit the Custom or Default Autopatch group, Windows Autopatch checks if the devices that are part of the Azure AD groups, used in Autopatch groups’ deployment rings, are registered with the service.
 
@@ -175,56 +181,3 @@ When you create or edit the Custom or Default Autopatch group, Windows Autopatch
 #### Device conflict post device registration
 
 Autopatch groups will keep monitoring for all device conflict scenarios listed in the [Manage device conflict scenarios when using Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#manage-device-conflict-scenarios-when-using-autopatch-groups) section even after devices were successfully registered with the service.
-
-## Known issues
-
-This section lists known issues with Autopatch groups during its public preview.
-
-### Device conflict scenarios when using Autopatch groups
-
-- **Status: Active**
-
-The Windows Autopatch team is aware that all device conflict scenarios listed below are currently being evaluated during the device registration process to make sure devices are properly registered with the service, and not evaluated post-device registration. The Windows Autopatch team is currently developing detection and resolution for the followin device conflict scenarios, and plan to make them available during public preview.
-
-- Default to Custom Autopatch device conflict detection and resolution.
-- Device conflict detection and resolution within an Autopatch group.
-- Custom to Custom Autopatch group device conflict detection.
-
-> [!TIP]
-> Use the following two best practices to help minimize device conflict scenarios when using Autopatch groups during the public preview:
-> 
-> - Review your software update deployment requirements thoroughly. If your deployment requirements allow, try using the Default Autopatch group as much as possible, instead of start creating Custom Autopatch groups. You can customize the Default Autopatch to have up to 15 deployment rings, and you can use your existing device-based Azure AD groups with custom update deployment cadences.
-> - If creating Custom Autopatch groups, try to avoid using device-based Azure AD groups that have device membership overlaps with the devices that are already registered with Windows Autopatch, and already belong to the Default Autopatch group.
-
-### Autopatch group Azure AD group remediator
-
-- **Status: Active**
-
-The Windows Autopatch team is aware that the Windows Autopatch service isn't automatically restoring the Azure AD groups that get created during the Autopatch groups creation/editing process. If the following Azure AD groups, that belong to the Default Autopatch group and other Azure AD groups that get created with Custom Autopatch groups, are deleted or renamed, they won't be automatically remediated on your behalf yet:
-
-- Windows Autopatch – Test
-- Windows Autopatch – Ring1
-- Windows Autopatch – Ring2
-- Windows Autopatch – Ring3
-- Windows Autopatch – Last
-
-The Windows Autopatch team is currently developing the Autopatch group Azure AD group remediator feature and plan to make it available during public preview.
-
-> [!NOTE]
-> The Autopatch group remediator won't remediate the service-based deployment rings:
-> 
-> - Modern Workplace Devices-Windows Autopatch-Test
-> - Modern Workplace Devices-Windows Autopatch-First
-> - Modern Workplace Devices-Windows Autopatch-Fast
-> - Modern Workplace Devices-Windows Autopatch-Broad
-> 
-> Use the [Policy health feature](../operate/windows-autopatch-policy-health-and-remediation.md) to restore these groups, if needed. For more information, see [restore deployment groups](../operate/windows-autopatch-policy-health-and-remediation.md#restore-deployment-groups).
-
-### Rename an Autopatch group 
-
-- **Status: Active**
-
-You can't rename an Autopatch group yet. The Autopatch group name is appended to all deployment ring names in the Autopatch group. Windows Autopatch is currently developing the rename feature.
-
-> [!IMPORTANT]
-> During the public preview, if you try to rename either the [Update rings](/mem/intune/protect/windows-10-update-rings) or [feature updates](/mem/intune/protect/windows-10-feature-updates) for Windows 10 and later policies directly in the Microsoft Intune end-user experience, the policy names are reverted back to the name defined by the Autopatch group end-user experience interface.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
index 730fc16ec4..a706404138 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Autopatch groups overview
 description: This article explains what Autopatch groups are
-ms.date: 05/03/2023
+ms.date: 07/20/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,14 +10,14 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows Autopatch groups overview (public preview)
+# Windows Autopatch groups overview
 
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
-
-As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they’re challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups helps organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions.
+As organizations move to a managed-service model where Microsoft manages update processes on their behalf, they’re challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions.
 
 ## What are Windows Autopatch groups?
 
@@ -64,7 +64,7 @@ The Default Autopatch group uses Windows Autopatch’s default update management
 The Default Autopatch group is intended to serve organizations that are looking to:
 
 - Enroll into the service
-- Align to Windows Autopatch’s default update management process without requiring additional customizations.
+- Align to Windows Autopatch’s default update management process without requiring more customizations.
 
 The Default Autopatch group **can’t** be deleted or renamed. However, you can customize its deployment ring composition to add and/or remove deployment rings, and you can also customize the update deployment cadences for each deployment ring within it.
 
@@ -110,11 +110,11 @@ Autopatch groups set up the [feature updates for Windows 10 and later policies](
 
 | Policy name | Azure AD group assignment |Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy [Test] | Windows Autopatch - Test | Windows 10 20H2 | Make update available as soon as possible | N/A | N/A | N/A | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Ring1] | Windows Autopatch - Ring1 | Windows 10 20H2 | Make update available as soon as possible | N/A | N/A | N/A | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Ring2] | Windows Autopatch - Ring2 | Windows 10 20H2 | Make update available as soon as possible | December 14, 2022 | December 21, 2022 | 1 | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Ring3] | Windows Autopatch - Ring3 | Windows 10 20H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | May 8, 2023; 7:00PM |
-| Windows Autopatch - DSS Policy [Last] | Windows Autopatch - Last | Windows 10 20H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | May 8, 2023; 7:00PM |
+| Windows Autopatch - DSS Policy [Test] | Windows Autopatch - Test | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Ring1] | Windows Autopatch - Ring1 | Windows 10 21H2 | Make update available as soon as possible | N/A | N/A | N/A | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Ring2] | Windows Autopatch - Ring2 | Windows 10 21H2 | Make update available as soon as possible | December 14, 2022 | December 21, 2022 | 1 | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Ring3] | Windows Autopatch - Ring3 | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024; 1:00AM |
+| Windows Autopatch - DSS Policy [Last] | Windows Autopatch - Last | Windows 10 21H2 | Make update available as soon as possible | December 15, 2022 | December 29, 2022 | 1 | June 11, 2024; 1:00AM |
 
 ### About Custom Autopatch groups
 
@@ -160,7 +160,7 @@ Autopatch groups creates two different layers. Each layer contains its own deplo
 
 The service-based deployment ring set is exclusively used to keep Windows Autopatch updated with both service and device-level configuration policies, apps and APIs needed for core functions of the service.
 
-The following are the Azure AD assigned groups that represent the service-based deployment rings. These groups cannot be deleted or renamed:
+The following are the Azure AD assigned groups that represent the service-based deployment rings. These groups can't be deleted or renamed:
 
 - Modern Workplace Devices-Windows Autopatch-Test
 - Modern Workplace Devices-Windows Autopatch-First
@@ -174,7 +174,7 @@ The following are the Azure AD assigned groups that represent the service-based
 
 The software-based deployment ring set is exclusively used with software update management policies, such as the Windows update ring and feature update policies, in the Default Windows Autopatch group.
 
-The following are the Azure AD assigned groups that represent the software updates-based deployment rings. These groups cannot be deleted or renamed:
+The following are the Azure AD assigned groups that represent the software updates-based deployment rings. These groups can't be deleted or renamed:
 
 - Windows Autopatch - Test
 - Windows Autopatch – Ring1
@@ -203,7 +203,7 @@ The following are three common uses for using Autopatch groups.
 
 | Scenario | Solution |
 | ----- | ----- |
-| You’re working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You don’t have extra time to spend setting up and managing several Autopatch groups.<p>Your organization currently operates its update management by using five deployment rings, but there’s an opportunity to have flexible deployment cadences if it’s pre-communicated to your end-users.</p> | If you don’t have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.<p>The Default Autopatch group is pre-configured and doesn’t require extra configurations when registering devices with the Windows Autopatch service.</p><p>The following is a visual representation of a gradual rollout for the Default Autopatch group pre-configured and fully managed by the Windows Autopatch service.</p> |
+| You’re working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You don’t have extra time to spend setting up and managing several Autopatch groups.<p>Your organization currently operates its update management by using five deployment rings, but there’s an opportunity to have flexible deployment cadences if it’s precommunicated to your end-users.</p> | If you don’t have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.<p>The Default Autopatch group is preconfigured and doesn’t require extra configurations when registering devices with the Windows Autopatch service.</p><p>The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service.</p> |
 
 :::image type="content" source="../media/autopatch-groups-default-autopatch-group.png" alt-text="Default Autopatch group" lightbox="../media/autopatch-groups-default-autopatch-group.png":::
 
@@ -211,7 +211,7 @@ The following are three common uses for using Autopatch groups.
 
 | Scenario | Solution |
 | ----- | ----- |
-| You’re working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units, for example, the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and subsequently for the business.<p>The following is a visual representation of a gradual rollout for Contoso’s Finance department.</p> |
+| You’re working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units. For example, you can create a Custom Autopatch group for the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and then for the business.<p>The following is a visual representation of a gradual rollout for Contoso’s Finance department.</p> |
 
 :::image type="content" source="../media/autopatch-groups-finance-department-example.png" alt-text="Finance department example" lightbox="../media/autopatch-groups-finance-department-example.png":::
 
@@ -240,12 +240,9 @@ Autopatch groups works with the following software update workloads:
 - [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md)
 - [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
 
-> [!IMPORTANT]
-> [Microsoft Edge](../operate/windows-autopatch-edge.md) and [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) are supported through the (classic) service-based deployment rings. Other software update workloads aren’t currently supported.
-
 ### Maximum number of Autopatch groups
 
-Windows Autopatch will support up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings.
+Windows Autopatch supports up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings.
 
 > [!TIP]
 > If you reach the maximum number of Autopatch groups supported (50), and try to create more Custom Autopatch groups, the "**Create**" option in the Autopatch groups blade will be greyed out.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
index 076f04ca7b..eb2f5d26d5 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Post-device registration readiness checks (public preview)
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
index 55ddc49938..a2734bb584 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@@ -1,7 +1,7 @@
 ---
 title: Register your devices
 description: This article details how to register devices in Autopatch
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Register your devices
@@ -20,49 +23,21 @@ Before Microsoft can manage your devices in Windows Autopatch, you must have dev
 
 Windows Autopatch can take over software update management control of devices that meet software-based prerequisites as soon as an IT admin decides to have their tenant managed by the service. The Windows Autopatch software update management scope includes the following software update workloads:
 
-- Windows quality updates
-    - [Autopatch groups experience](../operate/windows-autopatch-groups-windows-quality-update-overview.md)
-    - [Classic experience](../operate/windows-autopatch-windows-quality-update-overview.md)
-- Windows feature updates
-    - [Autopatch groups experience](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
-    - [Classic experience](../operate/windows-autopatch-windows-feature-update-overview.md)
-- The following software update workloads use the Classic experience:
-    - [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)
-    - [Microsoft Edge updates](../operate/windows-autopatch-edge.md)
-    - [Microsoft Teams updates](../operate/windows-autopatch-teams.md)
+- [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md)
+- [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)
+- [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)
+- [Microsoft Edge updates](../operate/windows-autopatch-edge.md)
+- [Microsoft Teams updates](../operate/windows-autopatch-teams.md)
 
-### About the use of an Azure AD group to register devices
+### Windows Autopatch groups device registration
 
-Windows Autopatch provides two methods of registering devices with its service, the [Classic](#classic-device-registration-method) and the Autopatch groups device registration method.
-
-#### Classic device registration method
-
-This method is intended to help organizations that don’t require the use of [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or additional customizations to the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) to register devices.
-
-You must choose what devices to manage with Windows Autopatch by adding them to the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can be added using the following methods:
-
-- Direct membership
-- Nesting other Azure AD dynamic/assigned groups
-- [Bulk add/import group members](/azure/active-directory/enterprise-users/groups-bulk-import-members)
-
-Windows Autopatch automatically runs its discover devices function every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices.
-
-You can also use the **Discover devices** button in either the Registered or Not ready tab to register devices on demand. The **Discover devices** button scans for devices to be registered in the **Windows Autopatch Device Registration** or any other Azure AD group used with either the Default or Custom Autopatch groups.
-
-#### Windows Autopatch groups device registration method
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
-
-This method is intended to help organizations that require the use of [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or additional customizations to the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group).
-
-When you either create/edit a Custom Autopatch group or edit the Default Autopatch group to add or remove deployment rings, the device-based Azure AD groups you use when setting up your deployment rings are scanned to see if devices need to be registered with the Windows Autopatch service.  
+When you either create/edit a [Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups) or edit the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) to add or remove deployment rings, the device-based Azure AD groups you use when setting up your deployment rings are scanned to see if devices need to be registered with the Windows Autopatch service.  
 
 If devices aren’t registered, Autopatch groups starts the device registration process by using your existing device-based Azure AD groups instead of the Windows Autopatch Device Registration group.
 
 For more information, see [create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [edit Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) to register devices using the Autopatch groups device registration method.
 
-##### Supported scenarios when nesting other Azure AD groups
+#### Supported scenarios when nesting other Azure AD groups
 
 Windows Autopatch also supports the following Azure AD nested group scenarios:
 
@@ -71,8 +46,6 @@ Azure AD groups synced up from:
 - On-premises Active Directory groups (Windows Server AD)
 - [Configuration Manager collections](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_aadcollsync)
 
-The Azure AD groups apply to both the [Classic](#classic-device-registration-method) and the [Autopatch group device registration](#windows-autopatch-groups-device-registration-method) methods.
-
 > [!WARNING]
 > It isn't recommended to sync Configuration Manager collections straight to the **Windows Autopatch Device Registration** Azure AD group. Use a different Azure AD group when syncing Configuration Manager collections to Azure AD groups then you can nest this or these groups into the **Windows Autopatch Device Registration** Azure AD group.
 
@@ -92,9 +65,6 @@ It's recommended to detect and clean up stale devices in Azure AD before registe
 
 ## Prerequisites for device registration
 
-> [!IMPORTANT]
-> The following prerequisites apply to both the [Classic](#classic-device-registration-method) and the [Autopatch groups device registration](#windows-autopatch-groups-device-registration-method) methods.
-
 To be eligible for Windows Autopatch management, devices must meet a minimum set of required software-based prerequisites:
 
 - Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture).
@@ -119,7 +89,7 @@ For more information, see [Windows Autopatch Prerequisites](../prepare/windows-a
 ## About the Registered, Not ready and Not registered tabs
 
 > [!IMPORTANT]
-> Devices registered through either the [Classic](#classic-device-registration-method) or the [Autopatch groups device registration method](#windows-autopatch-groups-device-registration-method) can appear in the Registered, Not ready, or Not registered tabs. When devices successfully register with the service, the devices are listed in the Registered tab. However, even if the device(s)is successfully registered, they can be part of Not ready tab. If devices fail to register, the devices are listed in the Not registered tab.
+> Registered devices can appear in the Registered, Not ready, or Not registered tabs. When devices successfully register with the service, the devices are listed in the Registered tab. However, even if the device(s)is successfully registered, they can be part of Not ready tab. If devices fail to register, the devices are listed in the Not registered tab.
 
 Windows Autopatch has three tabs within its device blade. Each tab is designed to provide a different set of device readiness statuses so the IT admin knows where to go to monitor, and fix potential device health issues.
 
@@ -168,33 +138,6 @@ Registering your devices with Windows Autopatch does the following:
 
 For more information, see [Device registration overview](../deploy/windows-autopatch-device-registration-overview.md).
 
-## Steps to register devices using the classic method
-
-> [!IMPORTANT]
-> For more information, see [Create Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group) and [Edit Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group) on how to register devices using the Autopatch groups device registration method.
-
-Any device (either physical or virtual) that contains an Azure AD device ID, can be added into the **Windows Autopatch Device Registration** Azure AD group through either direct membership or by being part of another Azure AD group (either dynamic or assigned) that's nested to this group, so it can be registered with Windows Autopatch. The only exception is new Windows 365 Cloud PCs, as these virtual devices should be registered with Windows Autopatch from the Windows 365 provisioning policy.
-
-For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](#windows-autopatch-on-windows-365-enterprise-workloads).
-
-Since existing Windows 365 Cloud PCs already have an existing Azure AD device ID, these devices can be added into the **Windows Autopatch Device Registration** Azure group through either direct membership or by being part of another Azure AD group (either dynamic or assigned) that's nested to this group.
-
-**To register devices with Windows Autopatch using the classic method:**
-
-1. Go to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** from the left navigation menu.
-3. Under the **Windows Autopatch** section, select **Devices**.
-4. Select either the **Registered** or the **Not registered** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens.
-5. Add either devices through direct membership, or other Azure AD dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group.
-
-> [!NOTE]
-> The **Windows Autopatch Device Registration** hyperlink is in the center of the Registered tab when there's no devices registered with the Windows Autopatch service. Once you have one or more devices registered with the Windows Autopatch service, the **Windows Autopatch Device registration** hyperlink is at the top of both **Registered** and **Not registered** tabs.
-
-Once devices or other Azure AD groups (either dynamic or assigned) containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch's device discovery hourly function discovers these devices, and runs software-based prerequisite checks to try to register them with its service.
-
-> [!TIP]
-> You can also use the **Discover Devices** button in either one of the **Registered**, **Not ready**, or **Not registered** device blade tabs to discover devices from the **Windows Autopatch Device Registration** Azure AD group on demand. On demand means you don't have to wait for Windows Autopatch to discover devices from the Azure AD group on your behalf.
-
 ### Windows Autopatch on Windows 365 Enterprise Workloads
 
 Windows 365 Enterprise gives IT admins the option to register devices with the Windows Autopatch service as part of the Windows 365 provisioning policy creation. This option provides a seamless experience for admins and users to ensure your Cloud PCs are always up to date. When IT admins decide to manage their Windows 365 Cloud PCs with Windows Autopatch, the Windows 365 provisioning policy creation process calls Windows Autopatch device registration APIs to register devices on behalf of the IT admin.
@@ -221,7 +164,7 @@ For more information, see [Create a Windows 365 Provisioning Policy](/windows-36
 
 Windows Autopatch is available for your Azure Virtual Desktop workloads. Enterprise admins can provision their Azure Virtual Desktop workloads to be managed by Windows Autopatch using the existing device registration process.
 
-Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#steps-to-register-devices-using-the-classic-method). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified.
+Windows Autopatch provides the same scope of service with virtual machines as it does with [physical devices](#windows-autopatch-groups-device-registration). However, Windows Autopatch defers any Azure Virtual Desktop specific support to [Azure support](#contact-support-for-device-registration-related-incidents), unless otherwise specified.
 
 #### Prerequisites
 
@@ -239,7 +182,7 @@ The following Azure Virtual Desktop features aren’t supported:
 
 #### Deploy Autopatch on Azure Virtual Desktop
 
-Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#steps-to-register-devices-using-the-classic-method).
+Azure Virtual Desktop workloads can be registered into Windows Autopatch by using the same method as your [physical devices](#windows-autopatch-groups-device-registration).
 
 For ease of deployment, we recommend nesting a dynamic device group in your Autopatch device registration group. The dynamic device group would target the **Name** prefix defined in your session host, but **exclude** any Multi-Session Session Hosts. For example:
 
diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml
index f80f14cdd2..c79efcf511 100644
--- a/windows/deployment/windows-autopatch/index.yml
+++ b/windows/deployment/windows-autopatch/index.yml
@@ -10,8 +10,8 @@ metadata:
   ms.topic: landing-page # Required
   author: tiaraquan #Required; your GitHub user alias, with correct capitalization.
   ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
+  manager: dougeby
   ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
-  ms.custom: intro-hub-or-landing
   ms.prod: windows-client
   ms.technology: itpro-updates
   ms.collection:
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-deployment-journey.png b/windows/deployment/windows-autopatch/media/windows-autopatch-deployment-journey.png
new file mode 100644
index 0000000000..1e898235fa
Binary files /dev/null and b/windows/deployment/windows-autopatch/media/windows-autopatch-deployment-journey.png differ
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
deleted file mode 100644
index 1792c44913..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Deregister a device
-description: This article explains how to deregister devices
-ms.date: 06/15/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: andredm7
----
-
-# Deregister a device
-
-To avoid end-user disruption, device deregistration in Windows Autopatch only deletes the Windows Autopatch device record itself. Device deregistration can't delete Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity.
-
-**To deregister a device:**
-
-1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Windows Autopatch** in the left navigation menu.
-1. Select **Devices**.
-1. In either **Ready** or **Not ready** tab, select the device(s) you want to deregister.
-1. Once a device or multiple devices are selected, select **Device actions**, then select **Deregister device**.
-
-> [!WARNING]
-> Removing devices from the Windows Autopatch Device Registration Azure AD group doesn't deregister devices from the Windows Autopatch service.
-
-## Excluded devices
-
-When you deregister a device from the Windows Autopatch service, the device is flagged as "excluded" so Windows Autopatch doesn't try to reregister the device into the service again, since the deregistration command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** Azure Active Directory group.
-
-> [!IMPORTANT]
-> The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues.
-
-If you want to reregister a device that was previously deregistered from Windows Autopatch, you must [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team to request the removal of the "excluded" flag set during the deregistration process. After the Windows Autopatch Service Engineering Team removes the flag, you can reregister a device or a group of devices.  
-
-## Hiding unregistered devices
-
-You can hide unregistered devices you don't expect to be remediated anytime soon.
-
-**To hide unregistered devices:**
-
-1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Windows Autopatch** in the left navigation menu.
-1. Select **Devices**.
-1. In the **Not ready** tab, select an unregistered device or a group of unregistered devices you want to hide then select **Status == All**.
-1. Unselect the **Registration failed** status checkbox from the list.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
index fe0551604d..0f80250e80 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
@@ -1,7 +1,7 @@
 ---
 title: Device alerts
 description: Provide notifications and information about the necessary steps to keep your devices up to date. 
-ms.date: 05/01/2023
+ms.date: 08/01/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,16 +10,16 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Device alerts (public preview)
+# Device alerts
 
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information helps you understand:
 
-Windows Autopatch and Windows Updates use Device alerts to provide notifications and information about the necessary steps to keep your devices up to date. In Windows Autopatch reporting, every device is provided with a section for alerts. If no alerts are listed, no action is needed. Navigate to **Reports** > **Quality update status** or **Feature update status** > **Device** > select the **Device alerts** column. The provided information will help you understand:
-
-- The action(s) that have either been performed by Microsoft and/or Windows Autopatch to keep the device properly updated.
+- Microsoft and/or Windows Autopatch performs the action(s) to keep the device properly updated.
 - The actions you must perform so the device can properly be updated.
 
 > [!NOTE]
@@ -42,12 +42,12 @@ Windows Autopatch assigns alerts to either Microsoft Action or Customer Action.
 
 | Assignment | Description |
 | ----- | ----- |
-| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. The actions are performed by Windows Autopatch automatically. |
+| Microsoft Action | Refers to the responsibility of the Windows Autopatch service to remediate. Windows Autopatch performs these actions automatically. |
 | Customer Action | Refers to your responsibility to carry out the appropriate action(s) to resolve the reported alert. |
 
 ## Alert resolutions
 
-Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md)
+Alert resolutions are provided through the Windows Update service and provide the reason why an update didn’t perform as expected. The recommended actions are general recommendations and if additional assistance is needed, [submit a support request](../operate/windows-autopatch-support-request.md).
 
 | Alert message | Description | Windows Autopatch recommendation(s) |
 | ----- | ----- | ----- |
@@ -79,6 +79,7 @@ Alert resolutions are provided through the Windows Update service and provide th
 | `InstallIssueRedirection` | A known folder that doesn't support redirection to another drive might have been redirected to another drive. | The Windows Update service has reported that the Windows Update file location may be redirected to an invalid location. Check your Windows Installation, and retry the update.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `InstallMissingInfo` | Windows Update doesn't have the information it needs about the update to finish the installation. | The Windows Update service has reported that another update may have replaced the one you're trying to install. Check the update, and then try reinstalling it. |
 | `InstallOutOfMemory` | The installation couldn't be completed because Windows ran out of memory. | The Windows Update service has reported the system doesn't have sufficient system memory to perform the update.<p>Restart Windows, then try the installation again.</p><p>If it still fails, allocate more memory to the device, or increase the size of the virtual memory pagefile(s). For more information, see [How to determine the appropriate page file size for 64-bit versions of Windows](/troubleshoot/windows-client/performance/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows).</p> |
+| `InstallSetupBlock` | There's an application or driver blocking the upgrade. | The Windows Update service has detected that an application or driver is hindering the upgrade process. Utilize the SetupDiag utility to identify and diagnose any compatibility problems.<p>For more information, see [SetupDiag - Windows Deployment](/windows/deployment/upgrade/setupdiag).</p> |
 | `InstallSetupError` | Windows Setup encountered an error while installing. | The Windows Update service has reported an error during installation.Review the last reported HEX error code in [Quality update status report](../operate/windows-autopatch-groups-windows-quality-update-status-report.md) to further investigate.<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `PolicyConflict` | There are client policies (MDM, GP) that conflict with Windows Update settings. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
 | `PolicyConflictDeferral` | The Deferral Policy configured on the device is preventing the update from installing. | The Windows Update service has reported a policy conflict. Review  the [Windows Autopatch Policy Health dashboard](../operate/windows-autopatch-policy-health-and-remediation.md).<p>If the alert persists, [submit a support request](../operate/windows-autopatch-support-request.md).</p> |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
index c45d4d9c97..5aadb310ef 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Edge
 description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
-ms.date: 05/30/2022
+ms.date: 09/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Microsoft Edge
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md
new file mode 100644
index 0000000000..c41dd12e0c
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-exclude-device.md
@@ -0,0 +1,56 @@
+---
+title: Exclude a device
+description: This article explains how to exclude a device from the Windows Autopatch service
+ms.date: 08/08/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+ms.reviewer: andredm7
+ms.collection:
+  - tier2
+---
+
+# Exclude a device
+
+To avoid end-user disruption, excluding a device in Windows Autopatch only deletes the Windows Autopatch device record itself. Excluding a device can't delete the Microsoft Intune and/or the Azure Active Directory device records. Microsoft assumes you'll keep managing those devices yourself in some capacity.
+
+When you exclude a device from the Windows Autopatch service, the device is flagged as **excluded** so Windows Autopatch doesn't try to restore the device into the service again, since the exclusion command doesn't trigger device membership removal from the **Windows Autopatch Device Registration** group, or any other Azure AD group, used with Autopatch groups.
+
+> [!IMPORTANT]
+> The Azure AD team doesn't recommend appending query statements to remove specific device from a dynamic query due to dynamic query performance issues.
+
+**To exclude a device:**
+
+1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Windows Autopatch** in the left navigation menu.
+1. Select **Devices**.
+1. In either the **Ready** or **Not ready** tab, select the device(s) you want to exclude.
+1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Exclude device**.
+
+> [!WARNING]
+> Excluding devices from the Windows Autopatch Device Registration group, or any other Azure AD group, used with Autopatch groups doesn't exclude devices from the Windows Autopatch service.
+
+## Only view excluded devices
+
+You can view the excluded devices in the **Not registered** tab to make it easier for you to bulk restore devices that were previously excluded from the Windows Autopatch service.
+
+**To view only excluded devices:**
+
+1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Windows Autopatch** in the left navigation menu.
+1. Select **Devices**.
+1. In the **Not registered** tab, select **Excluded** from the filter list. Leave all other filter options unselected.
+
+## Restore a device or multiple devices previously excluded
+
+**To restore a device or multiple devices previously excluded:**
+
+1. Sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Windows Autopatch** in the left navigation menu.
+1. Select **Devices**.
+1. In the **Not registered** tab, select the device(s) you want to restore.
+1. Once a device or multiple devices are selected, select **Device actions**. Then, select **Restore excluded device**.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
index fab7bbabbc..0a4f67979c 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
@@ -1,7 +1,7 @@
 ---
 title: Manage Windows feature update releases
 description: This article explains how you can manage Windows feature updates with Autopatch groups
-ms.date: 05/05/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Manage Windows feature update releases: Windows Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Manage Windows feature update releases
 
 You can create custom releases for Windows feature update deployments in Windows Autopatch.
 
@@ -91,6 +91,7 @@ The release statuses are described in the following table:
 | Active | All phases in the release are active. This means all phases have reached their first deployment date, which created the Windows feature update policies. |<ul><li>Release can be paused but can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Autopatch groups and their deployment rings can be assigned to another release.</li></ul> |
 | Inactive | All the Autopatch groups within the release have been assigned to a new release. As a result, the Windows feature update policies were unassigned from all phases from within the release. |<ul><li>Release can be viewed as a historical record.</li><li>Releases can't be deleted, edited, or canceled.</li></ul> |
 | Paused | All phases in the release are paused. The release will remain paused until you resume it. | <ul><li>Releases with Paused status can't be edited or canceled since the Windows feature update policy was already created for its phases.</li><li>Release can be resumed.</li></ul> |
+| Canceled | All phases in the release are canceled. | <ul><li>Releases with Canceled status can't be edited or canceled since the Windows feature update policy wasn't created for its phases.</li><li>Canceled release can't be deleted.</li></ul> |
 
 ##### Phase statuses
 
@@ -105,6 +106,7 @@ A phase is made of one or more Autopatch group deployment rings. Each phase repo
 | Active | The first deployment date has been reached. The Windows feature update policy has been created for the respective phase. |
 | Inactive | All Autopatch groups within the phase were re-assigned to a new release. All Windows feature update policies were unassigned from the Autopatch groups. |
 | Paused | Phase is paused. You must resume the phase. |
+| Canceled | Phase is canceled. All Autopatch groups within the phase can be used with a new release. A phase that's canceled can't be deleted. |
 
 #### Details about Windows feature update policies
 
@@ -118,11 +120,11 @@ The following table is an example of the Windows feature update policies that we
 
 | Policy name | Feature update version | Rollout options | First deployment date| Final deployment date availability | Day between groups | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 1  | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 2  | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 4  | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 10, 2024 |
-| Windows Autopatch - DSS Policy - My feature update release – Phase 5  | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 10, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 1  | Windows 10 21H2 | Make update available as soon as possible | April 24, 2023 | April 24, 2023 | N/A | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 2  | Windows 10 21H2 | Make update available as soon as possible | June 26, 2023 | July 17, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 3 | Windows 10 21H2 | Make update available as soon as possible | July 24, 2023 | August 14, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 4  | Windows 10 21H2 | Make update available as soon as possible | August 28, 2023 | September 10, 2023 | 7 | June 11, 2024 |
+| Windows Autopatch - DSS Policy - My feature update release – Phase 5  | Windows 10 21H2 | Make update available as soon as possible | September 25, 2023 | October 16, 2023 | 7 | June 11, 2024 |
 
 ## Create a custom release
 
@@ -146,6 +148,9 @@ The following table is an example of the Windows feature update policies that we
     2. Additionally, the formula for the goal completion date is `<First Deployment Date> + (<Number of gradual rollout groups> – 1) * Days in between groups (7) + Deadline for feature updates (5 days) + Grace Period (2 days)`.
 1. In the **Review + create** page, review all settings. Once you’re ready, select **Create**.
 
+> [!NOTE]
+> Custom releases can't be deleted from the Windows feature updates release management blade. The custom release record serves as a historical record for auditing purposes when needed.
+
 ## Edit a release
 
 > [!NOTE]
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md
index e6730c53fb..12e39f7f30 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md
@@ -1,7 +1,7 @@
 ---
 title: Software update management for Autopatch groups
 description: This article provides an overview of how updates are handled with Autopatch groups
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: overview
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Software update management: Windows Autopatch groups experience (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Software update management
 
 Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf.
 
@@ -23,12 +23,12 @@ Keeping your devices up to date is a balance of speed and stability. Windows Aut
 
 | Software update workload | Description |
 | ----- | ----- |
-| Windows quality update | Windows Autopatch uses four deployment rings to manage Windows quality updates. For more detailed information, see:<ul><li>[Windows Autopatch groups experience](../operate/windows-autopatch-groups-windows-quality-update-overview.md)</li><li>[Classic experience](../operate/windows-autopatch-windows-quality-update-overview.md) |
-| Windows feature update | Windows Autopatch uses four deployment rings to manage Windows feature updates. For more detailed information, see: <ul><li>[Windows Autopatch groups experience](windows-autopatch-groups-windows-feature-update-overview.md)</li><li>[Classic experience](windows-autopatch-windows-feature-update-overview.md)</li></ul> |
+| Windows quality update | Windows Autopatch uses four deployment rings to manage [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) |
+| Windows feature update | Windows Autopatch uses four deployment rings to manage [Windows feature updates](windows-autopatch-groups-windows-feature-update-overview.md) |
 | Anti-virus definition | Updated with each scan. |
-| Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). This software update workload uses the classic experience. |
-| Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). This software update workload uses the classic experience. |
-| Microsoft Teams | For more information, see [Microsoft Teams](../operate/windows-autopatch-teams.md). This software update workload uses the classic experience. |
+| Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). |
+| Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). |
+| Microsoft Teams | For more information, see [Microsoft Teams](../operate/windows-autopatch-teams.md). |
 
 ## Autopatch groups
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
index b49b0c5ba4..f2522d91fa 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
@@ -1,7 +1,7 @@
 ---
-title: Windows feature updates overview with Autopatch groups
+title: Windows feature updates overview
 description: This article explains how Windows feature updates are managed with Autopatch groups
-ms.date: 05/03/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows feature updates overview: Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Windows feature updates overview
 
 Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organization’s IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation.
 
@@ -82,10 +82,10 @@ If your tenant is enrolled with Windows Autopatch, you can see the following def
 
 | Policy name | Phase mapping | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch – DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023  | N/A | N/A | June 10, 2024 |
-| Windows Autopatch – DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023  | N/A | N/A | June 10, 2024 |
-| Windows Autopatch – DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023  | N/A | N/A | June 10, 2024 |
-| Windows Autopatch – DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023  | N/A | N/A | June 10, 2024 |
+| Windows Autopatch – DSS Policy [Test] | Phase 1 | Windows 10 21H2 | Make update available as soon as possible | May 9, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch – DSS Policy [First] | Phase 2 | Windows 10 21H2 | Make update available as soon as possible | May 16, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch – DSS Policy [Fast] | Phase 3 | Windows 10 21H2 | Make update available as soon as possible | May 23, 2023  | N/A | N/A | June 11, 2024 |
+| Windows Autopatch – DSS Policy [Broad] | Phase 4 | Windows 10 21H2 | Make update available as soon as possible | May 30, 2023  | N/A | N/A | June 11, 2024 |
 
 > [!NOTE]
 > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
@@ -101,13 +101,16 @@ There are two scenarios that the Global release is used:
 | Scenario #1 | You assign Azure AD groups to be used with the deployment ring (Last) or you add additional deployment rings when you customize the [Default Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#edit-the-default-or-a-custom-autopatch-group).<p>A global Windows feature update policy is automatically assigned behind the scenes to the newly added deployment rings or when you assigned Azure AD groups to the deployment ring (Last) in the Default Autopatch group.</p> |
 | Scenario #2 | You create new [Custom Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#create-a-custom-autopatch-group).<p>The global Windows feature policy is automatically assigned behind the scenes to all deployment rings as part of the Custom Autopatch groups you create.</p> |
 
+> [!NOTE]
+> Global releases don't show up in the Windows feature updates release management blade.
+
 #### Policy configuration values
 
 See the following table on how Windows Autopatch configures the values for its global Windows feature update policy. If your tenant is enrolled with Windows Autopatch, you can see the following default policies created by the service in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431):
 
 | Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
 | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch – Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A  | N/A | N/A | June 10, 2024 |
+| Windows Autopatch – Global DSS Policy [Test] | Windows 10 21H2 | Make update available as soon as possible | N/A  | N/A | N/A | June 11, 2024 |
 
 > [!NOTE]
 > Gradual rollout settings aren't configured in the default Windows Update feature policy. If the date of the final group availability is changed to be a past date, all remaining devices are offered the update as soon as possible. For more information, see [rollout options for Windows Updates in Microsoft Intune](/mem/intune/protect/windows-update-rollout-options#make-updates-available-gradually).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-status-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-status-report.md
index fc177682b7..da80289277 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-status-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-status-report.md
@@ -1,7 +1,7 @@
 ---
 title: Feature update status report
 description: Provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Feature update status report (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Feature update status report
 
 The Feature update status report provides a per device view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.  
 
@@ -59,6 +59,10 @@ The following information is available as optional columns in the Feature update
 | User Last Logged On | The last user who logged on as reported from Intune |
 | Primary User UPN | The Primary User UPN as reported from Intune |
 | Hex Error Code | The hex error provided from Windows Update |
+| Feature Update Installed Time | The time the update was installed as reported from Windows Update |
+| Servicing Channel | The Client Servicing Channel as defined in Windows Update |
+| Phase | The phase as indicated from the Feature Update Release Scheduled |
+| Release | The release the devices are associated with |
 
 > [!NOTE]
 > The Service State, Service Substate, Client State, Client Substate, Servicing Channel, and Hex Error Code columns may not display any values. These columns are supplemental and might not display for all devices
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
index 63c6483b4d..37d261d766 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
@@ -1,7 +1,7 @@
 ---
 title: Windows feature update summary dashboard
 description: Provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows feature update summary dashboard (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Windows feature update summary dashboard
 
 The summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-trending-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-trending-report.md
index d6c6955600..fba33aa57e 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-trending-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-trending-report.md
@@ -1,7 +1,7 @@
 ---
 title: Feature update trending report
 description: Provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days.
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,19 +10,19 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Feature update trending report (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Feature update trending report
 
 Windows Autopatch provides a visual representation of Windows OS upgrade trends for all devices over the last 90 days.
 
 **To view the Feature update trending report:**
 
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows feature updates (public preview)**.
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows feature updates**.
 1. Select the **Reports** tab.
 1. Select **Feature update trending**.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
index 8f10b41042..880f821953 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
@@ -1,7 +1,7 @@
 ---
-title: Windows quality and feature update reports overview with Windows Autopatch Groups experience
+title: Windows quality and feature update reports overview
 description: This article details the types of reports available and info about update device eligibility, device update health, device update trends in Windows Autopatch groups
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,20 +10,21 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows quality and feature update reports overview: Windows Autopatch groups experience (public preview) 
+# Windows quality and feature update reports overview
 
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
-
-## Windows quality reports
+## Windows quality update reports
 
 The Windows quality reports provide you with information about:
 
-Quality update device readiness
-Device update health
-Device update alerts
+- Quality update device readiness
+- Device update health
+- Device update alerts
+
 Together, these reports provide insight into the quality update state and compliance of Windows devices that are enrolled into Windows Autopatch.
 
 The Windows quality report types are organized into the following focus areas:
@@ -106,4 +107,4 @@ Within each 24-hour reporting period, devices that are Not Ready are reevaluated
 
 ## Data export
 
-Select **Export devices** to export data for each report type. Only selected columns will be exported.
+Select **Export devices** to export data for each report type. Only selected columns are exported.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications.md
index cd1653f964..07094d7204 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications.md
@@ -1,7 +1,7 @@
 ---
 title: Windows quality update communications for Autopatch groups
 description: This article explains Windows quality update communications for Autopatch groups
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,13 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows quality update communications: Windows Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
-
+# Windows quality update communications
 
 There are three categories of communication that are sent out during a Windows quality and feature update:
 
@@ -42,9 +41,6 @@ Communications are posted to, as appropriate for the type of communication, to t
 
 ### Opt out of receiving emails for standard communications
 
-> [!IMPORTANT]
-> This feature is in **public preview**. This feature is being actively developed and may not be complete. You can test and use these features in production environments and provide feedback.
-
 If you don't want to receive standard communications for Windows Updates releases via email, you can choose to opt out.
 
 **To opt out of receiving emails for standard communications:**
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
index 25705531f4..3459608d52 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
@@ -1,7 +1,7 @@
 ---
 title: Windows quality update end user experience for Autopatch groups
 description: This article explains the Windows quality update end user experience using the Autopatch groups exp
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows quality update end user experience: Windows Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Windows quality update end user experience
 
 ## User notifications  
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md
index 559e317784..34a3b93fab 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md
@@ -1,7 +1,7 @@
 ---
 title: Windows quality updates overview with Autopatch groups experience
 description: This article explains how Windows quality updates are managed with Autopatch groups
-ms.date: 05/01/2023
+ms.date: 08/23/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows quality updates: Windows Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Windows quality updates
 
 Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
 
@@ -24,17 +24,17 @@ To release updates to devices in a gradual manner, Windows Autopatch deploys a s
 | Policy | Description |
 | ----- | ----- |
 | [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | Deferral policies delay the time the update is offered to the device by a specific number of days. The "offer" date for Windows quality updates is equal to the number of days specified in the deferral policy after the second Tuesday of each month. |
-| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)    | Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. |
+| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)    | Before the deadline, users can schedule restarts or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. |
 | [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online. |
 
-For devices in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch configures these policies differently across deployment rings to gradually release the update. Devices in the Test ring receive changes first and devices in the Last ring receive changes last. For more information about the Test and Last deployment rings, see [About the Test and Last deployment rings in Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-the-test-and-last-deployment-rings). With Windows Autopatch groups you can also customize the [Default Deployment Group’s deployment ring composition](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition) to add and/or remove deployment rings and can customize the update deployment cadences for each deployment ring. To learn more about customizing Windows Quality updates deployment cadence, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md).
+For devices in the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group), Windows Autopatch configures these policies differently across deployment rings to gradually release the update. Devices in the Test ring receive changes first and devices in the Last ring receive changes last. For more information about the Test and Last deployment rings, see [About the Test and Last deployment rings in Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-the-test-and-last-deployment-rings). With Windows Autopatch groups, you can also customize the [Default Deployment Group’s deployment ring composition](../deploy/windows-autopatch-groups-overview.md#default-deployment-ring-composition) to add and/or remove deployment rings and can customize the update deployment cadences for each deployment ring. To learn more about customizing Windows Quality updates deployment cadence, see [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md).
 
 > [!IMPORTANT]
 > Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will cause a device to be considered ineligible for management, it will still receive policies from Windows Autopatch that are not in conflict, but may not function as designed.  These devices will be marked as ineligible in our device reporting and will not count towards our [service level objective](#service-level-objective).
 
 ## Service level objective
 
-Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. Note that devices that have cadence type set to Schedule install won't be eligible for Windows quality update SLO. For more information about the Schedule Install cadence type, see [Deployment cadence types](../operate/windows-autopatch-groups-windows-update.md#deployment-cadence).
+Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release. Devices that have cadence type set to Schedule install aren't eligible for Windows quality update SLO. For more information about the Schedule Install cadence type, see [Deployment cadence types](../operate/windows-autopatch-groups-windows-update.md#deployment-cadence).
 
 > [!IMPORTANT]
 > Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
@@ -54,7 +54,7 @@ In the Release management blade, you can:
 
 For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains:
 
-- The status of the update. Releases will appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which have been configured on your behalf.
+- The status of the update. Releases appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which have been configured on your behalf.
 - The date the update is available.
 - The target completion date of the update.
 - In the **Release schedule** tab, you can either [**Pause** and/or **Resume**](#pause-and-resume-a-release) a Windows quality update release.
@@ -63,7 +63,7 @@ For each [deployment ring](windows-autopatch-update-management.md#windows-autopa
 
 Threat and vulnerability information about a new revision of Windows becomes available on the second Tuesday of each month. Windows Autopatch assesses that information shortly afterwards. If the service determines that it's critical to security, it may be expedited. The quality update is also evaluated on an ongoing basis throughout the release and Windows Autopatch may choose to expedite at any time during the release.
 
-When running an expedited release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update quickly.
+When expediting a release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update quickly.
 
 | Release type | Group | Deferral | Deadline | Grace period |
 | ----- | ----- | ----- | ----- | ----- |
@@ -87,7 +87,7 @@ By default, the service expedites quality updates as needed. For those organizat
 
 Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
 
-For the deployment rings that have passed quality updates deferral date, the OOB release schedule will be expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs will be released as per the set deferral dates.
+For the deployment rings that have passed quality updates deferral date, the OOB release schedule is expedited and deployed on the same day. For the deployment rings that have deferral upcoming, OOBs is released as per the set deferral dates.
 
 **To view deployed Out of Band quality updates:**
 
@@ -114,19 +114,19 @@ If Windows Autopatch detects a [significant issue with a release](../operate/win
 1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Devices** from the left navigation menu.
 1. Under the **Windows Autopatch** section, select **Release management**.
-1. In the **Release management** blade, got to the **Release schedule** tab and select **Windows quality updates**.
-1. Select the Autopatch group that you want to pause or resume. Select either: **Pause** or **Resume**. Alternatively, you can select the **horizontal ellipses (...)** of the Autopatch group you want to pause or resume. Select, **Pause** or **Resume** from the dropdown menu.
-1. Select a reason from the dropdown menu.
-1. Optional. Enter details about why you're pausing or resuming the selected update.
-1. If you're resuming an update, you can select one or more deployment rings.
-1. Select **Okay**.
+1. In the **Release management** blade, go to the **Release schedule** tab and select **Windows quality updates**.
+1. Select the Autopatch group or deployment ring that you want to pause or resume. Select either: **Pause** or **Resume**. Alternatively, you can select the **horizontal ellipses (...)** of the Autopatch group or deployment ring you want to pause or resume. Select, **Pause** or **Resume** from the dropdown menu.
+1. Optional. Enter the justification(s) about why you're pausing or resuming the selected update.
+1. Optional. Select **This pause is related to Windows Update**. When you select this checkbox, you must provide information about how the pause is related to Windows Update.
+1. If you're resuming an update, you can select one or more Autopatch groups or deployment rings.
+1. Select **Pause or Resume deployment**.
 
 The three following statuses are associated with paused quality updates:
 
 | Status | Description |
 | ----- | ------ |
-| Paused by Service | If the Windows Autopatch service has paused an update, the release will have the **Paused by Service** status. The Paused by Service only applies to rings that aren't Paused by the Tenant. |
-| Paused by Tenant | If you've paused an update, the release will have the **Paused by Tenant** status. The Windows Autopatch service can't overwrite a tenant pause. You must select **Resume** to resume the update. |
+| Paused by Service | If the Windows Autopatch service has paused an update, the release has the **Paused by Service** status. The Paused by Service only applies to rings that aren't Paused by the Tenant. |
+| Paused by Tenant | If you've paused an update, the release has the **Paused by Tenant** status. The Windows Autopatch service can't overwrite a tenant pause. You must select **Resume** to resume the update. |
 
 ## Remediating Not ready and/or Not up to Date devices
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals.md
index 556a292eb3..aa8e2f4e82 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals.md
@@ -1,7 +1,7 @@
 ---
 title: Windows quality update release signals with Autopatch groups
 description: This article explains the Windows quality update release signals with Autopatch groups
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows quality update signals: Windows Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Windows quality update signals
 
 Windows Autopatch monitors a specific set of signals and aims to release the monthly security update both quickly and safely. The service doesn't comprehensively monitor every use case in Windows.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report.md
index 4cd9aa18af..703ee03554 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report.md
@@ -1,7 +1,7 @@
 ---
 title: Quality update status report
 description: Provides a per device view of the current update status for all Windows Autopatch enrolled devices with Autopatch groups.
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Quality update status report (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Quality update status report
 
 The Quality update status report provides a per device view of the current update status for all Windows Autopatch enrolled devices.
 
@@ -62,6 +62,9 @@ The following information is available as optional columns in the Quality update
 | User Last Logged On | The last user who logged on as reported from Intune |
 | Primary User UPN | The Primary User UPN as reported from Intune |
 | Hex Error Code | The hex error provided from Windows Update |
+| Cadence Type | The cadence type configured in the quality update ring schedule |
+| Quality update Installed Time | The time the update was installed as reported from Windows Update |
+| Servicing Channel | The Client Servicing Channel as defined in Windows Update |
 
 > [!NOTE]
 > The Service State, Service Substate, Client State, Client Substate, Servicing Channel, and Hex Error Code columns may not display any values. These columns are supplemental and might not display for all devices
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
index 31ca5e6fac..154e93fb08 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
@@ -1,7 +1,7 @@
 ---
 title: Windows quality update summary dashboard
 description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch with Autopatch groups
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Windows quality update summary dashboard (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Windows quality update summary dashboard
 
 The summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report.md
index 935bb616af..e68ee4d6bd 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report.md
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Quality update trending report (public preview)
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Quality update trending report
 
 The Quality update trending report provides a visual representation of the update status trend for all devices over the last 90 days.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md
index 7d03bd8c1e..9f63be7938 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md
@@ -1,7 +1,7 @@
 ---
 title: Customize Windows Update settings Autopatch groups experience
 description: How to customize Windows Updates with Autopatch groups
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,15 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: rekhanr
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Customize Windows Update settings: Autopatch groups experience (public preview) 
-
-> [!IMPORTANT]
-> This feature is in **public preview**. The feature is being actively developed, and may not be complete. You can test and use these features in production environments and provide feedback.
-
-> [!IMPORTANT]
-> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if you’ve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
+# Customize Windows Update settings
 
 You can customize the Windows Update deployment schedule for each deployment ring in Windows Autopatch groups per your business and organizational needs. This capability is allowed for both [Default](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) and [Custom Autopatch groups](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups). However, we recommend that you remain within service defined boundaries to maintain compliance.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md
new file mode 100644
index 0000000000..041df4c91f
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md
@@ -0,0 +1,62 @@
+---
+title: Manage driver and firmware updates
+description: This article explains how you can manage driver and firmware updates with Windows Autopatch
+ms.date: 08/22/2023 
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+ms.reviewer: andredm7
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Manage driver and firmware updates
+
+You can manage and control your driver and firmware updates with Windows Autopatch. You can choose to receive driver and firmware updates automatically, or self-manage the deployment.
+
+> [!TIP]
+> Windows Autopatch's driver and firmware update management is based on [Intune’s driver and firmware update management](/mem/intune/protect/windows-driver-updates-overview). You can use **both** Intune and Windows Autopatch to manage your driver and firmware updates.
+
+## Automatic and Self-managed modes
+
+Switching the toggle between Automatic and Self-managed modes creates driver profiles on a per-ring basis within your tenant.
+
+| Modes | Description |
+| ----- | -----|
+| Automatic | We recommend using **Automatic** mode.<p>Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues have occurred due to Windows Updates. Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout.</p> |
+| Self-managed | When you use **Self-managed** mode, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.<p>Self-managed mode turns off Windows Autopatch’s automatic driver deployment. Instead, the Administrator controls the driver deployment.<p>The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.</p><p>The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.</p> |
+
+## Set driver and firmware updates to Automatic or Self-managed mode
+
+**To set driver and firmware updates to Automatic or Self-managed mode:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release settings**.
+1. In the **Windows Driver Updates** section, read and accept the agreement.
+1. Select either **Automatic** or **Self-managed**.
+
+## View driver and firmware policies created by Windows Autopatch
+
+**To view driver and firmware policies created by Windows Autopatch:**
+
+1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Devices** > **Driver updates for Windows 10 and later**.
+1. Windows Autopatch creates four policies. The policy names begin with **Windows Autopatch – Driver Update Policy** and end with the name of the deployment ring to which they're targeted in brackets. For example, **Windows Autopatch – Driver Update Policy [Test]**.
+
+The `CreateDriverUpdatePolicy` is created for the Test, First, Fast, and Broad deployment rings. The policy settings are defined in the following table:
+
+| Policy name | DisplayName | Description | Approval Type | DeploymentDeferralInDays |
+| ----- | ----- | ----- | ----- | ----- |
+| `CreateDriverUpdatePolicy` | Windows Autopatch – Driver Update Policy [**Test**] | Driver Update Policy for device **Test** group | Automatic | `0` |
+| `CreateDriverUpdatePolicy`| Windows Autopatch – Driver Update Policy [**First**] | Driver Update Policy for device **First** group | Automatic | `1` |
+| `CreateDriverUpdatePolicy` |Windows Autopatch – Driver Update Policy [**Fast**] | Driver Update Policy for device **Fast** group | Automatic | `6` |
+| `CreateDriverUpdatePolicy` | Windows Autopatch – Driver Update Policy [**Broad**] | Driver Update Policy for device **Broad** group | Automatic | `9` |
+
+## Feedback and support
+
+If you need support with this feature, and have enrolled your tenant into Windows Autopatch, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
index 43d2a3e596..06e2e12c09 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft 365 Apps for enterprise
 description: This article explains how Windows Autopatch manages Microsoft 365 Apps for enterprise updates
-ms.date: 03/10/2023 
+ms.date: 06/23/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Microsoft 365 Apps for enterprise
@@ -38,9 +41,9 @@ For a device to be eligible for Microsoft 365 Apps for enterprise updates (both
 
 ## Update release schedule
 
-All devices registered for Windows Autopatch will receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they'll receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
+All devices registered for Windows Autopatch receive updates from the [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview). This practice provides your users with new features each month, and they receive just one update per month on a predictable release schedule. Updates are released on the second Tuesday of the month; these updates can include feature, security, and quality updates. These updates occur automatically and pulled directly from the Office Content Delivery Network (CDN).
 
-Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](/deployoffice/configure-update-settings-microsoft-365-apps) that specifies how long the user has until the user must apply the update.  
+Unlike Windows update, the Office CDN doesn't make the update available to all devices at once. Over the course of the release, the Office CDN gradually makes the update available to the whole population of devices. Windows Autopatch doesn't control the order in which updates are offered to devices across your estate. After the update downloads, there's a seven day [update deadline](../references/windows-autopatch-microsoft-365-policies.md) that specifies how long the user has until the user must apply the update.  
 
 ## Deployment rings
 
@@ -78,7 +81,7 @@ Windows Autopatch doesn't allow you to pause or roll back an update in the Micro
 
 ## Allow or block Microsoft 365 App updates
 
-For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch won't provide Microsoft 365 App updates on your behalf, and your organizations will have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
+For organizations seeking greater control, you can allow or block Microsoft 365 App updates for Windows Autopatch-enrolled devices. When the Microsoft 365 App update setting is set to **Block**, Windows Autopatch doesn't provide Microsoft 365 App updates on your behalf, and your organizations have full control over these updates. For example, you can continue to receive updates from [channels](/deployoffice/overview-update-channels) other than the default [Monthly Enterprise Channel](/deployoffice/overview-update-channels#monthly-enterprise-channel-overview).
 
 **To allow or block Microsoft 365 App updates:**
 
@@ -117,12 +120,12 @@ For organizations seeking greater control, you can allow or block Microsoft 365
 
 [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
 
-A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
+A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it's ineligible for Microsoft 365 App update management.
 
 However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload.
 
 ## Incidents and outages
 
-If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident will be raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
+If devices in your tenant aren't meeting the [service level objective](#service-level-objective) for Microsoft 365 Apps for enterprise updates, an incident is raised. The Windows Autopatch Service Engineering Team will work to bring the devices back into compliance.
 
 If you're experiencing issues related to Microsoft 365 Apps for enterprise updates, [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
index 8e4b4794f4..d998b1df2c 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
@@ -1,7 +1,7 @@
 ---
 title: policy health and remediation
 description: Describes what Autopatch does it detects policies in the tenant are either missing or modified to states that affect the service
-ms.date: 05/01/2023
+ms.date: 07/25/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,12 +10,12 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: rekhanr
+ms.collection:
+  - highpri
+  - tier1
 ---
 
-# Policy health and remediation (public preview)
-
-> [!IMPORTANT]
-> This feature is in **public preview**. This feature is being actively developed and may not be complete. You can test and use these features in production environments and provide feedback.
+# Policy health and remediation
 
 Windows Autopatch uses Microsoft Intune policies to set configurations and deliver the service. Windows Autopatch continuously monitors the policies and maintains all configurations related to the operation of the service.
 
@@ -58,7 +58,7 @@ The minimum role required to restore configurations is **Intune Service Administ
 
 There will be an alert for each policy that is missing or has deviated from the service defined values.
 
-## Restore Windows update policies  
+## Restore Windows Update policies  
 
 **To initiate remediation actions for Windows quality update policies:**
 
@@ -80,19 +80,14 @@ There will be an alert for each policy that is missing or has deviated from the
 
 ## Restore deployment groups  
 
-**To initiate remediation action for missing groups:**
+Windows Autopatch will automatically restore any missing groups that are required by the service. When a missing deployment group is restored, and the policies are also missing, the policies be restored to the deployment groups.
 
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Tenant administration** > **Tenant management** > **Actions**.
-1. Select **Restore missing group** to launch the workflow.
-1. Review the message and select **Restore group**.
+If policies are misconfigured or unassigned, admins must restore them. In the Release management blade, the service will raise a Policy error workflow that you must complete to repair Windows Update policies. All other policies must be restored from the Tenant administration blade.
 
-When a missing deployment group is restored, the policies will be reassigned back to the deployment groups. In the Release management blade, the service will raise a Policy Error that you'll need to complete to repair Windows Update policies. Due to the asynchronous run of service detectors, it may take up to four (4) hours for this error to be displayed.
+Due to the asynchronous run of service detectors, it might take up to four (4) hours for this error to be displayed.
 
 > [!NOTE]
-> While Windows Autopatch continuously monitors the policies, all policy alerts are raised within four (4) hours of detection.<p>Alerts will remain active until an IT admin completes the action to restore them to a healthy state.</p>
-
-There are no Autopatch reports for policy alerts and actions at this time.
+> While Windows Autopatch continuously monitors the policies, all policy alerts are raised within four (4) hours of detection.<p>Alerts will remain active until an IT admin completes the action to restore them to a healthy state.</p><p>There are no Autopatch reports for policy alerts and actions at this time.</p>
 
 ## Use audit logs to track actions in Microsoft Intune
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
index 29e95ec21f..690e61a507 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Submit a support request
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
index b348eca592..21a44e576c 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Teams
 description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
-ms.date: 05/30/2022
+ms.date: 09/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Microsoft Teams
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
index 8a69ef3f78..ecc8f356a9 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
@@ -1,7 +1,7 @@
 ---
 title: Unenroll your tenant
 description: This article explains what unenrollment means for your organization and what actions you must take.
-ms.date: 07/27/2022
+ms.date: 08/08/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Unenroll your tenant
@@ -22,7 +25,7 @@ If you're looking to unenroll your tenant from Windows Autopatch, this article d
 Unenrolling from Windows Autopatch requires manual actions from both you and from the Windows Autopatch Service Engineering Team. The Windows Autopatch Service Engineering Team will:  
 
 - Remove Windows Autopatch access to your tenant.
-- Deregister your devices from the Windows Autopatch service. Deregistering your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices).
+- Exclude your devices from the Windows Autopatch service. Excluding your devices from Windows Autopatch won't remove your devices from Intune, Azure AD or Configuration Manager. The Windows Autopatch Service Engineering Team follows the same process and principles as laid out in [Exclude a device](../operate/windows-autopatch-exclude-device.md).
 - Delete all data that we've stored in the Windows Autopatch data storage.
 
 > [!NOTE]
@@ -33,7 +36,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro
 | Responsibility | Description |
 | ----- | ----- |
 | Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../overview/windows-autopatch-privacy.md). |
-| Deregistering devices | Windows Autopatch will deregister all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). |
+| Excluding devices | Windows Autopatch will exclude all devices previously registered with the service. Only the Windows Autopatch device record is deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Exclude a device](../operate/windows-autopatch-exclude-device.md). |
 
 ## Your responsibilities after unenrolling your tenant
 
@@ -47,10 +50,10 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro
 
 **To unenroll from Windows Autopatch:**
 
-1. [Submit a support request](windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service.
-1. The Windows Autopatch Service Engineering Team will communicate with your IT Administrator to confirm your intent to unenroll from the service.  
-    1. You'll have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team.
+1. [Submit a support request](../operate/windows-autopatch-support-request.md) and request to unenroll from the Windows Autopatch service.
+1. The Windows Autopatch Service Engineering Team communicates with your IT Administrator to confirm your intent to unenroll from the service.  
+    1. You have 14 days to review and confirm the communication sent by the Windows Autopatch Service Engineering Team.
     2. The Windows Autopatch Service Engineering Team can proceed sooner than 14 days if your confirmation arrives sooner.
-1. The Windows Autopatch Service Engineering Team will proceed with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment).
-1. The Windows Autopatch Service Engineering Team will inform you when unenrollment is complete.
+1. The Windows Autopatch Service Engineering Team proceeds with the removal of all items listed under [Microsoft's responsibilities during unenrollment](#microsofts-responsibilities-during-unenrollment).
+1. The Windows Autopatch Service Engineering Team informs you when unenrollment is complete.
 1. You’re responsible for the items listed under [Your responsibilities after unenrolling your tenant](#your-responsibilities-after-unenrolling-your-tenant).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
deleted file mode 100644
index 3c850cf312..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
+++ /dev/null
@@ -1,104 +0,0 @@
----
-title: Software update management
-description: This article provides an overview of how updates are handled in Autopatch
-ms.date: 08/08/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: overview
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: andredm7
----
-
-# Software update management
-
-Keeping your devices up to date is a balance of speed and stability. Windows Autopatch connects all devices to a modern cloud-based infrastructure to manage updates on your behalf.
-
-## Software update workloads
-
-| Software update workload | Description |
-| ----- | ----- |
-| Windows quality update | Windows Autopatch uses four deployment rings to manage Windows quality updates. For more detailed information, see [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md). |
-| Windows feature update | Windows Autopatch uses four deployment rings to manage Windows feature updates. For more detailed information, see [Windows feature updates](windows-autopatch-windows-feature-update-overview.md).
-| Anti-virus definition | Updated with each scan. |
-| Microsoft 365 Apps for enterprise | For more information, see [Microsoft 365 Apps for enterprise](windows-autopatch-microsoft-365-apps-enterprise.md). |
-| Microsoft Edge | For more information, see [Microsoft Edge](../operate/windows-autopatch-edge.md). |
-| Microsoft Teams | For more information, see [Microsoft Teams](../operate/windows-autopatch-teams.md). |
-
-## Windows Autopatch deployment rings
-
-During the [tenant enrollment process](../prepare/windows-autopatch-enroll-tenant.md), Windows Autopatch creates four Azure AD assigned groups that are used to segment devices into its deployment rings:
-
-| Ring | Description |
-| ----- | ----- |
-| **Modern Workplace Devices-Windows Autopatch-Test** | Deployment ring for testing update deployments prior production rollout.|
-| **Modern Workplace Devices-Windows Autopatch-First** | First production deployment ring for early adopters.|
-| **Modern Workplace Devices-Windows Autopatch-Fast** | Fast deployment ring for quick rollout and adoption. |
-| **Modern Workplace Devices-Windows Autopatch-Broad** | Final deployment ring for broad rollout into the organization. |
-
-Each deployment ring has a different set of update deployment policies to control the updates rollout.
-
-> [!WARNING]
-> Adding or importing devices into any of these groups directly is not supported and doing so might cause an unexpected impact on the Windows Autopatch service. To move devices between these groups, see [Moving devices in between deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings).
-
-> [!IMPORTANT]
-> Windows Autopatch device registration doesn't assign devices to its test deployment ring (**Modern Workplace Devices-Windows Autopatch-Test**). This is intended to prevent devices that are essential to a business from being affected or devices that are used by executives from receiving early software update deployments.
-
-Also, during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md), Windows Autopatch assigns each device being registered to one of its deployment rings so that the service has the proper representation of the device diversity across the organization in each deployment ring. The deployment ring distribution is designed to release software update deployments to as few devices as possible to get the signals needed to make a quality evaluation of a given update deployment.
-
-> [!NOTE]
-> You can't create additional deployment rings or use your own for devices managed by the Windows Autopatch service.
-
-### Deployment ring calculation logic
-
-The Windows Autopatch deployment ring calculation happens during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md) and it works as follows:
-
-- If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is First **(5%)**, Fast **(15%)**, remaining devices go to the Broad ring **(80%)**.
-- If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be First **(1%)**, Fast **(9%)**, remaining devices go to the Broad ring **(90%)**.
-
-| Deployment ring | Default device balancing percentage | Description |
-| ----- | ----- | ----- |
-| Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0–500** devices: minimum **one** device.</li><li>**500–5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
-| First |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
-| Fast | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
-| Broad | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.|
-
-## Moving devices in between deployment rings
-
-If you want to move separate devices to different deployment rings, after Windows Autopatch's deployment ring assignment, you can repeat the following steps for one or more devices from the **Ready** tab.
-
-**To move devices in between deployment rings:**
-
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
-2. In the **Windows Autopatch** section, select **Devices**.
-3. In the **Ready** tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
-4. Select **Device actions** from the menu.
-5. Select **Assign device to ring**. A fly-in opens.
-6. Use the dropdown menu to select the deployment ring to move devices to, and then select **Save**. The **Ring assigned by** column will change to **Pending**.
-
-When the assignment is complete, the **Ring assigned by** column changes to **Admin** (which indicates that you made the change) and the **Ring** column shows the new deployment ring assignment.
-
-> [!NOTE]
-> You can only move devices to other deployment rings when they're in an active state in the **Ready** tab.<p>If you don't see the **Ring assigned by column** change to **Pending** in Step 5, check to see whether the device exists in Microsoft Intune or not by searching for it in its device blade. For more information, see [Device details in Intune](/mem/intune/remote-actions/device-inventory).
-  
-> [!WARNING]
-> Moving devices between deployment rings through directly changing Azure AD group membership isn't supported and may cause unintended configuration conflicts within the Windows Autopatch service. To avoid service interruption to devices, use the **Assign device to ring** action described previously to move devices between deployment rings.
-  
-## Automated deployment ring remediation functions
-
-Windows Autopatch monitors device membership in its deployment rings, except for the **Modern Workplace Devices-Windows Autopatch-Test** ring, to provide automated deployment ring remediation functions to mitigate the risk of not having its managed devices being part of one of its deployment rings. These automated functions help mitigate risk of potentially having devices in a vulnerable state, and exposed to security threats in case they're not receiving update deployments due to either:
-
-- Changes performed by the IT admin on objects created by the Windows Autopatch tenant enrollment process, or
-- An issue occurred which prevented devices from getting a deployment ring assigned during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md).
-
-There are two automated deployment ring remediation functions:
-
-| Function | Description |
-| ----- | ----- |
-| **Check Device Deployment Ring Membership** | Every hour, Windows Autopatch checks to see if any of its managed devices aren't part of one of the deployment rings. If, for some reason, a device isn't part of a deployment ring, Windows Autopatch randomly assigns the device to one of its deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test** ring). |
-| **Multi-deployment ring device remediator:**| Every hour, Windows Autopatch checks to see if any of its managed devices are part of multiple deployment rings (except for the **Modern Workplace Devices-Windows Autopatch-Test** ring). If, for some reason, a device is part of multiple deployment rings, Windows Autopatch randomly removes device of one or more deployment rings until the device is only part of one deployment ring.|
-
-> [!IMPORTANT]
-> Windows Autopatch automated deployment ring functions doesn't assign or remove devices to or from the **Modern Workplace Devices-Windows Autopatch-Test** ring.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md
deleted file mode 100644
index cdbcde747d..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md
+++ /dev/null
@@ -1,82 +0,0 @@
----
-title: Windows feature update end user experience
-description: This article explains the Windows feature update end user experience
-ms.date: 07/11/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: hathind
----
-
-# Windows feature update end user experience
-
-Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing restarts during business hours.
-
-## User notifications  
-
-In this section we'll review what an end user would see in the following three scenarios:
-
-1. Typical update experience
-2. Feature update deadline forces an update
-3. Feature update grace period
-
-> [!NOTE]
-> Windows Autopatch doesn't yet support feature updates without notifying end users.<p>The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.</p>
-
-### Typical update experience
-
-In this example, we'll be discussing a device in the First ring. When the policy is applied to the device, the device will download the update, and notify end users that the new version of Windows is ready to install. The end user can either:
-
-1. Restart immediately to install the updates.
-2. Schedule the installation.
-3. Snooze (the device will attempt to install outside of active hours).
-
-In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.
-
-:::image type="content" source="../media/windows-feature-typical-update-experience.png" alt-text="Typical Windows feature update experience" lightbox="../media/windows-feature-typical-update-experience.png":::
-
-### Feature update deadline forces an update
-
-The following example builds on the scenario outlined in the typical user experience, but the user ignores the notification and selects snooze. Further notifications are received, which the user ignores. The device is also unable to install the updates outside of active hours.
-
-The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the active hours and force a restart to complete the installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.
-
-:::image type="content" source="../media/windows-feature-force-update.png" alt-text="Force Windows feature update" lightbox="../media/windows-feature-force-update.png":::
-
-### Feature update grace period
-
-In the following example, the user is on holiday and the device is offline beyond the feature update deadline. The user then returns to work and the device is turned back on.
-
-The grace period to install the update and restart depends on the deployment ring the device is assigned to:
-
-| Deployment ring | Grace period (in days) |
-| ----- | ----- |
-| Test | Zero days |
-| First | Two days |
-| Fast | Two days |
-| Broad | Two days |
-
-The user will be notified of a pending installation and given options to choose from. Once the grace period has expired, the user is forced to restart with a 15-minute warning notification.
-
-:::image type="content" source="../media/windows-feature-update-grace-period.png" alt-text="Windows feature update grace period" lightbox="../media/windows-feature-update-grace-period.png":::
-
-## Servicing window
-
-Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. Device restarts occur outside of active hours until the deadline is reached. By default, active hours are configured dynamically based on device usage patterns. If you wish to specify active hours for your organization, you can do so by deploying both the following policies:
-
-| Policy | Description |
-| ----- | ----- |
-| [Active hours start](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) | This policy controls the start of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. |
-| [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | This policy controls the end of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
-
-> [!IMPORTANT]
-> Both policies must be deployed for them to work as expected.
-
-A device won't restart during active hours unless it has passed the date specified by the update deadline policy. Once the device has passed the deadline policy, the device will update as soon as possible.
-
-> [!IMPORTANT]
-> If your devices must be updated at a specific date or time, they aren't suitable for Windows Autopatch. Allowing you to choose specific dates to update devices would disrupt the rollout schedule and prevent us from delivering the service level objective. The use of any of the following CSPs on a managed device will render it ineligible for management: <ul><li>[Update/ScheduledInstallDay](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)</li><li>[Update/ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek)</li><li>[Update/ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek)</li><li>[Update/ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek)</li><li>[Update/ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek)</li><li>[Update/ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek)</li><li>[Update/ScheduledInstallTime](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)</li></ul>
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
deleted file mode 100644
index 95b3391bd5..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: Windows feature updates
-description: This article explains how Windows feature updates are managed in Autopatch
-ms.date: 05/02/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: andredm7
----
-
-# Windows feature updates
-
-Microsoft provides robust mobile device management (MDM) solutions such as Microsoft Intune, Windows Update for Business, Configuration Manager etc. However, the administration of these solutions to keep Windows devices up to date with the latest Windows feature releases rests on your organization’s IT admins. The Windows feature update process is considered one of the most expensive and time consuming tasks for IT since it requires incremental rollout and validation.
-
-Windows feature updates consist of:
-
-- Keeping Windows devices protected against behavioral issues.
-- Providing new features to boost end-user productivity.
-
-Windows Autopatch makes it easier and less expensive for you to keep your Windows devices up to date so you can focus on running your core businesses while Windows Autopatch runs update management on your behalf.
-
-## Enforcing a minimum Windows OS version
-
-Once devices are registered with Windows Autopatch, they’re assigned to deployment rings. Each of the four deployment rings have its Windows feature update policy assigned to them. This is intended to minimize unexpected Windows OS upgrades once new devices register with the service.
-
-The policies:
-
-- Contain the minimum Windows 10 version being currently serviced by the [Windows servicing channels](/windows/release-health/release-information?msclkid=ee885719baa511ecb838e1a689da96d2). The current minimum OS version is **Windows 10 20H2**.
-- Set a bare minimum Windows OS version required by the service once devices are registered with the service.
-
-If a device is registered with Windows Autopatch, and the device is:
-
-- Below the service's currently targeted Windows feature update, that device will update to the service's target version when it meets the Windows OS upgrade eligibility criteria.
-- On, or above the currently targeted Windows feature update version, there won't be any Windows OS upgrades to that device.
-
-> [!IMPORTANT]
-> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
-
-## Windows feature update policy configuration
-
-If your tenant is enrolled with Windows Autopatch, you can see the following policies created by the service in the Microsoft Intune portal:
-
-| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Windows Autopatch – DSS Policy [Test] | Windows 10 20H2 | Make update available as soon as possible | N/A | N/A | N/A | 5/8/2023, 7:00PM |
-| Windows Autopatch – DSS Policy [First] | Windows 10 20H2 | Make update available as soon as possible | N/A | N/A | N/A | 5/8/2023, 7:00PM |
-| Windows Autopatch – DSS Policy [Fast] | Windows 10 20H2 | Make update available as soon as possible | 12/14/2022 | 12/21/2022 | 1 | 5/8/2023, 7:00PM |
-| Windows Autopatch – DSS Policy [Broad] | Windows 10 20H2 | Make update available as soon as possible | 12/15/2022 | 12/29/2022 | 1 | 5/8/2023, 7:00PM |
-
-> [!IMPORTANT]
-> If you’re ahead of the current minimum OS version enforced by Windows Autopatch in your organization, you can [edit Windows Autopatch’s default Windows feature update policy and select your desired targeted version](/mem/intune/protect/windows-10-feature-updates#create-and-assign-feature-updates-for-windows-10-and-later-policy).
-
-> [!NOTE]
-> The four minimum Windows 10 OS version feature update policies were introduced in Windows Autopatch in the 2212 release milestone. Its creation automatically unassigns the previous four feature update policies targeting Windows 10 21H2 from all four Windows Autopatch deployment rings:<ul><li>**Modern Workplace DSS Policy [Test]**</li><li>**Modern Workplace DSS Policy [First]**</li><li>**Modern Workplace DSS Policy [Fast]**</li><li>**Modern Workplace DSS Policy [Broad]**</li><p>Since the new Windows feature update policies that set the minimum Windows 10 OS version are already in place, the Modern Workplace DSS policies can be safely removed from your tenant.</p>
-
-## Test Windows 11 feature updates
-
-You can test Windows 11 deployments by adding devices either through direct membership or by bulk importing them into the **Modern Workplace - Windows 11 Pre-Release Test Devices** Azure AD group. There’s a separate Windows feature update policy (**Modern Workplace DSS Policy [Windows 11]**) targeted to this Azure AD group, and its configuration is set as follows:
-
-| Policy name | Feature update version | Rollout options | First deployment ring availability | Final deployment ring availability | Day between deployment rings | Support end date |
-| ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| Modern Workplace DSS Policy [Windows 11] | Windows 11 22H2 | Make update available as soon as possible | N/A | N/A | N/A | 10/13/2025, 7:00PM |
-
-> [!IMPORTANT]
-> Windows Autopatch neither applies its deployment ring distribution, nor configures the [Windows Update for Business gradual rollout settings](/mem/intune/protect/windows-update-rollout-options) in the **Modern Workplace DSS Policy [Windows 11]** policy.<p>Once devices are added to the **Modern Workplace - Windows 11 Pre-Release Test Devices** Azure AD group, the devices can be offered the Windows 11 22H2 feature update at the same time.</p>
-
-## Manage Windows feature update deployments
-
-Windows Autopatch uses Microsoft Intune’s built-in solution, which uses configuration service providers (CSPs), for pausing and resuming both [Windows quality](windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release).
-
-Windows Autopatch provides a permanent pause of a Windows feature update deployment. The Windows Autopatch service automatically extends the 35-day pause limit (permanent pause) established by Microsoft Intune on your behalf. The deployment remains permanently paused until you decide to resume it.
-
-## Release management
-
-> [!NOTE]
-> To access the Release management blade, you must have the correct [role-based access control](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration).
-
-### Pausing and resuming a release
-
-> [!CAUTION]
-> You should only pause and resume [Windows quality](windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices. If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
-
-> [!IMPORTANT]
-> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
-
-**To pause or resume a Windows feature update:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** from the left navigation menu.
-3. Under the **Windows Autopatch** section, select **Release management**.
-4. In the **Release management** blade, select either: **Pause** or **Resume**.
-5. Select the update type you would like to pause or resume.
-6. Select a reason from the dropdown menu.
-7. Optional. Enter details about why you're pausing or resuming the selected update.
-8. If you're resuming an update, you can select one or more deployment rings.
-9. Select **Okay**.
-
-If you've paused an update, the specified release will have the **Customer Pause** status. The Windows Autopatch service can't overwrite IT admin's pause. You must select **Resume** to resume the update.
-
-> [!NOTE]
-> The **Service Pause** status only applies to [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release). Windows Autopatch doesn't pause Windows feature updates on your behalf.
-
-## Rollback
-
-Windows Autopatch doesn’t support the rollback of Windows feature updates.
-
-> [!CAUTION]
-> You should only pause and resume [Windows quality](windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices. If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
-
-## Contact support
-
-If you’re experiencing issues related to Windows feature updates, you can [submit a support request](../operate/windows-autopatch-support-request.md).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md
deleted file mode 100644
index f48428da15..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: All devices report—historical
-description: Provides a visual representation of the update status trend for all devices over the last 90 days.
-ms.date: 12/01/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: adnich
----
-
-# All devices report—historical
-
-The historical All devices report provides a visual representation of the update status trend for all devices over the last 90 days.
-
-**To view the historical All devices report:**
-
-1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
-1. Select the **Reports** tab.
-1. Select **All devices report—historical**.
-
-:::image type="content" source="../media/windows-autopatch-all-devices-historical-report.png" alt-text="All devices—historical report" lightbox="../media/windows-autopatch-all-devices-historical-report.png":::
-
-> [!NOTE]
-> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
-
-## Report options
-
-The following options are available:
-
-| Option | Description |
-| ----- | ----- |
-| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
-| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
-
-For a description of the displayed device status trends, see [Windows quality update statuses](windows-autopatch-windows-quality-update-reports-overview.md#windows-quality-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md
deleted file mode 100644
index a89b5943b8..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: All devices report
-description: Provides a per device view of the current update status for all Windows Autopatch enrolled devices.
-ms.date: 12/01/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: adnich
----
-
-# All devices report
-
-The All devices report provides a per device view of the current update status for all Windows Autopatch enrolled devices.
-
-**To view the All devices report:**
-
-1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
-1. Select the **Reports** tab.
-1. Select **All devices report**.
-
-:::image type="content" source="../media/windows-autopatch-all-devices-report.png" alt-text="All devices report" lightbox="../media/windows-autopatch-all-devices-report.png":::
-
-> [!NOTE]
-> The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page.
-
-## Report information
-
-The following information is available in the All devices report:
-
-| Column name | Description |
-| ----- | ----- |
-| Device name | The name of the device. |
-| Azure Active Directory (AD) device ID | The current Azure AD recorded device ID for the device. |
-| Serial number | The current Intune recorded serial number for the device. |
-| Deployment ring | The currently assigned Windows Autopatch deployment ring for the device. |
-| Update status | The current update status for the device (see [Windows quality update statuses](windows-autopatch-windows-quality-update-reports-overview.md#windows-quality-update-statuses)). |
-| Update sub status | The current update sub status for the device (see [Windows quality update statuses](windows-autopatch-windows-quality-update-reports-overview.md#windows-quality-update-statuses)) |
-| OS version | The current version of Windows installed on the device. |
-| OS revision | The current revision of Windows installed on the device. |
-| Intune last check in time | The last time the device checked in to Intune. |
-
-## Report options
-
-The following options are available:
-
-| Option | Description |
-| ----- | ----- |
-| Search | Use to search by device name, Azure AD device ID or serial number |
-| Sort | Select the **column headings** to sort the report data in ascending and descending order. |
-| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
-| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate report**. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md
deleted file mode 100644
index f715f1bba8..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: Windows quality update communications
-description: This article explains Windows quality update communications
-ms.date: 03/30/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: hathind
----
-
-# Windows quality update communications
-
-There are three categories of communication that are sent out during a Windows quality and feature update:
-
-- [Standard communications](#standard-communications)
-- [Communications during release](#communications-during-release)
-- [Incident communications](#incident-communications)
-
-Communications are posted to, as appropriate for the type of communication, to the:
-
-- Message center
-- Service health dashboard
-- Windows Autopatch messages section of the Microsoft Intune admin center 
-
-:::image type="content" source="../media/update-communications.png" alt-text="Update communications timeline" lightbox="../media/update-communications.png":::
-
-## Standard communications
-
-| Communication | Location | Timing | Description |
-| ----- | ----- |  ----- | ----- |
-| Release schedule | <ul><li>Messages blade</li><li>Email sent to your specified [admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><ul> | At least seven days prior to the second Tuesday of the month| Notification of the planned release window for each ring. |
-| Release start | Same as release schedule | The second Tuesday of every month. | Notification that the update is now being released into your environment. |
-| Release summary | Same as release schedule | The fourth Tuesday of every month. | Informs you of the percentage of eligible devices that were patched during the release. |
-
-### Opt out of receiving emails for standard communications
-
-> [!IMPORTANT]
-> This feature is in **public preview**. This feature is being actively developed and may not be complete. You can test and use these features in production environments and provide feedback.
-
-If you don't want to receive standard communications for Windows Updates releases via email, you can choose to opt out.
-
-**To opt out of receiving emails for standard communications:**
-
-1. Go to the **[Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)**.
-2. Go to **Windows Autopatch** > **Tenant administration** > select **Admin contacts**.
-3. Select the admin contact you want to opt out for.
-4. Select **Edit Contact**.
-5. Clear the **Send me emails for Windows update releases and status** checkbox in the fly-in pane.
-6. Select **Save** to apply the changes.
-
-## Communications during release
-
-The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Autopatch becomes aware of the new information.
-
-There are some circumstances where Autopatch will need to change the release schedule based on new information.
-
-For example, new threat intelligence may require us to expedite a release, or we may pause due to user experience concerns. If the schedule of a quality update is changed, paused, resumed, or expedited, we'll inform you as quickly as possible so that you can adapt to the new information.
-
-## Incident communications
-
-Despite the best intentions, every service should plan for failure and success. When there's an incident, timely and transparent communication is key to building and maintaining your trust. If insufficient numbers of devices have been updated to meet the service level objective, devices will experience an interruption to productivity, and an incident will be raised. Microsoft will update the status of the incident at least once every 24 hours.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md
deleted file mode 100644
index f3d6012c50..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Eligible devices report—historical
-description: Provides a visual representation of the update status trend for all eligible devices to receive quality updates over the last 90 days.
-ms.date: 12/01/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: adnich
----
-
-# Eligible devices report—historical
-
-The historical Eligible devices report provides a visual representation of the update status trend for all eligible devices to receive quality updates over the last 90 days.
-
-**To view the historical Eligible devices report:**
-
-1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
-1. Select the **Reports** tab.
-1. Select **Eligible devices report—historical**.
-
-:::image type="content" source="../media/windows-autopatch-eligible-devices-historical-report.png" alt-text="Eligible devices—historical report" lightbox="../media/windows-autopatch-eligible-devices-historical-report.png":::
-
-> [!NOTE]
-> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
-
-## Report options
-
-The following options are available:
-
-| Option | Description |
-| ----- | ----- |
-| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
-| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
-
-For a description of the displayed device status trends, see [Windows quality update statuses](windows-autopatch-windows-quality-update-reports-overview.md#windows-quality-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md
deleted file mode 100644
index 1a345f2942..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md
+++ /dev/null
@@ -1,79 +0,0 @@
----
-title: Windows quality update end user experience
-description: This article explains the Windows quality update end user experience
-ms.date: 05/30/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: hathind
----
-
-# Windows quality update end user experience
-
-Windows Autopatch aims to deploy updates predictably while minimizing the effect to end users by preventing restarts during business hours.
-
-## User notifications  
-
-In this section we'll review what an end user would see in the following three scenarios:
-
-1. Typical update experience
-2. Quality update deadline forces an update
-3. Quality update grace period
-
-> [!NOTE]
-> The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.
-
-### Typical update experience
-
-The Windows 10 quality update is published and devices in the Broad ring have a deferral period of nine days. Devices will wait nine days before downloading the latest quality update.
-
-Once the deferral period has passed, the device will download the update and notify the end user that updates are ready to install. The end user can either:
-
-- Restart immediately to install the updates
-- Schedule the installation, or
-- Snooze (the device will attempt to install outside of [active hours](#servicing-window).
-
-In the following example, the user schedules the restart and is notified 15 minutes prior to the scheduled restart time. The user can reschedule, if necessary, but isn't able to reschedule past the deadline.
-
-:::image type="content" source="../media/windows-quality-typical-update-experience.png" alt-text="Typical windows quality update experience" lightbox="../media/windows-quality-typical-update-experience.png":::
-
-### Quality update deadline forces an update
-
-In the following example, the user:
-
-- Ignores the notification and selects snooze.
-- Further notifications are received, which the user ignores.
-- The device is unable to install the updates outside of active hours.
-
-The deadline specified in the update policy is five days. Therefore, once this deadline is passed, the device will ignore the [active hours](#servicing-window) and force a restart to complete the update installation. The user will receive a 15-minute warning, after which, the device will install the update and restart.
-
-:::image type="content" source="../media/windows-quality-force-update.png" alt-text="Force Windows quality update" lightbox="../media/windows-quality-force-update.png":::
-
-### Quality update grace period
-
-In the following example, the user is on holiday and the device is offline beyond the quality update deadline. The user then returns to work and the device is turned back on.
-
-Since the deadline has already passed, the device is granted a two-day grace period to install the update and restart. The user will be notified of a pending installation and given options to choose from. Once the two-day grace period has expired, the user is forced to restart with a 15-minute warning notification.  
-
-:::image type="content" source="../media/windows-quality-update-grace-period.png" alt-text="Windows quality update grace period" lightbox="../media/windows-quality-update-grace-period.png":::
-
-## Servicing window
-
-Windows Autopatch understands the importance of not disrupting end users but also updating the devices quickly. To achieve this goal, updates are automatically downloaded and installed at an optimal time determined by the device. Device restarts occur outside of active hours until the deadline is reached. By default, active hours are configured dynamically based on device usage patterns. If you wish to specify active hours for your organization, you can do so by deploying both the following policies:
-
-| Policy | Description |
-| ----- | ----- |
-| [Active hours start](/windows/client-management/mdm/policy-csp-update#activehoursstart) | This policy controls the start of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. |
-| [Active hours end](/windows/client-management/mdm/policy-csp-update#activehoursend) | This policy controls the end of the protected window where devices won't restart. Supported values are from zero through to 23. Zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
-
-> [!IMPORTANT]
-> Both policies must be deployed for them to work as expected.
-
-A device won't restart during active hours unless it has passed the date specified by the update deadline policy. Once the device has passed the deadline policy, the device will update as soon as possible.
-
-> [!IMPORTANT]
-> If your devices must be updated at a specific date or time, they aren't suitable for Windows Autopatch. Selecting specific dates to update devices would disrupt the rollout schedule, and prevent Windows Autopatch from delivering the [service level objective](../operate/windows-autopatch-windows-quality-update-overview.md#service-level-objective). The use of any of the following CSPs on a managed device will render it ineligible for the service level objective:<ul><li>[Update/ScheduledInstallDay](/windows/client-management/mdm/policy-csp-update#scheduledinstallday)</li><li>[Update/ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#scheduledinstalleveryweek)</li><li>[Update/ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#scheduledinstallfirstweek)</li><li>[Update/ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#scheduledinstallfourthweek)</li><li>[Update/ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#scheduledinstallsecondweek)</li><li>[Update/ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#scheduledinstallthirdweek)</li><li>[Update/ScheduledInstallTime](/windows/client-management/mdm/policy-csp-update#scheduledinstalltime)</li></ul>
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md
deleted file mode 100644
index 330088a5e0..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Ineligible devices report—historical
-description: Provides a visual representation of why devices have been ineligible to receive quality updates over the last 90 days.
-ms.date: 12/01/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: adnich
----
-
-# Ineligible devices report—historical
-
-The historical Ineligible devices report provides a visual representation of why devices have been ineligible to receive quality updates over the last 90 days.
-
-> [!NOTE]
-> Devices must have at least six hours of usage, with at least two hours being continuous. You may see an increase in the number of ineligible devices when the widget refreshes every second Tuesday of each month.
-
-**To view the historical Ineligible devices report:**
-
-1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
-1. Select the **Reports** tab.
-1. Select **Ineligible devices report—historical**.
-
-:::image type="content" source="../media/windows-autopatch-ineligible-devices-historical-report.png" alt-text="Ineligible devices—historical report" lightbox="../media/windows-autopatch-ineligible-devices-historical-report.png":::
-
-> [!NOTE]
-> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
-
-## Report options
-
-The following options are available:
-
-| Option | Description |
-| ----- | ----- |
-| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
-| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
-
-For a description of the displayed device status trends, see [Windows quality update statuses](windows-autopatch-windows-quality-update-reports-overview.md#windows-quality-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
deleted file mode 100644
index f12b686427..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-title: Windows quality updates
-description: This article explains how Windows quality updates are managed in Autopatch
-ms.date: 05/02/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: andredm7
----
-
-# Windows quality updates
-
-## Service level objective
-
-Windows Autopatch aims to keep at least 95% of eligible devices on the latest Windows quality update 21 days after release.
-
-## Device eligibility
-
-For a device to be eligible for Windows quality updates as a part of Windows Autopatch they must meet the following criteria:
-
-| Criteria | Description |
-| ----- | ----- |
-| Activity | Devices must have at least six hours of usage, with at least two hours being continuous. |
-| Intune sync | Devices must have checked with Intune within the last five days. |
-| Storage space | Devices must have more than one GB (GigaBytes) of free storage space. |
-| Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
-| Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
-| Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
-| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../references/windows-autopatch-windows-update-unsupported-policies.md). |
-| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](../references/windows-autopatch-windows-update-unsupported-policies.md#group-policy-and-other-policy-managers) |
-
-> [!IMPORTANT]
-> Windows Autopatch supports registering [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/) devices that are being currently serviced by the [Windows LTSC](/windows/release-health/release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
-
-## Windows quality update releases
-
-Windows Autopatch deploys the [Monthly security update releases](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385) that are released on the second Tuesday of each month.
-
-To release updates to devices in a gradual manner, Windows Autopatch deploys a set of mobile device management (MDM) policies to each update deployment ring to control the rollout. There are three primary policies that are used to control Windows quality updates:
-
-| Policy | Description |
-| ----- | ----- |
-| [Deferrals](/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) | Deferral policies delay the time the update is offered to the device by a specific number of days. The "offer" date for Windows quality updates is equal to the number of days specified in the deferral policy after the second Tuesday of each month. |
-| [Deadlines](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays)    | Before the deadline, restarts can be scheduled by users or automatically scheduled outside of active hours. After the deadline passes, restarts will occur regardless of active hours and users won't be able to reschedule. The deadline for a specific device is set to be the specified number of days after the update is offered to the device. |
-| [Grace periods](/windows/client-management/mdm/policy-csp-update#update-configuredeadlinegraceperiod) | This policy specifies a minimum number of days after an update is downloaded until the device is automatically restarted. This policy overrides the deadline policy so that if a user comes back from vacation, it prevents the device from forcing a restart to complete the update as soon as it comes online. |
-
-> [!IMPORTANT]
-> Deploying deferral, deadline, or grace period policies which conflict with Autopatch's policies will cause a device to be considered ineligible for management, it will still receive policies from Windows Autopatch that are not in conflict, but may not function as designed.  These devices will be marked as ineligible in our device reporting and will not count towards our [service level objective](#service-level-objective).
-
-Windows Autopatch configures these policies differently across deployment rings to gradually release the update to devices in your estate. Devices in the Test ring receive changes first and devices in the Broad ring receive changes last. For more information, see [Windows Autopatch deployment rings](../operate/windows-autopatch-update-management.md#windows-autopatch-deployment-rings).
-
-:::image type="content" source="../media/release-process-timeline.png" alt-text="Release process timeline" lightbox="../media/release-process-timeline.png":::
-
-## Release management
-
-> [!NOTE]
-> To access the Release management blade, you must have the correct [role-based access control](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration).
-
-In the Release management blade, you can:
-
-- Track the [Windows quality update schedule](#release-schedule) for devices in the [four deployment rings](windows-autopatch-update-management.md#windows-autopatch-deployment-rings).
-- [Turn off expedited Windows quality updates](#turn-off-service-driven-expedited-quality-update-releases).
-- Review release announcements and knowledge based articles for regular and [Out of Band (OOB) Windows quality updates](#out-of-band-releases).
-
-### Release schedule
-
-For each [deployment ring](windows-autopatch-update-management.md#windows-autopatch-deployment-rings), the **Release schedule** tab contains:
-
-- The status of the update. Releases will appear as **Active**. The update schedule is based on the values of the [Windows 10 Update Ring policies](/mem/intune/protect/windows-update-for-business-configure), which have been configured on your behalf.
-- The date the update is available.
-- The target completion date of the update.
-- In the **Release schedule** tab, you can either [**Pause** and/or **Resume**](#pausing-and-resuming-a-release) a Windows quality update release.
-
-### Expedited releases
-
-Threat and vulnerability information about a new revision of Windows becomes available on the second Tuesday of each month. Windows Autopatch assesses that information shortly afterwards. If the service determines that it's critical to security, it may be expedited. The quality update is also evaluated on an ongoing basis throughout the release and Windows Autopatch may choose to expedite at any time during the release.
-
-When running an expedited release, the regular goal of 95% of devices in 21 days no longer applies. Instead, Windows Autopatch greatly accelerates the release schedule of the release to update the environment more quickly. This approach requires an updated schedule for all devices outside of the Test ring since those devices are already getting the update quickly.
-
-| Release type | Group | Deferral | Deadline | Grace period |
-| ----- | ----- | ----- | ----- | ----- |
-| Standard release | Test<p>First<p>Fast<p>Broad | 0<p>1<p>6<p>9 | 0<p>2<p>2<p>5 | 0<p>2<p>2<p>2 |
-| Expedited release | All devices | 0 | 1 | 1 |
-
-> [!IMPORTANT]
-> Expedited updates **don't** work with devices under the [Windows 10 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/). For more information, see [expedite Windows quality updates in Microsoft Intune](/mem/intune/protect/windows-10-expedite-updates).
-
-#### Turn off service-driven expedited quality update releases
-
-Windows Autopatch provides the option to turn off of service-driven expedited quality updates.
-
-By default, the service expedites quality updates as needed. For those organizations seeking greater control, you can disable expedited quality updates for Windows Autopatch-enrolled devices using Microsoft Intune.
-
-**To turn off service-driven expedited quality updates:**
-
-1. Go to **[Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)** > **Devices**.
-2. Under **Windows Autopatch** > **Release management**, go to the **Release settings** tab and turn off the **Expedited quality updates** setting.
-
-> [!NOTE]
-> Windows Autopatch doesn't allow customers to request expedited releases.
-
-### Out of Band releases
-
-Windows Autopatch schedules and deploys required Out of Band (OOB) updates released outside of the normal schedule.
-
-**To view deployed Out of Band quality updates:**
-
-1. Go to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows Autopatch** > **Release management**.
-2. Under the **Release Announcements** tab, you can view the knowledge base (KB) articles corresponding to deployed OOB and regular Windows quality updates.
-
-> [!NOTE]
-> Announcements will be **removed** from the Release announcements tab when the next quality update is released. Further, if quality updates are paused for a deployment ring, the OOB updates will also be paused.
-
-### Pausing and resuming a release
-
-> [!CAUTION]
-> You should only pause and resume [Windows quality](windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) and [Windows feature updates](#pausing-and-resuming-a-release) on Windows Autopatch managed devices using the Windows Autopatch Release management blade. Do **not** use the Microsoft Intune end-user experience flows to pause or resume Windows Autopatch managed devices. If you need assistance with pausing and resuming updates, please [submit a support request](../operate/windows-autopatch-support-request.md).
-
-The service-level pause of updates is driven by the various software update deployment-related signals Windows Autopatch receives from Windows Update for Business, and several other product groups within Microsoft.
-
-If Windows Autopatch detects a [significant issue with a release](../operate/windows-autopatch-windows-quality-update-signals.md), we may decide to pause that release.
-
-> [!IMPORTANT]
-> Pausing or resuming an update can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its management solution and that's the average frequency devices take to communicate back to Microsoft Intune with new instructions to pause, resume or rollback updates.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
-
-**To pause or resume a Windows quality update:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** from the left navigation menu.
-3. Under the **Windows Autopatch** section, select **Release management**.
-4. In the **Release management** blade, select either: **Pause** or **Resume**.
-5. Select the update type you would like to pause or resume.
-6. Select a reason from the dropdown menu.
-7. Optional. Enter details about why you're pausing or resuming the selected update.
-8. If you're resuming an update, you can select one or more deployment rings.
-9. Select **Okay**.
-
-The three following statuses are associated with paused quality updates:
-
-| Status | Description |
-| ----- | ------ |
-| Service Pause | If the Windows Autopatch service has paused an update, the release will have the **Service Pause** status. You must [submit a support request](../operate/windows-autopatch-support-request.md) to resume the update. |
-| Customer Pause | If you've paused an update, the release will have the **Customer Pause** status. The Windows Autopatch service can't overwrite an IT admin's pause. You must select **Resume** to resume the update. |
-| Customer & Service Pause | If you and Windows Autopatch have both paused an update, the release will have the **Customer & Service Pause** status. If you resume the update, and the **Service Pause** status still remains, you must [submit a support request](../operate/windows-autopatch-support-request.md) for Windows Autopatch to resume the update deployment on your behalf. |
-
-## Remediating Ineligible and/or Not up to Date devices
-
-To ensure your devices receive Windows quality updates, Windows Autopatch provides information on how you can remediate [Ineligible Devices (Customer Actions)](../operate/windows-autopatch-windows-quality-update-reports-overview.md#ineligible-devices-customer-action). In addition, the Windows Autopatch service may remediate [Not up to Date devices](../operate/windows-autopatch-windows-quality-update-reports-overview.md#not-up-to-date-microsoft-action) to bring them back into compliance.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md
deleted file mode 100644
index c3ea51727d..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md
+++ /dev/null
@@ -1,110 +0,0 @@
----
-title: Windows quality update reports
-description: This article details the types of reports available and info about update device eligibility, device update health, device update trends in Windows Autopatch
-ms.date: 12/01/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: adnich
----
-
-# Windows quality update reports
-
-The Windows quality update reports provide you information about:
-
-- Quality update device eligibility
-- Device update health
-- Device update trends  
-
-Together, these reports provide insight into the quality update state and compliance of Windows devices that are enrolled into Windows Autopatch.  
-
-The report types are organized into the following focus areas:
-
-| Focus area | Description |
-| ----- | ----- |
-| Operational detail | <ul><li>[Summary dashboard](windows-autopatch-windows-quality-update-summary-dashboard.md): Provides the current update status summary for all devices.</li><li>[All devices report](windows-autopatch-windows-quality-update-all-devices-report.md): Provides the current update status of all devices at the device level.</li></ul> |
-| Device trends | <ul><li>[All devices report – historical](windows-autopatch-windows-quality-update-all-devices-historical-report.md): Provides the update status trend of all devices over the last 90 days.</li><li>[Eligible devices report – historical](windows-autopatch-windows-quality-update-eligible-devices-historical-report.md): Provides the update status trend of all eligible devices to receive quality updates over the last 90 days.</li><li>[Ineligible devices report – historical](windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md): Provides a trending view of why ineligible devices haven’t received quality updates over the last 90 days.</li></ul> |
-
-## Who can access the reports?
-
-Users with the following permissions can access the reports:
-
-- Global Administrator
-- Intune Service Administrator
-- Administrators assigned to an Intune role with read permissions
-
-## About data latency
-
-The data source for these reports is the [Windows diagnostic data](../overview/windows-autopatch-privacy.md#microsoft-windows-1011-diagnostic-data). The data typically uploads from enrolled devices once per day. Then, the data is processed in batches before being made available in Windows Autopatch. The maximum end-to-end latency is approximately 24 hours.
-
-## Windows quality update statuses
-
-The following statuses are used throughout the Windows Autopatch reporting suite to describe the quality update status for devices:  
-
-- [Healthy devices](#healthy-devices)
-- [Not Up to Date (Microsoft Action)](#not-up-to-date-microsoft-action)
-- [Ineligible Devices (Customer Action)](#ineligible-devices-customer-action)
-
-Each status has its own set of sub statuses to further describe the status.
-
-### Healthy devices
-
-Healthy devices are devices that meet all of the following prerequisites:
-
-- [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
-- [Prerequisites for device registration](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration)
-- [Windows quality update device eligibility](../operate/windows-autopatch-windows-quality-update-overview.md#device-eligibility)
-
-> [!NOTE]
-> Healthy devices will remain with the **In Progress** status for the 21-day service level objective period. Devices which are **Paused** are also considered healthy.
-
-| Sub status | Description |
-| ----- | ----- |
-| Up to Date | Devices are up to date with the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-windows-quality-update-overview.md#windows-quality-update-releases). |
-| In Progress | Devices are currently installing the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-windows-quality-update-overview.md#windows-quality-update-releases). |
-| Paused | Devices that are currently paused due to a Windows Autopatch or customer-initiated Release Management pause. For more information, see [Pausing and resuming a release](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release). |
-
-### Not Up to Date (Microsoft Action)
-
-Not Up to Date means a device isn’t up to date when the:
-
-- Quality update is more than a month out of date, or the device is on last month’s quality update  
-- Device is more than 21 days overdue from the last release.
-
-> [!NOTE]
-> Microsoft Action refers to the responsibility of the Windows Autopatch Service Engineering Team to carry out the appropriate action to resolve the reported device state. Windows Autopatch aims to keep at least [95% of eligible devices on the latest Windows quality update 21 days after release](../operate/windows-autopatch-windows-quality-update-overview.md#service-level-objective).
-
-| Sub status | Description |
-| ----- | ----- |
-| No Heartbeat | The Windows Update service hasn’t been able to connect to this device. The service can’t offer the update to that device. |
-| Not Offered | The Windows Update service hasn’t offered the update to that device. |
-| Policy Blocking Update | This device has a policy that is blocking the update, such as a deferral or pause policy. Devices are only in this state after the 21-day threshold. |
-| In Progress—Stuck | This device has downloaded the update but is getting stuck in a loop during the install process. The update isn’t complete. |
-| Other | This device isn't up to date and isn’t reporting back data from the client. |
-
-### Ineligible Devices (Customer Action)
-
-Customer Action refers to the responsibility of the designated customer IT administrator to carry out the appropriate action to resolve the reported device sub status.  
-
-Within each 24-hour reporting period, devices that are ineligible are updated with one of the following sub statuses.
-
-| Sub status | Description |
-| ----- | ----- |
-| Insufficient Usage | Devices must have at least six hours of usage, with at least two hours being continuous. |
-| Low Connectivity | Devices must have a steady internet connection, and access to [Windows update endpoints](../prepare/windows-autopatch-configure-network.md). |
-| Out of Disk Space | Devices must have more than one GB (GigaBytes) of free storage space. |
-| Not Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
-| Not On Supported Windows Edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
-| Not On Supported Windows Build | Devices must be on a Windows build supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
-| Intune Sync Older Than 5 Days | Devices must have checked in with Intune within the last five days. |
-
-## Data export
-
-Select **Export devices** to export data for each report type.  
-
-> [!NOTE]
-> You can’t export Windows Autopatch report data using Microsoft Graph RESTful web API.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md
deleted file mode 100644
index bd21b2a994..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Windows quality update release signals
-description: This article explains the Windows quality update release signals
-ms.date: 01/24/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: conceptual
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: hathind
----
-
-# Windows quality update signals
-
-Windows Autopatch monitors a specific set of signals and aims to release the monthly security update both quickly and safely. The service doesn't comprehensively monitor every use case in Windows.
-
-If there's a scenario that is critical to your business, which isn't monitored by Windows Autopatch, you're responsible for testing and taking any follow-up actions, like requesting to pause the release.
-
-## Pre-release signals
-
-Before being released to the Test ring, Windows Autopatch reviews several data sources to determine if we need to send any customer advisories or need to pause the update. Situations where Windows Autopatch doesn't release an update to the Test ring are seldom occurrences.
-
-| Pre-release signal | Description |
-| ----- | ----- |
-| Windows Payload Review | The contents of the monthly security update release are reviewed to help focus your update testing on areas that have changed. If any relevant changes are detected, a [customer advisory](../operate/windows-autopatch-windows-quality-update-communications.md#communications-during-release) will be sent out. |
-| Optional non-security preview release review - Internal Signals | Windows Autopatch reviews active incidents associated with the previous optional non-security preview release to understand potential risks in the monthly security update release. |
-| Optional non-security preview release review  - Social Signals | Windows Autopatch monitors social signals to better understand potential risks associated with the monthly security update release. |
-
-## Early signals
-
-The update is released to the Test ring on the second Tuesday of the month. Those test devices will update, allowing you to conduct early testing of critical scenarios in your environment. There are also several new Microsoft internal signals that have become available to the service that are monitored throughout the release.
-
-| Device reliability signal | Description | Microsoft will |
-| ----- | ----- | ----- |
-| Security Risk Profile | As soon as the update is released, the criticality of the security content is assessed. | <ul><li>Consider expediting the release</li><li>Update customers with a risk profile</li></ul>
-| B-Release - Internal Signals | Windows Autopatch reviews any active incidents associated with the current release. | <ul><li>Determine if a customer advisory is necessary</li><li>Pause the release if there's significant user impact</li></ul> |
-| B-Release - Social Signals | Windows Autopatch monitors social signals to understand risks associated with the release. | Determine if a customer advisory is necessary |
-
-## Device reliability signals
-
-Windows Autopatch monitors devices for a set of core reliability metrics as a part of the service.
-
-The service then uses statistical models to assess if there are significant differences between the two Windows versions. To make a statistically significant assessment, Windows Autopatch requires that at least 500 devices in your tenant have upgraded to the new version.
-
-As more devices update, the confidence of the analysis increases and gives us a clearer picture of release quality. If we determine that the user experience is impaired, Autopatch will either post a customer advisory or pause the release, depending on the criticality of the update.
-
-Autopatch monitors the following reliability signals:
-
-| Device reliability signal | Description |
-| ----- | ----- |
-| Blue screens | These events are highly disruptive to end users. These events are closely monitored. |
-| Overall app reliability | Tracks the total number of app crashes and freezes on a device. A known limitation with this measure is that if one app becomes 10% more reliable and another becomes 10% less reliable then it shows up as a flat line in the measure. |
-| Microsoft Office reliability | Tracks the number of Office crashes and freezes per application per device. |
-| Microsoft Edge reliability | Tracks the number of Microsoft Edge crashes and freezes per device. |
-| Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. |
-
-When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Autopatch can detect regressions that are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md
deleted file mode 100644
index 95dd437451..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Summary dashboard
-description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
-ms.date: 12/01/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: adnich
----
-
-# Summary dashboard
-
-The Summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
-
-**To view the current update status for all your enrolled devices:**
-
-1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
-
-:::image type="content" source="../media/windows-autopatch-summary-dashboard.png" alt-text="Summary dashboard" lightbox="../media/windows-autopatch-summary-dashboard.png":::
-
-> [!NOTE]
-> The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page.
-
-## Report information
-
-The following information is available in the Summary dashboard:
-
-| Column name | Description |
-| ----- | ----- |
-| Windows quality update status | The device update state. For more information, see [Windows quality update status](windows-autopatch-windows-quality-update-reports-overview.md#windows-quality-update-statuses). |
-| Devices | The number of devices showing as applicable for the state. |
-
-## Report options
-
-The following option is available:
-
-| Option | Description |
-| ----- | ----- |
-| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process will ensure that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md
deleted file mode 100644
index 50453deea1..0000000000
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md
+++ /dev/null
@@ -1,121 +0,0 @@
----
-title: Customize Windows Update settings
-description: This article explains how to customize Windows Updates in Windows Autopatch
-ms.date: 05/02/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: rekhanr
----
-
-# Customize Windows Update settings (public preview)
-
-> [!IMPORTANT]
-> This feature is in **public preview**. The feature is being actively developed, and may not be complete. You can test and use these features in production environments and provide feedback.
-
-You can customize the Windows Update deployment schedule for each deployment ring per your business and organizational needs. We recommend that you use the Windows Autopatch service default. However, you may have devices that need different schedules for updates deployment.
-
-When the deployment cadence is customized, Windows Autopatch will override our service defaults with your preferred deployment cadence. Depending on the selected options, devices with [customized schedules](#scheduled-install) may not count towards the Windows Autopatch [Windows quality update service level objective](../operate/windows-autopatch-windows-quality-update-overview.md#service-level-objective).
-
-## Deployment cadence
-
-### Cadence types
-
-For each tenant, at the deployment ring level, there are two cadence types to configure and manage your Windows Update deployments for all the devices in those deployment rings:
-
-- [Deadline-driven](#deadline-driven)
-- [Scheduled install](#scheduled-install)
-
-> [!NOTE]
-> Windows Autopatch uses the [Update rings policy for Windows 10 and later in Microsoft Intune](/mem/intune/protect/windows-10-update-rings) to apply either **Deadline-driven** or **Scheduled install** cadence types. Microsoft Intune implements [Update rings policy for Windows 10 and later](/mem/intune/protect/windows-10-update-rings) using the settings available in the [Update policy CSP](/windows/client-management/mdm/policy-csp-update).
-
-#### Deadline-driven
-
-With the deadline-drive cadence type, you can control and customize the deferral, deadline, and grace period to meet your specific business needs and organizational requirements.
-
-There are certain limits that Windows Autopatch defines and you'll only be able to make changes with those boundaries. The following boundaries are implemented so that Windows Autopatch can maintain update compliance.
-
-| Boundary | Description |
-| ----- | ----- |
-| Deferrals and deadlines | Windows Autopatch will enforce that deadline plus deferral days for a deployment ring to be less than or equal to 14 days. |
-| Grace period | The permitted customization range is zero to seven days. |
-
-> [!NOTE]
-> The configured grace period will apply to both Windows quality updates and Windows feature updates.
-
-Each deployment ring can be scheduled independent of the others, and there are no dependencies that the previous deployment ring must be scheduled before the next ring. Further, if the cadence type is set as **Deadline-driven**, the automatic update behavior setting, **Reset to default** in the Windows Update for Business policy, will be applied.
-
-It's possible for you to change the cadence from the Windows Autopatch Release management blade while update deployments are in progress. Windows Autopatch will abide by the principle to always respect your preferences over service-defined values.
-
-However, if an update has already started for a particular deployment ring, Windows Autopatch won't be able to change the cadence for that ring during that ongoing update cycle. The changes will only be effective in the next update cycle.
-
-#### Scheduled install
-
-> [!NOTE]
->If you select the Schedule install cadence type, the devices in that ring won’t be counted towards the [Windows quality update service level objective](../operate/windows-autopatch-windows-quality-update-overview.md#service-level-objective).
-
-While the Windows Autopatch default options will meet the majority of the needs for regular users with corporate devices, we understand there are devices that run critical activities and can only receive Windows Updates at specific times. The **Scheduled install** cadence type will minimize disruptions by preventing forced restarts and interruptions to critical business activities for end users. Upon selecting the **Scheduled install** cadence type, any previously set deadlines and grace periods will be removed. Devices will only update and restart according to the time specified. 
-
-If other applications force a device to restart outside of the specified time and a Windows Update is pending a restart, the Windows Update will complete its installation at this time. For this reason, ensure that you consider your update and restart scenarios for devices running business critical activities, or restart sensitive workloads before using the Scheduled Install option.
-
-> [!NOTE]
-> The compliance deadline and grace period for Windows quality updates won't be configured for the Scheduled Install cadence type.
-
-Devices **must** be active and available at the time when the device is scheduled for installation to ensure the optimal experience. If the device is consistently unavailable during the scheduled install time, the device can remain unprotected and unsecured, or the device may have the Windows Update scan and install during active hours.
-
-##### Scheduled install types
-
-> [!NOTE]
-> For devices with **Active hours** configured, if the device is consistently unavailable, Windows will attempt to keep the devices up to date, including installation of updates during Active hours.<p>For Windows 10 devices, Windows Update can start 30 minutes prior to the specified install time. If the installation start time is specified at 2:00 AM, some of the devices may start the installation 30 mins prior.</p>
-
-The Scheduled install cadence has two options:
-
-| Option | Description |
-| ----- | ----- |
-| Active hours | The period (daily) that the user normally does their work, or the device is busy performing business critical actions.<p>The time outside of active hours is when the device is available for Windows to perform an update and restart the device (daily). The max range for Active hours is 18 hours. The six-hour period outside of the active hours is the deployment period, when Windows Update for Business will scan, install and restart the device.</p>
-| Schedule install and restart | Use this option to prevent the service from installing Windows Updates except during the specified start time. You can specify the following occurrence options:<ul><li>Weekly</li><li>Bi-weekly</li><li>Monthly</li></ul><p>Select a time when the device has low activity for the updates to complete. Ensure that the Windows Update has three to four hours to complete the installation and restart the device.</p> |
-
-> [!NOTE]
-> Changes made in one deployment ring won't impact other rings in your tenant.<p>Configured **Active hours** and **Scheduled install and restart** options will apply to both Windows quality updates and Windows feature updates.</p>
-
-### User notifications
-
-In addition to the cadence type, you can also manage the end user notification settings. End users will receive all update notifications by default. For critical devices or devices where notifications need to be hidden, use the **Manage notifications** option to configure notifications. For each tenant, at the deployment ring level, there are four options for you to configure end user update notification settings:
-
-- Not configured
-- Use the default Windows Update notifications
-- Turn off all notifications excluding restart warnings
-- Turn off all notifications including restart warnings
-
-For more information, see [Windows Update settings you can manage with Intune update ring policies for Windows 10/11 devices](/mem/intune/protect/windows-update-settings).
-
-## Customize the Windows Update deployment cadence
-
-> [!IMPORTANT]
-> The Windows update setting customizations can take up to eight hours to be applied to devices. Windows Autopatch uses Microsoft Intune as its device management solution and that's the average frequency Windows devices take to communicate back to Microsoft Intune with new instructions to apply new software update settings.<p>For more information, see [how long does it take for devices to get a policy, profile, or app after they are assigned from Microsoft Intune](/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).</p>
-
-**To customize the Windows Update deployment cadence:**
-
-1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Navigate to **Devices** > **Windows Autopatch** > **Release management** > **Release settings** select **Customize Windows Update cadence (preview)**. The page lists the existing settings for each of the rings in the tenant.
-3. Select the **horizontal ellipses (…)** across each ring to manage the deployment cadence or notification settings.
-4. Select [**Manage deployment cadence**](#cadence-types) to customize Windows Update settings.
-    1. Select one of the cadence types for the ring:
-        1. Select **Deadline-driven** to configure the deferral, deadline, and grace periods. This option will enforce forced restarts based on the selected deadline and grace period. In the event you want to switch back to the service recommended defaults, for each of the settings, select the option tagged as "default".
-        1. Select **Scheduled install** to opt-out of deadline-based forced restart.
-            1. Select either **Active hours** or **Schedule install and restart time**.
-    2. Select **Save**.
-5. Select **Manage notifications**. A fly-in pane opens.
-    1. Select one of  following [Windows Update restart notifications](#user-notifications) for your devices that are part of the selected deployment ring. By default, Windows Autopatch recommends that you enable all notifications.
-        1. Not configured
-        1. Use the default Windows Update notifications
-        1. Turn off all notifications excluding restart warnings
-        1. Turn off all notifications included restart warnings
-    1. Select **Save** once you select the preferred setting.
-6. Repeat the same process to customize each of the rings. Once done, select **Next**.
-7. In **Review + apply**, you’ll be able to review the selected settings for each of the rings.
-8. Select **Apply** to apply the changes to the ring policy. Once the settings are applied, the saved changes can be verified in the **Release schedule** tab. The Windows quality update schedule on the **Release schedule** tab will be updated as per the customized settings.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md
new file mode 100644
index 0000000000..fb1b851773
--- /dev/null
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-deployment-guide.md
@@ -0,0 +1,337 @@
+---
+title: Windows Autopatch deployment guide
+description: This guide explains how to successfully deploy Windows Autopatch in your environment
+ms.date: 08/24/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+ms.reviewer: hathind
+ms.collection:
+  - tier2
+---
+
+# Windows Autopatch deployment guide
+
+As organizations move to support hybrid and remote workforces, and continue to adopt cloud-based endpoint management with services such as Intune, managing updates is critical.
+
+Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
+
+A successful Windows Autopatch deployment starts with planning and determining your objectives. Use this deployment guide to plan your move or migration to Windows Autopatch.
+
+This guide:
+
+- Helps you plan your deployment and adopt Windows Autopatch
+- Lists and describes some common objectives
+- Provides a recommended deployment plan
+- Provides migration considerations for Windows Update for Business (WUfB) and Microsoft Configuration Manager
+- Lists some common general considerations when deploying Windows Autopatch
+- Provides suggested business case benefits and communication guidance
+- Gives additional guidance and how to join the Autopatch community
+
+## Determine your objectives
+
+This section details some common objectives when using Windows Autopatch.  
+
+Once an organization is onboarded, Windows Autopatch automatically creates multiple progressive deployment rings and applies the latest updates according to Windows Autopatch recommended practices and your organization's custom configuration. While there are options to adjust configurations such as quality update cadence, the service provides you with a baseline to begin establishing your update objectives.
+
+Use Windows Autopatch to solve the following challenges:
+
+- Difficulty developing and defending update cadence and general best practices
+- Increase visibility and improve issue reporting
+- Achieving a consistent update success rate
+- Standardize and optimize the configuration for devices, policies, tools and versions across their environment
+- Transition to modern update management by configuring Intune and Windows Update for Business
+- Make update processes more efficient and less reliant on IT admin resources  
+- Address vulnerabilities and Windows quality updates as soon as possible to improve security
+- Assist with compliance to align with industry standards
+- Invest more time on value-add IT projects rather than monthly updates
+- Planning and managing Windows feature updates
+- Transition to Windows 11
+
+## Recommended deployment steps
+
+The following deployment steps can be used as a guide to help you to create your organization's specific deployment plan to adopt and deploy Windows Autopatch.
+
+:::image type="content" source="../media/windows-autopatch-deployment-journey.png" alt-text="Windows Autopatch deployment journey" lightbox="../media/windows-autopatch-deployment-journey.png":::
+
+### Step one: Prepare
+
+[Review the prerequisites](../prepare/windows-autopatch-prerequisites.md) and [enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md) into the Windows Autopatch service. At this stage, your devices aren't affected.  You can enroll your tenant and review the service options before registering your devices.
+
+| Step | Description |
+| ----- | ----- |
+| **1A: Set up the service** | <ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations)</li><li>Review and understand [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) completed successfully</li></ul> |
+| **1B: Confirm update service needs and configure your workloads** | <ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md): Expedite preferences and cadence customizations</li><li>[Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md): Servicing version preferences</li><li>[Driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md): Set to either Manual or Automatic</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md): Set to either Monthly Enterprise Channel or opt-out</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md): Required. Beta and Stable Channel</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md): Required. Automatic</li></ul> |
+| **1C: Consider your Autopatch groups distribution** | Organizations have a range of Windows devices including desktop computers, laptops and tablets that might be grouped across multiple logical or physical locations. When planning your Autopatch groups strategy, consider the Autopatch group structure that best fits your organizational needs. It's recommended to utilize the service defaults as much as possible. However, if necessary, you can customize the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) with additional deployment rings and/or [create your own Custom Autopatch group(s)](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group).<br><br><ul><li> Review your device inventory and consider a representative mix of devices across your distribution</li><li>Review your Azure AD groups that you wish to use to register devices into the service</li><li>Review [device registration options](../deploy/windows-autopatch-device-registration-overview.md) and [register your first devices](../deploy/windows-autopatch-register-devices.md)</li></ul> |
+| **1D: Review network optimization** | It's important to [prepare your network](../prepare/windows-autopatch-configure-network.md) to ensure that your devices have access to updates in the most efficient way, without impacting your infrastructure.<br><br>A recommended approach to manage bandwidth consumption is to utilize [Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization). You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages amongst multiple devices in your deployment. |
+
+### Step two: Evaluate
+
+Evaluate Windows Autopatch with around 50 devices to ensure the service meets your needs. You can adjust this number based on your organizational make-up. It's recommended to monitor one update cycle during this evaluation step.
+
+| Step | Description |
+| ----- | ----- |
+| **2A: Review reporting capabilities** | <ul><li>[Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li><li>[Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report)</li></ul>Windows Autopatch quality and feature update reports provide a progress view on the latest update cycle for your devices. These reports should be reviewed often to ensure you understand the update state of your Windows Autopatch devices.<br><br>There might be times when using Windows Autopatch for update deployment that it's beneficial to review Windows Update for Business (WUfB) reports.<br><br>For example, when preparing to deploy Windows 11, you might find it useful to evaluate your devices using the [Windows feature update device readiness](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report) and [Windows feature update compatibility risks reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-compatibility-risks-report) in Intune.|
+| **2B: Review operational changes** | As part of the introduction of Windows Autopatch, you should consider how the service integrates with your existing operational processes.<br><ul><li>Identify service desk and end user computing process changes</li><li>Identify any alignment with third party support agreements</li><li>Review the default Windows Autopatch support process and alignment with your existing Premier and Unified support options</li><li>Identify IT admin process change & service interaction points</li></ul> |
+| **2C: Educate end users and key stakeholders**| Educate your end users by creating guides for the Windows Autopatch end user experience.<ul><li>[Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)</li><li>[Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li>[Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)<li>[Microsoft Edge](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md)</li></ul><br>Include your IT support and help desk in the early stages of the Windows Autopatch deployment and planning process. Early involvement allows your support staff to:<br><ul><li>Gain knowledge and experience in identifying and resolving update issues more effectively</li><li>Prepare them to support production rollouts. Knowledgeable help desk and support teams also help end users adopt to changes</li></ul><br>Your support staff can experience a walkthrough of the Windows Autopatch admin experience through the [Windows Autopatch demo site](https://aka.ms/autopatchdemo). |
+| **2D: Pilot planning** | Identify target pilot group(s) of up to 500 devices. It's recommended to include a cross-section of your organizational make-up to ensure your pilot results are representative of your organizational environment. |
+
+### Step three: Pilot
+
+Plan to pilot the service with around 500 devices to provide sufficient pilot coverage to be ready for deployment. You can adjust this number based on your organizational make-up. It's recommended to monitor one to two update cycles during the pilot step.
+
+| Step | Description |
+| ----- | ----- |
+| **3A: Register devices** | Register pilot device group(s) |
+| **3B: Monitor update process success** |<ul><li>Quality update: One to two update cycles</li><li>Feature update: Set of pilot devices scheduled across several weeks</li><li>Drivers and firmware: One to two update cycles</li><li>Microsoft 365 Apps for enterprise (if not opted-out): One to two update cycles</li><li>Microsoft Edge: One to two update cycles</li><li>Microsoft Teams: One to two update cycles</li> |
+| **3C: Review reports** |<ul><li>[Quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports): Monitor data in the reports across one to two update cycles</li><li>[Feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports): Monitor data in the reports across the update schedule</li><li>[Windows Update for Business (WUfB) reports](/mem/intune/protect/windows-update-compatibility-reports#use-the-windows-feature-update-device-readiness-report): Monitor data in the report across one to two update cycles</li></ul> |
+| **3D: Implement operational changes** |<ul><li>Pilot Service Desk, end user computing and third party (if applicable) process changes with pilot representatives</li><li>IT admins must:<ul><li>Review deployment progress using Windows Autopatch reports</li><li>Respond to identified actions to help improve success rates</li></ul></ul> |
+| **3E: Communicate with stakeholders** | Review and action your stakeholder communication plan. |
+| **3F: Deployment planning** | Prepare target deployment groups for phased deployment of Windows Autopatch. |
+
+### Step four: Deploy
+
+Following a successful pilot, you can commence deployment to your broader organization.  The pace at which you deploy is dependent on your own requirements; for example, deploying in groups of 500 to 5000 per week are commonly used approaches to complete the deployment of Windows Autopatch.
+
+| Step | Description |
+| ----- | ----- |
+| **4A: Review reports** |<ul><li>Review deployment progress using Windows Autopatch reports</li><li>Respond to identified actions to help improve success rates</li></ul> |
+| **4B: Communicate with stakeholders** | Review and action your stakeholder communication plan |
+| **4C: Complete operational changes** |<ul><li>Service Desk readiness is complete and in place</li><li>IT admins take the required action(s) based on the Autopatch reports</li></ul> |
+
+## Migration considerations
+
+If you're an existing Windows Update for Business (WUfB) or Configuration Manager customer, there are several considerations that could accelerate your deployment along a shorter path.
+
+### Why migrate from Windows Update for Business or Configuration Manager to Windows Autopatch?
+
+Customers who are using Windows Update for Business (WUfB) or Configuration Manager can quickly adopt Windows Autopatch and take advantage of the key benefits that Windows Autopatch provides.
+
+When moving from Windows Update for Business (WUfB) or Configuration Manager to Windows Autopatch, you can enhance and optimize the update experience that you're already familiar with.  
+
+Once migrated, there are several configuration tasks that you no longer need to carry out:
+
+| Autopatch benefit | Configuration Manager | Windows Update for Business (WUfB) |
+| ----- | ----- | ----- |
+| Automated setup and on-going configuration of Windows Update policies | Manage and perform recurring tasks such as:<ul><li>Download updates</li><li>Distribute to distribution points</li><li>Target update collections</li></ul> | Manage "static" deployment ring policies |
+| Automated management of deployment ring membership | Manually check collection membership and targets | Manage "static" deployment ring membership |
+| Maintain minimum Windows feature version and progressively move between servicing versions | Spend time developing, testing and rolling-out task sequence | Set up and deploy Windows feature update policies |
+| Service provides release management, signal monitoring, testing, and Windows Update deployment | Setup, target and monitor update test collections | Manage Test deployment rings and manually monitor update signals |
+| Simple, integrated process to turn on the service as part of the Windows 365 provisioning policy | Manually target Cloud PCs in device collections | Manually target Cloud PCs in Azure AD groups |
+
+In addition to the reports, other benefits include:
+
+| Autopatch benefit | Configuration Manager and Windows Update for Business (WUfB) |
+| ----- | ----- |
+| Windows quality and feature update reports with integrated alerts, deep filtering, and status-at-a-glance | Requires you to manually navigate and hunt for status and alerts |
+| Filter by action needed with integrated resolution documentation | Requires you to research and discover possible actions relating to update issues |
+| Better visibility for IT admins, Security compliance and proof for regulator | Requires you to pull together different reports and views across multiple admin portals |
+
+Service management benefits include:
+
+| Autopatch benefit | Configuration Manager and Windows Update for Business (WUfB) |
+| ----- | ----- |
+| Windows automation and Microsoft Insights | First or third-party resources required to support and manage updates internally |
+| Microsoft research and insights determine the 'go/no-go' for your update deployment | Limited signals and insights from your organization to determine the 'go/no-go' for your update deployment |
+| Windows Autopatch might pause or roll back an update. The pause or rollback is dependent on the scope of impact and to prevent end user disruption | Manual intervention required, widening the potential impact of any update issues |
+| By default, Windows Autopatch [expedites quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases) as needed. | Manual intervention required, widening the potential impact of any update issues |
+
+### Migrating from Windows Update for Business (WUfB) to Windows Autopatch
+
+#### Assessing your readiness to migrate from Windows Update for Business (WUfB) to Windows Autopatch
+
+When moving from Windows Update for Business (WUfB) to Windows Autopatch, you can accelerate and simplify your adoption by assessing your readiness to quickly migrate to the Windows Autopatch service by considering key differences that might impact your deployment:
+
+| Step | Assessment step | Recommendation |
+| ----- | ----- | ----- |
+| **1** | "User based" vs. "device based" targeting | Windows Autopatch doesn't support "user based" targeting.  If your Windows Update deployment is "user based", you must plan to move to a device-based targeting model by adding and registering devices into Windows Autopatch. Use the [Consider your Autopatch groups guidance](#step-one-prepare) |
+| **2** | Microsoft Edge channels | Windows Autopatch deploys Microsoft Edge Stable channel to devices in all deployment rings except for the Test deployment ring. The Test deployment ring is configured for the Microsoft Edge Beta channel. If you're currently using different channels, your teams should understand that your Windows Autopatch devices use these channels. For more information, see [Confirm update service needs and configure your workloads](#step-one-prepare). |
+| **3** | Microsoft 365 Apps for enterprise | Windows Autopatch deploys the Monthly Enterprise Channel to all Microsoft 365 Apps for enterprise clients. If your organization is using a different channel and you don't wish to adopt the Monthly Enterprise Channel, you can opt out Microsoft 365 Apps for enterprise updates. For more information, see [Confirm update service needs and configure your workloads](#step-one-prepare) |
+| **4** | Prepare your policies | You should consider any existing policy configurations in your Windows Update for Business (WUfB), Intune or on-premises environment that could impact your deployment of Windows Autopatch. For more information, review [General considerations](#general-considerations) |
+| **5** | Network optimization technologies | We recommend you consider your network optimization technologies as part of your Windows Autopatch deployment.  However, if you're already using Windows Update for Business (WUfB) it's likely you already have your network optimization solution in place.  For more information, see [Review network optimization](#step-one-prepare) |
+
+### Optimized deployment path: Windows Update for Business (WUfB) to Windows Autopatch
+
+Once you have assessed your readiness state to ensure you're aligned to Windows Autopatch readiness, you can optimize your deployment of Windows Autopatch to quickly migrate to the service. The following steps illustrate a recommended optimized deployment path:
+
+| Step | Example timeline | Task |
+| ----- | ----- | ----- |
+| **[Step one: Prepare > Set up the service](#step-one-prepare)** | Week one | Follow our standard guidance to turn on the Windows Autopatch service<ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations)</li><li>Review and understand the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) have completed successfully</li></ul> |
+| **[Step one: Prepare > Adjust the service configuration based on your migration readiness](#step-one-prepare)** | Week one | <ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md)</li><li>[Driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md)</li><li>Use the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [create a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> |
+| **[Step two: Evaluate](#step-two-evaluate)** | Week one to month two | Evaluate with around 50 devices for one update cycle to confirm the correct service configurations are in place |
+| **[Step three: Pilot](#step-three-pilot)** | Month two to three | Pilot with around 500 - 5000 devices for one update cycle to ensure you can further validate with your key stakeholders and Service Desk teams |
+| **[Step four: Deploy](#step-four-deploy)** | Month three to six | Phase deployments as necessary to migrate your estate. You can move as quickly as you feel comfortable |
+
+### Migrating from Configuration Manager to Windows Autopatch
+
+Regardless of if you're migrating from Configuration Manager to Microsoft Intune or if you're remaining with Configuration Manager, if you're currently using Configuration Manager to manage updates, you can migrate the update workloads to Windows Autopatch and take advantage of the key benefits for your Configuration Manager environment.
+
+#### Assessing your readiness to migrate from Configuration Manager to Windows Autopatch
+
+When you migrate from Configuration Manager to Windows Autopatch, the fastest path to quickly gain value from Windows Autopatch is to already have co-management and the requisite workloads moved to Intune.
+
+| Step | Assessment step | Recommendation |
+| ----- | ----- | ----- |
+| **1** | Turn on co-management | If you're using co-management across Configuration Manager and your managed devices, you meet the key requirements to use Windows Autopatch.<br><br>If you don't have co-management, see [How to use co-management in Configuration Manager](/mem/configmgr/comanage/how-to-enable) |
+| **2** | Use required co-management workloads | Using Windows Autopatch requires that your managed devices use the following three co-management workloads:<ul><li>Windows Update policies workload</li><li>Device configuration workload</li><li>Office Click-to-Run apps workload</li></ul><br>If you have these workloads configured, you meet the key requirements to use Windows Autopatch. If you don't have these workloads configured, review [How to switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads) |
+| **3** | Prepare your policies | You should consider any existing policy configurations in your Configuration Manager (or on-premises) environment that could impact your deployment of Windows Autopatch. For more information, review [General considerations](#general-considerations) |
+| **4** | Ensure Configuration Manager collections or Azure AD device groups readiness | To move devices to Windows Autopatch, you must register devices with the Windows Autopatch service. To do so, use either Azure AD device groups, or Configuration Manager collections. Ensure you have either Azure AD device groups or Configuration Manager collections that allow you to evaluate, pilot and then migrate to the Windows Autopatch service. For more information, see [Register your devices](../deploy/windows-autopatch-register-devices.md#before-you-begin). |  
+
+### Optimized deployment path: Configuration Manager to Windows Autopatch
+
+Once you have assessed your readiness state to ensure you're aligned to Windows Autopatch readiness, you can optimize your deployment of Windows Autopatch to quickly migrate to the service.   The following steps illustrate a recommended optimized deployment path:
+
+| Step | Example timeline | Task |
+| ----- | ----- | ----- |
+| **[Step one: Prepare > Set up the service](#step-one-prepare)** | Week one | Follow our standard guidance to turn on the Windows Autopatch service<ul><li>Prepare your environment, review existing update policies and [General Considerations](#general-considerations).</li><li>Review and understand the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) when enrolling into the service</li><li>Enroll into the service and [add your admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>Review [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</li><li>Verify the [changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) have completed successfully.</li></ul> |
+| **[Step one: Prepare > Adjust the service configuration based on your migration readiness](#step-one-prepare)** | Week one | <ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md)</li><li>[Windows feature updates](../operate/windows-autopatch-windows-feature-update-overview.md)</li><li>[Driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md)</li><li>Use the [Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group) or [create a Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> |
+| **[Step two: Evaluate](#step-two-evaluate)** | Week one to month two | Evaluate with around 50 devices for one update cycle to confirm the correct service configurations are in place |
+| **[Step three: Pilot](#step-three-pilot)** | Month two to three | Pilot with around 500 - 5000 devices for one update cycle to ensure you can further validate with your key stakeholders and Service Desk teams |
+| **[Step four: Deploy](#step-four-deploy)** | Month three to six | Phase deployments as necessary to migrate your estate. You can move as quickly as you feel comfortable |
+
+## General considerations
+
+As part of your planning process, you should consider any existing enterprise configurations in your environment that could affect your deployment of Windows Autopatch.  
+
+Many organizations have existing policies and device management infrastructure, for example:
+
+- Group Policy Objects (GPO)
+- Registry settings
+- Configuration Manager
+- Existing Mobile Device Management (MDM) policies
+- Servicing profiles for Microsoft 365 Apps
+
+It's a useful exercise to create a baseline of your policies and existing settings to map out the configuration that could impact your move to Windows Autopatch.
+
+### Group policy
+
+Review existing policies and their structure. Some policies might apply globally, some apply at the site level, and some are specific to a device. The goal is to know and understand the intent of global policies, the intent of local policies, and so on.
+
+On-premises AD group policies are applied in the LSDOU order (Local, Site, Domain, and Organizational Unit (OU)). In this hierarchy, OU policies overwrite domain policies, domain policies overwrite site policies, and so on.
+
+| Area | Path | Recommendation |
+| -----  | ----- | ----- |
+| Windows Update Group Policy settings | `Computer Configuration\Administrative Templates\Windows Components\Windows Updates` | The most common Windows Update settings delivered through Group Policy can be found under this path. This is a good place for you to start your review. |
+| Don't connect to any Windows Update Internet locations | `Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not connect to any Windows Update Internet locations` | This is a common setting for organizations that rely solely on intranet update locations such as Windows Server Update Services (WSUS) servers and can often be overlooked when moving to cloud update services such as Windows Update for Business (WUfB)<br><br>When turned on, this policy prevents contact with the public Windows Update service and won't establish connections to Windows Update, and might cause the connection to Windows Update for Business (WUfB), and Delivery Optimization to stop working. |
+| Scan Source policy | `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service` | You can choose what types of updates to get from either Windows Server Update Services (WSUS) or Windows Update for Business (WUfB) service with the Windows Update Scan Source policy.<br><br>You should review any scan source policy settings targeting devices to ensure:<ul><li>That no conflicts exist that could affect update deployment through Windows Autopatch</li><li>Such policies aren't targeting devices enrolled into Windows Autopatch</li></ul> |
+
+### Registry settings
+
+Any policies, scripts or settings that create or edit values in the following registry keys might interfere with Windows and Office Update settings delivered through Autopatch. It's important to understand how these settings interact with each other and with the Windows and Office Update service as part of your Autopatch planning.
+
+| Key | Description |
+| ----- | ----- |
+| `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`<br>(Intune MDM only cloud managed)<br><br>`HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`<br>(If GPO/WSUS/Configuration Manager is deployed) | This key contains general settings for Windows Update, such as the update source, the service branch, and the deferral periods for feature and quality updates. |
+| `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU`<br>(If GPO/WSUS/Configuration Manager is deployed) | This key contains settings for Automatic Updates, such as the schedule, the user interface, and the detection frequency. |
+| `HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update`<br>(GPO/WSUS/Configuration Manager/Intune MDM Managed) | This key contains settings for update policies that are managed by Mobile Device Management (MDM) or Group Policy, such as pausing updates, excluding drivers, or configuring delivery optimization. |
+| `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration`<br>(GPO/Configuration Manager/Intune MDM Managed) | This key contains the registry keys for the Update Channel. This is a dynamic key that changes (depending on the configured settings) and the CDNBaseUrl (set when Microsoft 365 installs on the device).<br><br>Look at the `UpdateChannel` value. The value tells you how frequently Office is updated.<br><br>For more information, see [Manage Microsoft 365 Apps with Configuration Manager](/mem/configmgr/sum/deploy-use/manage-office-365-proplus-updates#bkmk_channel) to review the values, and what they're set to. Windows Autopatch currently supports the Monthly Enterprise Channel. If you opt into Office updates, it should be set to the Monthly Enterprise channel. |
+
+> [!NOTE]
+> For more information about Windows Update Settings for Group Policy and Mobile Device Management (MDM), see [Manage additional Windows Update settings](/windows/deployment/update/waas-wu-settings).
+
+### Configuration Manager
+
+#### Windows and Microsoft 365 Apps for enterprise updates
+
+When Configuration Manager is deployed, and if Software Update policies are configured, the Software Update policies could conflict with Windows Update for Business and Office Update policies.
+
+Configuration Manager could require custom settings to disable software updates and assist with troubleshooting conflicting legacy, on-premises configurations to ensure that Autopatch deliver Windows and Office updates. It's safe to implement this change if you aren't managing third party updates from Configuration Manager.
+
+To ensure that Software Update Policies don't conflict with Windows Update for Business (WUfB) and Office Update policies, create a Software Update Policy in Configuration Manager that has:
+
+- Windows and Office Update configuration disabled
+- Includes devices enrolled into Autopatch to remove any existing configuration(s).
+
+If this policy remains live, confirm that Autopatch devices aren't included in the live Software Update Policy in Configuration Manager.
+
+All devices that are enrolled in Autopatch use Windows and Office Update policies from the service, and any configurations that are applied through Configuration Manager Software Update Policies can be removed.
+
+For example, Configuration Manager Software Update Policy settings exclude Autopatch enrolled devices from receiving conflicting configuration for Windows and Office Updates:
+
+| Device setting | Recommended configuration |
+| ----- | ----- |
+| Enable software updates | No |
+| Enable management of the Office 365 Client Agent | No |
+
+> [!NOTE]
+> There is no requirement to create a Configuration Manager Software Update Policy if the policies aren’t in use.
+
+#### Existing Mobile Device Management (MDM) policies
+
+| Policy | Description |
+| ----- | ----- |
+| **MDM to win over GP** | As part of the tenant enrollment process, Autopatch deploys a Device configuration profile, which applies to all registered devices to set Mobile Device Management (MDM) to win over Group Policy (GP) with the "MDMWinsOverGP" CSP.<br><br>When applied, any MDM policy that's set, and has an equivalent GP Policy, results in the GP service blocking the policy setting. Setting the value to 0 (zero) or deleting the policy removes the GP policy blocks and restore the saved GP policies.<br><br>This setting doesn't apply to all scenarios. This setting doesn't work for:<ul><li>User scoped settings. This setting applies to device scoped settings only</li><li>Any custom Group Policy Object (GPO) outside of ADMX. For example, Microsoft Edge or Chrome settings</li><li>Any Windows Update for Business policies (WUfB). When you use Windows Update for Business (WUfB), ensure all previous Group Policies (GP) are removed that relate to Windows Update to ensure that Autopatch policies can take effect</li></ul><br><br>For more information and guidance on the expected behavior applied through this policy, see [ControlPolicyConflict Policy CSP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) |
+| **Windows Update for Business (WUfB) policies** | If you have any existing *Deployment rings for Windows 10 and later or Windows feature update DSS policies* in place, ensure that the assignments don't target Windows Autopatch devices. This is to avoid creating policy conflicts and unexpected update behavior, which could impact update compliance and end user experience. |
+| **Update Policy CSP** | If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) that aren't deployed and managed by Windows Autopatch are deployed to devices, policy conflicts and unexpected update behavior could occur and could affect update compliance and the end user experience. |
+
+#### Servicing profiles for Microsoft 365 Apps for enterprise
+
+You can use automation to deliver monthly updates to Microsoft 365 Apps for enterprise directly from the Office Content Delivery Network (CDN) using [Servicing profiles](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#compatibility-with-servicing-profiles). A servicing profile takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. The servicing profile affects all devices that meet the [device eligibility requirements](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#device-eligibility) regardless of existing management tools in your environment.  
+
+You can consider retargeting servicing profiles to non-Windows Autopatch devices or if you plan to continue using them, you can [block Windows Autopatch delivered Microsoft 365 App updates](/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise#allow-or-block-microsoft-365-app-updates) for Windows Autopatch-enrolled devices.
+
+## Business case
+
+Part of your planning might require articulating the business benefits of moving to Windows Autopatch from your existing update solution(s). Windows Autopatch provides several resources to help when building your business case.
+
+- [How Windows Autopatch works for you](https://www.microsoft.com/microsoft-365/windows/autopatch)
+- [What is Windows Autopatch?](https://techcommunity.microsoft.com/t5/windows-autopatch/windows-autopatch-resource-guide/m-p/3502461#_note3)
+- [Forrester - The Projected Total Economic Impact™ Of Windows Autopatch: Cost Savings And Business Benefits Enabled By Windows Autopatch](https://techcommunity.microsoft.com/t5/windows-autopatch/windows-autopatch-resource-guide/m-p/3502461#_note6)
+- [Windows Autopatch Skilling snack](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/skilling-snack-windows-autopatch/ba-p/3787448)
+
+## Stakeholder communications
+
+Change management relies on clear and helpful communication about upcoming changes. The best way to have a smooth deployment is to make sure end users and stakeholders are aware of all changes and disruptions. Your rollout communication plan should include all pertinent information, how to notify users, and when to communicate.  
+
+- Identify groups impacted by the Autopatch deployment
+- Identify key stakeholders in the impacted groups
+- Determine the types of communications needed
+- Develop your messaging based on the [Recommended deployment steps](#recommended-deployment-steps)
+- Create your stakeholder and communication plan schedule based on the [Recommended deployment steps](#recommended-deployment-steps)
+- Have communications drafted and reviewed, and consider your delivery channels such as:  
+    - Social media posts
+    - Internal messaging app (for example, Microsoft Teams)
+    - Internal team site
+    - Email
+    - Company blog
+    - Prerecorded on-demand videos
+    - Virtual meeting(s)
+    - In-person meetings
+    - Team workshops
+- Deploy your stakeholder communication plan
+
+## Review your objectives and business case with stakeholders
+
+Review your original objectives and business case with your key stakeholders to ensure your outcomes have been met and to ensure your expected value has been achieved.
+
+## Need additional guidance?
+
+If you need assistance with your Windows Autopatch deployment journey, you have the following support options:
+
+- Microsoft Account Team
+- [Microsoft FastTrack](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request#microsoft-fasttrack)
+- Windows Autopatch Service Engineering Team
+    - [Tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md)
+    - [General support request](../operate/windows-autopatch-support-request.md)
+
+First contact your Microsoft Account team who can work with you to establish any guidance or support you might need. If you don't have a Microsoft Account Team contact or wish to explore other routes, Microsoft FastTrack offers Microsoft 365 deployment guidance for customers with 150 or more licenses of an eligible subscription at no additional cost. Finally, you can also log a support request with the Windows Autopatch Service Engineering Team.  
+
+### Windows Autopatch Private Community (APC)
+
+Once you're underway with your deployment, consider joining the [Windows Autopatch Private Community (APC)](https://aka.ms/WindowsAutopatchPrivateCommunity) where you can:
+
+- Engage directly with the Windows Autopatch Engineering Teams and other Autopatch customers
+- Gain access to:
+    - Exclusive virtual meetings
+    - Focus groups
+    - Surveys
+    - Teams discussions
+    - Previews
+
+### Windows Autopatch Technology Adoption Program (TAP)  
+
+If you have at least 500 devices enrolled in the service, and will test and give Microsoft feedback at least once a year, consider signing up to the [Windows Autopatch Technology Adoption Program (TAP)](https://aka.ms/JoinWindowsAutopatchTAP) to try out new and upcoming Windows Autopatch features.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index 7eaead607a..66e6fd2e1d 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -4,7 +4,7 @@ metadata:
   description: Answers to frequently asked questions about Windows Autopatch.
   ms.prod: windows-client
   ms.topic: faq
-  ms.date: 05/04/2023
+  ms.date: 07/19/2023
   audience: itpro
   ms.localizationpriority: medium
   manager: dougeby
@@ -31,10 +31,10 @@ sections:
           Autopatch isn't available for 'A' or 'F' series licensing.
       - question: Will Windows Autopatch support local domain join Windows 10?
         answer: | 
-          Windows Autopatch doesn't support local (on-premise) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
+          Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
       - question: Will Windows Autopatch be available for state and local government customers?
         answer: |
-          Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers.
+          Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not suppported.
       - question: What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?
         answer: |
           Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There's no additional action you have to take to continue using Windows Autopatch.
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
index c515617ae7..62ac288ad4 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
@@ -1,7 +1,7 @@
 ---
 title: What is Windows Autopatch?
 description: Details what the service is and shortcuts to articles.
-ms.date: 07/11/2022
+ms.date: 08/08/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -11,7 +11,7 @@ ms.author: tiaraquan
 manager: dougeby
 ms.collection:
   - highpri
-  - tier2
+  - tier1
 ms.reviewer: hathind
 ---
 
@@ -23,14 +23,14 @@ Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps
 
 Rather than maintaining complex digital infrastructure, businesses want to focus on what makes them unique and successful. Windows Autopatch offers a solution to some of the challenges facing businesses and their people today:
 
-- **Close the security gap**: By keeping software current, there are fewer vulnerabilities and threats to your devices.
-- **Close the productivity gap**: By adopting features as they're made available, users get the latest tools to enhance creation and collaboration.
-- **Optimize your IT admin resources**: By automating routine endpoint updates, IT pros have more time to create value.
+- **Close the security gap**: Windows Autopatch keeps software current, there are fewer vulnerabilities and threats to your devices.
+- **Close the productivity gap**: Windows Autopatch adopts features as they're made available. End users get the latest tools to amplify their collaboration and work.
+- **Optimize your IT admin resources**: Windows Autopatch automates routine endpoint updates. IT pros have more time to create value.
 - **On-premises infrastructure**: Transitioning to the world of software as a service (SaaS) allows you to minimize your investment in on-premises hardware since updates are delivered from the cloud.  
-- **Onboard new services**: Windows Autopatch is scoped to make it easy to enroll and minimizes the time investment from your IT Admins to get started.  
-- **Minimize end user disruption**: By releasing in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.
+- **Onboard new services**: Windows Autopatch makes it easy to enroll and minimizes the time required from your IT Admins to get started.  
+- **Minimize end user disruption**: Windows Autopatch releases updates in sequential deployment rings, and responding to reliability and compatibility signals, user disruptions due to updates are minimized.
 
-Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge or Teams. By crafting careful rollout sequences and communicating with you throughout the release, your IT Admins can focus on other activities and tasks.
+Windows Autopatch helps you minimize the involvement of your scarce IT resources in the planning and deployment of updates for Windows, Microsoft 365 Apps, Microsoft Edge or Teams. Windows Autopatch uses careful rollout sequences and communicates with you throughout the release, allowing your IT Admins can focus on other activities and tasks.
 
 ## Update management
 
@@ -44,11 +44,11 @@ The goal of Windows Autopatch is to deliver software updates to registered devic
 | [Microsoft Edge](../operate/windows-autopatch-edge.md) | Windows Autopatch configures eligible devices to benefit from Microsoft Edge's progressive rollouts on the Stable channel. |
 | [Microsoft Teams](../operate/windows-autopatch-teams.md) | Windows Autopatch allows eligible devices to benefit from the standard automatic update channel. |
 
-For each management area, there's a set of eligibility requirements that determine if the device will receive that specific update. An example of an eligibility criteria is that the device must have access to the required network endpoints for the Windows update. It's your responsibility to ensure that devices are meeting eligibility requirements for each management area.
+For each management area, there's a set of eligibility requirements that determine if the device receives that specific update. An example of an eligibility criteria is that the device must have access to the required network endpoints for the Windows update. It's your responsibility to ensure that devices are meeting eligibility requirements for each management area.
 
 To determine if we're meeting our service level objectives, all eligible devices are labeled as either "Healthy" or "Unhealthy". Healthy devices are meeting the eligibility requirements for that management area and unhealthy devices aren't. If Windows Autopatch falls below any service level objective for a management area, an incident is raised. Then, we bring the service back into compliance.
 
-While an update is in progress, it's monitored by Windows Autopatch. Depending on the criticality of the update, the service may decide to expedite the update. If we detect an issue during release, we may pause or roll back the update. Since each management area has a different monitoring and update control capabilities, you review the documentation for each area to familiarize yourself with the service.
+Windows Autopatch monitors in-progress updates. Depending on the criticality of the update, the service may decide to expedite the update. If we detect an issue during release, we may pause or roll back the update. Since each management area has a different monitoring and update control capabilities, you review the documentation for each area to familiarize yourself with the service.
 
 ## Messages
 
@@ -62,10 +62,10 @@ Microsoft remains committed to the security of your data and the [accessibility]
 
 | Area | Description |
 | ----- | ----- |
-| Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li></ul> |
-| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li></ul> |
-| Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-update-management.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Deregister a device](../operate/windows-autopatch-deregister-devices.md)</li></ul>
-| References | This section includes the following articles:<ul><li>[Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li><li>[Privacy](../overview/windows-autopatch-privacy.md)</li><li>[Windows Autopatch Preview Addendum](../references/windows-autopatch-preview-addendum.md)</li></ul> |
+| Prepare | The following articles describe the mandatory steps to prepare and enroll your tenant into Windows Autopatch:<ul><li>[Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li><li>[Configure your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Enroll your tenant](../prepare/windows-autopatch-enroll-tenant.md)</li><li>[Fix issues found by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>[Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md)</ul> |
+| Deploy | Once you've enrolled your tenant, this section instructs you to:<ul><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li><li>[Register your devices](../deploy/windows-autopatch-register-devices.md)</li><li>[Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md)</li></ul> |
+| Operate | This section includes the following information about your day-to-day life with the service:<ul><li>[Update management](../operate/windows-autopatch-groups-update-management.md)</li><li>[Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md)</li><li>[Maintain your Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md)</li><li>[Submit a support request](../operate/windows-autopatch-support-request.md)</li><li>[Exclude a device](../operate/windows-autopatch-exclude-device.md)</li></ul>
+| References | This section includes the following articles:<ul><li>[Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md)<li>[Windows update policies](../references/windows-autopatch-windows-update-unsupported-policies.md)</li><li>[Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md)</li></ul> |
 
 ### Have feedback or would like to start a discussion?
 
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
index a04a060c4c..0ce2010fe7 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Privacy
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
index 3525a20488..5ac998067b 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
@@ -1,7 +1,7 @@
 ---
 title: Roles and responsibilities
 description: This article describes the roles and responsibilities provided by Windows Autopatch and what the customer must do
-ms.date: 03/08/2023
+ms.date: 08/31/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Roles and responsibilities
@@ -25,34 +28,37 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
 | Task | Your responsibility | Windows Autopatch |
 | ----- | :-----: | :-----: |
 | Review the [prerequisites](../prepare/windows-autopatch-prerequisites.md) | :heavy_check_mark: | :x: |
+| Review the [FAQ](../overview/windows-autopatch-faq.yml) | :heavy_check_mark: | :x: |
 | [Review the service data platform and privacy compliance details](../overview/windows-autopatch-privacy.md) | :heavy_check_mark: | :x: |
+| Consult the [Deployment guide](../overview/windows-autopatch-deployment-guide.md) | :heavy_check_mark: | :x: |
 | Ensure device [prerequisites](../prepare/windows-autopatch-prerequisites.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
 | Ensure [infrastructure and environment prerequisites](../prepare/windows-autopatch-configure-network.md) are met and in place prior to enrollment | :heavy_check_mark: | :x: |
 | Prepare to remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
 | [Configure required network endpoints](../prepare/windows-autopatch-configure-network.md#required-microsoft-product-endpoints) | :heavy_check_mark: | :x: |
-| [Fix issues identified by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md) | :heavy_check_mark: | :x: |
-| [Enroll tenant into the Windows Autopatch service](../prepare/windows-autopatch-enroll-tenant.md) | :heavy_check_mark: | :x: |
+| [Enroll tenant into the Windows Autopatch service](../prepare/windows-autopatch-enroll-tenant.md)<ul><li>[Fix issues identified by the Readiness assessment tool](../prepare/windows-autopatch-fix-issues.md)</li><li>If required, [submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md)</li></ul> | :heavy_check_mark: | :x: |
+| [Manage and respond to tenant enrollment support requests](../prepare/windows-autopatch-enrollment-support-request.md) | :x: | :heavy_check_mark: |
 | Identify stakeholders for deployment communications | :heavy_check_mark: | :x: |
 
+For more information and assistance with preparing for your Windows Autopatch deployment journey, see [Need additional guidance](../overview/windows-autopatch-deployment-guide.md#need-additional-guidance).
+
 ## Deploy
 
 | Task | Your responsibility | Windows Autopatch |
 | ----- | :-----: | :-----: |
 | [Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md) in Microsoft Intune |  :heavy_check_mark: | :x: |
 | [Deploy and configure Windows Autopatch service configuration](../references/windows-autopatch-changes-to-tenant.md) | :x: | :heavy_check_mark: |
-| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-windows-feature-update-end-user-exp.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
-| Remove your devices from existing unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
-| [Turn on or off expedited Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :heavy_check_mark: | :x: |
-| [Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates) | :heavy_check_mark: | :x: |
-| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) |  :heavy_check_mark: | :x: |
-| [Register devices/add devices to the Windows Autopatch Device Registration group](../deploy/windows-autopatch-register-devices.md#steps-to-register-devices-using-the-classic-method) | :heavy_check_mark: | :x: |
+| Educate users on the Windows Autopatch end user update experience<ul><li>[Windows quality update end user experience](../operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md)</li><li>[Windows feature update end user experience](../operate/windows-autopatch-groups-manage-windows-feature-update-release.md)</li><li>[Microsoft 365 Apps for enterprise end user experience](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#end-user-experience)</li><li>[Microsoft Edge end user experience](../operate/windows-autopatch-edge.md)</li><li>[Microsoft Teams end user experience](../operate/windows-autopatch-teams.md#end-user-experience)</li></ul> | :heavy_check_mark: | :x: |
+| Review network optimization<ul><li>[Prepare your network](../prepare/windows-autopatch-configure-network.md)</li><li>[Delivery Optimization](../prepare/windows-autopatch-configure-network.md#delivery-optimization) | :heavy_check_mark: | :x: |
+| Review existing configurations<ul><li>Remove your devices from existing unsupported [Windows Update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li><li>Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)</li></ul>|  :heavy_check_mark: | :x: |
+| Confirm your update service needs and configure your workloads<ul><li>[Turn on or off expedited Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases)</li><li>[Allow or block Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#allow-or-block-microsoft-365-app-updates)</li><li>[Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../operate/windows-autopatch-windows-update.md)</li><li>Decide your [Windows feature update versions(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li></ul>| :heavy_check_mark: | :x: |
+| [Consider your Autopatch groups distribution](../deploy/windows-autopatch-groups-overview.md)<ul><li>[Default Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Autopatch group](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| [Register devices](../deploy/windows-autopatch-register-devices.md)<ul><li>[Review your device registration options](../deploy/windows-autopatch-device-registration-overview.md)</li><li>[Register your first devices](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: |
 | [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
-| [Automatically assign devices to First, Fast & Broad deployment rings at device registration](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :x: | :heavy_check_mark: |
-| [Manually override device assignments to First, Fast & Broad deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
-| [Remediate devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
-| [Remediate devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
-| [Populate the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
-| [Ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |
+| Automatically assign devices to deployment rings at device registration<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul>| :x: | :heavy_check_mark: |
+| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices with conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | :heavy_check_mark: | :x: |
+| Populate the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| [Manually override device assignments to deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
+| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
 | Communicate to end-users, help desk and stakeholders | :heavy_check_mark: | :x: |
 
 ## Operate
@@ -61,35 +67,36 @@ This article outlines your responsibilities and Windows Autopatch's responsibili
 | ----- | :-----: | :-----: |
 | [Maintain contacts in the Microsoft Intune admin center](../deploy/windows-autopatch-admin-contacts.md) | :heavy_check_mark: | :x: |
 | [Maintain and manage the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :x: | :heavy_check_mark: |
-| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) |  :heavy_check_mark: | :x: |
-| [Run on-going checks to ensure devices are only present in one deployment ring](../operate/windows-autopatch-update-management.md#automated-deployment-ring-remediation-functions) | :x: | :heavy_check_mark: |
-| [Maintain the Test deployment ring membership](../operate/windows-autopatch-update-management.md#deployment-ring-calculation-logic) | :heavy_check_mark: | :x: |
-| Monitor [Windows update signals](../operate/windows-autopatch-windows-quality-update-signals.md) for safe update release | :x: | :heavy_check_mark: |
-| Test specific [business update scenarios](../operate/windows-autopatch-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
-| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) |  :heavy_check_mark: | :x: |
-| [Define and implement service default release schedule](../operate/windows-autopatch-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
-| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) | :x: | :heavy_check_mark: |
-| Release updates (as scheduled)<ul><li>[Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md#windows-quality-update-releases)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
-| [Release updates (expedited)](../operate/windows-autopatch-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: |
-| [Deploy updates to devices](../operate/windows-autopatch-update-management.md) | :x: | :heavy_check_mark: |
-| Monitor [Windows quality](../operate/windows-autopatch-windows-quality-update-overview.md) or [feature updates](../operate/windows-autopatch-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: |
-| Review [update reports](../operate/windows-autopatch-windows-quality-update-reports-overview.md) | :heavy_check_mark: | :x: |
-| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-windows-quality-update-signals.md) | :x: | :heavy_check_mark: |
-| [Pause updates (initiated by you)](../operate/windows-autopatch-windows-quality-update-overview.md#pausing-and-resuming-a-release) | :heavy_check_mark: | :x: |
+| [Maintain customer configuration to align with the Windows Autopatch service configuration](../operate/windows-autopatch-maintain-environment.md) | :heavy_check_mark: | :x: |
+| Resolve service remediated device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Default to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#default-to-custom-autopatch-group-device-conflict)</li></ul> | :x: | :heavy_check_mark: |
+| Resolve remediated device conflict scenarios<ul><li>[Custom to Custom Autopatch group device conflict](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#custom-to-custom-autopatch-group-device-conflict)</li><li>[Device conflict prior to device registration](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-prior-to-device-registration)</li></ul> |  :heavy_check_mark: | :x: |
+| Maintain the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
+| Monitor [Windows update signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md) for safe update release<ul><li>[Pre-release signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#pre-release-signals)</li><li>[Early signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#early-signals)</li><li>[Device reliability signals](../operate/windows-autopatch-groups-windows-quality-update-signals.md#device-reliability-signals)</li></ul> | :x: | :heavy_check_mark: |
+| Test specific [business update scenarios](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :heavy_check_mark: | :x: |
+| [Define and implement service default release schedule](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | :x: | :heavy_check_mark: |
+| Maintain your workload configuration and custom release schedule<ul><li>[Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)</li><li>[Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md)</li><li>[Decide your Windows feature update version(s)](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li></ul> | :heavy_check_mark: | :x: |
+| Communicate the update [release schedule](../operate/windows-autopatch-windows-quality-update-communications.md) to IT admins | :x: | :heavy_check_mark: |
+| Release updates (as scheduled)<ul><li>[Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management)</li><li>[Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md)</li><li>[Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#update-release-schedule)</li><li>[Microsoft Edge](../operate/windows-autopatch-edge.md#update-release-schedule)</li><li>[Microsoft Teams](../operate/windows-autopatch-teams.md#update-release-schedule)</li><ul>| :x: | :heavy_check_mark: |
+| [Release updates (expedited)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#expedited-releases) | :x: | :heavy_check_mark: |
+| [Release updates (OOB)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#out-of-band-releases) | :x: | :heavy_check_mark: |
+| [Deploy updates to devices](../operate/windows-autopatch-groups-update-management.md) | :x: | :heavy_check_mark: |
+| Monitor [Windows quality](../operate/windows-autopatch-groups-windows-quality-update-overview.md#release-management) or [feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) through the release cycle | :x: | :heavy_check_mark: |
+| Review [release announcements](../operate/windows-autopatch-groups-windows-quality-update-overview.md#) | :heavy_check_mark: | :x: |
+| Review deployment progress using Windows Autopatch reports<ul><li>[Windows quality update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-quality-update-reports)</li><li>[Windows feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#windows-feature-update-reports)</li></ul> | :heavy_check_mark: | :x: |
+| [Pause updates (Windows Autopatch initiated)](../operate/windows-autopatch-groups-windows-quality-update-signals.md) | :x: | :heavy_check_mark: |
+| [Pause updates (initiated by you)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: |
 | Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: |
-| [Remediate devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade) | :heavy_check_mark: | :x: |
-| Resolve any conflicting and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies | :heavy_check_mark: | :x: |
-| [Investigate devices that aren't up to date within the service level objective (Microsoft action)](../operate/windows-autopatch-windows-quality-update-reports-overview.md#not-up-to-date-microsoft-action) | :x: | :heavy_check_mark: |
-| [Investigate and remediate devices that are marked as ineligible (Customer action)](../operate/windows-autopatch-windows-quality-update-reports-overview.md#ineligible-devices-customer-action) | :heavy_check_mark: | :x: |
+| Maintain existing configurations<ul><li>Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li><li>Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)</ul> | :heavy_check_mark: | :x: |
+| Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are<ul><li>[Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)</li><li>[Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)</li><li>have [Device alerts](../operate/windows-autopatch-device-alerts.md)</li><li>have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul>
 | [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: |
-| [Deregister devices](../operate/windows-autopatch-deregister-devices.md) | :heavy_check_mark: | :x: |
-| [Register a device that was previously deregistered (upon customers request)](../operate/windows-autopatch-deregister-devices.md#excluded-devices) | :x: | :heavy_check_mark: |
+| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: |
+| [Register a device that was previously excluded](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: |
 | [Request unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md) | :heavy_check_mark: | :x: |
-| [Remove Windows Autopatch data from the service and deregister devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: |
+| [Remove Windows Autopatch data from the service and exclude devices](../operate/windows-autopatch-unenroll-tenant.md#microsofts-responsibilities-during-unenrollment) | :x: | :heavy_check_mark: |
 | [Maintain update configuration & update devices post unenrollment from Windows Autopatch](../operate/windows-autopatch-unenroll-tenant.md#your-responsibilities-after-unenrolling-your-tenant) | :heavy_check_mark: | :x: |
-| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../operate/windows-autopatch-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
-| [Highlight Windows Autopatch Tenant management alerts that require customer action](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :x: | :heavy_check_mark: |
-| [Review and respond to Windows Autopatch Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions) | :heavy_check_mark: | :x: |
+| Review and respond to Message Center and Service Health Dashboard notifications<ul><li>[Windows quality update communications](../operate/windows-autopatch-groups-windows-quality-update-communications.md)</li><li>[Add and verify admin contacts](../deploy/windows-autopatch-admin-contacts.md)</li></ul> | :heavy_check_mark: | :x: |
+| Highlight Windows Autopatch management alerts that require customer action<ul><li>[Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :x: | :heavy_check_mark: |
+| Review and respond to Windows Autopatch management alerts<ul><li>[Tenant management alerts](../operate/windows-autopatch-maintain-environment.md#windows-autopatch-tenant-actions)</li><li>[Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md)</li></ul> | :heavy_check_mark: | :x: |
 | [Raise and respond to support requests](../operate/windows-autopatch-support-request.md) | :heavy_check_mark: | :x: |
 | [Manage and respond to support requests](../operate/windows-autopatch-support-request.md#manage-an-active-support-request) | :x: | :heavy_check_mark: |
 | Review the [What’s new](../whats-new/windows-autopatch-whats-new-2022.md) section to stay up to date with updated feature and service releases | :heavy_check_mark: | :x: |
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
index e223d515a4..76fb999285 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
@@ -1,7 +1,7 @@
 ---
 title: Configure your network
 description: This article details the network configurations needed for Windows Autopatch
-ms.date: 05/30/2022
+ms.date: 09/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,6 +10,8 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - tier2
 ---
 
 # Configure your network
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
index 4ca771cece..3a6e0a1197 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
@@ -1,7 +1,7 @@
 ---
 title: Enroll your tenant
 description: This article details how to enroll your tenant
-ms.date: 07/11/2022
+ms.date: 09/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Enroll your tenant
@@ -30,7 +33,7 @@ To start using the Windows Autopatch service, ensure you meet the [Windows Autop
 > [!IMPORTANT]
 > The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the  tool again.
 
-The Readiness assessment tool checks the settings in [Microsoft Intune](#microsoft-intune-settings) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
+The Readiness assessment tool checks the settings in [Microsoft Intune](#microsoft-intune-settings) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure the settings work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
 
 **To access and run the Readiness assessment tool:**
 
@@ -64,13 +67,13 @@ The following are the Azure Active Directory settings:
 
 ### Check results
 
-For each check, the tool will report one of four possible results:  
+For each check, the tool reports one of four possible results:  
 
 | Result | Meaning |
 | ----- | ----- |
 | Ready | No action is required before completing enrollment. |
 | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
-| Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
+| Not ready | You must fix these issues before enrollment. You can't enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
 | Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permissions to run this check. |
 
 ## Step 3: Fix issues with your tenant
@@ -86,11 +89,11 @@ Once the Readiness assessment tool provides you with a "Ready" result, you're re
 
 **To enroll your tenant:**
 
-Within the Readiness assessment tool, you'll now see the **Enroll** button. By selecting **Enroll**, you'll kick off the enrollment of your tenant to the Windows Autopatch service. During the enrollment workflow, you'll see the following:
+Within the Readiness assessment tool, you can see the **Enroll** button. By selecting **Enroll**, you start the enrollment process of your tenant into the Windows Autopatch service. During the enrollment workflow, you see the following:
 
 - Consent workflow to manage your tenant.
 - Provide Windows Autopatch with IT admin contacts.
-- Setup of the Windows Autopatch service on your tenant. This step is where we'll create the policies, groups and accounts necessary to run the service.
+- Setup of the Windows Autopatch service on your tenant. This step is where we create the policies, groups and accounts necessary to run the service.
 
 Once these actions are complete, you've now successfully enrolled your tenant.
 
@@ -101,7 +104,7 @@ Once these actions are complete, you've now successfully enrolled your tenant.
 
 You can choose to delete the data we collect directly within the Readiness assessment tool.
 
-Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a de-identified form.
+Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a deidentified form.
 
 > [!NOTE]
 > Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data.
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
index c36d207090..6588ea5a13 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
@@ -10,6 +10,8 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - tier2
 ---
 
 # Submit a tenant enrollment support request
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
index 413d997112..39f30591e9 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Fix issues found by the Readiness assessment tool
@@ -21,13 +24,13 @@ Seeing issues with your tenant? This article details how to remediate issues fou
 
 ## Check results
 
-For each check, the tool will report one of four possible results:
+For each check, the tool reports one of four possible results:
 
 | Result | Meaning |
 | ----- | ----- |
 | Ready | No action is required before completing enrollment. |
 | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
-| Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
+| Not ready | You must fix these issues before enrollment. You can't enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
 | Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permission to run this check or your tenant isn't properly licensed for Microsoft Intune. |
 
 > [!NOTE]
@@ -43,7 +46,7 @@ Your "Update rings for Windows 10 or later" policy in Intune must not target any
 
 | Result | Meaning |
 | ----- | ----- |
-| Advisory |  You have an "update ring" policy that targets all devices, all users, or both. Windows Autopatch will also create our own update ring policies during enrollment. To avoid conflicts with Windows Autopatch devices, we'll exclude our devices group from your existing update ring policies that target all devices, all users, or both. You must consent to this change when you go to enroll your tenant.</p>|
+| Advisory |  You have an "update ring" policy that targets all devices, all users, or both. Windows Autopatch creates our own update ring policies during enrollment. To avoid conflicts with Windows Autopatch devices, we exclude our devices group from your existing update ring policies that target all devices, all users, or both. You must consent to this change when you go to enroll your tenant.</p>|
 
 ## Azure Active Directory settings
 
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index 1808dd285c..90e7324a39 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Prerequisites
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index a1fd2c87e2..f0c9059f9c 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -1,7 +1,7 @@
 ---
 title: Changes made at tenant enrollment
 description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
-ms.date: 01/24/2023
+ms.date: 06/23/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: reference
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Changes made at tenant enrollment
@@ -63,7 +66,7 @@ The following groups target Windows Autopatch configurations to devices and mana
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
 | Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | <ul><li>MDM policy is used</li><li>GP policy is blocked</li></ul> |
-| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings UX](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
+| Windows Autopatch - Data Collection | Windows Autopatch and Telemetry settings processes diagnostic data from the Windows device.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
 
 ## Deployment rings for Windows 10 and later
 
@@ -105,7 +108,7 @@ The following groups target Windows Autopatch configurations to devices and mana
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li></ol> |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li><li>Location for updates (Device)</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li><li>`http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6`</li></ol> |
 | Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled; `Days(Device) == 0 days`</li></li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
 | Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled; `Days(Device) == 0 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
 | Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled; `Days(Device) == 3 days`</li><li>Enabled; `Update Deadline(Device) == 7 days`</li></ol>|
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
new file mode 100644
index 0000000000..865f6c15c9
--- /dev/null
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md
@@ -0,0 +1,153 @@
+---
+title: Conflicting configurations
+description: This article explains how to remediate conflicting configurations affecting the Windows Autopatch service.
+ms.date: 09/05/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+ms.reviewer: adnich
+ms.collection:
+  - highpri
+  - tier1
+---
+
+# Conflicting configurations (public preview)
+
+> [!IMPORTANT]
+> This feature is in **public preview**. The feature is being actively developed and might not be complete.
+
+During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state.  
+
+Windows Autopatch monitors conflicting configurations. You’re notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, it’s possible that other services write back the registry keys. It’s recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates.  
+
+The most common sources of conflicting configurations include:
+
+- Active Directory Group Policy (GPO)
+- Configuration Manager Device client settings
+- Windows Update for Business (WUfB) policies
+- Manual registry updates  
+- Local Group Policy settings applied during imaging (LGPO)
+
+## Registry keys inspected by Autopatch
+
+```cmd
+Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations Value=Any
+Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccess Value=Any
+Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer String=Any
+Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer Value=Any
+Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate Value=Any
+```
+
+## Resolving conflicts
+
+Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed clients.
+
+> [!IMPORTANT]
+> **It’s recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that aren’t managed by Windows Autopatch, be sure to target accordingly.
+
+### Intune Remediation
+
+Navigate to Intune Remediations and create a remediation using the following examples. It’s recommended to create a single remediation per value to understand if the value persists after removal.  
+
+If you use either [**Detect**](#detect) and/or [**Remediate**](#remediate) actions, ensure to update the appropriate **Path** and **Value** called out in the Alert. For more information, see [Remediations](/mem/intune/fundamentals/remediations).
+
+#### Detect
+
+```powershell
+if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {  
+    Exit 1 
+} else { 
+    exit 0 
+} 
+```
+
+| Alert details | Description |
+| ----- | ----- |
+| Path | `HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate` |
+| Value | `DoNotConnectToWindowsUpdateInternetLocations` |
+
+#### Remediate
+
+```powershell
+if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') { 
+    Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations" 
+} 
+```
+
+| Alert details | Description |
+| ----- | ----- |
+| Path | `HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate` |
+| Value | `DoNotConnectToWindowsUpdateInternetLocations` |
+
+### PowerShell
+
+Copy and paste the following PowerShell script into PowerShell or a PowerShell editor, and save it with a `.ps1` extension. For more information, see [Remove-ItemProperty (Microsoft.PowerShell.Management)](/powershell/module/microsoft.powershell.management/remove-itemproperty).
+
+```powershell
+Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations"
+Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DisableWindowsUpdateAccess"
+Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer"
+Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer"
+Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate"
+```
+
+### Batch file
+
+Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. For more information, see [Using batch files: Scripting; Management Services](/previous-versions/windows/it-pro/windows-server-2003/cc758944(v=ws.10)?redirectedfrom=MSDN).
+
+```cmd
+@echo off
+echo Deleting registry keys...
+reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /f
+reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableWindowsUpdateAccess" /f
+reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /f
+reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /f
+reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /f
+echo Registry keys deleted.
+Pause
+```
+
+### Registry file
+
+Copy the following code to a Notepad file, save as a `.reg` extension, and execute against affected devices. This removes registry keys that affect the Windows Autopatch service. For more information, see [How to add, modify, or delete registry subkeys and values by using a .reg file](https://support.microsoft.com/topic/how-to-add-modify-or-delete-registry-subkeys-and-values-by-using-a-reg-file-9c7f37cf-a5e9-e1cd-c4fa-2a26218a1a23).
+
+```cmd
+Windows Registry Editor Version 5.00
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
+"DoNotConnectToWindowsUpdateInternetLocations"=-
+"DisableWindowsUpdateAccess"=-
+"WUServer"=-
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] 
+"UseWUServer"=-
+"NoAutoUpdate"=-
+```
+
+## Common sources of conflicting configurations
+
+The following examples can be used to validate if the configuration is persistent from one of the following services. The list isn’t an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly.
+
+### Group Policy management
+
+Group Policy management is the most popular client configuration tool in most organizations. For this reason, it’s most often the source of conflicting configurations. Use Result Set of Policy (RSOP) on an affected client can quickly identify if configured policies conflict with Windows Autopatch. For more information, see Use Resultant Set of Policy to Manage Group Policy.
+
+1. Launch an Elevated Command Prompt and enter `RSOP`.
+1. Navigate to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**
+1. If a Policy **doesn’t exist** in Windows Update, then it appears to not be Group Policy.
+1. If a Policy **exists** in Windows Update is present, modify or limit the target of the conflicting policy to resolve the Alert.
+1. If the **Policy name** is labeled **Local Group Policy**, these settings could have been applied during imaging or by Configuration Manager.
+
+### Configuration Manager
+
+Configuration Manager is a common enterprise management tool that, among many things, can help manage Windows Updates. For this reason, we see many environments misconfigured when moving to either a 100% cloud or co-managed workloads even when the workloads are configured correctly. The client settings are often missed. For more information, see [About client settings and software updates](/mem/configmgr/core/clients/deploy/about-client-settings#software-updates).
+
+1. Go the **Microsoft Endpoint Configuration Manager Console**.
+1. Navigate to **Administration** > **Overview** > **Client Settings**.  
+1. Ensure **Software Updates** isn’t configured. If configured, it’s recommended to remove these settings to prevent conflicts with Windows Autopatch.
+
+## Third-party solutions
+
+Third-party solutions can include any other product that may write configurations for the devices in question, such as MDMs (Mobile Device Managers) or Policy Managers.
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
new file mode 100644
index 0000000000..00eb8bc49b
--- /dev/null
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
@@ -0,0 +1,29 @@
+---
+title: Driver and firmware updates for Windows Autopatch Public Preview Addendum
+description:  This article explains how driver and firmware updates are managed in Autopatch
+ms.date: 06/26/2023 
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# Driver and Firmware Updates for Windows Autopatch Public Preview Addendum
+
+**This Driver and Firmware Updates for Windows Autopatch Public Preview Addendum ("Addendum") to the Microsoft Product Terms' Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all)  (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
+
+For good and valuable consideration, the receipt and sufficiency of which is acknowledged, the parties agree as follows:
+
+Microsoft desires to preview the Driver and Firmware Updates for Windows Autopatch service it's developing ("**Driver and Firmware Updates Preview**") in order to evaluate it. Customer would like to particulate this Driver and Firmware Updates Preview under the Product Terms and this Addendum. Driver and Firmware Updates Preview consists of features and services that are in preview, beta, or other prerelease form. Driver and Firmware Updates Preview is subject to the "preview" terms set forth in the Product Terms' Universal License Terms for Online Services.
+
+## Definitions
+
+Capitalized terms used but not defined herein have the meanings given in the Product Terms.
+
+## Data Handling
+
+Driver and Firmware Updates Preview integrates Customer Data from other Products, including Windows, Microsoft Intune, Azure Active Directory, and Office (collectively for purposes of this provision "Windows Autopatch Input Services"). Once Customer Data from Windows Autopatch Input Services is integrated into Driver and Firmware Updates Preview, only the Product Terms and [DPA provisions](https://www.microsoft.com/licensing/terms/product/Glossary/all) applicable to Driver and Firmware Updates Preview apply to that data.
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-groups-public-preview-addendum.md b/windows/deployment/windows-autopatch/references/windows-autopatch-groups-public-preview-addendum.md
deleted file mode 100644
index 29795eceb9..0000000000
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-groups-public-preview-addendum.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: Autopatch groups Public Preview Addendum
-description: Addendum for Windows Autopatch groups public preview
-ms.date: 05/01/2023
-ms.prod: windows-client
-ms.technology: itpro-updates
-ms.topic: how-to
-ms.localizationpriority: medium
-author: tiaraquan
-ms.author: tiaraquan
-manager: dougeby
-ms.reviewer: andredm7
----
-
-# Windows Autopatch groups Public Preview Addendum
-
-**This is the Autopatch groups Public Preview Addendum ("Addendum") to the Microsoft Product Terms’ Universal License Terms for Online Services** (as provided at: [Microsoft Product Terms](https://www.microsoft.com/licensing/terms/product/ForallOnlineServices/all) (the "**Product Terms**")) is entered into between Microsoft Corporation, a Washington corporation having its principal place of business at One Microsoft Way, Redmond, Washington, USA 98052-6399 (or based on where Customer lives, one of Microsoft's affiliates) ("**Microsoft**"), and you ("**Customer**").
-
-For good and valuable consideration, the receipt and sufficiency of which is acknowledged, the parties agree as follows:
-
-Microsoft desires to preview the Autopatch groups service it is developing ("**Autopatch groups Preview**”) in order to evaluate it. Customer would like to particulate this Autopatch groups Preview under the Product Terms and this Addendum. Autopatch groups Preview consists of features and services that are in preview, beta, or other pre-release form. Autopatch groups Preview is subject to the "preview" terms set forth in the Product Terms’ Universal License Terms for Online Services.
-
-## Definitions
-
-Capitalized terms used but not defined herein have the meanings given in the Product Terms.
-
-## Data Handling
-
-Autopatch groups Preview integrates Customer Data from other Products, including Windows, Microsoft Intune, Azure Active Directory, and Office (collectively for purposes of this provision "Windows Autopatch Input Services"). Once Customer Data from Windows Autopatch Input Services is integrated into Autopatch groups Preview, only the Product Terms and [DPA provisions](https://www.microsoft.com/licensing/terms/product/Glossary/all) applicable to Autopatch groups Preview apply to that data.
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
index e8e54695c8..2534e971d5 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft 365 Apps for enterprise update policies
 description: This article explains the Microsoft 365 Apps for enterprise policies in Windows Autopatch
-ms.date: 07/11/2022
+ms.date: 06/23/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -10,24 +10,26 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: hathind
+ms.collection:
+  - tier2
 ---
 
 # Microsoft 365 Apps for enterprise update policies
 
 ## Conflicting and unsupported policies
 
-Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
+Deploying any of the following policies to a managed device makes that device ineligible for management since the device prevents us from delivering the service as designed.
 
 ### Update policies
 
-Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device won't be eligible for management.
+Window Autopatch deploys mobile device management (MDM) policies to configure Microsoft 365 Apps and requires a specific configuration. If any [Microsoft 365 Apps update settings](/deployoffice/configure-update-settings-microsoft-365-apps) are deployed which conflict with our policies, then the device isn't eligible for management.
 
-| Update setting | Value | Usage reason |
-| ----- | ----- | ----- |
-| Set updates to occur automatically | Enabled | Enable automatic updates |
-| Specify a location to look for updates | Blank | Don't use this setting since it overwrites the update branch |
-| Update channel | Monthly Enterprise | Supported channel for Windows Autopatch |
-| Specify the version of Microsoft 365 Apps to update to | Variable | Used to roll back to a previous version if an error occurs |
-| Set a deadline by when updates must be applied | 7 | Update deadline |
-| Hide update notifications from users | Turned off | Users should be notified when Microsoft 365 Apps are being updated |
-| Hide the option to turn on or off automatic Office updates | Turned on | Prevents users from disabling automatic updates |
+| Setting name | Test | First | Fast | Broad | Usage reason |
+| ----- | ----- | ----- | ----- | ----- | ----- |
+| Set updates to occur automatically | Turned on | Turned on | Turned on | Turned on | Turn on automatic updates |
+| Specify a location to look for updates | Blank | Blank | Blank | Blank | Don't use this setting because it overwrites the update branch |
+| Specify the version of Microsoft Apps to update to | Variable | Variable | Variable | Variable | Used to roll back to a previous version if an error occurs |
+| Set a deadline when updates must be applied | 7 | 7 | 7 | 7 | Updates must be applied by the specified deadline |
+| Sets the Office update deferral | 0 | 0 | 3 | 7| Delay downloading and installing updates for Office |
+| Hide update notifications from end users | Turned off | Turned off |  Turned off |  Turned off | End users should be notified when Microsoft 365 Apps are being updated |
+| Hide the option to turn on or off automatic Office updates | Turned on | Turned on | Turned on | Turned on | Prevents end users from turning off automatic updates |
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
index 01ddeb4f2e..9ece385c03 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
@@ -10,13 +10,15 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
 ms.reviewer: adnich
+ms.collection:
+  - tier2
 ---
 
 # Windows update policies
 
 ## Deployment rings for Windows 10 and later
 
-The following policies contain settings which apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
+The following policies contain settings that apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
 
 **Modern Workplace Update Policy [ring name] – [Windows Autopatch]**
 
@@ -44,7 +46,7 @@ The following policies contain settings which apply to both Windows quality and
 | Deadline for Windows feature updates | 5 | 5 | 5 | 5 |
 | Deadline for Windows quality updates | 0 | 2 | 2 | 5 |
 | Grace period | 0 | 2 | 2 | 2 |
-| Auto-restart before deadline | Yes | Yes | Yes | Yes |
+| Auto restart before deadline | Yes | Yes | Yes | Yes |
 
 ### Windows 10 and later assignments
 
@@ -59,7 +61,7 @@ The service deploys policies using Microsoft Intune to control how Windows featu
 
 ### Windows feature updates for Windows 10 and later
 
-These policies control the minimum target version of Windows which a device is meant to accept. Throughout the rest of the article, you will see these policies referred to as DSS policies. After onboarding there will be four of these policies in your tenant with the following naming convention:
+These policies control the minimum target version of Windows that a device is meant to accept. Throughout the rest of the article, these policies are referred to as DSS policies. After onboarding, there will be four of these policies in your tenant with the following naming convention:
 
 **Modern Workplace DSS Policy [ring name]**
 
@@ -79,7 +81,7 @@ These policies control the minimum target version of Windows which a device is m
 
 #### Windows 11 testing
 
-To allow customers to test Windows 11 in their environment, there's a separate DSS policy which enables you to test Windows 11 before broadly adopting within your environment.
+To allow customers to test Windows 11 in their environment, there's a separate DSS policy that enables you to test Windows 11 before broadly adopting within your environment.
 
 ##### Windows 11 deployment setting
 
@@ -97,11 +99,11 @@ To allow customers to test Windows 11 in their environment, there's a separate D
 
 ## Conflicting and unsupported policies
 
-Deploying any of the following policies to a Windows Autopatch device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
+Deploying any of the following policies to a Windows Autopatch device makes that device ineligible for management since the device prevents us from delivering the service as designed.
 
 ### Update policies
 
-Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices will be excluded from management.
+Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices are excluded from management.
 
 | Allowed policy | Policy CSP | Description |
 | ----- | ----- | ----- |
@@ -111,7 +113,7 @@ Window Autopatch deploys mobile device management (MDM) policies to configure de
 
 ### Group policy and other policy managers
 
-Group policy as well as other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
+Group policy and other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
 
 - `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`
 - `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
index b4fb65849a..e9e8b08de8 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
@@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 05/15/2023
+ms.date: 09/11/2023 
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: whats-new
@@ -21,9 +21,84 @@ This article lists new and updated feature releases, and service releases, with
 
 Minor corrections such as typos, style, or formatting issues aren't listed.
 
+## September 2023
+
+### September feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Conflicting configurations](../references/windows-autopatch-conflicting-configurations.md) | New feature. This article explains how to remediate conflicting configurations<ul><li>[MC671811](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+
+### September service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC674422](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Public Preview: Windows Autopatch Reliability Report |
+| [MC672750](https://admin.microsoft.com/adminportal/home#/MessageCenter) | August 2023 Windows Autopatch baseline configuration update |
+
+## August 2023
+
+### August feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Deployment guide](../overview/windows-autopatch-deployment-guide.md) | New guide. This guide explains how to successfully deploy Windows Autopatch in your environment |
+| [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | Added the **This pause is related to Windows Update** option to the [Pause and resume a release feature](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) |
+| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md)| Added [policy settings](../operate/windows-autopatch-manage-driver-and-firmware-updates.md#view-driver-and-firmware-policies-created-by-windows-autopatch) for all deployment rings |
+| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | General Availability<ul><li>[MC661218](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | Renamed Deregister a device to [Exclude a device](../operate/windows-autopatch-exclude-device.md). Added the [Restore device](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) feature <ul><li>[MC667662](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Device alerts](../operate/windows-autopatch-device-alerts.md) | Added `'InstallSetupBlock'` to the [Alert resolutions section](../operate/windows-autopatch-device-alerts.md#alert-resolutions) |
+
+### August service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC671811](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch Service Improvements |
+
+## July 2023
+
+### July feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Roles and responsibilities](../overview/windows-autopatch-roles-responsibilities.md) | Updated article to include Windows Autopatch groups |
+| [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Manage Windows Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Customize Windows Update settings](../operate/windows-autopatch-groups-windows-update.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Windows quality updates](../operate/windows-autopatch-groups-windows-quality-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Windows feature updates](../operate/windows-autopatch-groups-windows-feature-update-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Windows quality and feature update reports](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+| [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) | General Availability<ul><li>[MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+
+### July service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC628172](https://admin.microsoft.com/adminportal/home#/MessageCenter) | General Availability: New Features in Windows Autopatch |
+
+## June 2023
+
+### June feature releases or updates
+
+| Article | Description |
+| ----- | ----- |
+| [Manage driver and firmware updates](../operate/windows-autopatch-manage-driver-and-firmware-updates.md) | New article on how to manage driver and firmware updates. This feature is in public preview |
+| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Added Location for updates (Device) setting and value to the [Windows Autopatch - Office Configuration policy](../references/windows-autopatch-changes-to-tenant.md#microsoft-office-update-policies) |
+| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | Updated [deadline link](../operate/windows-autopatch-microsoft-365-apps-enterprise.md#behavior-during-updates) |
+| [Microsoft 365 Apps for enterprise update policies](../references/windows-autopatch-microsoft-365-policies.md) | Updated the [Update policies](../references/windows-autopatch-microsoft-365-policies.md#update-policies) section |
+
+### June service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC617077](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch Public Preview: Drivers and Firmware Management |
+| [MC604889](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Expanding Windows Autopatch availability in August 2023 |
+| [MC602590](https://admin.microsoft.com/adminportal/home#/MessageCenter) | June 2023 Windows Autopatch baseline configuration update |
+| [MC591864](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Updated ticket categories to reduce how long it takes to resolve support requests |
+
 ## May 2023
 
-### May 2023 feature release
+### May feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -51,6 +126,12 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) | Add new Policy health and remediation feature. This feature is in public preview |
 | [Windows Autopatch groups public preview addendum](../references/windows-autopatch-groups-public-preview-addendum.md) | Added addendum for the Windows Autopatch groups public preview |
 
+### May service releases
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC559247](https://admin.microsoft.com/adminportal/home#/MessageCenter) | May 2023 Windows Autopatch baseline configuration update |
+
 ## April 2023
 
 ### April feature releases or updates
@@ -59,7 +140,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | ----- | ----- |
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the [Deployment rings for Windows 10 and later](../references/windows-autopatch-changes-to-tenant.md#deployment-rings-for-windows-10-and-later) section |
 
-### April 2023 service release
+### April service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -77,7 +158,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | <ul><li>Added support for subscription versions of Microsoft Project and Visio desktop apps</li><li>Updated device eligibility criteria</li><li>Clarified update controls</li></ul> |
 | [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | New [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) feature. This feature is in public preview<ul><li>[MC524715](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul>|
 
-### March service release
+### March service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -101,7 +182,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated Feature update policies section with Windows Autopatch - DSS Policy [deployment ring] |
 | [Register your devices](../deploy/windows-autopatch-register-devices.md) |<ul><li>Updated the [Built-in roles required for registration](../deploy/windows-autopatch-register-devices.md#built-in-roles-required-for-device-registration) section</li><li>Added more information about assigning less-privileged user accounts</li></ul> |
 
-### February service release
+### February service releases
 
 | Message center post number | Description |
 | ----- | ----- |
@@ -120,7 +201,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | [Submit a tenant enrollment support request](../prepare/windows-autopatch-enrollment-support-request.md) | Added the Submit a tenant enrollment support request section. You can submit a tenant enrollment support request through the Tenant enrollment tool if you're running into issues with enrollment |
 | [Submit a support request](../operate/windows-autopatch-support-request.md) | Added Premier and Unified support options section |
 
-### January service release
+### January service releases
 
 | Message center post number | Description |
 | ----- | ----- |
diff --git a/windows/deployment/windows-autopilot/TOC.yml b/windows/deployment/windows-autopilot/TOC.yml
deleted file mode 100644
index 0881334396..0000000000
--- a/windows/deployment/windows-autopilot/TOC.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Windows Autopilot deployment
-  href: index.yml
-  items: 
-    - name: Get started
-      href: demonstrate-deployment-on-vm.md
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
deleted file mode 100644
index 4ebfe798e1..0000000000
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ /dev/null
@@ -1,901 +0,0 @@
----
-title: Demonstrate Autopilot deployment
-description: Step-by-step instructions on how to set up a virtual machine with a Windows Autopilot deployment.
-ms.prod: windows-client
-ms.technology: itpro-deploy
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.collection:
-  - highpri
-  - tier2
-ms.topic: tutorial
-ms.date: 10/28/2022
----
-
-# Demonstrate Autopilot deployment
-
-**Applies to**
-
-- Windows 10
-
-To get started with Windows Autopilot, you should try it out with a virtual machine (VM). You can also use a physical device that will be wiped and then have a fresh install of Windows 10.
-
-In this article, you'll learn how to set up a Windows Autopilot deployment for a VM using Hyper-V.
-
-> [!NOTE]
-> Although there are [multiple platforms](/mem/autopilot/add-devices#registering-devices) available to enable Autopilot, this lab primarily uses Microsoft Intune.
->
-> Hyper-V and a VM aren't required for this lab. You can use a physical device instead. However, the instructions assume that you're using a VM. To use a physical device, skip the instructions to install Hyper-V and create a VM. All references to _device_ in the guide refer to the client device, either physical or virtual.
-
-The following video provides an overview of the process:
-
-> [!VIDEO https://www.youtube.com/embed/KYVptkpsOqs]
-
-> [!TIP]
-> For a list of terms used in this guide, see the [Glossary](#glossary) section.
-
-## Prerequisites
-
-You'll need the following components to complete this lab:
-
-| Component | Description |
-|:---|:---|
-|**Windows 10 installation media**|Windows 10 Enterprise ISO file for a supported version of Windows 10, general availability channel. If you don't already have an ISO to use, download an [evaluation version of Windows 10 Enterprise](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise).|
-|**Internet access**|If you're behind a firewall, see the detailed [networking requirements](/mem/autopilot/software-requirements#networking-requirements). Otherwise, just make sure that you have a connection to the internet.|
-|**Hyper-V or a physical device running Windows 10**|The guide assumes that you'll use a Hyper-V VM, and provides instructions to install and configure Hyper-V if needed. To use a physical device, skip the steps to install and configure Hyper-V.|
-|**An account with Azure Active Directory (Azure AD) Premium license**|This guide will describe how to get a free 30-day trial Azure AD Premium subscription that can be used to complete the lab.|
-
-> [!NOTE]
-> When using a VM for Autopilot testing, assign at least two processors and 4 GB of memory.
-
-## Procedures
-
-A summary of the sections and procedures in the lab is provided below. Follow each section in the order it's presented, skipping the sections that don't apply to you. Optional procedures are provided in the appendices.
-
-If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or later.
-
-- [Demonstrate Autopilot deployment](#demonstrate-autopilot-deployment)
-  - [Prerequisites](#prerequisites)
-  - [Procedures](#procedures)
-  - [Verify support for Hyper-V](#verify-support-for-hyper-v)
-  - [Enable Hyper-V](#enable-hyper-v)
-  - [Create a demo VM](#create-a-demo-vm)
-    - [Set ISO file location](#set-iso-file-location)
-    - [Determine network adapter name](#determine-network-adapter-name)
-    - [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
-    - [Install Windows 10](#install-windows-10)
-  - [Capture the hardware ID](#capture-the-hardware-id)
-  - [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
-  - [Verify subscription level](#verify-subscription-level)
-  - [Configure company branding](#configure-company-branding)
-  - [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
-  - [Register your VM](#register-your-vm)
-    - [Autopilot registration using Intune](#autopilot-registration-using-intune)
-    - [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
-  - [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
-    - [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
-      - [Create a device group](#create-a-device-group)
-      - [Create the deployment profile](#create-the-deployment-profile)
-    - [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
-  - [See Windows Autopilot in action](#see-windows-autopilot-in-action)
-  - [Remove devices from Autopilot](#remove-devices-from-autopilot)
-    - [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
-  - [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
-  - [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
-    - [Add a Win32 app](#add-a-win32-app)
-      - [Prepare the app for Intune](#prepare-the-app-for-intune)
-      - [Create app in Intune](#create-app-in-intune)
-      - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-    - [Add Microsoft 365 Apps](#add-microsoft-365-apps)
-      - [Create app in Microsoft Intune](#create-app-in-microsoft-intune)
-      - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile-1)
-  - [Glossary](#glossary)
-
-## Verify support for Hyper-V
-
-- If you don't already have Hyper-V enabled, enable it on a computer running Windows 10 or Windows Server (2012 R2 or later).
-- If you already have Hyper-V enabled, skip to the [Create a demo VM](#create-a-demo-vm) step. If you're using a physical device instead of a VM, skip to [Install Windows 10](#install-windows-10).
-- If you're not sure that your device supports Hyper-V, or you have problems installing Hyper-V, see [Appendix A](#appendix-a-verify-support-for-hyper-v) in this article for details on verifying that Hyper-V can be successfully installed.
-
-## Enable Hyper-V
-
-To enable Hyper-V, open an elevated Windows PowerShell prompt and run the following command:
-
-```powershell
-Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
-```
-
-This command works on all operating systems that support Hyper-V. However, on Windows Server operating systems you must type another command to add the Hyper-V Windows PowerShell module and the Hyper-V Manager console. The following command will also install Hyper-V if it isn't already installed. So, if you're using Windows Server, you can just type the following command instead of using the **Enable-WindowsOptionalFeature** command:
-
-```powershell
-Install-WindowsFeature -Name Hyper-V -IncludeManagementTools
-```
-
-When you're prompted to restart the computer, choose **Yes**. The computer might restart more than once.
-
-Alternatively, you can install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
-
-   ![Hyper-V feature.](images/hyper-v-feature.png)
-
-   ![Hyper-V.](images/svr_mgr2.png)
-
-If you choose to install Hyper-V using Server Manager, accept all default selections. Make sure to install both items under **Role Administration Tools\Hyper-V Management Tools**.
-
-After installation is complete, open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt, or by typing **Hyper-V** in the Start menu search box.
-
-To read more about Hyper-V, see [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/) and [Hyper-V on Windows Server](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server).
-
-## Create a demo VM
-
-Now that Hyper-V is enabled, we need to create a VM running Windows 10. We can [create a VM](/virtualization/hyper-v-on-windows/quick-start/create-virtual-machine) and [virtual network](/virtualization/hyper-v-on-windows/quick-start/connect-to-network) using Hyper-V Manager, but it's simpler to use Windows PowerShell.
-
-To use Windows PowerShell, you need to know two things:
-
-1. The location of the Windows 10 ISO file.
-
-   In the example, the location is **c:\iso\win10-eval.iso**.
-
-2. The name of the network interface that connects to the internet.
-
-   In the example, you'll use a Windows PowerShell command to determine this information automatically.
-
-After you determine the ISO file location and the name of the appropriate network interface, you can install Windows 10.
-
-### Set ISO file location
-
-Download an ISO file for an evaluation version of the latest release of Windows 10 Enterprise from the [Evaluation Center](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise). Choose a 64-bit version.
-
-After you download an ISO file, the name will be long. For example, `19042.508.200927-1902.20h2_release_svc_refresh_CLIENTENTERPRISEEVAL_OEMRET_x64FRE_en-us.iso`
-
-1. So that it's easier to type and remember, rename the file to **win10-eval.iso**.
-
-2. Create a directory on your computer named **c:\iso** and move the **win10-eval.iso** file there, so the path to the file is **c:\iso\win10-eval.iso**.
-
-3. If you wish to use a different name and location for the file, you must modify the Windows PowerShell commands below to use your custom name and directory.
-
-### Determine network adapter name
-
-The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
-
-```powershell
-(Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
-```
-
-The output of this command should be the name of the network interface you use to connect to the internet. Verify that this interface name is correct. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name.
-
-For example, if the command above displays **Ethernet** but you wish to use **Ethernet2**, then the first command below would be `New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName **Ethernet2`
-
-### Use Windows PowerShell to create the demo VM
-
-All VM data will be created under the current path in your PowerShell prompt. Consider navigating into a new folder before running the following commands.
-
-> [!IMPORTANT]
-> **VM switch**: a VM switch is how Hyper-V connects VMs to a network.
->
->- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to `AutopilotExternal`.
->- If you have never created an external VM switch before, then just run the commands below.
->- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a current list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
-
-```powershell
-New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
-New-VM -Name WindowsAutopilot -MemoryStartupBytes 4GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
-Set-VMProcessor WindowsAutopilot -Count 2
-Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
-Start-VM -VMName WindowsAutopilot
-```
-
-After you enter these commands, connect to this VM. Double-click the VM in Hyper-V Manager to connect to it. Then wait for a prompt to press a key and boot from the DVD.
-
-See the sample output below. In this sample, the VM is created under the **c:\autopilot** directory and the **vmconnect.exe** command is used, which is only available on Windows Server. If you installed Hyper-V on Windows 10, use Hyper-V Manager to connect to your VM.
-
-<pre>
-PS C:\autopilot&gt; dir c:\iso
-
-
-    Directory: C:\iso
-
-
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
--a----        3/12/2019   2:46 PM     4627343360 win10-eval.iso
-
-PS C:\autopilot&gt; (Get-NetAdapter |?{$<em>.Status -eq &quot;Up&quot; -and !$</em>.Virtual}).Name
-Ethernet
-PS C:\autopilot&gt; New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$<em>.Status -eq &quot;Up&quot; -and !$</em>.Virtual}).Name
-
-Name              SwitchType NetAdapterInterfaceDescription
-----              ---------- ------------------------------
-AutopilotExternal External   Intel(R) Ethernet Connection (2) I218-LM
-
-PS C:\autopilot&gt; New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
-
-Name             State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
-----             ----- ----------- ----------------- ------   ------             -------
-WindowsAutopilot Off   0           0                 00:00:00 Operating normally 8.0
-
-PS C:\autopilot&gt; Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
-PS C:\autopilot&gt; Start-VM -VMName WindowsAutopilot
-PS C:\autopilot&gt; vmconnect.exe localhost WindowsAutopilot
-PS C:\autopilot&gt; dir
-
-    Directory: C:\autopilot
-
-Mode                LastWriteTime         Length Name
-----                -------------         ------ ----
-d-----        3/12/2019   3:15 PM                VMData
-d-----        3/12/2019   3:42 PM                VMs
-
-PS C:\autopilot&gt;
-</pre>
-
-### Install Windows 10
-
-> [!NOTE]
-> The VM will be booted to gather a hardware ID. Then it will be reset. The goal in the next few steps is to get to the desktop quickly, so don't worry about how it's configured at this stage. The VM only needs to be connected to the internet.
-
-Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples:
-
-   ![Windows setup example 1](images/winsetup1.png)
-
-   ![Windows setup example 2](images/winsetup2.png)
-
-   ![Windows setup example 3](images/winsetup3.png)
-
-   ![Windows setup example 4](images/winsetup4.png)
-
-   ![Windows setup example 5](images/winsetup5.png)
-
-   ![Windows setup example 6](images/winsetup6.png)
-
-After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This option offers the fastest way to the desktop. For example:
-
-   ![Windows setup example 7.](images/winsetup7.png)
-
-Once the installation is complete, sign in, and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
-
-   > [!div class="mx-imgBorder"]
-   > ![Windows setup example 8.](images/winsetup8.png)
-
-To create a checkpoint, open an elevated Windows PowerShell prompt on the computer running Hyper-V (not on the VM), and then run the following command:
-
-```powershell
-Checkpoint-VM -Name WindowsAutopilot -SnapshotName "Finished Windows install"
-```
-
-Select the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see **Finished Windows Install** listed in the Checkpoints pane.
-
-## Capture the hardware ID
-
-> [!NOTE]
-> Normally, the Device ID is captured by the OEM as they run the OA3 Tool on each device in the factory. The OEM then submits the 4K HH created by the OA3 Tool to Microsoft by submitting it with a Computer Build Report (CBR). For the purposes of this lab, you're acting as the OEM (capturing the 4K HH), but you're not going to use the OA3 Tool to capture the full 4K HH for various reasons (you'd have to install the OA3 tool, your device couldn't have a volume license version of Windows, it's a more complicated process than using a PowerShell script, etc.).  Instead, you'll simulate running the OA3 tool by running a PowerShell script, which captures the device 4K HH just like the OA3 tool.
-
-Follow these steps to run the PowerShell script:
-
-1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device:
-
-    ```powershell
-    New-Item -Type Directory -Path "C:\HWID"
-    Set-Location C:\HWID
-    Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
-    Install-Script -Name Get-WindowsAutopilotInfo -Force
-    $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
-    Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv
-    ```
-
-1. When you're prompted to install the NuGet package, choose **Yes**.
-
-   See the sample output below.  A **dir** command is issued at the end to show the file that was created.
-
-    ```console
-    PS C:\> md c:\HWID
-    
-         Directory: C:\
-    
-    
-    Mode                 LastWriteTime         Length Name
-    ----                 -------------         ------ ----
-    d-----        11/13/2020   3:00 PM                HWID
-    
-    
-    PS C:\Windows\system32> Set-Location c:\HWID
-    PS C:\HWID> Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
-    PS C:\HWID> Install-Script -Name Get-WindowsAutopilotInfo -Force
-    
-    NuGet provider is required to continue
-    PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet
-     provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
-    'C:\Users\user1\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running
-     'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and
-    import the NuGet provider now?
-    [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y
-    PS C:\HWID> $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
-    PS C:\HWID> Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
-    Gathered details for device with serial number: 1804-7078-6805-7405-0796-0675-17
-    PS C:\HWID> dir
-    
-    
-        Directory: C:\HWID
-    
-    
-    Mode                 LastWriteTime         Length Name
-    ----                 -------------         ------ ----
-    -a----        11/13/2020   3:01 PM           8184 AutopilotHWID.csv
-    
-    
-    PS C:\HWID>
-    ```
-
-1. Verify that there's an **AutopilotHWID.csv** file in the **c:\HWID** directory that's about 8 KB in size. This file contains the complete 4K HH.
-
-   > [!NOTE]
-   > Although the .csv extension might be associated with Microsoft Excel, you cannot view the file properly by double-clicking it. To correctly parse the comma delimiters and view the file in Excel, you must use the **Data** > **From Text/CSV** function in Excel to import the appropriate data columns. You don't need to view the file in Excel unless you're curious. The file format is validated when it's imported into Autopilot. Here's an example of the data in this file:
-
-   ![Serial number and hardware hash.](images/hwid.png)
-
-   You'll need to upload this data into Intune to register your device for Autopilot. So, the next step is to transfer this file to the computer you'll use to access the Azure portal. If you're using a physical device instead of a VM, you can copy the file to a USB drive. If you're using a VM, you can right-click the **AutopilotHWID.csv** file and copy it. Then right-click and paste the file to your desktop (outside the VM).
-
-   If you have trouble copying and pasting the file, just view the contents in Notepad on the VM, and then copy the text into Notepad outside the VM. Don't use another text editor.
-
-   > [!NOTE]
-   > When copying and pasting to or from VMs, avoid selecting other things with your mouse cursor in between the copy and paste process. Doing so can empty or overwrite the clipboard and require that you start over. Go directly from copy to paste.
-
-## Reset the VM back to Out-Of-Box-Experience (OOBE)
-
-With the hardware ID captured in a file, prepare your VM for Windows Autopilot deployment by resetting it back to OOBE.
-
-1. On the Virtual Machine, go to **Settings > Update & Security > Recovery** and select **Get started** under **Reset this PC**.
-1. Select **Remove everything**. On **How would you like to reinstall Windows**, select **Local reinstall**.
-1. Finally, select **Reset**.
-
-![Reset this PC final prompt.](images/autopilot-reset-prompt.jpg)
-
-Resetting the VM or device can take a while. Proceed to the next step (verify subscription level) during the reset process.
-
-![Reset this PC screen capture.](images/autopilot-reset-progress.jpg)
-
-## Verify subscription level
-
-For this lab, you need an Azure AD Premium subscription. To tell if you have a Premium subscription, go to [MDM enrollment configuration](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) in the Azure portal. See the following example:
-
-**Azure Active Directory** > **Mobility (MDM and MAM)** > **Microsoft Intune**
-
-![MDM and Intune.](images/mdm-intune2.png)
-
-If this configuration doesn't appear, it's likely that you don't have a **Premium** subscription.  Auto-enrollment is a feature only available in Azure AD Premium.
-
-To convert your Intune trial account to a free Premium trial account, go to **Azure Active Directory** > **Licenses** > **All products** > **Try / Buy** and select **Free trial** for Azure AD Premium, or EMS E5.
-
-![License conversion option.](images/aad-lic1.png)
-
-## Configure company branding
-
-If you already have company branding configured in Azure AD, you can skip this step.
-
-> [!IMPORTANT]
-> Make sure to sign-in with a Global Administrator account.
-
-Go to [Company branding in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding), select **Configure**, and then configure any type of company branding you'd like to see during the OOBE.
-
-![Configure company branding.](images/branding.png)
-
-When you're finished, select **Save**.
-
-> [!NOTE]
-> Changes to company branding can take up to 30 minutes to apply.
-
-## Configure Microsoft Intune auto-enrollment
-
-If you already have MDM auto-enrollment configured in Azure AD, you can skip this step.
-
-Open [Mobility (MDM and MAM) in Azure Active Directory](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Mobility) and select **Microsoft Intune**. If you don't see Microsoft Intune, select **Add application** and choose **Intune**.
-
-For the purposes of this demo, select **All** under the **MDM user scope** and select **Save**.
-
-![MDM user scope in the Mobility blade.](images/ap-aad-mdm.png)
-
-## Register your VM
-
-Your VM (or device) can be registered either via Intune or Microsoft Store for Business (MSfB).  Both processes are shown here, but *only pick one* for the purposes of this lab. It's highly recommended that you use Intune rather than Microsoft Store for Business.
-
-### Autopilot registration using Intune
-
-1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
-
-    ![Intune device import.](images/enroll1.png)
-
-    > [!NOTE]
-    > If menu items like **Windows enrollment** aren't active for you, look to the far-right blade in the UI. You might need to provide Intune configuration privileges in a challenge window that appears.
-
-2. Under **Add Windows Autopilot devices** in the far-right pane, go to the **AutopilotHWID.csv** file you previously copied to your local computer. The file should contain the serial number and 4K HH of your VM (or device). It's okay if other fields (Windows Product ID) are left blank.
-
-    ![HWID CSV.](images/enroll2.png)
-
-    You should receive confirmation that the file is formatted correctly before you upload it, as shown above.
-
-3. Select **Import** and wait until the import process completes. This action can take up to 15 minutes.
-
-4. Select **Refresh** to verify your VM or device is added. See the following example.
-
-   ![Import HWID.](images/enroll3.png)
-
-### Autopilot registration using MSfB
-
-> [!IMPORTANT]
-> If you've already registered your VM (or device) using Intune, then skip this step.
-
-First, you need a Microsoft Store for Business account. You can use the same one you created above for Intune, or follow [these instructions](/microsoft-store/windows-store-for-business-overview) to create a new one.
-
-Next, to sign in to [Microsoft Store for Business](https://businessstore.microsoft.com/store) with your test account,  select **Sign in** on the upper-right-corner of the main page.
-
-Select **Manage** from the top menu, then select the **Windows Autopilot Deployment Program** link under the **Devices** card. See the following example:
-
-![Microsoft Store for Business.](images/msfb.png)
-
-Select the **Add devices** link to upload your CSV file. A message appears that indicates your request is being processed. Wait a few moments before refreshing to see that your new device is added.
-
-![Microsoft Store for Business Devices.](images/msfb-device.png)
-
-## Create and assign a Windows Autopilot deployment profile
-
-> [!IMPORTANT]
-> Autopilot profiles can be created and assigned to your registered VM or device either through Intune or Microsoft Store for Business. Both processes are shown here, but only *pick one for the purposes of this lab*:
-
-Pick one:
-- [Create profiles using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
-- [Create profiles using Microsoft Store for Business](#create-a-windows-autopilot-deployment-profile-using-msfb)
-
-### Create a Windows Autopilot deployment profile using Intune
-
-> [!NOTE]
-> Even if you registered your device in Microsoft Store for Business, it still appears in Intune. Although, you might have to **sync** and then **refresh** your device list.
-
-![Devices.](images/enroll4.png)
-
-#### Create a device group
-
-The Autopilot deployment profile wizard asks for a device group, so you must create one first. To create a device group:
-
-1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Groups** > **New group**.
-
-2. In the **Group** pane:
-    1. For **Group type**, choose **Security**.
-    2. Type a **Group name** and **Group description** (ex: Autopilot Lab).
-    3. Azure AD roles can be assigned to the group: **No**
-    4. For **Membership type**, choose **Assigned**.
-
-3. Select **Members** and add the Autopilot VM to the group. See the following example:
-
-   > [!div class="mx-imgBorder"]
-   > ![add members.](images/group1.png)
-
-4. Select **Create**.
-
-#### Create the deployment profile
-
-To create a Windows Autopilot profile, scroll back to the left-side pane and select **Devices**. Then, under **Enroll devices | Windows enrollment** select **Deployment Profiles**.
-
-> [!div class="mx-imgBorder"]
-> ![Deployment profiles.](images/dp.png)
-
-Select **Create profile** and then select **Windows PC**.
-
-> [!div class="mx-imgBorder"]
-> ![Create deployment profile.](images/create-profile.png)
-
-On the **Create profile** pane, use the following values:
-
-| Setting | Value |
-|---|---|
-| Name | Autopilot Lab profile |
-| Description | Lab |
-| Convert all targeted devices to Autopilot | No |
-
-Select **Next** to continue with the **Out-of-box experience (OOBE)** settings:
-
-| Setting | Value |
-|---|---|
-| Deployment mode | User-driven |
-| Join to Azure AD as | Azure AD joined |
-| Microsoft Software License Terms | Hide |
-| Privacy Settings | Hide |
-| Hide change account options | Hide |
-| User account type | Standard |
-| Allow pre-provisioned deployment | No |
-| Language (Region) | Operating system default |
-| Automatically configure keyboard | Yes |
-| Apply device name template | No |
-
-Select **Next** to continue with the **Assignments** settings:
-
-| Setting | Value |
-|---|---|
-| Assign to | Selected groups |
-
-1. Select **Select groups to include**.
-2. Select the **Autopilot Lab** group, and then choose **Select**.
-3. Select **Next** to continue, and then select **Create**. See the following example:
-
-![Deployment profile.](images/profile.png)
-
-Select **OK**, and then select **Create**.
-
-> [!NOTE]
-> If you want to add an app to your profile via Intune, use the *optional* steps in [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile).
-
-### Create a Windows Autopilot deployment profile using MSfB
-
-If you already created and assigned a profile via Intune with the steps immediately above, then skip this section.
-
-First, sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com/manage/dashboard) using the Intune account you initially created for this lab.
-
-Select **Manage** from the top menu, then select **Devices** from the left navigation tree.
-
-![Microsoft Store for Business manage.](images/msfb-manage.png)
-
-Select the **Windows Autopilot Deployment Program** link in the **Devices** tile.
-
-To CREATE the profile:
-
-Select your device from the **Devices** list:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business create step 1.](images/msfb-create1.png)
-
-On the Autopilot deployment dropdown menu, select **Create new profile**:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business create step 2.](images/msfb-create2.png)
-
-Name the profile, choose your desired settings, and then select **Create**:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business create step 3.](images/msfb-create3.png)
-
-The new profile is added to the Autopilot deployment list.
-
-To ASSIGN the profile:
-
-To assign (or reassign) the profile to a device, select the checkboxes next to the device you registered for this lab. Then, select the profile you want to assign from the **Autopilot deployment** dropdown menu, as shown:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business assign step 1.](images/msfb-assign1.png)
-
-To confirm the profile was successfully assigned to the intended device, check the contents of the **Profile** column:
-
-> [!div class="mx-imgBorder"]
-> ![Microsoft Store for Business assign step 2.](images/msfb-assign2.png)
-
-> [!IMPORTANT]
-> The new profile is only applied if the device hasn't started and gone through OOBE. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device.
-
-## See Windows Autopilot in action
-
-If you shut down your VM after the last reset, start it again. Then it can progress through the Autopilot OOBE experience. However, don't attempt to start your device again until the **PROFILE STATUS** for your device in Intune is changed from **Not assigned** to **Assigning**, and finally to **Assigned**:
-
-> [!div class="mx-imgBorder"]
-> ![Device status.](images/device-status.png)
-
-Also, make sure to wait at least 30 minutes from the time you've [configured company branding](#configure-company-branding). Otherwise, these changes might not show up.
-
-> [!TIP]
-> If you reset your device previously, after collecting the 4K HH info, let it restart back to the first OOBE screen. Then you might need to restart the device again to make sure the device is recognized as an Autopilot device and displays the Autopilot OOBE experience you're expecting. If you don't see the Autopilot OOBE experience, then reset the device again (**Settings** > **Update & Security** > **Recovery** and select **Get started**.  Under **Reset this PC**, select **Remove everything and Just remove my files**. Select **Reset**).
-
-1. Make sure your device has an internet connection.
-1. Turn on the device.
-1. Verify that the appropriate OOBE screens (with appropriate Company Branding) appear. You should see the region selection screen, the keyboard selection screen, and the second keyboard selection screen (which you can skip).
-
-![OOBE sign-in page.](images/autopilot-oobe.png)
-
-After the device loads the desktop, the device should show up in Intune as an **enabled** Autopilot device. Go to the Intune portal, and select **Devices > All devices**. Then **Refresh** the data to verify that your device has changed to an enabled state, and the name of the device is updated.
-
-> [!div class="mx-imgBorder"]
-> ![Device enabled.](images/devices1.png)
-
-Once you select a language and a keyboard layout, your company branded sign-in screen should appear. Provide your Azure AD credentials. Then you're all done.
-
-> [!TIP]
-> If you receive a message that "Something went wrong" and it "Looks like we can't connect to the URL for your organization's MDM terms of use", verify that you correctly [assigned licenses](/mem/intune/fundamentals/licenses-assign) to the current user.
-
-Windows Autopilot takes over to automatically join your device into Azure AD and enroll it into Microsoft Intune. Use the checkpoint you've created to go through this process again with different settings.
-
-## Remove devices from Autopilot
-
-To use the device (or VM) for other purposes after completion of this lab, you need to remove (deregister) it from Autopilot via either Intune or Microsoft Store for Business, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](/intune/enrollment-autopilot#create-an-autopilot-device-group), [Remove devices by using wipe, retire, or manually unenrolling the device](/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal), and below.
-
-### Delete (deregister) Autopilot device
-
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), sign into the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), then go to **Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
-
-> [!div class="mx-imgBorder"]
-> ![Delete device step 1.](images/delete-device1.png)
-
-This action removes the device from Intune management, and it will disappear from **Intune > Devices > All devices**. But this action doesn't yet deregister the device from Autopilot. So, the device should still appear under **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices**.
-
-The **Intune > Devices > All Devices** list and the **Intune > Device Enrollment > Windows Enrollment > Windows Autopilot Deployment Program > Devices** list mean different things and are two separate datastores. The former (All devices) is the list of devices currently enrolled into Intune.
-
-> [!NOTE]
-> A device only appears in the **All devices** list once it has booted. The latter (**Windows Autopilot Deployment Program** > **Devices**) is the list of devices currently registered from that Intune account into the Autopilot program - which may or may not be enrolled to Intune.
-
-To remove the device from the Autopilot program, select the device, and then select **Delete**. A pop-up dialog box appears to confirm deletion.
-
-> [!div class="mx-imgBorder"]
-> ![Delete device.](images/delete-device2.png)
-
-At this point, your device is unenrolled from Intune and also deregistered from Autopilot. After several minutes, select the **Sync** button, followed by the **Refresh** button to confirm the device is no longer listed in the Autopilot program.
-
-Once the device no longer appears, you're free to reuse it for other purposes.
-
-If you also (optionally) want to remove your device from Azure AD, go to **Azure Active Directory > Devices > All Devices**, select your device, and then select the **Delete** button:
-
-## Appendix A: Verify support for Hyper-V
-
-Starting with Windows 8, the host computer's microprocessor must support second level address translation (SLAT) to install Hyper-V. See [Hyper-V: List of SLAT-Capable CPUs for Hosts](https://social.technet.microsoft.com/wiki/contents/articles/1401.hyper-v-list-of-slat-capable-cpus-for-hosts.aspx) for more information.
-
-To verify your computer supports SLAT, open an administrator command prompt,  type **systeminfo**, press **ENTER**, scroll down, and review the section displayed at the bottom of the output, next to Hyper-V Requirements. See the following example:
-
-```console
-C:>systeminfo
-
-...
-Hyper-V Requirements:      VM Monitor Mode Extensions: Yes
-                           Virtualization Enabled In Firmware: Yes
-                           Second Level Address Translation: Yes
-                           Data Execution Prevention Available: Yes
-```
-
-In this example, the computer supports SLAT and Hyper-V.
-
-> [!NOTE]
-> If one or more requirements are evaluated as **No** then the computer doesn't support installing Hyper-V. However, if only the virtualization setting is incompatible, you might be able to enable virtualization in the BIOS and change the **Virtualization Enabled In Firmware** setting from **No** to **Yes**. The location of this setting depends on the manufacturer and BIOS version, but is typically found associated with the BIOS security settings.
-
-You can also identify Hyper-V support using [tools](/archive/blogs/taylorb/hyper-v-will-my-computer-run-hyper-v-detecting-intel-vt-and-amd-v) provided by the processor manufacturer, the [msinfo32](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731397(v=ws.11)) tool, or you can download the [Coreinfo](/sysinternals/downloads/coreinfo) utility and run it, as shown in the following example:
-
-```console
-C:>coreinfo -v
-
-Coreinfo v3.31 - Dump information on system CPU and memory topology
-Copyright (C) 2008-2014 Mark Russinovich
-Sysinternals - www.sysinternals.com
-
-Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
-Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
-Microcode signature: 0000001B
-HYPERVISOR      -       Hypervisor is present
-VMX             *       Supports Intel hardware-assisted virtualization
-EPT             *       Supports Intel extended page tables (SLAT)
-```
-
-> [!NOTE]
-> A 64-bit operating system is required to run Hyper-V.
-
-## Appendix B: Adding apps to your profile
-
-### Add a Win32 app
-
-#### Prepare the app for Intune
-
-Before you can pull an application into Intune to make it part of your AP profile, you need to "package" the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool). After downloading the tool, gather the following information to use the tool:
-
-1. The source folder for your application
-2. The name of the setup executable file
-3. The output folder for the new file
-
-For the purposes of this lab, we'll use the Notepad++ tool as the Win32 app.
-
-Download the [Notepad++ msi package](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available), and then copy the file to a known location, such as C:\Notepad++msi.
-
-Run the IntuneWinAppUtil tool, supplying answers to the three questions, for example:
-
-> [!div class="mx-imgBorder"]
-> ![Add app example.](images/app01.png)
-
-After the tool finishes running, you should have an `.intunewin` file in the Output folder. You can upload the file into Intune by using the following steps.
-
-#### Create app in Intune
-
-Sign in to the Azure portal, and then select **Intune**.
-
-Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
-
-![Add app step 1.](images/app02.png)
-
-Under **App Type**, select **Windows app (Win32)**:
-
-![Add app step 2.](images/app03.png)
-
-On the **App package file** pane, browse to the `npp.7.6.3.installer.x64.intunewin` file in your output folder, open it, then select **OK**:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 3.](images/app04.png)
-
-On the **App Information Configure** pane, provide a friendly name, description, and publisher, such as:
-
-![Add app step 4.](images/app05.png)
-
-On the **Program Configuration** pane, supply the install and uninstall commands:
-
-```console
-Install:  msiexec /i "npp.7.6.3.installer.x64.msi" /q
-Uninstall:  msiexec /x "{F188A506-C3C6-4411-BE3A-DA5BF1EA6737}" /q
-```
-
-> [!NOTE]
-> Likely, you don't have to write the install and uninstall commands yourself because the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool) automatically generated them when it converted the .msi file into a .intunewin file.
-
-![Add app step 5.](images/app06.png)
-
-Simply using an install command like `notepad++.exe /S` doesn't actually install Notepad++. It only launches the app. To install the program, you need to use the `.msi` file instead. Notepad++ doesn't have an MSI version of their program, but there's an MSI version from a [third party provider](https://www.hass.de/content/notepad-msi-package-enterprise-deployment-available).
-
-Select **OK** to save your input and activate the **Requirements** pane.
-
-On the **Requirements Configuration** pane, specify the **OS architecture** and the **Minimum OS version**:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 6.](images/app07.png)
-
-Next, configure the **Detection rules**. For the purposes of this lab, select manual format:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 7.](images/app08.png)
-
-Select **Add** to define the rule properties. For **Rule type**, select **MSI**, which automatically imports the correct MSI product code into the rule:
-
-![Add app step 8.](images/app09.png)
-
-Select **OK** twice to save, as you back out to the main **Add app** pane again for the final configuration.
-
-**Return codes**: For the purposes of this lab, leave the return codes at their default values:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 9.](images/app10.png)
-
-Select **OK** to exit.
-
-You can skip configuring the final **Scope (Tags)** pane.
-
-Select the **Add** button to finalize and save your app package.
-
-Wait for indicator message that says the addition has completed.
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 10.](images/app11.png)
-
-Find your app in your app list:
-
-> [!div class="mx-imgBorder"]
-> ![Add app step 11.](images/app12.png)
-
-#### Assign the app to your Intune profile
-
-> [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
-
-In the **Intune > Client Apps > Apps** pane, select the app package you already created to reveal its properties pane. Then select **Assignments** from the menu:
-
-> [!div class="mx-imgBorder"]
-> ![Assign app step 1.](images/app13.png)
-
-Select **Add Group** to open the **Add group** pane that's related to the app.
-
-For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
-
-> [!NOTE]
-> **Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
-
-Select **Included Groups** and assign the groups you previously created that will use this app:
-
-![Assign app step 2.](images/app14.png)
-
-> [!div class="mx-imgBorder"]
-> ![Assign app step 3.](images/app15.png)
-
-In the **Select groups** pane, choose the **Select** button.
-
-In the **Assign group** pane, select **OK**.
-
-In the **Add group** pane, select **OK**.
-
-In the app **Assignments** pane, select **Save**.
-
-> [!div class="mx-imgBorder"]
-> ![Assign app step 4.](images/app16.png)
-
-At this point, you have completed steps to add a Win32 app to Intune.
-
-For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management).
-
-### Add Microsoft 365 Apps
-
-#### Create app in Microsoft Intune
-
-Sign in to the Azure portal and select **Intune**.
-
-Go to **Intune > Clients apps > Apps**, and then select the **Add** button to create a new app package.
-
-![Create app step 1.](images/app17.png)
-
-Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**:
-
-![Create app step 2.](images/app18.png)
-
-Under the **Configure App Suite** pane, select the Office apps you want to install. For the purposes of this lab, only select Excel:
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 3.](images/app19.png)
-
-Select **OK**.
-
-In the **App Suite Information** pane, enter a *unique* suite name, and a suitable description.
-
-Enter the name of the app suite as it's displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal.
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 4.](images/app20.png)
-
-Select **OK**.
-
-In the **App Suite Settings** pane, select **Monthly** for the **Update channel** (any selection is okay for the purposes of this lab).  Also select **Yes** for **Automatically accept the app end user license agreement**:
-
-![Create app step 5.](images/app21.png)
-
-Select **OK** and, then select **Add**.
-
-#### Assign the app to your Intune profile
-
-> [!NOTE]
-> The following steps only work if you previously [created a GROUP in Intune and assigned a profile to it](#create-a-device-group). If you haven't done that, return to the main part of the lab and complete those steps before returning here.
-
-In the **Intune > Client Apps > Apps** pane, select the Office package you already created to reveal its properties pane. Then select **Assignments** from the menu:
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 6.](images/app22.png)
-
-Select **Add Group** to open the **Add group** pane that's related to the app.
-
-For the purposes of this lab, select **Required** from the **Assignment type** dropdown menu.
-
-**Available for enrolled devices** means users install the app from the Company Portal app or Company Portal website.
-
-Select **Included Groups** and assign the groups you previously created that will use this app:
-
-![Create app step 7.](images/app23.png)
-
-> [!div class="mx-imgBorder"]
-> ![Create app step 8.](images/app24.png)
-
-In the **Select groups** pane, choose the **Select** button.
-
-In the **Assign group** pane, select **OK**.
-
-In the **Add group** pane, select **OK**.
-
-In the app **Assignments** pane, select **Save**.
-
-![Create app step 9.](images/app25.png)
-
-At this point, you have completed steps to add Office to Intune.
-
-For more information on adding Office apps to Intune, see [Assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365).
-
-If you installed both the win32 app (Notepad++) and Office (just Excel) per the instructions in this lab, your VM will show them in the apps list. It might take several minutes to populate.
-
-![Create app step 10.](images/app26.png)
-
-## Glossary
-
-|    | Description |
-|:---|:---|
-|**OEM** | Original Equipment Manufacturer |
-|**CSV** | Comma Separated Values |
-|**MPC** | Microsoft Partner Center |
-|**CSP** | Cloud Solution Provider |
-|**MSfB** | Microsoft Store for Business |
-|**Azure AD** | Azure Active Directory |
-|**4K HH** | 4K Hardware Hash |
-|**CBR** | Computer Build Report |
-|**EC** | Enterprise Commerce (server) |
-|**DDS** | Device Directory Service |
-|**OOBE** | Out of the Box Experience |
-|**VM** |Virtual Machine |
diff --git a/windows/deployment/windows-autopilot/images/aad-lic1.png b/windows/deployment/windows-autopilot/images/aad-lic1.png
deleted file mode 100644
index 569d601066..0000000000
Binary files a/windows/deployment/windows-autopilot/images/aad-lic1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/ap-aad-mdm.png b/windows/deployment/windows-autopilot/images/ap-aad-mdm.png
deleted file mode 100644
index ece310f978..0000000000
Binary files a/windows/deployment/windows-autopilot/images/ap-aad-mdm.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app01.png b/windows/deployment/windows-autopilot/images/app01.png
deleted file mode 100644
index f551c5ca68..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app01.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app02.png b/windows/deployment/windows-autopilot/images/app02.png
deleted file mode 100644
index e5036043cc..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app02.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app03.png b/windows/deployment/windows-autopilot/images/app03.png
deleted file mode 100644
index 63ef76b3f8..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app03.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app04.png b/windows/deployment/windows-autopilot/images/app04.png
deleted file mode 100644
index bd307c4a46..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app04.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app05.png b/windows/deployment/windows-autopilot/images/app05.png
deleted file mode 100644
index 83861dcd51..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app05.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app06.png b/windows/deployment/windows-autopilot/images/app06.png
deleted file mode 100644
index 9563e0514c..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app06.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app07.png b/windows/deployment/windows-autopilot/images/app07.png
deleted file mode 100644
index 59025e69fa..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app07.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app08.png b/windows/deployment/windows-autopilot/images/app08.png
deleted file mode 100644
index cea5edfc57..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app08.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app09.png b/windows/deployment/windows-autopilot/images/app09.png
deleted file mode 100644
index 250c85dd8a..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app09.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app10.png b/windows/deployment/windows-autopilot/images/app10.png
deleted file mode 100644
index 8d5af2ece1..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app10.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app11.png b/windows/deployment/windows-autopilot/images/app11.png
deleted file mode 100644
index 9ca5bc10eb..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app11.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app12.png b/windows/deployment/windows-autopilot/images/app12.png
deleted file mode 100644
index 3f82bf78a9..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app12.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app13.png b/windows/deployment/windows-autopilot/images/app13.png
deleted file mode 100644
index 2b499f4ec2..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app13.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app14.png b/windows/deployment/windows-autopilot/images/app14.png
deleted file mode 100644
index e809db6134..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app14.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app15.png b/windows/deployment/windows-autopilot/images/app15.png
deleted file mode 100644
index b85a96bf9e..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app15.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app16.png b/windows/deployment/windows-autopilot/images/app16.png
deleted file mode 100644
index f22f74a091..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app16.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app17.png b/windows/deployment/windows-autopilot/images/app17.png
deleted file mode 100644
index 5adfc9218f..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app17.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app18.png b/windows/deployment/windows-autopilot/images/app18.png
deleted file mode 100644
index 24c4b9f331..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app18.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app19.png b/windows/deployment/windows-autopilot/images/app19.png
deleted file mode 100644
index 281ba9fb40..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app19.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app20.png b/windows/deployment/windows-autopilot/images/app20.png
deleted file mode 100644
index a5a066b45e..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app20.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app21.png b/windows/deployment/windows-autopilot/images/app21.png
deleted file mode 100644
index d2e23f2db4..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app21.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app22.png b/windows/deployment/windows-autopilot/images/app22.png
deleted file mode 100644
index 4541a69204..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app22.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app23.png b/windows/deployment/windows-autopilot/images/app23.png
deleted file mode 100644
index 19b951c653..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app23.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app24.png b/windows/deployment/windows-autopilot/images/app24.png
deleted file mode 100644
index aa77e4083f..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app24.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app25.png b/windows/deployment/windows-autopilot/images/app25.png
deleted file mode 100644
index 544d1ae37a..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app25.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/app26.png b/windows/deployment/windows-autopilot/images/app26.png
deleted file mode 100644
index e210faa31b..0000000000
Binary files a/windows/deployment/windows-autopilot/images/app26.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/autopilot-oobe.png b/windows/deployment/windows-autopilot/images/autopilot-oobe.png
deleted file mode 100644
index 9cfea73377..0000000000
Binary files a/windows/deployment/windows-autopilot/images/autopilot-oobe.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/autopilot-reset-progress.jpg b/windows/deployment/windows-autopilot/images/autopilot-reset-progress.jpg
deleted file mode 100644
index dbf0e3b3ae..0000000000
Binary files a/windows/deployment/windows-autopilot/images/autopilot-reset-progress.jpg and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/autopilot-reset-prompt.jpg b/windows/deployment/windows-autopilot/images/autopilot-reset-prompt.jpg
deleted file mode 100644
index 9ed75a9db9..0000000000
Binary files a/windows/deployment/windows-autopilot/images/autopilot-reset-prompt.jpg and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/branding.png b/windows/deployment/windows-autopilot/images/branding.png
deleted file mode 100644
index 46dd37bc4a..0000000000
Binary files a/windows/deployment/windows-autopilot/images/branding.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/create-profile.png b/windows/deployment/windows-autopilot/images/create-profile.png
deleted file mode 100644
index d2816e9c89..0000000000
Binary files a/windows/deployment/windows-autopilot/images/create-profile.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/delete-device1.png b/windows/deployment/windows-autopilot/images/delete-device1.png
deleted file mode 100644
index 770c8e5b02..0000000000
Binary files a/windows/deployment/windows-autopilot/images/delete-device1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/delete-device2.png b/windows/deployment/windows-autopilot/images/delete-device2.png
deleted file mode 100644
index 188c72d67b..0000000000
Binary files a/windows/deployment/windows-autopilot/images/delete-device2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/device-status.png b/windows/deployment/windows-autopilot/images/device-status.png
deleted file mode 100644
index a5627040ec..0000000000
Binary files a/windows/deployment/windows-autopilot/images/device-status.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/devices1.png b/windows/deployment/windows-autopilot/images/devices1.png
deleted file mode 100644
index 459aa19c69..0000000000
Binary files a/windows/deployment/windows-autopilot/images/devices1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/dp.png b/windows/deployment/windows-autopilot/images/dp.png
deleted file mode 100644
index a133c72491..0000000000
Binary files a/windows/deployment/windows-autopilot/images/dp.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/enroll1.png b/windows/deployment/windows-autopilot/images/enroll1.png
deleted file mode 100644
index 4bc9be72bb..0000000000
Binary files a/windows/deployment/windows-autopilot/images/enroll1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/enroll2.png b/windows/deployment/windows-autopilot/images/enroll2.png
deleted file mode 100644
index 62e7344da1..0000000000
Binary files a/windows/deployment/windows-autopilot/images/enroll2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/enroll3.png b/windows/deployment/windows-autopilot/images/enroll3.png
deleted file mode 100644
index 3501d5036c..0000000000
Binary files a/windows/deployment/windows-autopilot/images/enroll3.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/enroll4.png b/windows/deployment/windows-autopilot/images/enroll4.png
deleted file mode 100644
index fc7215b68f..0000000000
Binary files a/windows/deployment/windows-autopilot/images/enroll4.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/group1.png b/windows/deployment/windows-autopilot/images/group1.png
deleted file mode 100644
index 2ccc8db248..0000000000
Binary files a/windows/deployment/windows-autopilot/images/group1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/hwid.png b/windows/deployment/windows-autopilot/images/hwid.png
deleted file mode 100644
index fcc73fa0b0..0000000000
Binary files a/windows/deployment/windows-autopilot/images/hwid.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/hyper-v-feature.png b/windows/deployment/windows-autopilot/images/hyper-v-feature.png
deleted file mode 100644
index d7293d808e..0000000000
Binary files a/windows/deployment/windows-autopilot/images/hyper-v-feature.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/mdm-intune2.png b/windows/deployment/windows-autopilot/images/mdm-intune2.png
deleted file mode 100644
index d464863f37..0000000000
Binary files a/windows/deployment/windows-autopilot/images/mdm-intune2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-assign1.png b/windows/deployment/windows-autopilot/images/msfb-assign1.png
deleted file mode 100644
index c1e8e27e21..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-assign1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-assign2.png b/windows/deployment/windows-autopilot/images/msfb-assign2.png
deleted file mode 100644
index fd3be16853..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-assign2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-create1.png b/windows/deployment/windows-autopilot/images/msfb-create1.png
deleted file mode 100644
index f76aa82991..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-create1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-create2.png b/windows/deployment/windows-autopilot/images/msfb-create2.png
deleted file mode 100644
index ec6c260fcd..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-create2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-create3.png b/windows/deployment/windows-autopilot/images/msfb-create3.png
deleted file mode 100644
index a6241fb5ea..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-create3.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-device.png b/windows/deployment/windows-autopilot/images/msfb-device.png
deleted file mode 100644
index d338056013..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-device.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb-manage.png b/windows/deployment/windows-autopilot/images/msfb-manage.png
deleted file mode 100644
index 9bf684d844..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb-manage.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/msfb.png b/windows/deployment/windows-autopilot/images/msfb.png
deleted file mode 100644
index af937c2c5f..0000000000
Binary files a/windows/deployment/windows-autopilot/images/msfb.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/profile.png b/windows/deployment/windows-autopilot/images/profile.png
deleted file mode 100644
index 1c6c734a74..0000000000
Binary files a/windows/deployment/windows-autopilot/images/profile.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/svr_mgr2.png b/windows/deployment/windows-autopilot/images/svr_mgr2.png
deleted file mode 100644
index dd2e6737c6..0000000000
Binary files a/windows/deployment/windows-autopilot/images/svr_mgr2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup1.png b/windows/deployment/windows-autopilot/images/winsetup1.png
deleted file mode 100644
index c8048256c4..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup1.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup2.png b/windows/deployment/windows-autopilot/images/winsetup2.png
deleted file mode 100644
index 43db844334..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup2.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup3.png b/windows/deployment/windows-autopilot/images/winsetup3.png
deleted file mode 100644
index dbea3969de..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup3.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup4.png b/windows/deployment/windows-autopilot/images/winsetup4.png
deleted file mode 100644
index 1121b1dff5..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup4.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup5.png b/windows/deployment/windows-autopilot/images/winsetup5.png
deleted file mode 100644
index 2757253097..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup5.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup6.png b/windows/deployment/windows-autopilot/images/winsetup6.png
deleted file mode 100644
index e91843e1ff..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup6.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup7.png b/windows/deployment/windows-autopilot/images/winsetup7.png
deleted file mode 100644
index dadf85485e..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup7.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/images/winsetup8.png b/windows/deployment/windows-autopilot/images/winsetup8.png
deleted file mode 100644
index 9d7a499db0..0000000000
Binary files a/windows/deployment/windows-autopilot/images/winsetup8.png and /dev/null differ
diff --git a/windows/deployment/windows-autopilot/index.yml b/windows/deployment/windows-autopilot/index.yml
deleted file mode 100644
index 78ac058a36..0000000000
--- a/windows/deployment/windows-autopilot/index.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-### YamlMime:Landing
-
-title: Windows Autopilot deployment resources and documentation # < 60 chars
-summary: 'Note: Windows Autopilot documentation has moved! A few more resources will also be available here. For more information, see the links on this page.'  # < 160 chars
-
-metadata:
-  title: Windows Autopilot deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Learn about deploying Windows 10 and keeping it up to date in your organization. # Required; article description that is displayed in search results. < 160 chars.
-  ms.topic: landing-page
-  ms.prod: windows-client
-  ms.technology: itpro-deploy
-  ms.collection:
-    - highpri
-    - tier1
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  ms.date: 10/28/2022
-  localization_priority: medium
-    
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
-
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb 
-  # Card
-  - title: Overview
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Overview of Windows Autopilot
-            url:  /mem/autopilot/windows-autopilot
-
-              # Card
-  - title: Tutorials
-    linkLists:
-      - linkListType: get-started
-        links:
-          - text: Demonstrate Windows Autopilot deployment
-            url: demonstrate-deployment-on-vm.md
\ No newline at end of file
diff --git a/windows/hub/TOC.yml b/windows/hub/TOC.yml
deleted file mode 100644
index a199923b84..0000000000
--- a/windows/hub/TOC.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-- name: Windows
-  href: index.yml
-  items: 
-    - name: What's new
-      expanded: true
-      items:
-        - name: What's new in Windows
-          href: /windows/whats-new
-        - name: Windows 11
-          href: /windows/whats-new/windows-11
-    - name: Release information
-      href: /windows/release-health
-    - name: Deployment
-      href: /windows/deployment
-    - name: Configuration
-      href: /windows/configuration
-    - name: Client management
-      href: /windows/client-management
-    - name: Application management
-      href: /windows/application-management
-    - name: Security
-      href: /windows/security
-    - name: Privacy
-      href: /windows/privacy
-    - name: Troubleshooting
-      href: /windows/client-management/windows-10-support-solutions
-    - name: Previous Windows versions
-      href: /previous-versions/windows
diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml
index c63d6831df..b8fb1254fb 100644
--- a/windows/hub/breadcrumb/toc.yml
+++ b/windows/hub/breadcrumb/toc.yml
@@ -37,21 +37,31 @@ items:
             tocHref: /windows/security/
             topicHref: /windows/security/
             items:
-              - name: Windows Hello for Business
-                tocHref: /windows/security/identity-protection/hello-for-business/
-                topicHref: /windows/security/identity-protection/hello-for-business/
+              - name: Hardware security
+                tocHref: /windows/security/hardware-security/
+                topicHref: /windows/security/hardware-security/
+              - name: Operating system security
+                tocHref: /windows/security/operating-system-security/
+                topicHref: /windows/security/operating-system-security/
+              - name: Identity protection
+                tocHref: /windows/security/identity-protection/
+                topicHref: /windows/security/identity-protection/
+              - name: Application security
+                tocHref: /windows/security/application-security/
+                topicHref: /windows/security/application-security/
+                items:
+                  - name: Application Control for Windows
+                    tocHref: /windows/security/application-security/application-control/windows-defender-application-control/
+                    topicHref: /windows/security/application-security/application-control/windows-defender-application-control/
+                  - name: Microsoft Defender Application Guard
+                    tocHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/
+                    topicHref: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
+              - name: Security foundations
+                tocHref: /windows/security/security-foundations/
+                topicHref: /windows/security/security-foundations/
               - name: Security auditing
                 tocHref: /windows/security/threat-protection/auditing/
                 topicHref: /windows/security/threat-protection/auditing/security-auditing-overview
-              - name: Microsoft Defender Application Guard
-                tocHref: /windows/security/threat-protection/microsoft-defender-application-guard/
-                topicHref: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
               - name: Security policy settings
                 tocHref: /windows/security/threat-protection/security-policy-settings/
-                topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings
-              - name: Application Control for Windows
-                tocHref: /windows/security/threat-protection/windows-defender-application-control/
-                topicHref: /windows/security/threat-protection/windows-defender-application-control/
-              - name: Windows Defender Firewall
-                tocHref: /windows/security/threat-protection/windows-firewall/
-                topicHref: /windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security
+                topicHref: /windows/security/threat-protection/security-policy-settings/security-policy-settings
\ No newline at end of file
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 69745dbbf6..404d7adbfb 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -40,7 +40,7 @@
       ],
       "audience": "ITPro",
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "ms.technology": "itpro-fundamentals",
       "ms.topic": "article",
       "feedback_system": "GitHub",
diff --git a/windows/hub/images/W10-WaaS-poster-old.PNG b/windows/hub/images/W10-WaaS-poster-old.PNG
deleted file mode 100644
index d3887faf89..0000000000
Binary files a/windows/hub/images/W10-WaaS-poster-old.PNG and /dev/null differ
diff --git a/windows/hub/images/W10-WaaS-poster.PNG b/windows/hub/images/W10-WaaS-poster.PNG
deleted file mode 100644
index de2251a9f2..0000000000
Binary files a/windows/hub/images/W10-WaaS-poster.PNG and /dev/null differ
diff --git a/windows/hub/images/accessprotection.png b/windows/hub/images/accessprotection.png
deleted file mode 100644
index 0cbd9bcda9..0000000000
Binary files a/windows/hub/images/accessprotection.png and /dev/null differ
diff --git a/windows/hub/images/accessprotection.svg b/windows/hub/images/accessprotection.svg
deleted file mode 100644
index 47a0c1848e..0000000000
--- a/windows/hub/images/accessprotection.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3,.cls-4{fill:none;stroke:#0070c0;stroke-miterlimit:10;}.cls-3{stroke-width:3.02px;}.cls-4{stroke-width:3px;}</style></defs><title>AccessProtection</title><g id="Icons"><polygon class="cls-2" points="52.5 18 36 18 36 1.5 39 1.5 39 15 52.5 15 52.5 18"/><path class="cls-2" d="M9,57V3H36.88L51,17.12V28.2a10.09,10.09,0,0,1,3,1.15V15.88L38.12,0H6V60H35V57Z"/><rect class="cls-3" x="39.5" y="43.5" width="19" height="15"/><path class="cls-4" d="M43.5,43.5V38a5.5,5.5,0,0,1,11,0v5.5"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/applicationmanagement.png b/windows/hub/images/applicationmanagement.png
deleted file mode 100644
index e29d74d946..0000000000
Binary files a/windows/hub/images/applicationmanagement.png and /dev/null differ
diff --git a/windows/hub/images/applicationmanagement.svg b/windows/hub/images/applicationmanagement.svg
deleted file mode 100644
index 588bc44538..0000000000
--- a/windows/hub/images/applicationmanagement.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>ApplicationManagement</title><g id="Icons"><polyline class="cls-2" points="50.75 46.5 58.5 46.5 58.5 5.5 9.5 5.5 9.5 13.5"/><rect class="cls-2" x="1.5" y="13.5" width="49" height="41"/><line class="cls-2" x1="1.5" y1="21.5" x2="50.5" y2="21.5"/><rect class="cls-2" x="8.5" y="28.5" width="16" height="19"/><line class="cls-2" x1="30" y1="28.5" x2="45" y2="28.5"/><line class="cls-2" x1="30" y1="36.5" x2="45" y2="36.5"/><line class="cls-2" x1="30" y1="44.5" x2="40" y2="44.5"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/clientmanagement.png b/windows/hub/images/clientmanagement.png
deleted file mode 100644
index f392cc3081..0000000000
Binary files a/windows/hub/images/clientmanagement.png and /dev/null differ
diff --git a/windows/hub/images/clientmanagement.svg b/windows/hub/images/clientmanagement.svg
deleted file mode 100644
index eccf7ed372..0000000000
--- a/windows/hub/images/clientmanagement.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}.cls-3{fill:#0070c0;}</style></defs><title>ClientManagement</title><g id="Icons"><path class="cls-2" d="M1.5,48.5a2.09,2.09,0,0,0,2,2h53a2.09,2.09,0,0,0,2-2,5.1,5.1,0,0,0-.84-3l-6.16-7H8.5l-6.16,7A5.1,5.1,0,0,0,1.5,48.5Z"/><rect class="cls-2" x="8.5" y="9.5" width="43" height="29"/><circle class="cls-3" cx="30" cy="15" r="1.75"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/configuration.png b/windows/hub/images/configuration.png
deleted file mode 100644
index b6c4b6817d..0000000000
Binary files a/windows/hub/images/configuration.png and /dev/null differ
diff --git a/windows/hub/images/configuration.svg b/windows/hub/images/configuration.svg
deleted file mode 100644
index b3b9a9af6d..0000000000
--- a/windows/hub/images/configuration.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>Configuration</title><g id="Icons"><path class="cls-2" d="M50.63,30c0-.64,0-1.28-.1-1.91l7.25-4.52-3.59-8.66-8.32,1.92a20.87,20.87,0,0,0-2.7-2.7l1.92-8.32L36.43,2.22,31.91,9.47c-.63-.06-1.27-.09-1.91-.09s-1.28,0-1.91.09L23.57,2.22,14.91,5.81l1.92,8.32a20.87,20.87,0,0,0-2.7,2.7L5.81,14.91,2.22,23.57l7.25,4.52c-.06.63-.09,1.27-.09,1.91s0,1.28.09,1.91L2.22,36.43l3.59,8.66,8.32-1.92a20.87,20.87,0,0,0,2.7,2.7l-1.92,8.32,8.66,3.59,4.52-7.25c.63.06,1.27.1,1.91.1s1.28,0,1.91-.1l4.52,7.25,8.66-3.59-1.92-8.32a20.87,20.87,0,0,0,2.7-2.7l8.32,1.92,3.59-8.66-7.25-4.52C50.59,31.28,50.63,30.64,50.63,30ZM20.5,30A9.5,9.5,0,1,1,30,39.5,9.5,9.5,0,0,1,20.5,30Z"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/deploy1.png b/windows/hub/images/deploy1.png
deleted file mode 100644
index 1390683f78..0000000000
Binary files a/windows/hub/images/deploy1.png and /dev/null differ
diff --git a/windows/hub/images/deploy2.png b/windows/hub/images/deploy2.png
deleted file mode 100644
index c26b6d87b2..0000000000
Binary files a/windows/hub/images/deploy2.png and /dev/null differ
diff --git a/windows/hub/images/deploy3.png b/windows/hub/images/deploy3.png
deleted file mode 100644
index 0705adb036..0000000000
Binary files a/windows/hub/images/deploy3.png and /dev/null differ
diff --git a/windows/hub/images/deploy4.png b/windows/hub/images/deploy4.png
deleted file mode 100644
index 10cbd54516..0000000000
Binary files a/windows/hub/images/deploy4.png and /dev/null differ
diff --git a/windows/hub/images/deployment.png b/windows/hub/images/deployment.png
deleted file mode 100644
index b0aec0de35..0000000000
Binary files a/windows/hub/images/deployment.png and /dev/null differ
diff --git a/windows/hub/images/deployment.svg b/windows/hub/images/deployment.svg
deleted file mode 100644
index 7cdab632cc..0000000000
--- a/windows/hub/images/deployment.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2,.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}.cls-3{stroke-dasharray:2.4 2.4;}.cls-4{mask:url(#mask);}.cls-5{filter:url(#luminosity-noclip);}</style><filter id="luminosity-noclip" x="-3" y="3" width="66" height="54" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-color="#fff" result="bg"/><feBlend in="SourceGraphic" in2="bg"/></filter><mask id="mask" x="-3" y="3" width="66" height="54" maskUnits="userSpaceOnUse"><g class="cls-5"><rect x="-3" y="18" width="24" height="24"/><rect x="39" y="3" width="24" height="24"/><rect x="39" y="33" width="24" height="24"/></g></mask></defs><title>Deployment</title><g id="Icons"><rect class="cls-2" x="1.5" y="22.5" width="15" height="15"/><polyline class="cls-2" points="58.5 21 58.5 22.5 57 22.5"/><line class="cls-3" x1="54.6" y1="22.5" x2="46.2" y2="22.5"/><polyline class="cls-2" points="45 22.5 43.5 22.5 43.5 21"/><line class="cls-3" x1="43.5" y1="18.6" x2="43.5" y2="10.2"/><polyline class="cls-2" points="43.5 9 43.5 7.5 45 7.5"/><line class="cls-3" x1="47.4" y1="7.5" x2="55.8" y2="7.5"/><polyline class="cls-2" points="57 7.5 58.5 7.5 58.5 9"/><line class="cls-3" x1="58.5" y1="11.4" x2="58.5" y2="19.8"/><polyline class="cls-2" points="58.5 51 58.5 52.5 57 52.5"/><line class="cls-3" x1="54.6" y1="52.5" x2="46.2" y2="52.5"/><polyline class="cls-2" points="45 52.5 43.5 52.5 43.5 51"/><line class="cls-3" x1="43.5" y1="48.6" x2="43.5" y2="40.2"/><polyline class="cls-2" points="43.5 39 43.5 37.5 45 37.5"/><line class="cls-3" x1="47.4" y1="37.5" x2="55.8" y2="37.5"/><polyline class="cls-2" points="57 37.5 58.5 37.5 58.5 39"/><line class="cls-3" x1="58.5" y1="41.4" x2="58.5" y2="49.8"/><g class="cls-4"><line class="cls-2" x1="16.5" y1="22.5" x2="43.5" y2="14.5"/><line class="cls-2" x1="16.5" y1="37.5" x2="43.5" y2="45.5"/></g></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/deviceSecurity.svg b/windows/hub/images/deviceSecurity.svg
deleted file mode 100644
index 5a5b28322d..0000000000
--- a/windows/hub/images/deviceSecurity.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>DeviceSecurity</title><g id="Icons"><path class="cls-2" d="M29.89,49H3.5a.62.62,0,0,1-.5-.5,3.88,3.88,0,0,1,.47-2L9.18,40H28V37H10V11H50V26.7a11.62,11.62,0,0,1,3,1.42h0V8H7V37.93l-5.82,6.6A6.62,6.62,0,0,0,0,48.5,3.6,3.6,0,0,0,3.5,52H31.64A22.74,22.74,0,0,1,29.89,49Z"/><path class="cls-3" d="M58.5,33.5V41c0,6.25-4.65,12.38-12.14,16.31l-.86.45-.86-.45C37.15,53.38,32.5,47.25,32.5,41V33.5h2a11.13,11.13,0,0,0,6-1.66,9.85,9.85,0,0,1,10,0,11.17,11.17,0,0,0,6,1.62Z"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/devicesecurity.png b/windows/hub/images/devicesecurity.png
deleted file mode 100644
index 0ded4068e5..0000000000
Binary files a/windows/hub/images/devicesecurity.png and /dev/null differ
diff --git a/windows/hub/images/explore1.png b/windows/hub/images/explore1.png
deleted file mode 100644
index 60d8a8a5b4..0000000000
Binary files a/windows/hub/images/explore1.png and /dev/null differ
diff --git a/windows/hub/images/explore2.png b/windows/hub/images/explore2.png
deleted file mode 100644
index a31096c8a4..0000000000
Binary files a/windows/hub/images/explore2.png and /dev/null differ
diff --git a/windows/hub/images/explore3.png b/windows/hub/images/explore3.png
deleted file mode 100644
index 2206e69d30..0000000000
Binary files a/windows/hub/images/explore3.png and /dev/null differ
diff --git a/windows/hub/images/faq.png b/windows/hub/images/faq.png
deleted file mode 100644
index d5d90dee9e..0000000000
Binary files a/windows/hub/images/faq.png and /dev/null differ
diff --git a/windows/hub/images/insider.png b/windows/hub/images/insider.png
deleted file mode 100644
index ac22d5062d..0000000000
Binary files a/windows/hub/images/insider.png and /dev/null differ
diff --git a/windows/hub/images/land-deploy.png b/windows/hub/images/land-deploy.png
deleted file mode 100644
index 10cbd54516..0000000000
Binary files a/windows/hub/images/land-deploy.png and /dev/null differ
diff --git a/windows/hub/images/land-explore.png b/windows/hub/images/land-explore.png
deleted file mode 100644
index b23fb8d8c1..0000000000
Binary files a/windows/hub/images/land-explore.png and /dev/null differ
diff --git a/windows/hub/images/land-faq.png b/windows/hub/images/land-faq.png
deleted file mode 100644
index d5d90dee9e..0000000000
Binary files a/windows/hub/images/land-faq.png and /dev/null differ
diff --git a/windows/hub/images/land-informed.png b/windows/hub/images/land-informed.png
deleted file mode 100644
index 6c9f645da0..0000000000
Binary files a/windows/hub/images/land-informed.png and /dev/null differ
diff --git a/windows/hub/images/land-manage.png b/windows/hub/images/land-manage.png
deleted file mode 100644
index 37aa9c59c5..0000000000
Binary files a/windows/hub/images/land-manage.png and /dev/null differ
diff --git a/windows/hub/images/land-new.png b/windows/hub/images/land-new.png
deleted file mode 100644
index 884d953a7e..0000000000
Binary files a/windows/hub/images/land-new.png and /dev/null differ
diff --git a/windows/hub/images/manage1.png b/windows/hub/images/manage1.png
deleted file mode 100644
index 37aa9c59c5..0000000000
Binary files a/windows/hub/images/manage1.png and /dev/null differ
diff --git a/windows/hub/images/manage2.png b/windows/hub/images/manage2.png
deleted file mode 100644
index b52cbfd956..0000000000
Binary files a/windows/hub/images/manage2.png and /dev/null differ
diff --git a/windows/hub/images/old/access-protection-old.png b/windows/hub/images/old/access-protection-old.png
deleted file mode 100644
index 0da647699b..0000000000
Binary files a/windows/hub/images/old/access-protection-old.png and /dev/null differ
diff --git a/windows/hub/images/old/access-protection5.png b/windows/hub/images/old/access-protection5.png
deleted file mode 100644
index 8f405ece8c..0000000000
Binary files a/windows/hub/images/old/access-protection5.png and /dev/null differ
diff --git a/windows/hub/images/old/application-management-old.png b/windows/hub/images/old/application-management-old.png
deleted file mode 100644
index 078094818e..0000000000
Binary files a/windows/hub/images/old/application-management-old.png and /dev/null differ
diff --git a/windows/hub/images/old/application-management5.png b/windows/hub/images/old/application-management5.png
deleted file mode 100644
index 09de36a442..0000000000
Binary files a/windows/hub/images/old/application-management5.png and /dev/null differ
diff --git a/windows/hub/images/old/client-management-old.png b/windows/hub/images/old/client-management-old.png
deleted file mode 100644
index 3b6e6f95e5..0000000000
Binary files a/windows/hub/images/old/client-management-old.png and /dev/null differ
diff --git a/windows/hub/images/old/client-management5.png b/windows/hub/images/old/client-management5.png
deleted file mode 100644
index 6c396874ea..0000000000
Binary files a/windows/hub/images/old/client-management5.png and /dev/null differ
diff --git a/windows/hub/images/old/configuration-old.png b/windows/hub/images/old/configuration-old.png
deleted file mode 100644
index de9f183599..0000000000
Binary files a/windows/hub/images/old/configuration-old.png and /dev/null differ
diff --git a/windows/hub/images/old/configuration5.png b/windows/hub/images/old/configuration5.png
deleted file mode 100644
index 3cf3488c0f..0000000000
Binary files a/windows/hub/images/old/configuration5.png and /dev/null differ
diff --git a/windows/hub/images/old/deployment-old.png b/windows/hub/images/old/deployment-old.png
deleted file mode 100644
index b87cebc6fc..0000000000
Binary files a/windows/hub/images/old/deployment-old.png and /dev/null differ
diff --git a/windows/hub/images/old/deployment5.png b/windows/hub/images/old/deployment5.png
deleted file mode 100644
index ae2e2928bb..0000000000
Binary files a/windows/hub/images/old/deployment5.png and /dev/null differ
diff --git a/windows/hub/images/old/device-security-old.png b/windows/hub/images/old/device-security-old.png
deleted file mode 100644
index 348d0e1719..0000000000
Binary files a/windows/hub/images/old/device-security-old.png and /dev/null differ
diff --git a/windows/hub/images/old/device-security5.png b/windows/hub/images/old/device-security5.png
deleted file mode 100644
index 6f6637315e..0000000000
Binary files a/windows/hub/images/old/device-security5.png and /dev/null differ
diff --git a/windows/hub/images/old/front-page-video.PNG b/windows/hub/images/old/front-page-video.PNG
deleted file mode 100644
index afe78e3564..0000000000
Binary files a/windows/hub/images/old/front-page-video.PNG and /dev/null differ
diff --git a/windows/hub/images/old/remote-old.png b/windows/hub/images/old/remote-old.png
deleted file mode 100644
index 3be3f8e27e..0000000000
Binary files a/windows/hub/images/old/remote-old.png and /dev/null differ
diff --git a/windows/hub/images/old/threat-protection-old.png b/windows/hub/images/old/threat-protection-old.png
deleted file mode 100644
index a9d411cfa3..0000000000
Binary files a/windows/hub/images/old/threat-protection-old.png and /dev/null differ
diff --git a/windows/hub/images/old/threat-protection5.png b/windows/hub/images/old/threat-protection5.png
deleted file mode 100644
index 497c1aa111..0000000000
Binary files a/windows/hub/images/old/threat-protection5.png and /dev/null differ
diff --git a/windows/hub/images/old/virtualization-old.png b/windows/hub/images/old/virtualization-old.png
deleted file mode 100644
index 7e65511dfe..0000000000
Binary files a/windows/hub/images/old/virtualization-old.png and /dev/null differ
diff --git a/windows/hub/images/old/whats-new-highlight.png b/windows/hub/images/old/whats-new-highlight.png
deleted file mode 100644
index 679573dd94..0000000000
Binary files a/windows/hub/images/old/whats-new-highlight.png and /dev/null differ
diff --git a/windows/hub/images/old/whats-new-highlight5.png b/windows/hub/images/old/whats-new-highlight5.png
deleted file mode 100644
index 8222ded5f3..0000000000
Binary files a/windows/hub/images/old/whats-new-highlight5.png and /dev/null differ
diff --git a/windows/hub/images/old/whats-new-old.png b/windows/hub/images/old/whats-new-old.png
deleted file mode 100644
index de0c3fa545..0000000000
Binary files a/windows/hub/images/old/whats-new-old.png and /dev/null differ
diff --git a/windows/hub/images/plan1.png b/windows/hub/images/plan1.png
deleted file mode 100644
index b52d775ed5..0000000000
Binary files a/windows/hub/images/plan1.png and /dev/null differ
diff --git a/windows/hub/images/plan2.png b/windows/hub/images/plan2.png
deleted file mode 100644
index 5bcfed0568..0000000000
Binary files a/windows/hub/images/plan2.png and /dev/null differ
diff --git a/windows/hub/images/plan3.png b/windows/hub/images/plan3.png
deleted file mode 100644
index 04c077b748..0000000000
Binary files a/windows/hub/images/plan3.png and /dev/null differ
diff --git a/windows/hub/images/threatprotection.png b/windows/hub/images/threatprotection.png
deleted file mode 100644
index 5c20d60cfd..0000000000
Binary files a/windows/hub/images/threatprotection.png and /dev/null differ
diff --git a/windows/hub/images/threatprotection.svg b/windows/hub/images/threatprotection.svg
deleted file mode 100644
index cf19910bee..0000000000
--- a/windows/hub/images/threatprotection.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2{fill:#0070c0;}.cls-3{fill:none;stroke:#0070c0;stroke-miterlimit:10;stroke-width:3px;}</style></defs><title>ThreatProtection</title><g id="Icons"><rect class="cls-2" x="28" y="41" width="3" height="3"/><rect class="cls-2" x="28" y="11" width="3" height="26"/><path class="cls-3" d="M55.5,21.5c0,13.78-9.93,26.31-26,35.34-16.07-9-26-21.56-26-35.34V9.5A30.48,30.48,0,0,0,20.21,4.29,15.89,15.89,0,0,1,29.5,1.5a15.89,15.89,0,0,1,9.29,2.79A30.48,30.48,0,0,0,55.5,9.5Z"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/twitter.png b/windows/hub/images/twitter.png
deleted file mode 100644
index 7cc7088229..0000000000
Binary files a/windows/hub/images/twitter.png and /dev/null differ
diff --git a/windows/hub/images/whatsnew.png b/windows/hub/images/whatsnew.png
deleted file mode 100644
index dab83b28d6..0000000000
Binary files a/windows/hub/images/whatsnew.png and /dev/null differ
diff --git a/windows/hub/images/whatsnew.svg b/windows/hub/images/whatsnew.svg
deleted file mode 100644
index a88f581016..0000000000
--- a/windows/hub/images/whatsnew.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="60" height="60" viewBox="0 0 60 60"><defs><style>.cls-1{opacity:0.5;}.cls-2,.cls-3{fill:none;stroke:#107c10;stroke-miterlimit:10;stroke-width:3px;}.cls-3{stroke-linecap:round;}</style></defs><title>WhatsNew</title><g id="Icons"><path class="cls-2" d="M58.5,41.5a6,6,0,0,1-6,6H7.5a6,6,0,0,1-6-6V9.5h49v7h8Z"/><line class="cls-3" x1="50.5" y1="16.5" x2="50.5" y2="39.5"/><line class="cls-2" x1="45" y1="16.5" x2="7" y2="16.5"/><line class="cls-2" x1="45" y1="40.5" x2="29" y2="40.5"/><line class="cls-2" x1="45" y1="32.5" x2="29" y2="32.5"/><line class="cls-2" x1="45" y1="24.5" x2="29" y2="24.5"/><rect class="cls-2" x="8.5" y="24.5" width="15" height="16"/></g></svg>
\ No newline at end of file
diff --git a/windows/hub/images/winlogo.svg b/windows/hub/images/winlogo.svg
deleted file mode 100644
index 393eb5b882..0000000000
--- a/windows/hub/images/winlogo.svg
+++ /dev/null
@@ -1,96 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<!-- Generated by Microsoft Visio, SVG Export winlogo.svg Page-1 -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="6.06944in" height="6.09028in"
-		viewBox="0 0 437 438.5" xml:space="preserve" color-interpolation-filters="sRGB" class="st2">
-	<v:documentProperties v:langID="1033" v:viewMarkup="false"/>
-
-	<style type="text/css">
-	<![CDATA[
-		.st1 {fill:none;stroke:none;stroke-width:0.25}
-		.st2 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
-	]]>
-	</style>
-
-	<g v:mID="0" v:index="1" v:groupContext="foregroundPage">
-		<title>Page-1</title>
-		<v:pageProperties v:drawingScale="1" v:pageScale="1" v:drawingUnits="0" v:shadowOffsetX="9" v:shadowOffsetY="-9"/>
-		<g id="shape1-1" v:mID="1" v:groupContext="shape" transform="translate(0.25,-0.25)">
-			<title>Sheet.1</title>
-			<rect v:rectContext="foreign" x="0" y="0.500011" width="436.5" height="438" class="st1"/>
-			<image x="0" y="0.500011" width="436.5" height="438" preserveAspectRatio="none" xlink:href="data:image/png;base64,iV
-						BORw0KGgoAAAANSUhEUgAAAkYAAAJICAYAAACE1yscAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAU
-						lSJPAAABTLSURBVHhe7dYxTiBQDENBjs1B9z6shL4r3EREaZgnTe/SH1+SJEn6zjGSJEl6OUaSJEkvx0iSJOnlGEmSJL1+HKOPz38Av3
-						Jd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bAD
-						CRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2
-						DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQ
-						PARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEco
-						yAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117
-						UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8
-						kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l
-						3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AE
-						wkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCF
-						h3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2w
-						AwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHC
-						Ng3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW
-						0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARH
-						KMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdd
-						e1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNAB
-						PJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAt
-						Zd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNg
-						BMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxw
-						hYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3Xd
-						sAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkR
-						wjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3X
-						VtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwE
-						RyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgH
-						XXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQ
-						ATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQ
-						LWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1z
-						YATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJM
-						cIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd1
-						3bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJ
-						EcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN
-						11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8
-						BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjI
-						B117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BE+nGMJEmS/mqOkSRJ0ssxkiRJejlGkiRJL8dIkiTp5RhJkiS9HCNJkqSXYy
-						RJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJL8dIkiTp5RhJkiS9HCNJkqSXYyRJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJL8dIkiTp5R
-						hJkiS9HCNJkqSXYyRJkvRyjCRJkl6OkSRJ0ssxkiRJejlGkiRJrx/H6OPzH8CvXNc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQ
-						ATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQ
-						LWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1z
-						YATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJM
-						cIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd1
-						3bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJ
-						EcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN
-						11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8
-						BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjI
-						B117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ
-						0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyT
-						EC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXd
-						c2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATC
-						THCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWH
-						dd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bAD
-						CRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2
-						DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQ
-						PARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEco
-						yAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117
-						UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8
-						kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l
-						3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AE
-						wkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCF
-						h3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2w
-						AwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHC
-						Ng3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW
-						0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARH
-						KMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdd
-						e1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNAB
-						PJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAt
-						Zd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxwhYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNg
-						BMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3XdsAMJEcI2DddW0DwERyjIB117UNABPJMQLWXdc2AEwkxw
-						hYd13bADCRHCNg3XVtA8BEcoyAdde1DQATyTEC1l3XNgBMJMcIWHdd2wAwkRwjYN11bQPARHKMgHXXtQ0AE8kxAtZd1zYATCTHCFh3Xd
-						sAMJF+HCNJkqS/mmMkSZL0cowkSZK++/r6DwqOoucNyrLNAAAAAElFTkSuQmCC"/>
-			<rect v:rectContext="foreign" x="0" y="0.500011" width="436.5" height="438" class="st1"/>
-		</g>
-	</g>
-</svg>
diff --git a/windows/hub/images/wip4biz.png b/windows/hub/images/wip4biz.png
deleted file mode 100644
index 6c9f645da0..0000000000
Binary files a/windows/hub/images/wip4biz.png and /dev/null differ
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 8eb8641a31..b341fb250c 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -1,255 +1,168 @@
 ### YamlMime:Hub
 
-title: Windows client documentation for IT Pros # < 60 chars
-summary: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # < 160 chars
-# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-apps | power-automate | power-bi | power-platform | power-virtual-agents | sql | sql-server | vs | visual-studio | windows | xamarin
+title: Windows client documentation for IT Pros
+summary: Learn how to deploy, secure, and manage Windows clients for your organization.
 brand: windows
 
 metadata:
-  title: Windows client documentation for IT Pros # Required; page title displayed in search results. Include the brand. < 60 chars.
-  description: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11. # Required; article description that is displayed in search results. < 160 chars.
+  title: Windows client documentation
+  description: Learn how to deploy, secure, and manage Windows clients for your organization.
   ms.topic: hub-page
   ms.prod: windows-client
   ms.collection:
     - highpri
     - tier1
-  author: aczechowski #Required; your GitHub user alias, with correct capitalization.
-  ms.author: aaroncz #Required; microsoft alias of author; optional team alias.
-  ms.date: 10/01/2021 #Required; mm/dd/yyyy format.
-  localization_priority: medium
+  author: paolomatarazzo
+  ms.author: paoloma
+  manager: aaroncz
+  ms.date: 06/20/2023
 
-# highlightedContent section (optional)
-# Maximum of 8 items
 highlightedContent:
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
   items:
-    # Card
-    - title: Become a Windows Insider
-      itemType: overview
-      url: https://insider.windows.com
-    # Card
-    - title: See what's new in Windows release health
-      itemType: overview
-      url: /windows/release-health/
-    # Card
-    - title: Empower your hybrid workforce
-      itemType: overview
-      url: https://www.microsoft.com/microsoft-365/blog/2021/10/04/empower-your-hybrid-workforce-today-with-windows-11/
+  - title: Get started with Windows 11
+    itemType: get-started
+    url: /windows/whats-new/windows-11-overview
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Windows 11, version 22H2 group policy settings reference 
+    itemType: download
+    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+  - title: Windows release health
+    itemType: whats-new
+    url: /windows/release-health
+  - title: Windows commercial licensing
+    itemType: overview
+    url: /windows/whats-new/windows-licensing
+  - title: Windows 365 documentation
+    itemType: overview
+    url: /windows-365
+  - title: Explore all Windows trainings and learning paths for IT pros
+    itemType: learn
+    url: https://learn.microsoft.com/en-us/training/browse/?products=windows&roles=administrator
+  - title: Enroll Windows client devices in Microsoft Intune
+    itemType: how-to-guide
+    url: /mem/intune/fundamentals/deployment-guide-enrollment-windows
 
-# productDirectory section (optional)
 productDirectory:
-  title: Get to know Windows 11 # < 60 chars (optional)
-  summary: Learn more about what's new, what's updated, and what you get in Windows 11 # < 160 chars (optional)
+  title: Get started
   items:
-  # Card
-    - title: Windows 11 overview
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Get more information about features and improvements that are important to admins
-      url: /windows/whats-new/windows-11-overview
-    - title: Windows 11 requirements
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: See the system requirements for Windows 11, including running Windows 11 on a virtual machine
-      url: /windows/whats-new/windows-11-requirements
-    - title: Learn more about Windows 11 Enterprise
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Get more information on the features, security, and licensing plans designed for organizations
-      url: https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise
-    - title: FAQ - Upgrade to Windows 11
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: See some common questions and answers when upgrading to Windows 11
-      url: https://support.microsoft.com/windows/upgrade-to-windows-11-faq-fb6206a2-1a0f-448a-80f1-8668ee5b2bf9
-    - title: Windows 11 chip to cloud protection - Security challenges of hybrid work
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Blog from the Microsoft Windows Security Team
-      url: https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work
-    - title: Trusted Platform Module (TPM)
-      imageSrc: /windows/resources/images/winlogo.svg
-      summary: Learn more about TPM, and why it's a good thing
-      url: /windows/security/information-protection/tpm/trusted-platform-module-overview
-      
-# conceptualContent section (optional)
-conceptualContent:
-# Supports up to 3 sections
-# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
 
-  title: Windows client resources and documentation for IT Pros 
-  summary: Plan, deploy, secure, and manage devices running Windows 10 and Windows 11.
-  items:
-  # card
-    - title: Overview
+    - title: Learn how to deploy Windows
+      imageSrc: /media/common/i_deploy.svg
       links:
-        - url: /windows/whats-new/windows-11-overview
-          itemType: overview
-          text: Windows 11 overview
-        - url: /windows/whats-new/windows-11-plan
-          itemType: overview
-          text: Plan for Windows 11
-        - url: /windows/whats-new/windows-11-prepare
-          itemType: overview
-          text: Prepare for Windows 11
-        - url: /windows/whats-new/whats-new-windows-10-version-21H1
-          itemType: overview
-          text: What's new in Windows 10, version 21H1
-        - url:  /windows/release-health/release-information
-          itemType: overview
-          text: Windows release information
-
-  # Card (optional)
-    - title: Configuration
-      links:
-        - url: /windows/configuration/index
-          itemType: overview
-          text: Configure Windows
-        - url: /windows/configuration/provisioning-packages/provisioning-packages
-          itemType: how-to-guide
-          text: Use Provisioning packages to configure new devices
-        - url: /windows/configuration/windows-accessibility-for-itpros
-          itemType: overview
-          text: Accessibility information for IT Pros
-        - url: /windows/configuration/customize-start-menu-layout-windows-11
-          itemType: how-to-guide
-          text: Customize the Start menu layout
-        - url: /windows/configuration/stop-employees-from-using-microsoft-store
-          itemType: how-to-guide
-          text: Control access to Microsoft Store
-        - url: /windows/configuration/set-up-shared-or-guest-pc
-          itemType: how-to-guide
-          text: Set up a shared or guest PC
-
-  # Card (optional)
-    - title: Deployment
-      links:
-        - url: /windows/deployment/index      
-          itemType: deploy
-          text: Deploy and update Windows
-        - url: /windows/deployment/windows-10-deployment-scenarios
-          itemType: deploy
-          text: Windows deployment scenarios
-        - url: /windows/deployment/update/create-deployment-plan
-          itemType: deploy
-          text: Create a deployment plan
-        - url: /windows/deployment/update/prepare-deploy-windows
-          itemType: deploy
-          text: Prepare to deploy Windows client
+        - url: /mem/autopilot/
+          text: Windows Autopilot overview
+        - url: /mem/autopilot/tutorial/autopilot-scenarios
+          text: "Tutorial: Windows Autopilot scenarios"
+        - url: /windows/deployment/do/
+          text: Delivery optimization
+        - url: /windows/deployment/update/deployment-service-overview
+          text: Windows Update for Business deployment service
         - url: /windows/deployment/windows-autopatch
-          itemType: deploy
-          text: Windows Autopatch
- 
-  # Card
-    - title: App management
-      links:
-        - url: /windows/application-management/index
-          itemType: overview
-          text: Windows application management
-        - url: /windows/application-management/apps-in-windows-10
-          itemType: overview
-          text: Learn more about the different apps types for Windows
-        - url: /windows/application-management/private-app-repository-mdm-company-portal-windows-11
-          itemType: how-to-guide
-          text: Use the private app repo on Windows 11
-        - url:  /windows/application-management/remove-provisioned-apps-during-update
-          itemType: how-to-guide
-          text: Keep removed apps from returning during an update
-        - url:  https://blogs.windows.com/windowsdeveloper/2021/10/04/developing-for-windows-11/
-          itemType: overview
-          text: Blog - Develop apps for Windows 11
+          text: Windows Autopatch overview
+        - url: /windows/deployment
+          text: Learn more about Windows deployment >
 
-  # Card
-    - title: Client management
+    - title: Learn how to secure Windows
+      imageSrc: /media/common/i_security-management.svg
       links:
+        - url: /windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines
+          text: Windows security baselines
+        - url: /windows/security/identity-protection/credential-guard/credential-guard-how-it-works
+          text: Credential Guard
+        - url: /windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust
+          text: Windows Hello for Business cloud Kerberos trust
+        - url: /windows/security/threat-protection/windows-defender-application-control
+          text: Windows Defender Application Control (WDAC)
+        - url: /windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
+          text: Microsoft Defender Application Guard
+        - url: /windows/security
+          text: Learn more about Windows security >
 
-        - url: /windows/client-management/index
-          itemType: overview
-          text: Windows client management
+    - title: Learn about privacy in Windows
+      imageSrc: /media/common/i_lock.svg
+      links:
+        - url: /windows/privacy/required-diagnostic-events-fields-windows-11-22h2
+          text: Windows 11 required diagnostic data
+        - url: /windows/privacy/configure-windows-diagnostic-data-in-your-organization
+          text: Configure Windows diagnostic data in your organization
+        - url: /windows/privacy/diagnostic-data-viewer-overview
+          text: Diagnostic Data Viewer
+        - url: /windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services
+          text: Manage connections to Microsoft services
+        - url: /windows/privacy/windows-10-and-privacy-compliance
+          text: Windows privacy compliance guide
+        - url: /windows/privacy
+          text: Learn more about privacy in Windows >
+
+    - title: Learn how to manage Windows
+      imageSrc: /media/common/i_management.svg
+      links:
+        - url: /windows/client-management/mobile-device-enrollment
+          text: MDM enrollment
+        - url: /windows/client-management/mdm/
+          text: Configuration Service Provider (CSP)
         - url: /windows/client-management/administrative-tools-in-windows-10
-          itemType: overview
-          text: Administrative tools 
-        - url: /windows/client-management/mandatory-user-profile
-          itemType: how-to-guide
-          text: Create mandatory user profiles
-        - url: /windows/client-management/new-policies-for-windows-10
-          itemType: overview
-          text: New policies for Windows 10
-        - url: /windows/client-management/mdm/configuration-service-provider-reference
-          itemType: reference
-          text: Configuration service provider reference
+          text: Windows administrative tools
+        - url: /windows/client-management/client-tools/quick-assist
+          text: Use Quick Assist to help users
+        - url: /windows/application-management/index
+          text: Learn more about application management >
+        - url: /windows/client-management
+          text: Learn more about Windows management >
 
-  # Card (optional)
-    - title: Security and Privacy
+    - title: Learn how to configure Windows
+      imageSrc: /media/common/i_config-tools.svg
       links:
-        - url: /windows/security/index    
-          itemType: overview
-          text: Windows Enterprise Security
-        - url: /windows/security/hardware
-          itemType: overview
-          text: Hardware security
-        - url: /windows/security/operating-system
-          itemType: overview
-          text: Operating system security
-        - url: /windows/security/apps         
-          itemType: overview
-          text: Application security
-        - url: /windows/security/identity
-          itemType: overview
-          text: Identity and privacy
-        - url: /windows/security/cloud
-          itemType: overview
-          text: Cloud services
-        - url: /windows/privacy/index
-          itemType: overview
-          text: Windows Privacy
+        - url: /windows/configuration/windows-accessibility-for-itpros
+          text: Accessibility information
+        - url: /windows/configuration/provisioning-packages/provisioning-packages
+          text: Use Provisioning packages to configure new devices
+        - url: /windows/configuration/customize-start-menu-layout-windows-11
+          text: Customize the Start menu layout
+        - url: /windows/configuration/set-up-shared-or-guest-pc
+          text: Set up a shared or guest PC
+        - url: /windows/configuration/kiosk-methods
+          text: Configure kiosks and digital signs
+        - url: /windows/configuration
+          text: Learn more about Windows configuration >
+
+    - title: Learn about Windows for Education
+      imageSrc: /media/common/i_advanced.svg
+      links:
+        - url: /education/windows/windows-11-se-overview
+          text: Windows 11 SE Overview
+        - url: /education/windows/federated-sign-in
+          text: Configure federated sign-in for Windows devices
+        - url: /education/windows/get-minecraft-for-education
+          text: Get and deploy Minecraft Education
+        - url: /education/windows/tutorial-school-deployment/
+          text: "Tutorial: deploy and manage Windows devices in a school"
+        - url: /education/windows/tutorial-deploy-apps-winse/
+          text: "Tutorial: deploy applications to Windows 11 SE"
+        - url: /education/Windows
+          text: Learn more about Windows for Education >
 
-# additionalContent section (optional)
-# Card with summary style
 additionalContent:
-  # Supports up to 4 subsections
   sections:
-    - title: More Windows resources # < 60 chars (optional)
+    - title: More Windows resources
       items:
-        # Card
-        - title: Windows product site
-          summary: Find out how Windows enables your business to do more
-          url: https://www.microsoft.com/microsoft-365/windows
-        - title: "Windows 11: A new era for the PC begins today"
-          summary: Blog article that describes how Windows 11 empowers you to produce and inspires you to create
-          url: https://blogs.windows.com/windowsexperience/2021/10/04/windows-11-a-new-era-for-the-pc-begins-today/
-        - title: Windows IT Pro blogs
-          summary: The latest Windows blog articles for the IT Pro 
-          url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
-        - title: Windows blogs
-          summary: Keep up with the latest news about Windows
-          url: https://blogs.windows.com/
-        - title: Participate in the Tech Community
-          summary: Learn how to be part of the Windows Tech Community
-          url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
-        - title: Ask the community
-          summary: Get help, and help others
-          url: https://answers.microsoft.com/windows/forum
 
-    - title: Other resources
-      items:
-        - title: Microsoft endpoint management with Intune
+        - title: Windows hardware
           links:
-            - text: Intune is a family of products
-              url: /mem/endpoint-manager-overview
-            - text: What is Microsoft Intune?
-              url: /mem/intune/fundamentals/what-is-intune
-            - text: Microsoft Intune services simplify upgrades to Windows 11
-              url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/endpoint-manager-simplifies-upgrades-to-windows-11/ba-p/2771886
-            - text: Understanding readiness for Windows 11 with Microsoft Intune services
-              url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866
-            - text: Microsoft endpoint management blog
-              url: https://aka.ms/memblog
-        - title: Windows 365
-          links:
-            - text: Windows 365 documentation
-              url: /windows-365
-            - text: What is Windows 365
-              url: /windows-365/overview
-            - text: Windows 365 Enterprise now supports Windows 11
-              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-365-enterprise-now-supports-windows-11/ba-p/2810334              
-            - text: Windows 365 blog
-              url: https://www.microsoft.com/microsoft-365/blog/
+            - text: Windows hardware developer documentation
+              url: /windows-hardware/drivers/
+            - text: Get started with building Windows devices
+              url: /windows-hardware/get-started
+            - text: Download the Windows Driver Kit
+              url: /windows-hardware/drivers/download-the-wdk
+            - text: Device and driver installation
+              url: /windows-hardware/drivers/install/overview-of-device-and-driver-installation
+            - text: Windows Driver Frameworks
+              url: /windows-hardware/drivers/wdf/
+            - text: Kernel-mode driver architecture design guide
+              url: /windows-hardware/drivers/kernel/
 
         - title: Windows Server
           links:
@@ -257,7 +170,27 @@ additionalContent:
               url: /windows-server
             - text: What's new in Windows Server 2022?
               url: /windows-server/get-started/whats-new-in-windows-server-2022
-            - text: Get started with Windows Server
-              url: /windows-server/get-started/get-started-with-windows-server
             - text: Windows Server blog
               url: https://cloudblogs.microsoft.com/windowsserver/
+
+        - title: Windows product site and blogs
+          links:
+            - text: Find out how Windows enables your business to do more
+              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows blogs
+              url: https://blogs.windows.com/
+            - text: Windows IT Pro blog
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+            - text: Microsoft Intune blog
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
+            - text: "Windows help & learning: end-user documentation"
+              url: https://support.microsoft.com/windows
+
+        - title: Participate in the community
+          links:
+            - text: Windows community
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+            - text: Microsoft Intune community
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+            - text: Microsoft Support community
+              url: https://answers.microsoft.com/windows/forum
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 01ea346024..b7c4487f1c 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -70,61 +70,17 @@ For more info, see [Configure Windows diagnostic data in your organization](conf
 
 Customers who use services that depend on Windows diagnostic data, such as [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data), may be impacted by the behavioral changes when they're released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
 
-## Significant changes coming to the Windows diagnostic data processor configuration
-
-Currently, to enroll devices in the [Window diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) option, IT admins can use policies, such as the “Allow commercial data pipeline” policy, at the individual device level.
-
-To enable efficiencies and help us implement our plan to [store and process EU Data for European enterprise customers in the EU](https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/), we'll be introducing the following significant change for enterprise Windows devices that have diagnostic data turned on.
-
-***We’ll stop using policies, such as the “Allow commercial data pipeline” policy, to configure the processor option. Instead, we’ll be introducing an organization-wide configuration based on Azure Active Directory (Azure AD) to determine Microsoft’s role in data processing.***
-
-We’re making this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way, and in the same geographic region.
-
-### Devices in Azure AD tenants with a billing address in the European Union (EU) or European Free Trade Association (EFTA)
-
-For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe.
-
-From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows).
-
-### Devices in Azure AD tenants with a billing address outside of the EU and EFTA
-
-For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data:
-
-- [Update Compliance](/windows/deployment/update/update-compliance-monitor)
-- [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview)
-- [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)
-- [Microsoft Managed Desktop](/managed-desktop/intro/)
-- [Endpoint analytics (in Microsoft Intune)](/mem/analytics/overview)
-
-*(Additional licensing requirements may apply to use these services.)*
-
-If you don’t sign up for any of these enterprise services, Microsoft will act as controller for the diagnostic data.
+## Significant change to the Windows diagnostic data processor configuration
 
 > [!NOTE]
-> In all cases, enrollment in the Windows diagnostic data processor configuration requires a device to be joined to an Azure AD tenant. If a device isn't properly enrolled, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
+> The information in this section applies to the following versions of Windows:
+> - Windows 10, versions 20H2, 21H2, 22H2, and newer
+> - Windows 11, versions 21H2, 22H2, and newer
 
-### Rollout plan for this change
+Previously, IT admins could use policies (for example, the “Allow commercial data pipeline” policy) at the individual device level to enroll devices in the Windows diagnostic data processor configuration.
 
-This change will rollout in phases, starting  with Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program. Starting in build 25169, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option.
+Starting with the January 2023 preview cumulative update, how you enable the processor configuration option depends on the billing address of the Azure AD tenant to which your devices are joined.
 
-During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA:
+We made this change to help ensure the diagnostic data for all devices in an organization is processed in a consistent way and in the same geographic region, and to help us implement our plan to [store and process EU Data for European enterprise customers in the EU](/privacy/eudb/eu-data-boundary-learn).
 
-- Devices can't be enabled for the Windows diagnostic data processor configuration at this time.
-- The processor configuration will be disabled in any devices that were previously enabled.
-- Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
-
-It's recommended Insiders on these devices pause flighting if these changes aren't acceptable.
-
-For Windows devices in the Dev Channel that aren't joined to an Azure AD tenant, Microsoft will act as the controller for Windows diagnostic data in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Data Protection Addendum](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) terms won't apply.
-
-For other Windows devices (not in the Dev Channel), the change will rollout with the January 2023 release preview cumulative update for Windows 10 versions 20H2, 21H2 and 22H2, and Windows 11 versions 21H2 and 22H2.
-
-To prepare for this change, ensure that you meet the [prerequisites](configure-windows-diagnostic-data-in-your-organization.md#prerequisites) for Windows diagnostic data processor configuration, join your devices to Azure AD (can be a hybrid Azure AD join), and keep your devices secure and up to date with quality updates. If you're outside of the EU or EFTA, sign up for any of the enterprise services.
-
-As part of this change, the following policies will no longer be supported to configure the processor option:
- - Allow commercial data pipeline
- - Allow Desktop Analytics Processing
- - Allow Update Compliance Processing
- - Allow WUfB Cloud Processing
- - Allow Microsoft Managed Desktop Processing
- - Configure the Commercial ID
+For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration).
\ No newline at end of file
diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
index 247eab8256..720b1ad0d9 100644
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@@ -84,7 +84,7 @@ The following table lists the endpoints related to how you can manage the collec
 | [Windows Error Reporting](/windows/win32/wer/windows-error-reporting) | watson.telemetry.microsoft.com <br></br> umwatsonc.events.data.microsoft.com <br></br> *-umwatsonc.events.data.microsoft.com <br></br> ceuswatcab01.blob.core.windows.net <br></br> ceuswatcab02.blob.core.windows.net <br></br> eaus2watcab01.blob.core.windows.net <br></br> eaus2watcab02.blob.core.windows.net <br></br> weus2watcab01.blob.core.windows.net <br></br> weus2watcab02.blob.core.windows.net |
 |Authentication | login.live.com <br></br> <br></br> IMPORTANT: This endpoint is used for device authentication. We do not recommend disabling this endpoint.|
 | [Online Crash Analysis](/windows/win32/dxtecharts/crash-dump-analysis) | oca.telemetry.microsoft.com <br></br> oca.microsoft.com <br></br> kmwatsonc.events.data.microsoft.com <br></br> *-kmwatsonc.events.data.microsoft.com |
-|Settings | settings-win.data.microsoft.com <br></br> <br></br> IMPORTANT: This endpoint is used to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft. We do not recommend disabling this endpoint. This endpoint does not upload Windows diagnostic data. |
+|Settings | settings-win.data.microsoft.com <br></br> <br></br> IMPORTANT: This endpoint is required to remotely configure diagnostics-related settings and data collection. For example, we use the settings endpoint to remotely block an event from being sent back to Microsoft, or to enroll a device in the Windows diagnostic data processor configuration. Do not block access to this endpoint. This endpoint does not upload Windows diagnostic data. |
 
 ### Proxy server authentication
 
@@ -321,10 +321,12 @@ For the best experience, use the most current build of any operating system spec
 The diagnostic data setting on the device should be set to Required diagnostic data or higher, and the following endpoints need to be reachable:
 
 - us-v10c.events.data.microsoft.com (eu-v10c.events.data.microsoft.com for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations))
-- umwatsonc.events.data.microsoft.com (eu-watsonc.events.data.microsoft.com for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations))
+- watsonc.events.data.microsoft.com (eu-watsonc.events.data.microsoft.com for tenants with billing address in the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn#eu-data-boundary-countries-and-datacenter-locations))
 - settings-win.data.microsoft.com
 - *.blob.core.windows.net
 
+Tenants with billing addresses in countries or regions in the Middle East and Africa, as well as European countries or regions not in the EU, also use the eu-v10c.events.data.microsoft.com and eu-watsonc.events.data.microsoft.com endpoints. Their diagnostic data is processed initially in Europe, but those tenants aren't considered part of the [EU Data Boundary](/privacy/eudb/eu-data-boundary-learn).
+
 >[!Note]
 > - Windows diagnostic data collected from a device before it was enabled with Windows diagnostic data processor configuration will be deleted when this configuration is enabled.
 > - When you enable devices with the Windows diagnostic data processor configuration, users may continue to submit feedback through various channels such as Windows feedback hub or Edge feedback. However, the feedback data is not subject to the terms of the Windows diagnostic data processor configuration. If this is not desired, we recommend that you disable feedback using the available policies or application management solutions.
@@ -342,20 +344,16 @@ Starting with the January 2023 preview cumulative update, how you enable the pro
 
 For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) in the EU or EFTA, the Windows diagnostic data for that device will be automatically configured for the processor option. The Windows diagnostic data for those devices will be processed in Europe.
 
-> [!NOTE]
-> The Windows diagnostic data processor configuration has components for which work is in progress to be included in the EU Data Boundary, but completion of this work is delayed beyond January 1, 2023. These components will be included in the EU Data Boundary in the coming months. In the meantime, Microsoft will temporarily transfer data out of the EU Data Boundary as part of service operations to ensure uninterrupted operation of the services customers signed up for.
-
 From a compliance standpoint, this change means that Microsoft will be the processor and the organization will be the controller of the Windows diagnostic data. IT admins for those organizations will become responsible for responding to their users’ [data subject requests](/compliance/regulatory/gdpr-dsr-windows).
 
 #### Devices in Azure AD tenants with a billing address outside of the EU and EFTA
 
 For Windows devices with diagnostic data turned on and that are joined to an [Azure AD tenant with billing address](/azure/cost-management-billing/manage/change-azure-account-profile) outside of the EU and EFTA, to enable the processor configuration option, the organization must sign up for any of the following enterprise services, which rely on diagnostic data:
 
-- [Update Compliance](/windows/deployment/update/update-compliance-monitor)
 - [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview)
 - [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)
-- [Microsoft Managed Desktop](/managed-desktop/intro/)
-- [Endpoint analytics (in Microsoft Intune)](/mem/analytics/overview)
+- [Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)
+- [Windows updates reports (in Microsoft Intune)](/mem/intune/protect/data-enable-windows-data#windows-data)
 
 *(Additional licensing requirements may apply to use these services.)*
 
@@ -368,21 +366,12 @@ If you don’t sign up for any of these enterprise services, Microsoft will act
 > - Windows 10, versions 1809, 1903, 1909, and 2004.
 > - Newer versions of Windows 10 and Windows 11 that have not updated yet to at least the January 2023 preview cumulative update.
 
-Use the instructions below to enable Windows diagnostic data processor configuration using a single setting, through Group Policy, or an MDM solution.
+To enable Windows diagnostic data processor configuration, you can use Group Policy or a custom setting in an MDM solution, such as Microsoft Intune.
 
-In Group Policy, to enable Windows diagnostic data processor configuration, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** and switch the **Allow commercial data pipeline** setting to **enabled**.
+- For Group Policy, you can use the “Allow commercial data pipeline” policy, which is also available in the Intune [settings catalog](/mem/intune/configuration/settings-catalog).
+- For an MDM solution, you can use the AllowCommercialDataPipeline setting in the System Policy configuration service provider (CSP).
 
-If you wish to disable, at any time, switch the same setting to **disabled**. The default state of the above setting is **disabled**.
-
-To use an MDM solution, such as [Microsoft Intune](/mem/intune/configuration/custom-settings-windows-10), to deploy the Windows diagnostic data processor configuration to your supported devices, use the following custom OMA-URI setting configuration:
-
- - **Name:** System/AllowCommercialDataPipeline
- - **OMA-URI:** ./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
- - **Data type:** Integer
-
-Under **Value**, use **1** to enable the service.
-
-If you wish to disable, at any time, switch the same setting to **0**. The default value is **0**.
+For more information about AllowCommercialDataPipeline and the “Allow commercial data pipeline” policy, [review this information](/windows/client-management/mdm/policy-csp-system#allowcommercialdatapipeline).
 
 ## Change privacy settings on a single server
 
diff --git a/windows/privacy/copilot-supplemental-terms.md b/windows/privacy/copilot-supplemental-terms.md
new file mode 100644
index 0000000000..55b0a3386a
--- /dev/null
+++ b/windows/privacy/copilot-supplemental-terms.md
@@ -0,0 +1,70 @@
+---
+title: COPILOT IN WINDOWS (PREVIEW) SUPPLEMENTAL TERMS 
+description: The Supplemental Terms for Copilot in Windows (Preview)
+ms.prod: windows-client
+ms.technology: itpro-privacy
+ms.localizationpriority: medium
+author: DHB-MSFT
+ms.author: danbrown
+manager: laurawi
+ms.date: 09/20/2023
+ms.topic: conceptual
+hideEdit: true
+layout: ContentPage
+ROBOTS: NOINDEX, NOFOLLOW
+feedback_system: None
+---
+
+# COPILOT IN WINDOWS (PREVIEW) SUPPLEMENTAL TERMS
+
+Copilot in Windows is your AI companion that brings productivity to your fingertips. Leveraging Bing Chat or Bing Chat Enterprise, Copilot in Windows accelerates your tasks, reduces friction, saves you time and provides you with personalized answers, inspiration and task assistance. Your use of Copilot in Windows is subject to these supplemental terms of use (“Terms”). By using Copilot in Windows you agree to be bound by these Terms.
+
+1. Preview
+
+    a. COPILOT IN WINDOWS IS A PREVIEW FEATURE AND IS PROVIDED “AS-IS,” “WITH ALL FAULTS,” AND “AS AVAILABLE".  
+
+    b. Microsoft makes no guarantees or promises about how Copilot in Windows operates or that it will function as intended.
+
+2. Eligibility and Use Requirements.
+
+    a. You must be signed into Windows with your Microsoft account to access Copilot in Windows.  
+
+    b. If you're signed into Windows with your work or school account, your organization may have given you the ability to use Copilot in Windows. If you have access to Copilot in Windows but your organization hasn't enabled Bing Chat Enterprise, your use will be limited to Bing Chat’s current turn limit.
+
+    c. Along with these Terms, your use of Copilot in Windows is also governed by the Microsoft Services Agreement, which is incorporated by reference. You agree that Copilot in Windows constitutes a Service, as defined in the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement). If there's any conflict between these Terms and the Microsoft Services Agreement, the conflicting provision in these Terms will control.
+
+3. Bing Chat
+
+    a. Your Copilot in Windows experiences powered by Bing Chat are subject to [Bing Chat’s terms of use](https://go.microsoft.com/fwlink/p/?linkid=2247757).  
+
+    b. If your organization is allowing you to use Bing Chat Enterprise, your Copilot in Windows experiences will be powered by Bing Chat Enterprise and will be subject to [Bing Chat Enterprise’s terms of use](https://go.microsoft.com/fwlink/p/?linkid=2247908).
+
+4. Using Copilot in Windows
+
+    a. Copilot in Windows may allow you to submit text inputs and converse with an online computer-powered chatbot and in certain circumstances generate text content or image content. Your use of Copilot in Windows must comply with the Code of Conduct section of the Microsoft Services Agreement and the Bing Chat Code of Conduct or Bing Chat Enterprise Content Policy.
+
+    b. Copilot in Windows may allow you to change some of your Windows settings based on the text you submit into Copilot in Windows. Additionally, when you copy text in other apps while Copilot in Windows is open, it may automatically prompt you with suggestions to send the copied text to the chat and offer further suggestions of what you can do with that text.
+
+    c. You can consent to letting Copilot in Windows access your Microsoft Edge webpage content. This allows Copilot in Windows to provide relevant responses by accessing content from your active foreground Edge tab. This can be adjusted anytime in Copilot in Windows settings.
+
+5. Data
+
+    a. All data processed by Copilot in Windows, including voice input data, will be processed according to the Microsoft Privacy Statement.
+
+6. Ownership of Content
+
+    a. Microsoft doesn't claim ownership of any content you provide, post, input, or submit to, or receive from, Copilot in Windows, Bing Chat, or Bing Chat Enterprise (including feedback and suggestions). You'll need to make your own determination regarding the intellectual property rights you have in output content and its commercial usability, taking into account, among other things, your usage scenario(s) and the laws of the relevant jurisdiction. You warrant and represent that you or your organization owns or otherwise controls all of the rights to your content as described in these Terms including, without limitation, all the rights necessary for you to provide, post, upload, input or submit the content.  
+
+7. Third-party claims
+
+    a. You're responsible for responding to any third-party claims regarding your use of Copilot in Windows in compliance with applicable laws (including, but not limited to, copyright infringement or other claims relating to output content that was output during your use of Copilot in Windows).
+
+8. Reverse engineering  
+
+    a. You may not use Copilot in Windows to discover any underlying components of the models, algorithms, or systems, such as exfiltrating the weights of models.
+
+9. Extracting data
+
+    a. You may not use web scraping, web harvesting, or web data extraction methods to extract data from Copilot in Windows or from any output content.
+
+10. **IF YOU LIVE IN (OR YOUR PRINCIPAL PLACE OF BUSINESS IS IN) THE UNITED STATES, PLEASE READ THE BINDING ARBITRATION CLAUSE AND CLASS ACTION WAIVER IN SECTION 15 OF THE MICROSOFT SERVICES AGREEMENT. IT AFFECTS HOW DISPUTES RELATING TO THIS AGREEMENT ARE RESOLVED.**
\ No newline at end of file
diff --git a/windows/privacy/docfx.json b/windows/privacy/docfx.json
index 669d5beebf..44e5b9392e 100644
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@@ -36,9 +36,8 @@
       "recommendations": true,
       "adobe-target": true,
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
-      "ms.technology": "windows",
-      "audience": "ITPro",
+      "uhfHeaderId": "MSDocsHeader-Windows",
+      "ms.technology": "itpro-privacy",
       "ms.topic": "article",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
@@ -58,11 +57,11 @@
         "jborsecnik",
         "tiburd",
         "garycentric",
-	"beccarobins"
+        "beccarobins"
       ]
     },
       "searchScope": ["Windows 10"]
-	},
+  },
     "fileMetadata": {},
     "template": [],
     "dest": "privacy",
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f83a2778dc..ab319962f8 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1916,9 +1916,13 @@ Add a REG_DWORD value named **DisableOneSettingsDownloads** to **HKEY_LOCAL_MACH
 
 Widgets is a news and feeds service that can be customized by the user. If you turn off this service, apps using this service may stop working.
 
-You can turn off Widgets by setting the following registry entries:
+To turn off Widgets, you can use Group Policy or a custom setting in an MDM solution, such as Microsoft Intune.
+
+- For Group Policy, you can use the “Allow widgets” policy, which is also available in the Intune [settings catalog](/mem/intune/configuration/settings-catalog).
+- For an MDM solution, you can use the AllowNewsAndInterests setting in the NewsandInterests configuration service provider (CSP).
+
+For more information about AllowNewsAndInterests and the “Allow widgets” policy, [review this information](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests).
 
-Add a REG_DWORD value named **AllowWidgets** to **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Widgets** and set the value to **0**.
 
 ### <a href="" id="bkmk-allowedtraffic"></a> Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline
 
diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md
index 37ab742b30..ae9fabcf1a 100644
--- a/windows/privacy/manage-windows-11-endpoints.md
+++ b/windows/privacy/manage-windows-11-endpoints.md
@@ -6,8 +6,8 @@ ms.technology: itpro-privacy
 ms.localizationpriority: high
 author: DHB-MSFT
 ms.author: danbrown
-manager: dougeby
-ms.date: 01/18/2018
+manager: laurawi
+ms.date: 06/23/2023
 ms.topic: reference
 ---
 
@@ -26,15 +26,15 @@ Some Windows components, app, and related services transfer data to Microsoft ne
 - Using your location to show a weather forecast.
 
 Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md).
-Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic.
+Where applicable, each endpoint covered in this article includes a link to the specific details on how to control that traffic.
 
 The following methodology was used to derive these network endpoints:
 
 1. Set up the latest version of Windows 11 on a test virtual machine using the default settings.
-2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device).
+2. Leave the device(s) running idle for a week ("idle" means a user isn't interacting with the system/device).
 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic.
 4. Compile reports on traffic going to public IP addresses.
-5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory.
+5. The test virtual machine(s) was logged into using a local account, and wasn't joined to a domain or Azure Active Directory.
 6. All traffic was captured in our lab using an IPV4 network. Therefore, no IPV6 traffic is reported here.
 7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different.
 8. These tests were conducted for one week, but if you capture traffic for longer you may have different results.
@@ -42,109 +42,125 @@ The following methodology was used to derive these network endpoints:
 > [!NOTE]
 > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time.
 
+To view endpoints for non-Enterprise Windows 11 editions, see [Windows 11 connection endpoints for non-Enterprise editions](windows-11-endpoints-non-enterprise-editions.md).
 
 ## Windows 11 Enterprise connection endpoints
 
 |Area|Description|Protocol|Destination|
 |----------------|----------|----------|------------|
-|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
-||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net|
-|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or is not trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|||TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
-|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
-||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s) for apps.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoint is used for the Weather app. To turn off traffic for this endpoint, either uninstall the Weather app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTP|tile-service.weather.microsoft.com|
+||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS/HTTP|cdn.onenote.net|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLSv1.2/HTTPS|evoke-windowsservices-tas.msedge.net|
+|Certificates|||[Learn how to turn off traffic to all of the following endpoint(s) for certificates.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
+||Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA) are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates where the server certificate issuer is unknown or isn't trusted by the service. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.<br> <br>If automatic updates are turned off, applications and websites may stop working because they didn't receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device. |TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com|
+|Cortana and Live Tiles|||[Learn how to turn off traffic to all of the following endpoint(s) for Cortana and Live Tiles.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
+||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you'll block updates to Cortana greetings, tips, and Live Tiles.|TLSv1.2/HTTPS/HTTP|www.bing.com*|
+|||HTTPS|business.bing.com|
+|||HTTP|c.bing.com|
+|||HTTP|th.bing.com|
+|||HTTP|c-ring.msedge.net|
 |||TLSv1.2/HTTPS/HTTP|fp.msedge.net|
 |||TLSv1.2|I-ring.msedge.net|
-|||HTTPS|s-ring.msedge.net|
-|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
-|Device metadata|The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata will not be updated for the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
-|||HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+|||HTTPS/HTTP|s-ring.msedge.net|
+|||HTTP|dual-s-ring.msedge.net|
+|||HTTP|creativecdn.com|
+|||HTTP|edgeassetservice.azureedge.net|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s) for device authentication.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoint is used to authenticate a device. If you turn off traffic for this endpoint, the device won't be authenticated.|HTTPS|login.live.com*|
+|Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s) for device metadata.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
+||The following endpoint is used to retrieve device metadata. If you turn off traffic for this endpoint, metadata won't be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
+|Diagnostic Data| ||[Learn how to turn off traffic to all of the following endpoint(s) for diagnostic data.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, won't be sent back to Microsoft.|TLSv1.2/HTTP|self.events.data.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|v10.events.data.microsoft.com|
-||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
+||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information won't be sent back to Microsoft.|TLSv1.2|telecommand.telemetry.microsoft.com|
 |||TLS v1.2/HTTPS/HTTP|watson.*.microsoft.com|
-|Font Streaming|The following endpoints are used to download fonts on demand. If you turn off traffic for these endpoints, you will not be able to download fonts on demand.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
-|||HTTPS|fs.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|||TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
-|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
-||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
-|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
-||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |TLSv1.2/HTTPS|login.live.com|
-|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+|||TLSv1.2|www.telecommandsvc.microsoft.com|
+|Font Streaming|||[Learn how to turn off traffic to all of the following endpoint(s) for font streaming.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#6-font-streaming)|
+||The following endpoint is used to download fonts on demand. If you turn off traffic for these endpoints, you won't be able to download fonts on demand.|HTTPS|fs.microsoft.com|
+|Licensing|||[Learn how to turn off traffic to all of the following endpoint(s) for licensing.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
+||The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.|TLSv1.2/HTTPS/HTTP|licensing.mp.microsoft.com|
+|Location|||[Learn how to turn off traffic to all of the following endpoint(s) for location.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location)|
+||The following endpoint is used for location data. If you turn off traffic for this endpoint, apps can't use location data.|TLSv1.2|inference.location.live.net|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s) for maps.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
+||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps won't be updated.|TLSv1.2/HTTPS/HTTP|maps.windows.com|
+|||HTTP|ecn.dev.virtualearth.net|
+|||HTTP|ecn-us.dev.virtualearth.net|
+|||HTTPS|weathermapdata.blob.core.windows.net|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft account.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
+||The following endpoint is used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS/HTTP|login.live.com|
+|Microsoft Edge|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Edge.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge)|
+|||TLSv1.2/HTTP|edge.microsoft.com|
+|||TLSv1.2/HTTP|windows.msn.com|
 ||This network traffic is related to the Microsoft Edge browser. The Microsoft Edge browser requires this endpoint to contact external websites.|HTTPS|iecvlist.microsoft.com|
 ||The following endpoint is used by Microsoft Edge Update service to check for new updates. If you disable this endpoint, Microsoft Edge won’t be able to check for and apply new edge updates.|TLSv1.2/HTTPS/HTTP|msedge.api.cdp.microsoft.com|
-|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
-||The following endpoint is needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Store.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps can't be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|TLSv1.2/HTTPS|img-prod-cms-rt-microsoft-com.akamaized.net|
+|||HTTP|img-s-msn-com.akamaized.net|
+||The following endpoints are needed to load the content in the Microsoft Store app.|HTTPS|livetileedge.dsx.mp.microsoft.com|
+|||HTTP|storeedgefd.dsx.mp.microsoft.com|
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
-||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
+||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps cannot be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
 |||HTTP|share.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
-|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
-||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|www.office.com|
+|Microsoft To Do|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft To Do.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used for the Microsoft To Do app.|HTTP|staging.to-do.officeppe.com|
+|||HTTP|staging.to-do.microsoft.com|
+|||TLSv1.2/HTTP|to-do.microsoft.com|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s) for Network Connection Status Indicator (NCSI).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
+||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the internet, and the network status tray icon will show a warning.|HTTPS|www.msftconnecttest.com*|
+|||HTTP|ipv6.msftconnecttest.com|
+|Office|||[Learn how to turn off traffic to all of the following endpoint(s) for Office.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTPS|www.office.com|
 |||HTTPS|blobs.officehome.msocdn.com|
 |||HTTPS|officehomeblobs.blob.core.windows.net|
 |||HTTPS|self.events.data.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|outlookmobile-office365-tas.msedge.net|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
-|||TLSv1.2/HTTPS/HTTP|g.live.com|
+|||HTTP|officeclient.microsoft.com|
+|||HTTP|ecs.nel.measure.office.net|
+|||HTTPS/HTTP|telecommandstorageprod.blob.core.windows.net|
+|OneDrive|||[Learn how to turn off traffic to all of the following endpoint(s) for OneDrive.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
+||The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.|TLSv1.2/HTTPS/HTTP|g.live.com|
+|||HTTP|onedrive.live.com|
 |||TLSv1.2/HTTPS/HTTP|oneclient.sfx.ms|
 |||HTTPS| logincdn.msauth.net|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
-|||TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
+|Settings|||[Learn how to turn off traffic to all of the following endpoint(s) for settings.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
+||The following endpoints are used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.|TLSv1.2/HTTPS/HTTP|settings-win.data.microsoft.com|
 |||HTTPS|settings.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
-|||HTTPS/HTTP|*.pipe.aria.microsoft.com|
+|Skype|||[Learn how to turn off traffic to all of the following endpoint(s) for Skype.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+||The following endpoints are used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS/HTTP|*.pipe.aria.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|config.edge.skype.com|
-|Teams|The following endpoint is used for Microsoft Teams application.||[Learn how to turn off traffic to all of the following endpoint(s).]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
-|Microsoft Defender Antivirus|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
-|||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications will not appear.|HTTPS|*smartscreen-prod.microsoft.com|
+|Teams|||[Learn how to turn off traffic to all of the following endpoint(s) for Teams.]( manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoints are used for Microsoft Teams application.|TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
+|||HTTP|teams.live.com|
+|||TLSv1.2/HTTP|teams.events.data.microsoft.com|
+|Microsoft Defender Antivirus|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Defender Antivirus.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
+||The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.|HTTPS/TLSv1.2|wdcp.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
 |||HTTPS/HTTP|checkappexec.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
-|||TLSv1.2/HTTPS/HTTP|arc.msn.com|
+|Windows Spotlight|||[Learn how to turn off traffic to all of the following endpoint(s) for Windows Spotlight.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
+||The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. |TLSv1.2/HTTPS/HTTP|arc.msn.com|
 |||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
-|||TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
+|||TLSv1.2/HTTP|api.msn.com|
+|||TLSv1.2/HTTP|assets.msn.com|
+|||HTTP|c.msn.com|
+|||HTTP|ntp.msn.com|
+|||HTTP|srtb.msn.com|
+|||TLSv1.2/HTTP|www.msn.com|
+|||TLSv1.2/HTTP|fd.api.iris.microsoft.com|
+|Windows Update|||[Learn how to turn off traffic to all of the following endpoint(s) for Windows Update.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
+||The following endpoints are used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads won't be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network won't use peer devices for bandwidth reduction.|TLSv1.2/HTTPS/HTTP|*.prod.do.dsp.mp.microsoft.com|
 |||HTTP|emdl.ws.microsoft.com|
-||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
+||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device won't be able to download updates for the operating system.|TLSv1.2/HTTPS/HTTP|*.dl.delivery.mp.microsoft.com|
 |||HTTP|*.windowsupdate.com|
-||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
+||The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store. If you turn off traffic for these endpoints, the device won't be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device won't be able to acquire and update apps from the Store. These are dependent on also enabling "Device authentication" and "Microsoft Account" endpoints.|TLSv1.2/HTTPS/HTTP|*.delivery.mp.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|*.update.microsoft.com|
 ||The following endpoint is used for compatibility database updates for Windows.|HTTPS|adl.windows.com|
-||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
-|Xbox Live|The following endpoint is used for Xbox Live.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
-|||HTTPS|dlassets-ssl.xboxlive.com|
-
-
-## Other Windows 10 editions
-
-To view endpoints for other versions of Windows 10 Enterprise, see:
-
-- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 21H2](manage-windows-21H2-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 2004](manage-windows-2004-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md)
-- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md)
-
-To view endpoints for non-Enterprise Windows 10 editions, see:
-
-- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md)
-- [Windows 10, version 2004, connection endpoints for non-Enterprise editions](windows-endpoints-2004-non-enterprise-editions.md)
-- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md)
-- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md)
-- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md)
+||The following endpoint is used for content regulation. If you turn off traffic for this endpoint, the Windows Update Agent will be unable to contact the endpoint, and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.|TLSv1.2/HTTPS/HTTP|tsfe.trafficshaping.dsp.mp.microsoft.com|
+|Xbox Live|||[Learn how to turn off traffic to all of the following endpoint(s) for Xbox Live.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
+||The following endpoint is used for Xbox Live.|HTTPS|dlassets-ssl.xboxlive.com|
 
 ## Related links
 
diff --git a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
index a2f855b64e..439810cc47 100644
--- a/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
+++ b/windows/privacy/required-windows-11-diagnostic-events-and-fields.md
@@ -1983,7 +1983,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.CodeIntegrity.State.Current
 
-This event indicates the overall CodeIntegrity Policy state and count of policies, fired on reboot and when policy changes rebootlessly. The data collected with this event is used to help keep Windows secure.
+This event indicates the overall CodeIntegrity Policy state and count of policies, which occur when the device restarts and when policy changes without a restart. The data collected with this event is used to help keep Windows secure.
 
 The following fields are available:
 
@@ -2006,7 +2006,7 @@ The following fields are available:
 
 ### Microsoft.Windows.Security.CodeIntegrity.State.PolicyDetails
 
-This individual policy state event fires once per policy on reboot and whenever any policy change occurs rebootlessly. The data collected with this event is used to help keep Windows secure.
+This individual policy state event occurs once per policy when the device restarts and whenever any policy change occurs without a restart. The data collected with this event is used to help keep Windows secure.
 
 The following fields are available:
 
diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md
index c981c76fa6..71d3061064 100644
--- a/windows/privacy/windows-10-and-privacy-compliance.md
+++ b/windows/privacy/windows-10-and-privacy-compliance.md
@@ -84,10 +84,10 @@ The following table provides an overview of the privacy settings discussed earli
 | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**<br /><br />MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off |
 | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)<br /><br />MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)<br /><br />**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. For more information, see [Enabling the Windows diagnostic data processor configuration](#237-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration). | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)<br /><br />Server editions:<br />Enhanced diagnostic data | Security (Off) and block endpoints |
 | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**<br /><br />MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later and Windows 11) | Off |
-| Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | 
-| Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | 
-| Activity History/Timeline – Cloud Sync | Group Policy:<br />**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**<br /><br />MDM: [Privacy/EnableActivityFeed](/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | 
-| [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#2-cortana-and-search) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**<br /><br />MDM: [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | 
+| Tailored Experiences | Group Policy:<br />**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**<br /><br />MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off |
+| Advertising ID | Group Policy:<br />**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**<br /><br />MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off |
+| Activity History/Timeline – Cloud Sync | Group Policy:<br />**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**<br /><br />MDM: [Privacy/EnableActivityFeed](/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off |
+| [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#2-cortana-and-search) | Group Policy:<br />**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**<br /><br />MDM: [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off |
 
 ### 2.3 Guidance for configuration options
 
@@ -99,9 +99,9 @@ Windows deployment can be configured using several different methods that provid
 
 If you want the ability to fully control and apply restrictions on data being sent back to Microsoft, you can use [Configuration Manager](/mem/configmgr/) as a deployment solution. Configuration Manager can be used to deploy a customized boot image using a variety of [deployment methods](/mem/configmgr/osd/get-started/prepare-for-operating-system-deployment). You can further restrict any Configuration Manager-specific diagnostic data from being sent back to Microsoft by turning off this setting as outlined in the instructions [here](/mem/configmgr/core/plan-design/diagnostics/frequently-asked-questions).
 
-Alternatively, your administrators can also choose to use Windows Autopilot. Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Autopilot profile and policies.
+Alternatively, your administrators can also choose to use Windows Autopilot. Windows Autopilot lessens the overall burden of deployment while allowing administrators to fully customize the out-of-box experience. However, since Windows Autopilot is a cloud-based solution, administrators should be aware that a minimal set of device identifiers are sent back to Microsoft during initial device boot up. This device-specific information is used to identify the device so that it can receive the administrator-configured Windows Autopilot profile and policies.
 
-You can use the following articles to learn more about Autopilot and how to use Autopilot to deploy Windows:
+You can use the following articles to learn more about Windows Autopilot and how to use Windows Autopilot to deploy Windows:
 
 - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot)
 - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process)
@@ -145,15 +145,12 @@ An administrator can disable a user’s ability to delete their device’s diagn
 
 #### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_
 
-> [!IMPORTANT]
-> There are some significant changes planned for the Windows diagnostic data processor configuration.  To learn more, [review this information](changes-to-windows-diagnostic-data-collection.md#significant-changes-coming-to-the-windows-diagnostic-data-processor-configuration).
-
 **Applies to:**
 
 - Windows 11 Enterprise, Professional, and Education editions
 - Windows 10 Enterprise, Professional, and Education, version 1809 with July 2021 update and newer
 
-The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD)-joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration) in [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities.
+The Windows diagnostic data processor configuration enables IT administrators to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from Windows devices that are Azure Active Directory (AAD)-joined and meet the configuration requirements. For more information, see [Enable Windows diagnostic data processor configuration](configure-windows-diagnostic-data-in-your-organization.md#enable-windows-diagnostic-data-processor-configuration). Windows diagnostic data does not include data processed by Microsoft in connection with providing service-based capabilities.
 
 The Windows diagnostic data collected from devices enabled with the Windows diagnostic data processor configuration may be associated with a specific Azure Active Directory User ID or device ID. The Windows diagnostic data processor configuration provides you with controls that help respond to data subject requests (DSRs) to delete diagnostic data, at user account closure, for a specific Azure AD User ID. Additionally, you’re able to execute an export DSR for diagnostic data related to a specific Azure AD User ID. For more information, see [The process for exercising data subject rights](#3-the-process-for-exercising-data-subject-rights). Microsoft also will accommodate a tenant account closure, either because you decide to close your Azure or Azure AD tenant account, or because you decide you no longer wish to be the data controller for Windows diagnostic data, but still wish to remain an Azure customer.
 
@@ -165,8 +162,6 @@ We recommend that IT administrators who have enabled the Windows diagnostic data
 >[!Note]
 >Tenant account closure will lead to the deletion of all data associated with that tenant.
 
-Specific services that depend on Windows diagnostic data will also result in the enterprise becoming controllers of their Windows diagnostic data. These services include Update Compliance, Windows Update for Business reports, Windows Update for Business, and Microsoft Managed Desktop. For more information, see [Related Windows product considerations](#5-related-windows-product-considerations).
-
 For more information on how Microsoft can help you honor rights and fulfill obligations under the GDPR when using Windows diagnostic data processor configurations, see [General Data Protection Regulation Summary](/compliance/regulatory/gdpr).
 
 ## 3. The process for exercising data subject rights
@@ -230,18 +225,17 @@ An administrator can configure privacy-related settings, such as choosing to onl
 >[!Note]
 >The Windows diagnostic data processor configuration is not available for Surface Hub.
 
-### 5.3 Microsoft Managed Desktop
+### 5.3 Windows Update for Business reports
 
-[Microsoft Managed Desktop (MMD)](/microsoft-365/managed-desktop/service-description/) is a service that provides your users with a secure modern experience and always keeps devices up to date with the latest versions of Windows Enterprise edition, Office 365 ProPlus, and Microsoft security services.
+[Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all of its reporting.
 
-### 5.4 Update Compliance
+### 5.4 Windows Autopatch
 
-[Update Compliance](/windows/deployment/update/update-compliance-monitor) is a service that enables organizations to monitor security, quality and feature updates for Windows Professional, Education, and Enterprise editions, and view a report of device and update issues related to compliance that need attention. Update Compliance uses Windows diagnostic data for all its reporting.
+[Windows Autopatch](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview) is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. Windows Autopatch reports use Windows diagnostic data for their reporting.
 
-### 5.5 Windows Update for Business reports
-
-[Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview) is a cloud-based solution that provides information about an organization’s Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports uses Windows diagnostic data for all its reporting.
+### 5.5 Windows updates reports (in Microsoft Intune)
 
+Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. Microsoft Intune includes reports that help you prepare a Windows upgrade or update. For example, [App and driver compatibility reports](/mem/intune/protect/windows-update-compatibility-reports), [Windows driver updates](/mem/intune/protect/windows-driver-updates-overview), and [Windows Autopilot](/autopilot/windows-autopilot). These reports use Windows diagnostic data for their reporting.
 
 ## Additional Resources
 
@@ -249,7 +243,7 @@ An administrator can configure privacy-related settings, such as choosing to onl
 * [Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/trust-center/privacy)
 * [Windows IT Pro Docs](/windows/#pivot=it-pro)
 * [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
-* [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) 
+* [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 * [Privacy at Microsoft](https://privacy.microsoft.com/privacy-report)
 * [Changes to Windows diagnostic data](changes-to-windows-diagnostic-data-collection.md)
 * [Microsoft Service Trust Portal](https://servicetrust.microsoft.com/)
diff --git a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
index 7b46179c9d..4838e70a06 100644
--- a/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
+++ b/windows/privacy/windows-11-endpoints-non-enterprise-editions.md
@@ -68,7 +68,6 @@ The following methodology was used to derive the network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
 |||HTTPS|storesdk.dsx.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 ||The following endpoints are used get images that are used for Microsoft Store suggestions|TLSv1.2|store-images.s-microsoft.com|
@@ -139,7 +138,6 @@ The following methodology was used to derive the network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
 |||HTTPS|storesdk.dsx.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
@@ -190,7 +188,7 @@ The following methodology was used to derive the network endpoints:
 |Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
 ||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
 ||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Yammer conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
+|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
 |Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
 |Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
 |||HTTPS/HTTP|fp.msedge.net|
@@ -210,7 +208,6 @@ The following methodology was used to derive the network endpoints:
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 |||TLSv1.2/HTTPS/HTTP|1storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoints are used to communicate with Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
-|||HTTPS|pti.store.microsoft.com|
 |||HTTPS|storesdk.dsx.mp.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet.|TLSv1.2/HTTP|www.msftconnecttest.com*|
diff --git a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
index 7980832e2b..0074932afa 100644
--- a/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md
@@ -204,7 +204,7 @@ The following methodology was used to derive the network endpoints:
 |Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
 ||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
 ||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Yammer conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
+|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
 |Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
 |Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
 |||HTTPS/HTTP|fp.msedge.net|
diff --git a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
index d168f6790d..a3858b594d 100644
--- a/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md
@@ -200,7 +200,7 @@ The following methodology was used to derive the network endpoints:
 |Apps|The following endpoints are used for the Weather app.|TLSv1.2/HTTPS/HTTP|tile-service.weather.microsoft.com|
 ||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser.|TLSv1.2/HTTPS/HTTP|evoke-windowsservices-tas.msedge.net|
 ||The following endpoint is used for OneNote Live Tile.|HTTPS/HTTP|cdn.onenote.net|
-|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Yammer conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
+|Bing Search|The following endpoint is used by Microsoft Search in Bing enabling users to search across files, SharePoint sites, OneDrive content, Teams and Viva Engage conversations, and other shared data sources in an organization, as well as the web.|HTTPS|business.bing.com|
 |Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available.|TLSv1.2/HTTPS/HTTP|ctldl.windowsupdate.com/*|
 |Cortana and Live Tiles|The following endpoints are related to Cortana and Live Tiles|TLSv1.2/HTTPS/HTTP|www.bing.com*|
 |||HTTPS/HTTP|fp.msedge.net|
diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
deleted file mode 100644
index 0c78b4dfbe..0000000000
--- a/windows/security/TOC.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-- name: Windows security
-  href: index.yml
-  expanded: true
-- name: Introduction
-  items:
-  - name: Windows security overview
-    href: introduction/index.md
-  - name: Zero Trust and Windows
-    href: zero-trust-windows-device-health.md
-  - name: Security features and edition requirements
-    href: introduction/security-features-edition-requirements.md
-  - name: Security features and licensing requirements
-    href: introduction/security-features-licensing-requirements.md
-- name: Hardware security
-  href: hardware-security/toc.yml
-- name: Operating system security
-  href: operating-system-security/toc.yml
-- name: Application security
-  href: application-security/toc.yml
-- name: Identity protection
-  href: identity-protection/toc.yml
-- name: Windows Privacy 🔗
-  href: /windows/privacy
-- name: Security foundations
-  href: security-foundations/toc.yml
-- name: Cloud security
-  href: cloud-security/toc.yml
\ No newline at end of file
diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
similarity index 90%
rename from windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
rename to windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
index 4f36792ed9..2ec2462e4c 100644
--- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
@@ -5,9 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.reviewer: 
 manager: aaroncz
-ms.custom: asr
 ms.technology: itpro-security
 ms.date: 03/16/2023
 ms.topic: article
@@ -21,12 +19,12 @@ ms.topic: article
 - Windows 11
 - Windows Server 2016 and higher
 
-Windows includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they behave more like mobile devices. In this configuration, [**Windows Defender Application Control (WDAC)**](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [**memory integrity**](enable-virtualization-based-protection-of-code-integrity.md).
+Windows includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they behave more like mobile devices. In this configuration, [**Windows Defender Application Control (WDAC)**](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) is used to restrict devices to run only approved apps, while the OS is hardened against kernel memory attacks using [**memory integrity**](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md).
 
 > [!NOTE]
 > Memory integrity is sometimes referred to as *hypervisor-protected code integrity (HVCI)* or *hypervisor enforced code integrity*, and was originally released as part of *Device Guard*. Device Guard is no longer used except to locate memory integrity and VBS settings in Group Policy or the Windows registry.
 
-WDAC policies and memory integrity are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows devices.  
+WDAC policies and memory integrity are powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a strong protection capability for Windows devices.
 
 Using WDAC to restrict devices to only authorized apps has these advantages over other solutions:
 
@@ -44,6 +42,6 @@ WDAC has no specific hardware or software requirements.
 
 ## Related articles
 
-- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md)
-- [Memory integrity](enable-virtualization-based-protection-of-code-integrity.md)
+- [Windows Defender Application Control](windows-defender-application-control/wdac.md)
+- [Memory integrity](../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)
 - [Driver compatibility with memory integrity](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865)
diff --git a/windows/security/application-security/application-control/toc.yml b/windows/security/application-security/application-control/toc.yml
index 5cea979d61..f8b2ebf7a8 100644
--- a/windows/security/application-security/application-control/toc.yml
+++ b/windows/security/application-security/application-control/toc.yml
@@ -1,17 +1,18 @@
 items:
+- name: Smart App Control
+  href: windows-defender-application-control/wdac.md
+- name: Windows Defender Application Control
+  href: windows-defender-application-control/wdac.md
+- name: Windows Defender Application Control and virtualization-based protection of code integrity
+  href: introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
 - name: User Account Control (UAC)
   items:
   - name: Overview
-    href: ../../identity-protection/user-account-control/user-account-control-overview.md
-  - name: How User Account Control works
-    href: ../../identity-protection/user-account-control/how-user-account-control-works.md
-  - name: User Account Control security policy settings
-    href: ../../identity-protection/user-account-control/user-account-control-security-policy-settings.md
-  - name: User Account Control Group Policy and registry key settings
-    href: ../../identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
-- name: Windows Defender Application Control and virtualization-based protection of code integrity
-  href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-- name: Windows Defender Application Control
-  href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
-- name: Smart App Control
-  href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
\ No newline at end of file
+    href: user-account-control/index.md
+  - name: How UAC works
+    href: user-account-control/how-it-works.md
+  - name: UAC settings and configuration
+    href: user-account-control/settings-and-configuration.md
+- name: Microsoft Vulnerable Driver Blocklist
+  href: windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+  
diff --git a/windows/security/application-security/application-control/user-account-control/how-it-works.md b/windows/security/application-security/application-control/user-account-control/how-it-works.md
new file mode 100644
index 0000000000..2e4ec8b5e5
--- /dev/null
+++ b/windows/security/application-security/application-control/user-account-control/how-it-works.md
@@ -0,0 +1,198 @@
+---
+title: How User Account Control works 
+description: Learn about User Account Control (UAC) components and how it interacts with the end users.
+ms.collection: 
+  - highpri
+  - tier2
+ms.topic: concept-article
+ms.date: 05/24/2023
+---
+
+# How User Account Control works
+
+User Account Control (UAC) is a key part of Windows security. UAC reduces the risk of malware by limiting the ability of malicious code to execute with administrator privileges. This article describes how UAC works and how it interacts with the end-users.
+
+## UAC process and interactions
+
+With UAC, each application that requires the *administrator access token* must prompt the end user for consent. The only exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same *integrity level*.
+
+Windows protects processes by marking their integrity levels. Integrity levels are measurements of trust:
+
+- A *high integrity application* is one that performs tasks that modify system data, such as a disk partitioning application
+- A *low integrity application* is one that performs tasks that could potentially compromise the operating system, like as a Web brows
+
+Applications with lower integrity levels can't modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provides valid administrator credentials.
+
+To better understand how this process works, let's take a closer look at the Windows sign in process.
+
+## Sign in process
+
+The following diagram shows how the sign in process for an administrator differs from the sign in process for a standard user.
+
+:::image type="content" source="images/uac-windows-logon-process.gif" alt-text="Diagram that describes the UAC Windows logon process.":::
+
+By default, both standard and administrator users access resources and execute apps in the security context of a standard user.\
+When a user signs in, the system creates an access token for that user. The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges.
+
+When an administrator logs on, two separate access tokens are created for the user: a *standard user access token* and an *administrator access token*. The standard user access token:
+
+- Contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed
+- It's used to start applications that don't perform administrative tasks (standard user apps)
+- It's used to display the desktop by executing the process *explorer.exe*. Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token
+
+A user that is a member of the Administrators group can sign in, browse the Web, and read e-mail while using a standard user access token. When the administrator needs to perform a task that requires the administrator access token, Windows automatically prompts the user for approval. This prompt is called an *elevation prompt*, and its behavior can be configured via policy or registry.
+
+## The UAC user experience
+
+When UAC is enabled, the user experience for standard users is different from administrator users. The recommended and more secure method of running Windows, is to ensure your primary user account is a standard user. Running as a standard user helps to maximize security for a managed environment. With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account.
+
+The default, built-in UAC elevation component for standard users is the *credential prompt*.
+
+The alternative to running as a standard user is to run as an administrator in *Admin Approval Mode*. With the built-in UAC elevation component, members of the local Administrators group can easily perform an administrative task by providing approval.
+
+The default, built-in UAC elevation component for an administrator account in Admin Approval Mode is called the *consent prompt*.
+
+### The credential prompt
+
+The credential prompt is presented when a standard user attempts to perform a task that requires a user's administrative access token. Administrators can also be required to provide their credentials by setting the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting value to **Prompt for credentials**.
+
+:::image type="content" source="images/uac-credential-prompt.png" alt-text="Screenshot showing the UAC credential prompt.":::
+
+### The consent prompt
+
+The consent prompt is presented when a user attempts to perform a task that requires a user's administrative access token.
+
+  :::image type="content" source="images/uac-consent-prompt-admin.png" alt-text="Screenshot showing the UAC consent prompt.":::
+
+### UAC elevation prompts
+
+The UAC elevation prompts are color-coded to be app-specific, enabling for easier identification of an application's potential security risk. When an app attempts to run with an administrator's full access token, Windows first analyzes the executable file to determine its publisher. Apps are first separated into three categories based on the file's publisher:
+
+- Windows
+- Publisher verified (signed)
+- Publisher not verified (unsigned)
+
+The elevation prompt color-coding is as follows:
+
+- Gray background: The application is a Windows administrative app, such as a Control Panel item, or an application signed by a verified publisher
+  :::image type="content" source="images/uac-credential-prompt-signed.png" alt-text="Screenshot showing the UAC credential prompt with a signed executable.":::
+- Yellow background: the application is unsigned or signed but isn't trusted
+  :::image type="content" source="images/uac-credential-prompt-unsigned.png" alt-text="Screenshot showing the UAC consent prompt with an unsigned executable.":::
+
+### Shield icon
+
+Some Control Panel items, such as **Date and Time**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screenshot of the **Date and Time** Control Panel item.
+
+:::image type="content" source="images/uac-shield-icon.png" alt-text="Screenshot showing the UAC Shield Icon in Date and Time Properties." border="false":::
+
+The shield icon on the **Change date and time...** button indicates that the process requires a full administrator access token.
+
+## Securing the elevation prompt
+
+The elevation process is further secured by directing the prompt to the *secure desktop*. The consent and credential prompts are displayed on the secure desktop by default. Only Windows processes can access the secure desktop. For higher levels of security, we recommend keeping the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting enabled.
+
+When an executable file requests elevation, the *interactive desktop*, also called the *user desktop*, is switched to the secure desktop. The secure desktop dims the user desktop and displays an elevation prompt that must be responded to before continuing. When the user selects **Yes** or **No**, the desktop switches back to the user desktop.
+
+> [!NOTE]
+> Starting in **Windows Server 2019**, it's not possible to paste the content of the clipboard on the secure desktop. This is the same behavior of the currently supported Windows client OS versions. 
+
+Malware can present an imitation of the secure desktop, but when the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting is set to **Prompt for consent**, the malware doesn't gain elevation if the user selects **Yes** on the imitation. If the policy setting is set to **Prompt for credentials**, malware imitating the credential prompt may be able to gather the credentials from the user. However, the malware doesn't gain elevated privilege and the system has other protections that mitigate malware from taking control of the user interface even with a harvested password.
+
+While malware could present an imitation of the secure desktop, this issue can't occur unless a user previously installed the malware on the PC. Because processes requiring an administrator access token can't silently install when UAC is enabled, the user must explicitly provide consent by selecting **Yes** or by providing administrator credentials. The specific behavior of the UAC elevation prompt is dependent upon security policies.
+
+## UAC Architecture
+
+The following diagram details the UAC architecture.
+
+:::image type="content" source="images/uac-architecture.gif" alt-text="Diagram that describes the UAC architecture.":::
+
+To better understand each component, review the following tables:
+
+### User
+
+|Component|Description|
+|--- |--- |
+|<p>User performs operation requiring privilege|<p>If the operation changes the file system or registry, Virtualization is called. All other operations call ShellExecute.|
+|<p>ShellExecute|<p>ShellExecute calls CreateProcess. ShellExecute looks for the ERROR_ELEVATION_REQUIRED error from CreateProcess. If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.|
+|<p>CreateProcess|<p>If the application requires elevation, CreateProcess rejects the call with ERROR_ELEVATION_REQUIRED.|
+
+### System
+
+|Component|Description|
+|--- |--- |
+|<p>Application Information service|<p>A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required. Depending on the configured policies, the user may give consent.|
+|<p>Elevating an ActiveX install|<p>If ActiveX isn't installed, the system checks the UAC slider level. If ActiveX is installed, the **User Account Control: Switch to the secure desktop when prompting for elevation** Group Policy setting is checked.|
+|<p>Check UAC slider level|<p>UAC has a slider to select from four levels of notification.<ul><li><p>**Always notify** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Notify you when you make changes to Windows settings.</li><li>Freeze other tasks until you respond.</li></ul><p>Recommended if you often install new software or visit unfamiliar websites.<br></li><li><p>**Notify me only when programs try to make changes to my computer** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Freeze other tasks until you respond.</li></ul><p>Recommended if you don't often install apps or visit unfamiliar websites.<br></li><li><p>**Notify me only when programs try to make changes to my computer (do not dim my desktop)** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Not freeze other tasks until you respond.</li></ul><p>Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.<br></li><li><p>**Never notify (Disable UAC prompts)** will:<ul><li>Not notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Not freeze other tasks until you respond.</li></ul><p>Not recommended due to security concerns.|
+|<p>Secure desktop enabled|<p>The **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is checked: <ul><li><p>If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.</li><li><p>If the secure desktop isn't enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.|
+|<p>CreateProcess|<p>CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the app requires elevation. The file is then inspected to determine its requested execution level, which is stored in the application manifest for the file. CreateProcess fails if the requested execution level specified in the manifest doesn't match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.|
+|<p>AppCompat|<p>The AppCompat database stores information in the application compatibility fix entries for an application.|
+|<p>Fusion|<p>The Fusion database stores information from application manifests that describe the applications. The manifest schema is updated to add a new requested execution level field.|
+|<p>Installer detection|<p>Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.|
+
+### Kernel
+
+|Component|Description|
+|--- |--- |
+|<p>Virtualization|<p>Virtualization technology ensures that noncompliant apps don't silently fail to run or fail in a way that the cause can't be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.|
+|<p>File system and registry|<p>The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.|
+ 
+The slider never turns off UAC completely. If you set it to **Never notify**, it will:
+
+- Keep the UAC service running
+- Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt
+- Automatically deny all elevation requests for standard users
+
+> [!IMPORTANT]
+> In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
+
+> [!WARNING]
+> Some Universal Windows Platform apps may not work when UAC is disabled.
+
+### Virtualization
+
+Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you don't need to replace most apps when UAC is turned on.
+
+Windows includes file and registry virtualization technology for apps that aren't UAC-compliant and that requires an administrator's access token to run correctly. When an administrative app that isn't UAC-compliant attempts to write to a protected folder, such as *Program Files*, UAC gives the app its own virtualized view of the resource it's attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the noncompliant app.
+
+Most app tasks operate properly by using virtualization features. Although virtualization allows most applications to run, it's a short-term fix and not a long-term solution. App developers should modify their apps to be compliant as soon as possible, rather than relying on file, folder, and registry virtualization.
+
+Virtualization isn't an option in the following scenarios:
+
+- Virtualization doesn't apply to apps that are elevated and run with a full administrative access token
+- Virtualization supports only 32-bit apps. Non-elevated 64-bit apps receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations
+- Virtualization is disabled if the app includes an app manifest with a requested execution level attribute
+
+### Request execution levels
+
+An app manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an app should bind to at run time. The app manifest includes entries for UAC app compatibility purposes. Administrative apps that include an entry in the app manifest prompt the user for permission to access the user's access token. Although they lack an entry in the app manifest, most administrative app can run without modification by using app compatibility fixes. App compatibility fixes are database entries that enable applications that aren't UAC-compliant to work properly.
+
+All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, marking the app with a requested execution level of *require administrator* ensures that the system identifies this program as an administrative app, and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.
+
+### Installer detection technology
+
+Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users don't have sufficient access to install programs. Windows heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows also heuristically detects updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
+
+Installer detection only applies to:
+
+- 32-bit executable files
+- Applications without a requested execution level attribute
+- Interactive processes running as a standard user with UAC enabled
+
+Before a 32-bit process is created, the following attributes are checked to determine whether it's an installer:
+
+- The file name includes keywords such as "install," "setup," or "update."
+- Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name
+- Keywords in the side-by-side manifest are embedded in the executable file
+- Keywords in specific StringTable entries are linked in the executable file
+- Key attributes in the resource script data are linked in the executable file
+- There are targeted sequences of bytes within the executable file
+
+> [!NOTE]
+> The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
+
+> [!NOTE]
+> The *User Account Control: Detect application installations and prompt for elevation* policy must be enabled for installer detection to detect installation programs. For more information, see [User Account Control settings list](settings-and-configuration.md#user-account-control-settings-list).
+
+## Next steps
+
+Learn more about [User Account Control settings and configuration](settings-and-configuration.md).
diff --git a/windows/security/identity-protection/user-account-control/images/uacarchitecture.gif b/windows/security/application-security/application-control/user-account-control/images/uac-architecture.gif
similarity index 100%
rename from windows/security/identity-protection/user-account-control/images/uacarchitecture.gif
rename to windows/security/application-security/application-control/user-account-control/images/uac-architecture.gif
diff --git a/windows/security/application-security/application-control/user-account-control/images/uac-consent-prompt-admin.png b/windows/security/application-security/application-control/user-account-control/images/uac-consent-prompt-admin.png
new file mode 100644
index 0000000000..3e5a5ae7bc
Binary files /dev/null and b/windows/security/application-security/application-control/user-account-control/images/uac-consent-prompt-admin.png differ
diff --git a/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt-signed.png b/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt-signed.png
new file mode 100644
index 0000000000..c66349ec11
Binary files /dev/null and b/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt-signed.png differ
diff --git a/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt-unsigned.png b/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt-unsigned.png
new file mode 100644
index 0000000000..1d8074889f
Binary files /dev/null and b/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt-unsigned.png differ
diff --git a/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt.png b/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt.png
new file mode 100644
index 0000000000..462b775fcb
Binary files /dev/null and b/windows/security/application-security/application-control/user-account-control/images/uac-credential-prompt.png differ
diff --git a/windows/security/application-security/application-control/user-account-control/images/uac-settings-catalog.png b/windows/security/application-security/application-control/user-account-control/images/uac-settings-catalog.png
new file mode 100644
index 0000000000..adbf9fb65e
Binary files /dev/null and b/windows/security/application-security/application-control/user-account-control/images/uac-settings-catalog.png differ
diff --git a/windows/security/application-security/application-control/user-account-control/images/uac-shield-icon.png b/windows/security/application-security/application-control/user-account-control/images/uac-shield-icon.png
new file mode 100644
index 0000000000..7336800e99
Binary files /dev/null and b/windows/security/application-security/application-control/user-account-control/images/uac-shield-icon.png differ
diff --git a/windows/security/identity-protection/user-account-control/images/uacwindowslogonprocess.gif b/windows/security/application-security/application-control/user-account-control/images/uac-windows-logon-process.gif
similarity index 100%
rename from windows/security/identity-protection/user-account-control/images/uacwindowslogonprocess.gif
rename to windows/security/application-security/application-control/user-account-control/images/uac-windows-logon-process.gif
diff --git a/windows/security/application-security/application-control/user-account-control/index.md b/windows/security/application-security/application-control/user-account-control/index.md
new file mode 100644
index 0000000000..aad3fb9eab
--- /dev/null
+++ b/windows/security/application-security/application-control/user-account-control/index.md
@@ -0,0 +1,36 @@
+---
+title: User Account Control
+description: Learn how User Account Control (UAC) helps to prevent unauthorized changes to Windows devices.
+ms.collection: 
+  - highpri
+  - tier2
+ms.topic: overview
+ms.date: 05/24/2023
+---
+
+# User Account Control overview
+
+User Account Control (UAC) is a Windows security feature designed to protect the operating system from unauthorized changes. When changes to the system require administrator-level permission, UAC notifies the user, giving the opportunity to approve or deny the change. UAC improves the security of Windows devices by limiting the access that malicious code has to execute with administrator privileges. UAC empowers users to make informed decisions about actions that may affect the stability and security of their device.
+
+Unless you disable UAC, malicious software is prevented from disabling or interfering with UAC settings. UAC is enabled by default, and you can configure it if you have administrative privileges.
+
+## Benefits of UAC
+
+UAC allows all users to sign in their devices using a *standard user account*. Processes launched using a *standard user token* may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Any applications that are started using Windows Explorer (for example, by opening a shortcut) also run with the standard set of user permissions. Most applications, including the ones included with the operating system, are designed to work properly this way.\
+Other applications, like ones that aren't designed with security settings in mind, may require more permissions to run successfully. These applications are referred to as *legacy apps*.
+
+When a user tries to perform an action that requires administrative privileges, UAC triggers a *consent prompt*. The prompt notifies the user that a change is about to occur, asking for their permission to proceed:
+
+- If the user approves the change, the action is performed with the highest available privilege
+- If the user doesn't approve the change, the action isn't performed and the application that requested the change is prevented from running
+
+:::image type="content" source="images/uac-consent-prompt-admin.png" alt-text="Screenshot showing the UAC consent prompt.":::
+
+When an app requires to run with more than standard user rights, UAC allows users to run apps with their *administrator token* (that is, with administrative rights and permissions) instead of their default, standard user token. Users continue to operate in the standard user security context, while enabling certain apps to run with elevated privileges, if needed.
+
+[!INCLUDE [user-account-control-uac](../../../../../includes/licensing/user-account-control-uac.md)]
+
+## Next steps
+
+- [How User Account Control works](how-it-works.md)
+- [User Account Control settings and configuration](settings-and-configuration.md)
diff --git a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
new file mode 100644
index 0000000000..284e549300
--- /dev/null
+++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
@@ -0,0 +1,102 @@
+---
+title: User Account Control settings and configuration
+description: Learn about the User Account Control settings and how to configure them via Intune, CSP, group policy and registry.
+ms.date: 07/31/2023
+ms.topic: how-to
+---
+
+# User Account Control settings and configuration
+
+## User Account Control settings list
+
+The following table lists the available settings to configure the UAC behavior, and their default values.
+
+|Setting name| Description|
+|-|-|
+|Admin Approval Mode for the Built-in Administrator account|Controls the behavior of Admin Approval Mode for the built-in Administrator account.<br><br>**Enabled**: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege prompts the user to approve the operation.<br>**Disabled (default)**: The built-in Administrator account runs all applications with full administrative privilege.|
+|Allow UIAccess applications to prompt for elevation without using the secure desktop|Controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.<br><br>**Enabled**: UIA programs, including Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the **Switch to the secure desktop when prompting for elevation** policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop. This setting allows the remote administrator to provide the appropriate credentials for elevation. This policy setting doesn't change the behavior of the UAC elevation prompt for administrators. If you plan to enable this policy setting, you should also review the effect of the **Behavior of the elevation prompt for standard users** policy setting: if it's' configured as **Automatically deny elevation requests**, elevation requests aren't presented to the user.<br>**Disabled (default)**: The secure desktop can be disabled only by the user of the interactive desktop or by disabling the **Switch to the secure desktop when prompting for elevation** policy setting.|
+|Behavior of the elevation prompt for administrators in Admin Approval Mode|Controls the behavior of the elevation prompt for administrators.<br><br>**Elevate without prompting**: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. **Use this option only in the most constrained environments**.<br>**Prompt for credentials on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.<br>**Prompt for consent on the secure desktop**: When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.<br>**Prompt for credentials**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Prompt for consent**: When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.<br>**Prompt for consent for non-Windows binaries (default)**: When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.|
+|Behavior of the elevation prompt for standard users|Controls the behavior of the elevation prompt for standard users.<br><br>**Prompt for credentials (default)**: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Automatically deny elevation requests**: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.<br>**Prompt for credentials on the secure desktop** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.|
+|Detect application installations and prompt for elevation|Controls the behavior of application installation detection for the computer.<br><br>**Enabled (default)**: When an app installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.<br>**Disabled**: App installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies, such as Microsoft Intune, should disable this policy setting. In this case, installer detection is unnecessary. |
+|Only elevate executables that are signed and validated|Enforces signature checks for any interactive applications that request elevation of privilege. IT admins can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local devices.<br><br>**Enabled**: Enforces the certificate certification path validation for a given executable file before it's permitted to run.<br>**Disabled (default)**: Doesn't enforce the certificate certification path validation before a given executable file is permitted to run.|
+|Only elevate UIAccess applications that are installed in secure locations|Controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following folders:<br>- `%ProgramFiles%`, including subfolders<br>- `%SystemRoot%\system32\`<br>- `%ProgramFiles(x86)%`, including subfolders<br><br><br>**Enabled (default)**: If an app resides in a secure location in the file system, it runs only with UIAccess integrity.<br>**Disabled**: An app runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.<br><br>**Note:** Windows enforces a digital signature check on any interactive apps that requests to run with a UIAccess integrity level regardless of the state of this setting.|
+|Run all administrators in Admin Approval Mode|Controls the behavior of all UAC policy settings.<br><br>**Enabled (default)**: Admin Approval Mode is enabled. This policy must be enabled and related UAC settings configured. The policy allows the built-in Administrator account and members of the Administrators group to run in Admin Approval Mode.<br>**Disabled**: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, **Windows Security** notifies you that the overall security of the operating system has been reduced.|
+|Switch to the secure desktop when prompting for elevation|This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.<br><br>**Enabled (default)**: All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.<br>**Disabled**: All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.|
+|Virtualize File And Registry Write Failures To Per User Locations|Controls whether application write failures are redirected to defined registry and file system locations. This setting mitigates applications that run as administrator and write run-time application data to `%ProgramFiles%`, `%Windir%`, `%Windir%\system32`, or `HKLM\Software`.<br><br>**Enabled (default)**: App write failures are redirected at run time to defined user locations for both the file system and registry.<br>**Disabled**: Apps that write data to protected locations fail.|
+
+## User Account Control configuration
+
+To configure UAC, you can use:
+
+- Microsoft Intune/MDM
+- Group policy
+- Registry
+
+The following instructions provide details how to configure your devices. Select the option that best suits your needs.
+
+
+#### [:::image type="icon" source="../../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
+
+### Configure UAC with a Settings catalog policy
+
+To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Local Policies Security Options`**:
+
+:::image type="content" source="images/uac-settings-catalog.png" alt-text="Screenshot that shows the UAC policies in the Intune settings catalog." lightbox="images/uac-settings-catalog.png" border="True":::
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
+
+Alternatively, you can configure devices using a [custom policy][MEM-1] with the [LocalPoliciesSecurityOptions Policy CSP][WIN-1].\
+The policy settings are located under: `./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions`.
+
+|Setting|
+| - |
+| **Setting name**: Admin Approval Mode for the built-in Administrator account<br>**Policy CSP name**: `UserAccountControl_UseAdminApprovalMode`|
+| **Setting name**: Allow UIAccess applications to prompt for elevation without using the secure desktop<br>**Policy CSP name**: `UserAccountControl_AllowUIAccessApplicationsToPromptForElevation`|
+| **Setting name**: Behavior of the elevation prompt for administrators in Admin Approval Mode<br>**Policy CSP name**: `UserAccountControl_BehaviorOfTheElevationPromptForAdministrators`|
+| **Setting name**: Behavior of the elevation prompt for standard users<br>**Policy CSP name**: `UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers`|
+| **Setting name**: Detect application installations and prompt for elevation<br>**Policy CSP name**: `UserAccountControl_DetectApplicationInstallationsAndPromptForElevation`|
+| **Setting name**: Only elevate executables that are signed and validated<br>**Policy CSP name**: `UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated`|
+| **Setting name**: Only elevate UIAccess applications that are installed in secure locations<br>**Policy CSP name**: `UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations`|
+| **Setting name**: Run all administrators in Admin Approval Mode<br>**Policy CSP name**: `UserAccountControl_RunAllAdministratorsInAdminApprovalMode`|
+| **Setting name**: Switch to the secure desktop when prompting for elevation<br>**Policy CSP name**: `UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation`|
+| **Setting name**: Virtualize file and registry write failures to per-user locations<br>**Policy CSP name**: `UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations`|
+
+#### [:::image type="icon" source="../../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
+
+You can use security policies to configure how User Account Control works in your organization. The policies can be configured locally by using the Local Security Policy snap-in (`secpol.msc`) or configured for the domain, OU, or specific groups by group policy.
+
+The policy settings are located under: `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options`.
+
+| Group Policy setting |Default value|
+| - | - |
+|User Account Control: Admin Approval Mode for the built-in Administrator account|  Disabled |
+|User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop| Disabled |
+|User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode| Prompt for consent for non-Windows binaries |
+|User Account Control: Behavior of the elevation prompt for standard users | Prompt for credentials |
+|User Account Control: Detect application installations and prompt for elevation| Enabled (default for home edition only)<br />Disabled (default) |
+|User Account Control: Only elevate executables that are signed and validated| Disabled |
+|User Account Control: Only elevate UIAccess applications that are installed in secure locations | Enabled |
+|User Account Control: Run all administrators in Admin Approval Mode| Enabled |
+|User Account Control: Switch to the secure desktop when prompting for elevation |  Enabled |
+|User Account Control: Virtualize file and registry write failures to per-user locations | Enabled |
+
+#### [:::image type="icon" source="../../../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
+
+The registry keys are found under the key: `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`.
+
+| Setting name | Registry key name | Value |
+| - | - | - |
+| Admin Approval Mode for the built-in Administrator account | `FilterAdministratorToken` | 0 (Default) = Disabled<br>1 = Enabled |
+| Allow UIAccess applications to prompt for elevation without using the secure desktop | `EnableUIADesktopToggle` | 0 (Default) = Disabled<br>1 = Enabled |
+| Behavior of the elevation prompt for administrators in Admin Approval Mode| `ConsentPromptBehaviorAdmin` | 0 = Elevate without prompting<br>1 = Prompt for credentials on the secure desktop<br>2 = Prompt for consent on the secure desktop<br>3 = Prompt for credentials<br>4 = Prompt for consent<br>5 (Default) = Prompt for consent for non-Windows binaries|
+| Behavior of the elevation prompt for standard users | `ConsentPromptBehaviorUser` | 0 = Automatically deny elevation requests<br>1 = Prompt for credentials on the secure desktop<br>3 (Default) = Prompt for credentials |
+| Detect application installations and prompt for elevation | `EnableInstallerDetection` | 1 = Enabled (default for home only)<br>0 = Disabled (default) |
+| Only elevate executables that are signed and validated | `ValidateAdminCodeSignatures` | 0 (Default) = Disabled<br>1 = Enabled |
+| Only elevate UIAccess applications that are installed in secure locations | `EnableSecureUIAPaths` | 0 = Disabled<br>1 (Default) = Enabled |
+| Run all administrators in Admin Approval Mode | `EnableLUA` | 0 = Disabled<br>1 (Default) = Enabled |
+| Switch to the secure desktop when prompting for elevation| `PromptOnSecureDesktop` | 0 = Disabled<br>1 (Default) = Enabled |
+| Virtualize file and registry write failures to per-user locations | `EnableVirtualization` | 0 = Disabled<br>1 (Default) = Enabled |
+
+[WIN-1]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
+[MEM-2]: /mem/intune/configuration/settings-catalog
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
index ab8014b9a5..b8552a63ca 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
@@ -1,35 +1,17 @@
 ---
 title: Testing and Debugging AppId Tagging Policies
 description: Testing and Debugging AppId Tagging Policies to ensure your policies are deployed successfully.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/29/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Testing and Debugging AppId Tagging Policies
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. 
+After deployment of the WDAC AppId Tagging policy, WDAC will log a 3099 policy deployed event in the [Event Viewer logs](../operations/event-id-explanations.md). You first should ensure that the policy has been successfully deployed onto the system by verifying the presence of the 3099 event. 
 
 ## Verifying Tags on Running Processes
 
@@ -53,4 +35,4 @@ After verifying the policy has been deployed, the next step is to verify that th
 
 	Lastly, in the textbox, type `!token` and then press the Enter key to dump the security attributes on the process, including the _POLICYAPPID://_ followed by the key you set in the policy, and its corresponding value in the Value[0] field.
 
-	![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
\ No newline at end of file
+	![Dump the security attributes on the process using WinDbg.](../images/appid-pid-windbg-token.png)
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
index bf48be5b8d..e8af7434cc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
@@ -1,25 +1,13 @@
 ---
 title: Deploying Windows Defender Application Control AppId tagging policies
 description: How to deploy your WDAC AppId tagging policies locally and globally within your managed environment.
-ms.prod: windows-client
 ms.localizationpriority: medium
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/29/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Deploying Windows Defender Application Control AppId tagging policies
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
 
@@ -32,7 +20,7 @@ Similar to Windows Defender Application Control (WDAC) policies, WDAC AppId tagg
 
 ## Deploy AppId tagging policies with MDM
 
-Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
+Custom AppId tagging policies can be deployed to endpoints using [the OMA-URI feature in MDM](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
 
 ## Deploy AppId tagging policies with Configuration Manager
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
similarity index 70%
rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
index 9bce0c01fd..9407cacded 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
@@ -1,43 +1,29 @@
 ---
 title: Create your Windows Defender Application Control AppId Tagging Policies
 description: Create your Windows Defender Application Control AppId tagging policies for Windows devices.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/29/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Creating your WDAC AppId Tagging Policies
 
-**Applies to:**
-
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 ## Create the policy using the WDAC Wizard
 
-You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md).
+You can use the Windows Defender Application Control (WDAC) Wizard and the PowerShell commands to create an application control policy and convert it to an AppIdTagging policy. The WDAC Wizard is available for download at the [WDAC Wizard Installer site](https://aka.ms/wdacwizard). These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md).
 
 1. Create a new base policy using the templates:
 
-	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The example below shows beginning with the [Default Windows Mode](../wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. 
+	Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../design/wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules. 
 
 	![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png)
+	
+	> [!NOTE]
+	> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates. 
+	For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
 
 2. 	Set the following rule-options using the Wizard toggles:
 
@@ -45,7 +31,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 
 3. Create custom rules:
 
-	Selecting the `+ Custom Rules` button will open the Custom Rules panel. The Wizard supports five types of file rules: 
+	Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules: 
 
 	- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security. 
 	- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards. 
@@ -53,23 +39,22 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
 	- Package app name rules: Create a rule based off the package family name of an appx/msix.
 	- Hash rules: Create a rule based off the PE Authenticode hash of a file. 
 
-
-	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../wdac-wizard-create-base-policy.md#creating-custom-file-rules).
+	For more information on creating new policy file rules, see the guidelines provided in the [creating policy file rules section](../design/wdac-wizard-create-base-policy.md#creating-custom-file-rules).
 
 4. Convert to AppId Tagging Policy:
 
-	After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the usermode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario:
+	After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the user mode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario:
 
 	```powershell
 	Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
 	```
-	The policyID GUID will be returned by PowerShell if successful. 
+	The policyID GUID is returned by the PowerShell command if successful. 
 
 ## Create the policy using PowerShell 
 
-Using this method, you'll create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). In an elevate PowerShell instance:
+Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](wdac-appid-tagging-guide.md). In an elevate PowerShell instance:
 
-1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules:
+1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../design/select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules:
 
 	```powershell
 	$rule = New-CiPolicyRule -Level SignedVersion -DriverFilePath <path_to_application>
@@ -87,14 +72,14 @@ Using this method, you'll create an AppId Tagging policy directly using the WDAC
 	Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
 	```
 
-	If you're using filepath rules, you'll likely want to set option 18. Otherwise, there's no need. 
+	If you're using filepath rules, you may want to set option 18. Otherwise, there's no need. 
 	
 4. Set the name and ID on the policy, which is helpful for future debugging:
 
 	```powershell
 	Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId"" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
 	```
-	The policyID GUID will be returned by PowerShell if successful. 
+	The policyID GUID is returned by the PowerShell command if successful. 
 
 ## Deploy for Local Testing
 
@@ -116,4 +101,4 @@ After creating your AppId Tagging policy in the above steps, you can deploy the
 	RefreshPolicy.exe is available for download from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=102925).
 
 ## Next Steps
-For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](./debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md). 
\ No newline at end of file
+For more information on debugging and broad deployment of the AppId Tagging policy, see [Debugging AppId policies](debugging-operational-guide-appid-tagging-policies.md) and [Deploying AppId policies](deploy-appid-tagging-policies.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
rename to windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
index a509bcee48..2d94e08d99 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/AppIdTagging/wdac-appid-tagging-guide.md
@@ -1,31 +1,13 @@
 ---
-title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies 
+title: Designing, creating, managing and troubleshooting Windows Defender Application Control AppId Tagging policies
 description: How to design, create, manage and troubleshoot your WDAC AppId Tagging policies
-keywords: security, malware, firewall
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/27/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # WDAC Application ID (AppId) Tagging guide
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2022 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
similarity index 82%
rename from windows/security/threat-protection/windows-defender-application-control/TOC.yml
rename to windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
index c003b5258e..3815f2af27 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml
@@ -1,7 +1,7 @@
 - name: Application Control for Windows
   href: index.yml
 - name: About application control for Windows
-  href: windows-defender-application-control.md
+  href: wdac.md
   expanded: true
   items:
     - name: WDAC and AppLocker Overview
@@ -9,120 +9,120 @@
     - name: WDAC and AppLocker Feature Availability
       href: feature-availability.md
     - name: Virtualization-based protection of code integrity
-      href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+      href: ../introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
 - name: WDAC design guide
-  href: windows-defender-application-control-design-guide.md
+  href: design/wdac-design-guide.md
   items:
     - name: Plan for WDAC policy lifecycle management
-      href: plan-windows-defender-application-control-management.md
+      href: design/plan-wdac-management.md
     - name: Design your WDAC policy
       items:
         - name: Understand WDAC policy design decisions
-          href: understand-windows-defender-application-control-policy-design-decisions.md
+          href: design/understand-wdac-policy-design-decisions.md
         - name: Understand WDAC policy rules and file rules
-          href: select-types-of-rules-to-create.md
+          href: design/select-types-of-rules-to-create.md
           items:
             - name: Allow apps installed by a managed installer
-              href: configure-authorized-apps-deployed-with-a-managed-installer.md
+              href: design/configure-authorized-apps-deployed-with-a-managed-installer.md
             - name: Allow reputable apps with Intelligent Security Graph (ISG)
-              href: use-windows-defender-application-control-with-intelligent-security-graph.md
+              href: design/use-wdac-with-intelligent-security-graph.md
             - name: Allow COM object registration
-              href: allow-com-object-registration-in-windows-defender-application-control-policy.md
+              href: design/allow-com-object-registration-in-wdac-policy.md
             - name: Use WDAC with .NET hardening
-              href: use-windows-defender-application-control-with-dynamic-code-security.md
+              href: design/wdac-and-dotnet.md
             - name: Script enforcement with Windows Defender Application Control
               href: design/script-enforcement.md
             - name: Manage packaged apps with WDAC
-              href: manage-packaged-apps-with-windows-defender-application-control.md
+              href: design/manage-packaged-apps-with-wdac.md
             - name: Use WDAC to control specific plug-ins, add-ins, and modules
-              href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+              href: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
             - name: Understand WDAC policy settings
-              href: understanding-wdac-policy-settings.md
+              href: design/understanding-wdac-policy-settings.md
         - name: Use multiple WDAC policies
-          href: deploy-multiple-windows-defender-application-control-policies.md
+          href: design/deploy-multiple-wdac-policies.md
     - name: Create your WDAC policy
       items:
         - name: Example WDAC base policies
-          href: example-wdac-base-policies.md
+          href: design/example-wdac-base-policies.md
         - name: Policy creation for common WDAC usage scenarios
-          href: types-of-devices.md
+          href: design/common-wdac-use-cases.md
           items:
             - name: Create a WDAC policy for lightly managed devices
-              href: create-wdac-policy-for-lightly-managed-devices.md
+              href: design/create-wdac-policy-for-lightly-managed-devices.md
             - name: Create a WDAC policy for fully managed devices
-              href: create-wdac-policy-for-fully-managed-devices.md
+              href: design/create-wdac-policy-for-fully-managed-devices.md
             - name: Create a WDAC policy for fixed-workload devices
-              href: create-initial-default-policy.md
+              href: design/create-wdac-policy-using-reference-computer.md
             - name: Create a WDAC deny list policy
-              href: create-wdac-deny-policy.md
-            - name: Microsoft recommended block rules
-              href: microsoft-recommended-block-rules.md
+              href: design/create-wdac-deny-policy.md
+            - name: Applications that can bypass WDAC and how to block them
+              href: design/applications-that-can-bypass-wdac.md
             - name: Microsoft recommended driver block rules
-              href: microsoft-recommended-driver-block-rules.md
+              href: design/microsoft-recommended-driver-block-rules.md
         - name: Use the WDAC Wizard tool
-          href: wdac-wizard.md
+          href: design/wdac-wizard.md
           items:
             - name: Create a base WDAC policy with the Wizard
-              href: wdac-wizard-create-base-policy.md
+              href: design/wdac-wizard-create-base-policy.md
             - name: Create a supplemental WDAC policy with the Wizard
-              href: wdac-wizard-create-supplemental-policy.md
+              href: design/wdac-wizard-create-supplemental-policy.md
             - name: Editing a WDAC policy with the Wizard
-              href: wdac-wizard-editing-policy.md
+              href: design/wdac-wizard-editing-policy.md
             - name: Creating WDAC Policy Rules from WDAC Events
-              href: wdac-wizard-parsing-event-logs.md
+              href: design/wdac-wizard-parsing-event-logs.md
             - name: Merging multiple WDAC policies with the Wizard
-              href: wdac-wizard-merging-policies.md
+              href: design/wdac-wizard-merging-policies.md
 - name: WDAC deployment guide
-  href: windows-defender-application-control-deployment-guide.md
+  href: deployment/wdac-deployment-guide.md
   items:
     - name: Deploy WDAC policies with MDM
-      href: deployment/deploy-windows-defender-application-control-policies-using-intune.md
+      href: deployment/deploy-wdac-policies-using-intune.md
     - name: Deploy WDAC policies with Configuration Manager
       href: deployment/deploy-wdac-policies-with-memcm.md
     - name: Deploy WDAC policies with script
       href: deployment/deploy-wdac-policies-with-script.md
     - name: Deploy WDAC policies with group policy
-      href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+      href: deployment/deploy-wdac-policies-using-group-policy.md
     - name: Audit WDAC policies
-      href: audit-windows-defender-application-control-policies.md
+      href: deployment/audit-wdac-policies.md
     - name: Merge WDAC policies
-      href: merge-windows-defender-application-control-policies.md
+      href: deployment/merge-wdac-policies.md
     - name: Enforce WDAC policies
-      href: enforce-windows-defender-application-control-policies.md
+      href: deployment/enforce-wdac-policies.md
     - name: Use code signing for added control and protection with WDAC
-      href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+      href: deployment/use-code-signing-for-better-control-and-protection.md
       items:
         - name: Deploy catalog files to support WDAC
-          href: deploy-catalog-files-to-support-windows-defender-application-control.md
+          href: deployment/deploy-catalog-files-to-support-wdac.md
         - name: Use signed policies to protect Windows Defender Application Control against tampering
-          href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+          href: deployment/use-signed-policies-to-protect-wdac-against-tampering.md
         - name: "Optional: Create a code signing cert for WDAC"
-          href: create-code-signing-cert-for-windows-defender-application-control.md
+          href: deployment/create-code-signing-cert-for-wdac.md
     - name: Disable WDAC policies
-      href: disable-windows-defender-application-control-policies.md
+      href: deployment/disable-wdac-policies.md
     - name: LOB Win32 Apps on S Mode
-      href: LOB-win32-apps-on-s.md
+      href: deployment/LOB-win32-apps-on-s.md
 - name: WDAC operational guide
-  href: windows-defender-application-control-operational-guide.md
+  href: operations/wdac-operational-guide.md
   items:
     - name: WDAC debugging and troubleshooting
       href: operations/wdac-debugging-and-troubleshooting.md
     - name: Understanding Application Control event IDs
-      href: event-id-explanations.md
+      href: operations/event-id-explanations.md
     - name: Understanding Application Control event tags
-      href: event-tag-explanations.md
+      href: operations/event-tag-explanations.md
     - name: Query WDAC events with Advanced hunting
-      href: querying-application-control-events-centrally-using-advanced-hunting.md
+      href: operations/querying-application-control-events-centrally-using-advanced-hunting.md
     - name: Known Issues
       href: operations/known-issues.md
     - name: Managed installer and ISG technical reference and troubleshooting guide
-      href: configure-wdac-managed-installer.md
+      href: operations/configure-wdac-managed-installer.md
     - name: CITool.exe technical reference
       href: operations/citool-commands.md
     - name: Inbox WDAC policies
       href: operations/inbox-wdac-policies.md
 - name: WDAC AppId Tagging guide
-  href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+  href: AppIdTagging/wdac-appid-tagging-guide.md
   items:
     - name: Creating AppId Tagging Policies
       href: AppIdTagging/design-create-appid-tagging-policies.md
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index 0400b53abf..137f9503c0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -1,30 +1,13 @@
 ---
-title: Add rules for packaged apps to existing AppLocker rule-set 
+title: Add rules for packaged apps to existing AppLocker rule-set
 description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
-ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Add rules for packaged apps to existing AppLocker rule-set
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,6 +15,4 @@ This topic for IT professionals describes how to update your existing AppLocker
 
 You can create packaged app rules for the computers running Windows Server 2012 or Windows 8 and later in your domain by updating your existing AppLocker rule set. All you need is a computer running at least Windows 8. Download and install the Remote Server Administration Toolkit (RSAT) from the Microsoft Download Center.
 
-RSAT comes with the Group Policy Management Console that allows you to edit the GPO or GPOs where your existing AppLocker policy is authored. RSAT has the necessary files required to author packaged app rules. Packaged app rules will be ignored on computers running Windows 7 and earlier but will be enforced on those computers in your domain running at least Windows Server 2012 and Windows 8.
- 
- 
+RSAT comes with the Group Policy Management Console that allows you to edit the GPO or GPOs where your existing AppLocker policy is authored. RSAT has the necessary files required to author packaged app rules. Packaged app rules will be ignored on computers running Windows 7 and earlier but will be enforced on those computers in your domain running at least Windows Server 2012 and Windows 8.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md
index 3746acc1c8..a8cc845756 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/administer-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Administer AppLocker 
+title: Administer AppLocker
 description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
-ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 02/28/2019
-ms.technology: itpro-security
 ---
 
 # Administer AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -62,7 +45,7 @@ You can administer AppLocker policies by using the Group Policy Management Conso
 
 ### Administer AppLocker using Group Policy
 
-You must have Edit Setting permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission. Also, the Group Policy Management feature must be installed on the computer.
+You must have Edit Setting permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission. Also, the Group Policy Management feature must be installed on the computer.
 
 1.  Open the Group Policy Management Console (GPMC).
 2.  Locate the GPO that contains the AppLocker policy to modify, right-click the GPO, and then click **Edit**.
@@ -76,4 +59,4 @@ You must have Edit Setting permission to edit a GPO. By default, members of the
 
 ## Using Windows PowerShell to administer AppLocker
 
-For how-to info about administering AppLocker with Windows PowerShell, see [Use the AppLocker Windows PowerShell Cmdlets](use-the-applocker-windows-powershell-cmdlets.md). For reference info and examples how to administer AppLocker with Windows PowerShell, see the [AppLocker cmdlets](/powershell/module/applocker/).
\ No newline at end of file
+For how-to info about administering AppLocker with Windows PowerShell, see [Use the AppLocker Windows PowerShell Cmdlets](use-the-applocker-windows-powershell-cmdlets.md). For reference info and examples how to administer AppLocker with Windows PowerShell, see the [AppLocker cmdlets](/powershell/module/applocker/).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md
index fee5823096..93e671aff7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-architecture-and-components.md
@@ -1,34 +1,17 @@
 ---
-title: AppLocker architecture and components 
+title: AppLocker architecture and components
 description: This topic for IT professional describes AppLocker’s basic architecture and its major components.
-ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker architecture and components
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professional describes AppLocker’s basic architecture and its major components.
+This topic for IT professional describes AppLocker's basic architecture and its major components.
 
 AppLocker relies on the Application Identity service to provide attributes for a file and to evaluate the AppLocker policy for the file. AppLocker policies are conditional access control entries (ACEs), and policies are evaluated by using the attribute-based access control **SeAccessCheckWithSecurityAttributes** or **AuthzAccessCheck** functions.
 
@@ -49,5 +32,3 @@ Before a script file is run, the script host (for example, for .ps1 files, the s
 ## Related topics
 
 - [AppLocker technical reference](applocker-technical-reference.md)
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md
index dccdeafe16..48067e47b9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-functions.md
@@ -1,30 +1,13 @@
 ---
-title: AppLocker functions 
+title: AppLocker functions
 description: This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
-ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker functions
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,7 +15,7 @@ This article for the IT professional lists the functions and security levels for
 
 ## Functions
 
-Here are the SRP functions beginning with Windows Server 2003 and AppLocker functions beginning with Windows Server 2008 R2:
+Here are the SRP functions beginning with Windows Server 2003 and AppLocker functions beginning with Windows Server 2008 R2:
 
 -   [SaferGetPolicyInformation Function](/windows/win32/api/winsafer/nf-winsafer-safergetpolicyinformation)
 -   [SaferCreateLevel Function](/windows/win32/api/winsafer/nf-winsafer-safercreatelevel)
@@ -61,4 +44,3 @@ AppLocker and SRP use the security level IDs to specify the access requirements
 ## Related articles
 
 - [AppLocker technical reference](applocker-technical-reference.md)
- 
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md
new file mode 100644
index 0000000000..7c130ac1f2
--- /dev/null
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md
@@ -0,0 +1,116 @@
+---
+title: AppLocker
+description: This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
+ms.collection:
+- highpri
+- tier3
+- must-keep
+ms.topic: conceptual
+ms.localizationpriority: medium
+ms.date: 06/07/2023
+---
+
+# AppLocker
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+
+This article provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
+
+> [!NOTE]
+> AppLocker is unable to control processes running under the system account on any operating system.
+
+AppLocker can help you:
+
+- Define rules based on file attributes that persist across app updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file path and hash.
+- Assign a rule to a security group or an individual user.
+- Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries, except the Registry Editor (regedit.exe).
+- Use audit-only mode to deploy the policy and understand its impact before enforcing it.
+- Create rules on a staging server, test them, then export them to your production environment and import them into a Group Policy Object.
+- Simplify creating and managing AppLocker rules by using Windows PowerShell.
+
+AppLocker helps reduce administrative overhead and helps reduce the organization's cost of managing computing resources by decreasing the number of Help Desk calls that result from users running unapproved apps. AppLocker addresses the following app security scenarios:
+
+- **Application inventory**: AppLocker has the ability to enforce its policy in an audit-only mode where all app access activity is registered in event logs. These events can be collected for further analysis. Windows PowerShell cmdlets also help you analyze this data programmatically.
+- **Protection against unwanted software**: AppLocker has the ability to deny apps from running when you exclude them from the list of allowed apps. When AppLocker rules are enforced in the production environment, any apps that aren't included in the allowed rules are blocked from running.
+- **Licensing conformance**: AppLocker can help you create rules that preclude unlicensed software from running and restrict licensed software to authorized users.
+- **Software standardization**: AppLocker policies can be configured to allow only supported or approved apps to run on computers within a business group. This configuration permits a more uniform app deployment.
+- **Manageability improvement**: AppLocker includes many improvements in manageability as compared to its predecessor Software Restriction Policies. Importing and exporting policies, automatic generation of rules from multiple files, audit-only mode deployment, and Windows PowerShell cmdlets are a few of the improvements over Software Restriction Policies.
+
+## When to use AppLocker
+
+In many organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. Access control technologies, such as Active Directory Rights Management Services (AD RMS) and access control lists (ACLs), help control what users are allowed to access.
+
+However, when a user runs a process, that process has the same level of access to data that the user has. As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software. AppLocker can help mitigate these types of security breaches by restricting the files that users or groups are allowed to run. Software publishers are beginning to create more apps that can be installed by non-administrative users. This privilege could jeopardize an organization's written security policy and circumvent traditional app control solutions that rely on the inability of users to install apps. AppLocker creates an allowed list of approved files and apps to help prevent such per-user apps from running. Because AppLocker can control DLLs, it's also useful to control who can install and run ActiveX controls.
+
+AppLocker is ideal for organizations that currently use Group Policy to manage their PCs.
+
+The following are examples of scenarios in which AppLocker can be used:
+
+- Your organization's security policy dictates the use of only licensed software, so you need to prevent users from running unlicensed software and also restrict the use of licensed software to authorized users.
+- An app is no longer supported by your organization, so you need to prevent it from being used by everyone.
+- The potential that unwanted software can be introduced in your environment is high, so you need to reduce this threat.
+- The license to an app has been revoked or it's expired in your organization, so you need to prevent it from being used by everyone.
+- A new app or a new version of an app is deployed, and you need to prevent users from running the old version.
+- Specific software tools aren't allowed within the organization, or only specific users should have access to those tools.
+- A single user or small group of users needs to use a specific app that is denied for all others.
+- Some computers in your organization are shared by people who have different software usage needs, and you need to protect specific apps.
+- In addition to other measures, you need to control the access to sensitive data through app usage.
+
+> [!NOTE]
+> AppLocker is a defense-in-depth security feature and not a [security boundary](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
+
+AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.
+
+## Installing AppLocker
+
+AppLocker is included with enterprise-level editions of Windows. You can author AppLocker rules for a single computer or for a group of computers. For a single computer, you can author the rules by using the Local Security Policy editor (secpol.msc). For a group of computers, you can author the rules within a Group Policy Object by using the Group Policy Management Console (GPMC).
+
+> [!NOTE]
+> GPMC is available in client computers running Windows only by installing the Remote Server Administration Tools. On computer running Windows Server, you must install the Group Policy Management feature.
+
+### Using AppLocker on Server Core
+
+AppLocker on Server Core installations isn't supported.
+
+### Virtualization considerations
+
+You can administer AppLocker policies by using a virtualized instance of Windows provided it meets all the system requirements listed previously. You can also run Group Policy in a virtualized instance. However, you do risk losing the policies that you created and maintain if the virtualized instance is removed or fails.
+
+### Security considerations
+
+Application control policies specify which apps are allowed to run on the local computer. The variety of forms that malicious software can take make it difficult for users to know what is safe to run. When activated, malicious software can damage content on a hard disk drive, flood a network with requests to cause a denial-of-service (DoS) attack, send confidential information to the Internet, or compromise the security of a computer.
+
+The countermeasure is to create a sound design for your application control policies on PCs in your organization, and then thoroughly test the policies in a lab environment before you deploy them in a production environment. AppLocker can be part of your app control strategy because you can control what software is allowed to run on your computers.
+
+A flawed application control policy implementation can disable necessary applications or allow malicious or unintended software to run. Therefore, it's important that organizations dedicate sufficient resources to manage and troubleshoot the implementation of such policies.
+
+For more information about specific security issues, see [Security considerations for AppLocker](security-considerations-for-applocker.md). When you use AppLocker to create application control policies, you should be aware of the following security considerations:
+
+- Who has the rights to set AppLocker policies?
+- How do you validate that the policies are enforced?
+- What events should you audit?
+
+For reference in your security planning, the following table identifies the baseline settings for a PC with AppLocker installed:
+
+| Setting                     | Default value                                                                                                                               |
+|-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
+| Accounts created            | None                                                                                                                                        |
+| Authentication method       | Not applicable                                                                                                                              |
+| Management interfaces       | AppLocker can be managed by using a Microsoft Management Console snap-in, Group Policy Management, and Windows PowerShell                   |
+| Ports opened                | None                                                                                                                                        |
+| Minimum privileges required | Administrator on the local computer; Domain Admin, or any set of rights that allow you to create, edit and distribute Group Policy Objects. |
+| Protocols used              | Not applicable                                                                                                                              |
+| Scheduled Tasks             | Appidpolicyconverter.exe is put in a scheduled task to be run on demand.                                                                    |
+| Security Policies           | None required. AppLocker creates security policies.                                                                                         |
+| System Services required    | Application Identity service (appidsvc) runs under LocalServiceAndNoImpersonation.                                                          |
+| Storage of credentials      | None                                                                                                                                        |
+
+## In this section
+
+| Article                                                              | Description                                                                                                                                       |
+|----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
+| [Administer AppLocker](administer-applocker.md)                      | This article for IT professionals provides links to specific procedures to use when administering AppLocker policies.                             |
+| [AppLocker design guide](applocker-policies-design-guide.md)         | This article for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. |
+| [AppLocker deployment guide](applocker-policies-deployment-guide.md) | This article for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.                          |
+| [AppLocker technical reference](applocker-technical-reference.md)    | This overview article for IT professionals provides links to the articles in the technical reference.                                             |
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
index a651d67814..3e609e4176 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md
@@ -1,31 +1,13 @@
 ---
-title: AppLocker deployment guide 
+title: AppLocker deployment guide
 description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
-ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
-
 # AppLocker deployment guide
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -63,4 +45,3 @@ This guide provides steps based on your design and planning investigation for de
 | [Use Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md) | This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. |
 | [Create Your AppLocker policies](create-your-applocker-policies.md) | This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. |
 | [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md) | This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. |
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md
index 6aff5add05..56a059df6a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md
@@ -1,30 +1,13 @@
 ---
-title: AppLocker design guide 
+title: AppLocker design guide
 description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
-ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker design guide
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -46,6 +29,5 @@ To understand if AppLocker is the correct application control solution for your
 | [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) | This overview topic describes the process to follow when you're planning to deploy AppLocker rules. |
 | [Plan for AppLocker policy management](plan-for-applocker-policy-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies. |
 
- 
+ 
 After careful design and detailed planning, the next step is to deploy AppLocker policies. [AppLocker Deployment Guide](applocker-policies-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies.
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
index 46d2994927..7657e480fa 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md
@@ -1,30 +1,13 @@
 ---
-title: AppLocker policy use scenarios 
+title: AppLocker policy use scenarios
 description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
-ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker policy use scenarios
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -71,5 +54,3 @@ The following are examples of scenarios in which AppLocker can be used:
 
 ## Related topics
 - [AppLocker technical reference](applocker-technical-reference.md)
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
similarity index 95%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
index 82be229c35..567b3bafc5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-processes-and-interactions.md
@@ -1,30 +1,13 @@
 ---
-title: AppLocker processes and interactions 
+title: AppLocker processes and interactions
 description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
-ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker processes and interactions
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md
index 4d62e1248b..956c1904a8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md
@@ -1,30 +1,13 @@
 ---
-title: AppLocker settings 
+title: AppLocker settings
 description: This topic for the IT professional lists the settings used by AppLocker.
-ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker settings
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md
index 24739dbfcd..8f8b29113c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md
@@ -1,30 +1,13 @@
 ---
-title: AppLocker technical reference 
+title: AppLocker technical reference
 description: This overview topic for IT professionals provides links to the topics in the technical reference.
-ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # AppLocker technical reference
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -39,9 +22,9 @@ AppLocker advances the application control features and functionality of Softwar
 | [Requirements to use AppLocker](requirements-to-use-applocker.md) | This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. |
 | [AppLocker policy use scenarios](applocker-policy-use-scenarios.md) | This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. |
 | [How AppLocker works](how-applocker-works-techref.md) | This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies. |
-| [AppLocker architecture and components](applocker-architecture-and-components.md) | This topic for IT professional describes AppLocker’s basic architecture and its major components. | 
+| [AppLocker architecture and components](applocker-architecture-and-components.md) | This topic for IT professional describes AppLocker's basic architecture and its major components. | 
 | [AppLocker processes and interactions](applocker-processes-and-interactions.md) | This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. | 
 | [AppLocker functions](applocker-functions.md) | This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. | 
 | [Security considerations for AppLocker](security-considerations-for-applocker.md) | This topic for the IT professional describes the security considerations you need to address when implementing AppLocker. | 
 | [Tools to Use with AppLocker](tools-to-use-with-applocker.md) | This topic for the IT professional describes the tools available to create and administer AppLocker policies. | 
-| [AppLocker Settings](applocker-settings.md) | This topic for the IT professional lists the settings used by AppLocker. | 
+| [AppLocker Settings](applocker-settings.md) | This topic for the IT professional lists the settings used by AppLocker. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
index db47a41ae0..6e62bb3ccd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -1,30 +1,13 @@
 ---
-title: Configure an AppLocker policy for audit only 
+title: Configure an AppLocker policy for audit only
 description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
-ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 06/08/2018
-ms.technology: itpro-security
 ---
 
 # Configure an AppLocker policy for audit only
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -33,7 +16,7 @@ This topic for IT professionals describes how to set AppLocker policies to **Aud
 After AppLocker rules are created within the rule collection, you can configure the enforcement setting to **Enforce rules** or **Audit only**.
 
 When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
- 
+ 
 You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins).
 
 **To audit rule collections**
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
index 0eaf785afa..5ee7082a7e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -1,36 +1,19 @@
 ---
-title: Configure an AppLocker policy for enforce rules 
+title: Configure an AppLocker policy for enforce rules
 description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
-ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Configure an AppLocker policy for enforce rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 
->**Note:**  When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited.
+>**Note:**  When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited.
  
 For info about how AppLocker policies are applied within a GPO structure, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
index 2f81ecf9ea..ff055ce7c2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -1,30 +1,13 @@
 ---
-title: Add exceptions for an AppLocker rule 
+title: Add exceptions for an AppLocker rule
 description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
-ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Add exceptions for an AppLocker rule
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -45,5 +28,3 @@ You can perform this task by using the Group Policy Management Console for an Ap
     -   For a path exception, choose the file or folder path to exclude, and then click **OK**.
     -   For a file hash exception, edit the file hash rule, and click **Remove**.
     -   For a packaged apps exception, click **Add** to create the exceptions based on reference app and rule scope.
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
index a9229d7b60..eb422a3a03 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md
@@ -1,30 +1,13 @@
 ---
-title: Configure the AppLocker reference device 
+title: Configure the AppLocker reference device
 description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
-ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Configure the AppLocker reference device
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -39,13 +22,13 @@ An AppLocker reference device that is used for the development and deployment of
 
 The reference device doesn't need to be joined to a domain, but it must be able to import and export AppLocker policies in XML format. The reference computer must be running one of the supported editions of Windows as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md).
 
->**Warning:**  Do not use operating system snapshots when creating AppLocker rules. If you take a snapshot of the operating system, install an app, create AppLocker rules, and then revert to a clean snapshot and repeat the process for another app, there is a chance that duplicate rule GUIDs can be created. If duplicate GUIDs are present, AppLocker policies will not work as expected.
+>**Warning:**  Do not use operating system snapshots when creating AppLocker rules. If you take a snapshot of the operating system, install an app, create AppLocker rules, and then revert to a clean snapshot and repeat the process for another app, there is a chance that duplicate rule GUIDs can be created. If duplicate GUIDs are present, AppLocker policies will not work as expected.
  
 **To configure a reference device**
 
 1.  If the operating system isn't already installed, install one of the supported editions of Windows on the device.
 
-    >**Note:**  If you have the Group Policy Management Console (GPMC) installed on another device to test your implementation of AppLocker policies, you can export the policies to that device
+    >**Note:**  If you have the Group Policy Management Console (GPMC) installed on another device to test your implementation of AppLocker policies, you can export the policies to that device
      
 2.  Configure the administrator account.
 
@@ -59,5 +42,3 @@ The reference device doesn't need to be joined to a domain, but it must be able
 
 -   After you configure the reference computer, you can create the AppLocker rule collections. You can build, import, or automatically generate the rules. For procedures to do this task, see [Working with AppLocker rules](working-with-applocker-rules.md).
 -   [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md)
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md
index 7b55776a9f..628b5cd559 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md
@@ -1,30 +1,13 @@
 ---
-title: Configure the Application Identity service 
+title: Configure the Application Identity service
 description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
-ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
-ms.reviewer: 
-ms.author: vinpa
-ms.pagetype: security
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 07/01/2021
-ms.technology: itpro-security
 ---
 
 # Configure the Application Identity service
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,7 +15,7 @@ This topic for IT professionals shows how to configure the Application Identity
 
 The Application Identity service determines and verifies the identity of an app. Stopping this service will prevent AppLocker policies from being enforced.
 
->**Important:**  When using Group Policy, you must configure it to start automatically in at least one Group Policy Object (GPO) that applies AppLocker rules. This is because AppLocker uses this service to verify the attributes of a file.
+>**Important:**  When using Group Policy, you must configure it to start automatically in at least one Group Policy Object (GPO) that applies AppLocker rules. This is because AppLocker uses this service to verify the attributes of a file.
  
 **To start the Application Identity service automatically using Group Policy**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
index bda3579c22..aafae9fa2d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md
@@ -1,30 +1,13 @@
 ---
-title: Create a rule for packaged apps 
+title: Create a rule for packaged apps
 description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
-ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create a rule for packaged apps
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -63,7 +46,7 @@ You can perform this task by using the Group Policy Management Console for an Ap
     |Applies to a specific **Publisher** | This setting scopes the rule to all apps published by a particular publisher. | You want to allow all your users to install apps published by the publisher of Microsoft.BingMaps. You could select Microsoft.BingMaps as a reference and choose this rule scope. |
     |Applies to a **Package name** | This setting scopes the rule to all packages that share the publisher name and package name as the reference file. | You want to allow your Sales group to install any version of the Microsoft.BingMaps app. You could select the Microsoft.BingMaps app as a reference and choose this rule scope. |
     |Applies to a **Package version** | This setting scopes the rule to a particular version of the package. | You want to be selective in what you allow. You don't want to implicitly trust all future updates of the Microsoft.BingMaps app. You can limit the scope of your rule to the version of the app currently installed on your reference computer. |
-    |Applying custom values to the rule | Selecting the **Use custom values** check box allows you to adjust the scope fields for your particular circumstance. | You want to allow users to install all *Microsoft.Bing* applications, which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the **Use custom values** check box and edit the package name field by adding “Microsoft.Bing*” as the Package name. |
+    |Applying custom values to the rule | Selecting the **Use custom values** check box allows you to adjust the scope fields for your particular circumstance. | You want to allow users to install all *Microsoft.Bing* applications, which include Microsoft.BingMaps, Microsoft.BingWeather, Microsoft.BingMoney. You can choose the Microsoft.BingMaps as a reference, select the **Use custom values** check box and edit the package name field by adding "Microsoft.Bing*" as the Package name. |
 
 6.  Select **Next**.
 7.  (Optional) On the **Exceptions** page, specify conditions by which to exclude files from being affected by the rule. These conditions allow you to add exceptions based on the same rule reference and rule scope as you set before. Select **Next**.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
similarity index 76%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index f03d446082..e1c48949a8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -1,30 +1,13 @@
 ---
-title: Create a rule that uses a file hash condition 
+title: Create a rule that uses a file hash condition
 description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
-ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create a rule that uses a file hash condition
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -46,7 +29,7 @@ AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins
 5.  On the **Conditions** page, select the **File hash** rule condition, and then click **Next**.
 6.  **Browse Files** to locate the targeted application file.
 
-    >**Note:**  You can also click **Browse Folders** which calculates the hash for all the appropriate files relative to the rule collection. To remove hashes individually, click the **Remove** button.
-     
+    >**Note:**  You can also click **Browse Folders** which calculates the hash for all the appropriate files relative to the rule collection. To remove hashes individually, click the **Remove** button.
+     
 7.  Click **Next**.
 8.  On the **Name** page, either accept the automatically generated rule name or type a new rule name, and then click **Create**.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
similarity index 61%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
index c79af9cb24..c6c0413c43 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -1,30 +1,13 @@
 ---
-title: Create a rule that uses a path condition 
+title: Create a rule that uses a path condition
 description: This topic for IT professionals shows how to create an AppLocker rule with a path condition.
-ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create a rule that uses a path condition
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,7 +15,7 @@ This topic for IT professionals shows how to create an AppLocker rule with a pat
 
 The path condition identifies an app by its location in the file system of the computer or on the network.
 
->**Important:**  When creating a rule that uses a deny action, path conditions are less secure for preventing access to a file because a user could easily copy the file to a different location than what is specified in the rule. Because path rules correspond to locations within the file system, you should ensure that there are no subdirectories that are writable by non-administrators. For example, if you create a path rule for C:\\ with the allow action, any file within C:\\ will be allowed to run, including users' profiles.
+>**Important:**  When creating a rule that uses a deny action, path conditions are less secure for preventing access to a file because a user could easily copy the file to a different location than what is specified in the rule. Because path rules correspond to locations within the file system, you should ensure that there are no subdirectories that are writable by non-administrators. For example, if you create a path rule for C:\\ with the allow action, any file within C:\\ will be allowed to run, including users' profiles.
  
 For info about the path condition, see [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md).
 
@@ -47,7 +30,7 @@ You can perform this task by using the Group Policy Management Console for an Ap
 5.  On the **Conditions** page, select the **Path** rule condition, and then click **Next**.
 6.  Click **Browse Files** to locate the targeted folder for the app.
 
-    >**Note:**  When you browse to a file or folder location, the wizard automatically converts absolute file paths to use AppLocker path variables. You may edit the path after browsing to specify an absolute path, or you may type the path directly into the **Path** box. To learn more about AppLocker path variables, see [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md).
+    >**Note:**  When you browse to a file or folder location, the wizard automatically converts absolute file paths to use AppLocker path variables. You may edit the path after browsing to specify an absolute path, or you may type the path directly into the **Path** box. To learn more about AppLocker path variables, see [Understanding the path rule condition in AppLocker](understanding-the-path-rule-condition-in-applocker.md).
      
 7.  Click **Next**.
 8.  (Optional) On the **Exceptions** page, specify conditions by which to exclude files from being affected by the rule. Click **Next**.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
index 66440056c3..193299df1c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -1,30 +1,13 @@
 ---
-title: Create a rule that uses a publisher condition 
+title: Create a rule that uses a publisher condition
 description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
-ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create a rule that uses a publisher condition
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md
index d9ad04fc74..98493d5656 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-applocker-default-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Create AppLocker default rules 
+title: Create AppLocker default rules
 description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
-ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create AppLocker default rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
index 014f1edcd3..5e8d7b6735 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -1,30 +1,13 @@
 ---
-title: Create a list of apps deployed to each business group 
+title: Create a list of apps deployed to each business group
 description: This topic describes the process of gathering app usage requirements from each business group to implement application control policies by using AppLocker.
-ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create a list of apps deployed to each business group
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -81,5 +64,3 @@ For guidance, see the following topics:
 
 -   [Select the types of rules to create](select-types-of-rules-to-create.md)
 -   [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
index d632badeea..861bf58502 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-policies.md
@@ -1,30 +1,13 @@
 ---
-title: Create Your AppLocker policies 
+title: Create Your AppLocker policies
 description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
-ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create Your AppLocker policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -44,7 +27,6 @@ You can develop an application control policy plan to guide you in making succes
 6.  [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md)
 7.  [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
 
-
 ## Step 2: Create your rules and rule collections
 
 Each rule applies to one or more apps, and it imposes a specific rule condition on them. Rules can be created individually or they can be generated by the Automatically Generate Rules Wizard. For the steps to create the rules, see [Create Your AppLocker rules](create-your-applocker-rules.md).
@@ -64,7 +46,7 @@ In a test environment or with the enforcement setting set at **Audit only**, ver
 
 ## Step 6: Implement the policy
 
-Depending on your deployment method, import the AppLocker policy to the GPO in your production environment, or if the policy is already deployed, change the enforcement setting to your production environment value—**Enforce rules** or **Audit only**.
+Depending on your deployment method, import the AppLocker policy to the GPO in your production environment, or if the policy is already deployed, change the enforcement setting to your production environment value-**Enforce rules** or **Audit only**.
 
 ## Step 7: Test the effect of the policy and adjust
 Validate the effect of the policy by analyzing the AppLocker logs for application usage, and then modify the policy as necessary. For information on how to do these tasks, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
@@ -80,4 +62,3 @@ Follow the steps described in the following topics to continue the deployment pr
 ## See also
 
 - [AppLocker deployment guide](applocker-policies-deployment-guide.md)
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
index 7f416d3255..c32cbf3af1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/create-your-applocker-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Create Your AppLocker rules 
+title: Create Your AppLocker rules
 description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
-ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Create Your AppLocker rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -48,7 +31,7 @@ You can use a reference device to automatically create a set of default rules fo
 
 You can create rules and set the mode to **Audit only** for each installed app, test and update each rule as necessary, and then deploy the policies. Creating rules individually might be best when you're targeting a few applications within a business group.
 
->**Note:**  AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You can also edit the default rules. For information about creating the default rules for the Windows operating system, see [Create AppLocker default rules](create-applocker-default-rules.md).
+>**Note:**  AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You can also edit the default rules. For information about creating the default rules for the Windows operating system, see [Create AppLocker default rules](create-applocker-default-rules.md).
  
 For information about performing this task, see:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md
index 88f67e4728..b531465cdc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/delete-an-applocker-rule.md
@@ -1,30 +1,13 @@
 ---
-title: Delete an AppLocker rule 
+title: Delete an AppLocker rule
 description: This article for IT professionals describes the steps to delete an AppLocker rule.
-ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 03/10/2023
-ms.technology: itpro-security
 ---
 
 # Delete an AppLocker rule
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index 21b28d7b69..4a3fe25421 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -1,30 +1,13 @@
 ---
-title: Deploy AppLocker policies by using the enforce rules setting 
+title: Deploy AppLocker policies by using the enforce rules setting
 description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
-ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Deploy AppLocker policies by using the enforce rules setting
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -48,11 +31,11 @@ Rule enforcement is applied only to a collection of rules, not to individual rul
 
 ## Step 3: Update the policy
 
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the AppLocker policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of GPOs. An example of this type of software is the [Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=145013) feature from the 
-Microsoft Desktop Optimization Pack.
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the AppLocker policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of GPOs. An example of this type of software is the [Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm/) feature from the Microsoft Desktop Optimization Pack.
+
+> [!CAUTION]
+> You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
 
->**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
- 
 For the procedure to update the GPO, see [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md).
 
 For the procedures to distribute policies for local PCs by using the Local Security Policy snap-in (secpol.msc), see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md) and [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md).
@@ -64,5 +47,3 @@ When a policy is deployed, it's important to monitor the actual implementation o
 ## Other resources
 
 -   For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
index ae2ca63f83..da372fd5b0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md
@@ -1,30 +1,13 @@
 ---
-title: Deploy the AppLocker policy into production 
+title: Deploy the AppLocker policy into production
 description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
-ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Deploy the AppLocker policy into production
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
index 21bcfc2b31..8c8842e5ae 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -1,30 +1,13 @@
 ---
-title: Determine the Group Policy structure and rule enforcement 
+title: Determine the Group Policy structure and rule enforcement
 description: This overview topic describes the process to follow when you're planning to deploy AppLocker rules.
-ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Determine the Group Policy structure and rule enforcement
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -45,4 +28,4 @@ When you're determining how many Group Policy Objects (GPOs) to create when you
 -   GPO naming conventions
 -   GPO size limits
 
->**Note:**  There is no default limit on the number of AppLocker rules that you can create. However, in Windows Server 2008 R2, GPOs have a 2 MB size limit for performance. In subsequent versions, that limit is raised to 100 MB.
+>**Note:**  There is no default limit on the number of AppLocker rules that you can create. However, in Windows Server 2008 R2, GPOs have a 2 MB size limit for performance. In subsequent versions, that limit is raised to 100 MB.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index 8308562822..a654dfc5f7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -1,30 +1,13 @@
 ---
-title: Find digitally signed apps on a reference device 
+title: Find digitally signed apps on a reference device
 description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
-ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Determine which apps are digitally signed on a reference device
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -46,5 +29,3 @@ For command parameters, syntax, and examples, see [Get-AppLockerFileInformation]
 ## Related topics
 
 - [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md)
- 
- 
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
index 84e059c69f..b52c32d46b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md
@@ -1,30 +1,13 @@
 ---
-title: Determine your application control objectives 
+title: Determine your application control objectives
 description: Determine which applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
-ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Determine your application control objectives
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -42,7 +25,7 @@ Use the following table to develop your own objectives and determine which appli
 |Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.<br/><br/>AppLocker permits customization of error messages to direct users to a Web page for help.|
 |Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in, if the policies are created locally, or the GPMC, or the Windows PowerShell AppLocker cmdlets.|
 |Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.|
-|Enforcement mode|SRP works in the “blocklist mode” where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.<br/><br/>SRP can also be configured in the “allowlist mode” such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|By default, AppLocker works in allowlist mode. Only those files are allowed to run for which there's a matching allow rule.|
+|Enforcement mode|SRP works in the "blocklist mode" where administrators can create rules for files that they don't want to allow in this Enterprise, but the rest of the files are allowed to run by default.<br/><br/>SRP can also be configured in the "allowlist mode" such that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|By default, AppLocker works in allowlist mode. Only those files are allowed to run for which there's a matching allow rule.|
 |File types that can be controlled|SRP can control the following file types:<li>Executables<li>DLLs<li>Scripts<li>Windows Installers<br/><br/>SRP can't control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:<li>Executables<li>DLLs<li>Scripts<li>Windows Installers<li>Packaged apps and installers<br/><br/>AppLocker maintains a separate rule collection for each of the five file types.|
 |Designated file types|SRP supports an extensible list of file types that are considered executable. You can add extensions for files that should be considered executable.|AppLocker doesn't support this addition of extension. AppLocker currently supports the following file extensions:<li>Executables (.exe, .com)<li>DLLs (.ocx, .dll)<li>Scripts (.vbs, .js, .ps1, .cmd, .bat)<li>Windows Installers (.msi, .mst, .msp)<li>Packaged app installers (.appx)|
 |Rule types|SRP supports four types of rules:<li>Hash<li>Path<li>Signature<br/><br/>Internet zone|AppLocker supports three types of rules:<li>Hash<li>Path<li>Publisher|
@@ -50,7 +33,7 @@ Use the following table to develop your own objectives and determine which appli
 |Support for different security levels|With SRP, you can specify the permissions with which an app can run. Then configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.<br/><br/>SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker doesn't support security levels.|
 |Manage Packaged apps and Packaged app installers.|Unable|.appx is a valid file type which AppLocker can manage.|
 |Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.|
-|Support for rule exceptions|SRP doesn't support rule exceptions|AppLocker rules can have exceptions that allow administrators to create rules such as “Allow everything from Windows except for Regedit.exe”.|
+|Support for rule exceptions|SRP doesn't support rule exceptions|AppLocker rules can have exceptions that allow administrators to create rules such as "Allow everything from Windows except for Regedit.exe".|
 |Support for audit mode|SRP doesn't support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode that allows administrators to test the effect of their policy in the real production environment without impacting the user experience. Once you're satisfied with the results, you can start enforcing the policy.|
 |Support for exporting and importing policies|SRP doesn't support policy import/export.|AppLocker supports the importing and exporting of policies. This support by AppLocker allows you to create AppLocker policy on a sample computer, test it out and then export that policy and import it back into the desired GPO.|
 |Rule enforcement|Internally, SRP rules enforcement happens in user-mode, which is less secure.|Internally, AppLocker rules for exes and dlls are enforced in kernel-mode, which is more secure than enforcing them in the user-mode.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index a06323374d..4f50e071a2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -1,30 +1,13 @@
 ---
-title: Display a custom URL message when users try to run a blocked app 
+title: Display a custom URL message when users try to run a blocked app
 description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
-ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
-ms.reviewer: 
-ms.author: vinpa
-ms.pagetype: security
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Display a custom URL message when users try to run a blocked app
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,7 +15,7 @@ This topic for IT professionals describes the steps for displaying a customized
 
 With the help of Group Policy, AppLocker can be configured to display a message with a custom URL. You can use this URL to redirect users to a support site that contains info about why the user received the error and which apps are allowed. If you don't display a custom message when an app is blocked, the default access denied message is displayed.
 
-To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
+To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
 **To display a custom URL message when users try to run a blocked app**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md
index 46473d9aea..39003c7034 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/dll-rules-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: DLL rules in AppLocker 
+title: DLL rules in AppLocker
 description: This topic describes the file formats and available default rules for the DLL rule collection.
-ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # DLL rules in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 23268ed540..5206548f80 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -1,30 +1,13 @@
 ---
-title: Document Group Policy structure & AppLocker rule enforcement 
+title: Document Group Policy structure & AppLocker rule enforcement
 description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
-ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
-ms.pagetype: security
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Document the Group Policy structure and AppLocker rule enforcement
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -49,13 +32,10 @@ The following table includes the sample data that was collected when you determi
 ||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|Allow||
 |Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|Allow|HR-AppLockerHRRules|
 ||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File isn't signed; create a file hash condition|Allow||
-||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|File is signed; create a publisher condition|Deny||
+||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|File is signed; create a publisher condition|Deny||
 ||||Windows files|C:\Windows|Use a default rule for the Windows path|Allow||
 
 ## Next steps
 
 After you've determined the Group Policy structure and rule enforcement strategy for each business group's apps, the following tasks remain:
 -   [Plan for AppLocker policy management](plan-for-applocker-policy-management.md)
-
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md
index 9748146d20..e56f851d85 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-application-list.md
@@ -1,30 +1,13 @@
 ---
-title: Document your app list 
+title: Document your app list
 description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
-ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Document your app list
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -48,7 +31,7 @@ The following table provides an example of how to list applications for each bus
 ||||Windows files|C:\Windows|
 |Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|
 ||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|
-||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|
+||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|
 ||||Windows files|C:\Windows|
 
 >[!NOTE]
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md
index e5f75fa28f..5e123e0052 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Document your AppLocker rules 
+title: Document your AppLocker rules
 description: Learn how to document your AppLocker rules and associate rule conditions with files, permissions, rule source, and implementation.
-ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Document your AppLocker rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md
index b336d09cf5..01166c2ac5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-an-applocker-policy.md
@@ -1,30 +1,13 @@
 ---
-title: Edit an AppLocker policy 
+title: Edit an AppLocker policy
 description: This topic for IT professionals describes the steps required to modify an AppLocker policy.
-ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Edit an AppLocker policy
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -55,8 +38,8 @@ AppLocker provides a feature to export and import AppLocker policies as an XML f
 
 After exporting the AppLocker policy to an XML file, you should import the XML file onto a reference PC so that you can edit the policy. For information on the procedure to import an AppLocker policy, see [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md).
 
->**Caution:**  Importing a policy onto another PC will overwrite the existing policy on that PC.
- 
+>**Caution:**  Importing a policy onto another PC will overwrite the existing policy on that PC.
+ 
 ### Step 3: Use AppLocker to modify and test the rule
 
 AppLocker provides ways to modify, delete, or add rules to a policy by modifying the rules within the collection.
@@ -77,10 +60,10 @@ AppLocker provides ways to modify, delete, or add rules to a policy by modifying
 
 For procedures to export the updated policy from the reference computer back into the GPO, see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md) and [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md).
 
->**Caution:**  You should never edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed run, making changes to a live policy can create unexpected behavior. For info about testing policies, see [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md).
- 
->**Note:**  If you are performing these steps by using Microsoft Advanced Group Policy Management (AGPM), check out the GPO before exporting the policy.
- 
+>**Caution:**  You should never edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed run, making changes to a live policy can create unexpected behavior. For info about testing policies, see [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md).
+ 
+>**Note:**  If you are performing these steps by using Microsoft Advanced Group Policy Management (AGPM), check out the GPO before exporting the policy.
+ 
 ## <a href="" id="bkmk-editapplolnotingpo"></a>Editing an AppLocker policy by using the Local Security Policy snap-in
 
 The steps to edit an AppLocker policy distributed by using the Local Security Policy snap-in (secpol.msc) include the following tasks.
@@ -91,8 +74,8 @@ On the PC where you maintain policies, open the AppLocker snap-in from the Local
 
 After exporting the AppLocker policy to an XML file, you should import the XML file onto a reference PC so that you can edit the policy. For information on the procedure to import an AppLocker policy, see [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md).
 
->**Caution:**  Importing a policy onto another PC will overwrite the existing policy on that PC.
- 
+>**Caution:**  Importing a policy onto another PC will overwrite the existing policy on that PC.
+ 
 ### Step 2: Identify and modify the rule to change, delete, or add
 
 AppLocker provides ways to modify, delete, or add rules to a policy by modifying the rules within the collection.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md
index 46acb129b9..94a7441394 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/edit-applocker-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Edit AppLocker rules 
+title: Edit AppLocker rules
 description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
-ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Edit AppLocker rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -67,4 +50,3 @@ You can perform this task by using the Group Policy Management Console for an Ap
     -   Click the **Path** tab to configure the path on the computer in which the rule should be enforced.
     -   Click the **Exceptions** tab to create exceptions for specific files in a folder.
     -   When you finish updating the rule, click **OK**.
-    
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
similarity index 73%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
index e38beaacec..811c73d69f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md
@@ -1,30 +1,13 @@
 ---
-title: Enable the DLL rule collection 
+title: Enable the DLL rule collection
 description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
-ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Enable the DLL rule collection
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -41,4 +24,4 @@ AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins
 1.  From the AppLocker console, right-click **AppLocker**, and then click **Properties.**
 2.  Click the **Advanced** tab, select the **Enable the DLL rule collection** check box, and then click **OK**.
 
-    >**Important:**  Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed apps.
+    >**Important:**  Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed apps.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md
similarity index 60%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md
index 70a2dfe070..155e7ef8e9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Enforce AppLocker rules 
+title: Enforce AppLocker rules
 description: This topic for IT professionals describes how to enforce application control rules by using AppLocker.
-ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Enforce AppLocker rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -38,7 +21,4 @@ There is no audit mode for the DLL rule collection. DLL rules affect specific ap
 
 To enforce AppLocker rules by configuring an AppLocker policy to **Enforce rules**, see [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md).
 
->**Caution:**  AppLocker rules will be enforced immediately on the local device or when the Group Policy object (GPO) is updated by performing this procedure. If you want to see the effect of applying an AppLocker policy before setting the enforcement setting to **Enforce rules**, configure the policy to **Audit only**. For info about how to do this, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)or [Test an AppLocker policy by Using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md).
- 
- 
- 
+>**Caution:**  AppLocker rules will be enforced immediately on the local device or when the Group Policy object (GPO) is updated by performing this procedure. If you want to see the effect of applying an AppLocker policy before setting the enforcement setting to **Enforce rules**, configure the policy to **Audit only**. For info about how to do this, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)or [Test an AppLocker policy by Using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md
index 1d3fbf552a..4e0d5303e8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/executable-rules-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Executable rules in AppLocker 
+title: Executable rules in AppLocker
 description: This topic describes the file formats and available default rules for the executable rule collection.
-ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Executable rules in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
similarity index 71%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
index 7b838b91ae..9e1872b4b8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -1,30 +1,13 @@
 ---
-title: Export an AppLocker policy from a GPO 
+title: Export an AppLocker policy from a GPO
 description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
-ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Export an AppLocker policy from a GPO
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,7 +15,7 @@ This topic for IT professionals describes the steps to export an AppLocker polic
 
 Updating an AppLocker policy that is currently enforced in your production environment can have unintended results. Therefore, export the policy from the GPO and update the rule or rules by using AppLocker on your AppLocker reference device.
 
-To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
+To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
 **Export the policy from the GPO**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
similarity index 74%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
index 2dc105b517..90737aee69 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -1,30 +1,13 @@
 ---
-title: Export an AppLocker policy to an XML file 
+title: Export an AppLocker policy to an XML file
 description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
-ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Export an AppLocker policy to an XML file
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md
index 40f88e9b91..b05b76c318 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/how-applocker-works-techref.md
@@ -1,30 +1,13 @@
 ---
-title: How AppLocker works 
+title: How AppLocker works
 description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
-ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # How AppLocker works
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plan-inheritance.gif
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/applocker-plandeploy-quickreference.gif
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif b/windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/images/blockedappmsg.gif
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/images/blockedappmsg.gif
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
index 4ce5fe6eb6..b7e29c29a1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md
@@ -1,30 +1,13 @@
 ---
-title: Import an AppLocker policy from another computer 
+title: Import an AppLocker policy from another computer
 description: This topic for IT professionals describes how to import an AppLocker policy.
-ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
-ms.technology: itpro-security
 ms.date: 12/31/2017
 ---
 
 # Import an AppLocker policy from another computer
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2012 R2 and later
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -34,7 +17,7 @@ Before completing this procedure, you should have exported an AppLocker policy.
 
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
 
-> **Caution:**  Importing a policy will overwrite the existing policy on that computer.
+> **Caution:**  Importing a policy will overwrite the existing policy on that computer.
  
 **To import an AppLocker policy**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
similarity index 65%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
index 71fb649374..40488c8f88 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -1,39 +1,22 @@
 ---
-title: Import an AppLocker policy into a GPO 
+title: Import an AppLocker policy into a GPO
 description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
-ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Import an AppLocker policy into a GPO
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
 
->**Important:**  Follow your organization's standard procedures for updating GPOs. For info about specific steps to follow for AppLocker policies, see [Maintain AppLocker policies](maintain-applocker-policies.md).
+>**Important:**  Follow your organization's standard procedures for updating GPOs. For info about specific steps to follow for AppLocker policies, see [Maintain AppLocker policies](maintain-applocker-policies.md).
  
-To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
+To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
 **To import an AppLocker policy into a GPO**
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md
index 551719338a..1a9f1401e7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/maintain-applocker-policies.md
@@ -1,30 +1,13 @@
 ---
-title: Maintain AppLocker policies 
+title: Maintain AppLocker policies
 description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies.
-ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
-ms.technology: itpro-security
 ms.date: 12/31/2017
 ---
 
 # Maintain AppLocker policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -50,7 +33,6 @@ Using the AppLocker configuration service provider, you can select which apps ar
 
 For more information, see the [AppLocker CSP](/windows/client-management/mdm/applocker-csp).
 
-
 ## <a href="" id="bkmk-applkr-use-gp"></a>Maintaining AppLocker policies by using Group Policy
 
 For every scenario, the steps to maintain an AppLocker policy distributed by Group Policy include the following tasks.
@@ -60,7 +42,7 @@ As new apps are deployed or existing apps are removed by your organization or up
 You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the AppLocker policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create 
 versions of GPOs.
 
->**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
+>**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
 
 ### Step 1: Understand the current behavior of the policy
 
@@ -119,4 +101,4 @@ After deploying a policy, evaluate the policy's effectiveness.
 
 ## Other resources
 
--   For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
\ No newline at end of file
+-   For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
similarity index 65%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
index 1f192ee5b6..4d8e825349 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Manage packaged apps with AppLocker 
+title: Manage packaged apps with AppLocker
 description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy.
-ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Manage packaged apps with AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -38,16 +21,16 @@ With packaged apps, it's possible to control the entire app by using a single Ap
 > [!NOTE]
 > AppLocker supports only publisher rules for packaged apps. All packaged apps must be signed by the software publisher because Windows does not support unsigned packaged apps.
  
-Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, not all these components always share common attributes such as the software’s publisher name, product name, and product version. Therefore, AppLocker controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule.
+Typically, an app consists of multiple components: the installer that is used to install the app, and one or more exes, dlls, or scripts. With classic Windows apps, not all these components always share common attributes such as the software's publisher name, product name, and product version. Therefore, AppLocker controls each of these components separately through different rule collections, such as exe, dll, script, and Windows Installer rules. In contrast, all the components of a packaged app share the same publisher name, package name, and package version attributes. Therefore, you can control an entire app with a single rule.
 
 ### <a href="" id="bkmk-compareclassicmetro"></a>Comparing classic Windows apps and packaged apps
 
-AppLocker policies for packaged apps can only be applied to apps installed on computers running at least Windows Server 2012 or Windows 8, but classic Windows apps can be controlled on devices running at least Windows Server
-2008 R2 or Windows 7. The rules for classic Windows apps and packaged apps can be enforced in tandem. The differences between packaged apps and classic Windows apps that you should consider include:
+AppLocker policies for packaged apps can only be applied to apps installed on computers running at least Windows Server 2012 or Windows 8, but classic Windows apps can be controlled on devices running at least Windows Server
+2008 R2 or Windows 7. The rules for classic Windows apps and packaged apps can be enforced in tandem. The differences between packaged apps and classic Windows apps that you should consider include:
 
--   **Installing the apps**   All packaged apps can be installed by a standard user, whereas many classic Windows apps require administrative privileges to install. In an environment where most of the users are standard users, you might not have numerous exe rules (because classic Windows apps require administrative privileges to install), but you might want to have more explicit policies for packaged apps.
--   **Changing the system state**   Classic Windows apps can be written to change the system state if they're run with administrative privileges. Most packaged apps can't change the system state because they run with limited privileges. When you design your AppLocker policies, it's important to understand whether an app that you're allowing can make system-wide changes.
--   **Acquiring the apps**   Packaged apps can be acquired through the Store, or by loading using Windows PowerShell cmdlets (which requires a special enterprise license). Classic Windows apps can be acquired through traditional means.
+-   **Installing the apps**   All packaged apps can be installed by a standard user, whereas many classic Windows apps require administrative privileges to install. In an environment where most of the users are standard users, you might not have numerous exe rules (because classic Windows apps require administrative privileges to install), but you might want to have more explicit policies for packaged apps.
+-   **Changing the system state**   Classic Windows apps can be written to change the system state if they're run with administrative privileges. Most packaged apps can't change the system state because they run with limited privileges. When you design your AppLocker policies, it's important to understand whether an app that you're allowing can make system-wide changes.
+-   **Acquiring the apps**   Packaged apps can be acquired through the Store, or by loading using Windows PowerShell cmdlets (which requires a special enterprise license). Classic Windows apps can be acquired through traditional means.
 
 AppLocker uses different rule collections to control packaged apps and classic Windows apps. You have the choice to control one type, the other type, or both.
 
@@ -60,7 +43,7 @@ For more info about packaged apps, see [Packaged apps and packaged app installer
 You can use two methods to create an inventory of packaged apps on a computer: the AppLocker console or the **Get-AppxPackage** Windows PowerShell cmdlet.
 
 > [!NOTE]
-> Not all packaged apps are listed in AppLocker’s application inventory wizard. Certain app packages are framework packages that are leveraged by other apps. By themselves, these packages cannot do anything, but blocking such packages can inadvertently cause failure for apps that you want to allow. Instead, you can create Allow or Deny rules for the packaged apps that use these framework packages. The AppLocker user interface deliberately filters out all the packages that are registered as framework packages. For info about how to create an inventory list, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md).
+> Not all packaged apps are listed in AppLocker's application inventory wizard. Certain app packages are framework packages that are leveraged by other apps. By themselves, these packages cannot do anything, but blocking such packages can inadvertently cause failure for apps that you want to allow. Instead, you can create Allow or Deny rules for the packaged apps that use these framework packages. The AppLocker user interface deliberately filters out all the packages that are registered as framework packages. For info about how to create an inventory list, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md).
  
 For info about how to use the **Get-AppxPackage** Windows PowerShell cmdlet, see the [AppLocker PowerShell Command Reference](/powershell/module/applocker/).
 
@@ -81,8 +64,8 @@ Just as there are differences in managing each rule collection, you need to mana
 
 1.  Gather information about which Packaged apps are running in your environment. For information about how to gather this information, see [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md).
 
-2.  Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](./understanding-applocker-default-rules.md).
+2.  Create AppLocker rules for specific packaged apps based on your policy strategies. For more information, see [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) and [Understanding AppLocker default rules](understanding-applocker-default-rules.md).
 
 3.  Continue to update the AppLocker policies as new package apps are introduced into your environment. To do this update, see [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md).
 
-4.  Continue to monitor your environment to verify the effectiveness of the rules that are deployed in AppLocker policies. To do this monitoring, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
\ No newline at end of file
+4.  Continue to monitor your environment to verify the effectiveness of the rules that are deployed in AppLocker policies. To do this monitoring, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index f800cda2fe..a51c56cde6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -1,30 +1,13 @@
 ---
-title: Merge AppLocker policies by using Set-ApplockerPolicy 
+title: Merge AppLocker policies by using Set-ApplockerPolicy
 description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
-ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Merge AppLocker policies by using Set-ApplockerPolicy
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -48,4 +31,4 @@ Gets the local AppLocker policy, and then merges the policy with the existing Ap
 
 ```powershell
 C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C044FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge
-```
\ No newline at end of file
+```
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
index 07851d0989..7ec3f23e57 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md
@@ -1,30 +1,13 @@
 ---
-title: Merge AppLocker policies manually 
+title: Merge AppLocker policies manually
 description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
-ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Merge AppLocker policies manually
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index c0e644de33..c251209071 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Monitor app usage with AppLocker 
+title: Monitor app usage with AppLocker
 description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
-ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Monitor app usage with AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -75,13 +58,13 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
 2.  Run the following command to review how many times a file would have been blocked from running if rules were enforced:
 
     ```powershell
-    Get-AppLockerFileInformation –EventLog –EventType Audited –Statistics
+    Get-AppLockerFileInformation -EventLog -EventType Audited -Statistics
     ```
 
 3.  Run the following command to review how many times a file has been allowed to run or prevented from running:
 
     ```powershell
-    Get-AppLockerFileInformation –EventLog –EventType Allowed –Statistics
+    Get-AppLockerFileInformation -EventLog -EventType Allowed -Statistics
     ```
 
 ### <a href="" id="bkmk-applkr-view-log"></a>View the AppLocker Log in Event Viewer
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md
index cca5552fbb..8646482c66 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/optimize-applocker-performance.md
@@ -1,30 +1,13 @@
 ---
-title: Optimize AppLocker performance 
+title: Optimize AppLocker performance
 description: This topic for IT professionals describes how to optimize AppLocker policy enforcement.
-ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Optimize AppLocker performance
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -43,4 +26,4 @@ condition.
 
 ### Using the DLL rule collection
 
-When the DLL rule collection is enabled, AppLocker must check each DLL that an application loads. The more DLLs, the longer AppLocker requires to complete the evaluation.
\ No newline at end of file
+When the DLL rule collection is enabled, AppLocker must check each DLL that an application loads. The more DLLs, the longer AppLocker requires to complete the evaluation.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
similarity index 66%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index 3c367e9dad..92d016a3dc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -1,37 +1,20 @@
 ---
-title: Packaged apps and packaged app installer rules in AppLocker 
+title: Packaged apps and packaged app installer rules in AppLocker
 description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
-ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 10/13/2017
-ms.technology: itpro-security
 ---
 
 # Packaged apps and packaged app installer rules in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
 This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
 
 Universal Windows apps can be installed through the Microsoft Store or can be sideloaded using the Windows PowerShell cmdlets. Universal Windows apps can be installed by a standard user unlike some Classic Windows applications that sometimes require administrative privileges for installation.
-Typically, an app consists of multiple components – the installer used to install the app and one or more exes, dlls or scripts. With Classic Windows applications, not all those components always share common attributes such as the publisher name, product name and product version. Therefore, AppLocker has to control each of these components separately through different rule collections – exe, dll, script and Windows Installers. In contrast, all the components of a Universal Windows app share the same attributes: Publisher name, Package name and Package version. It's therefore possible to control an entire app with a single rule.
+Typically, an app consists of multiple components - the installer used to install the app and one or more exes, dlls or scripts. With Classic Windows applications, not all those components always share common attributes such as the publisher name, product name and product version. Therefore, AppLocker has to control each of these components separately through different rule collections - exe, dll, script and Windows Installers. In contrast, all the components of a Universal Windows app share the same attributes: Publisher name, Package name and Package version. It's therefore possible to control an entire app with a single rule.
 
 AppLocker enforces rules for Universal Windows apps separately from Classic Windows applications. A single AppLocker rule for a Universal Windows app can control both the installation and the running of an app. Because all Universal Windows apps are signed, AppLocker supports only publisher rules for Universal Windows apps. A publisher rule for a Universal Windows app is based on the following attributes of the app:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
index 8384c7debf..c6f4be0bc8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md
@@ -1,30 +1,13 @@
 ---
-title: Plan for AppLocker policy management 
+title: Plan for AppLocker policy management
 description: This topic describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
-ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Plan for AppLocker policy management
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -84,14 +67,14 @@ Collecting these events in a central location can help you maintain your AppLock
 
 As new apps are deployed or existing apps are updated by the software publisher, you'll need to make revisions to your rule collections to ensure that the policy is current.
 
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013).
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you can't specify a version for the policy by importing more rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more information, see [Advanced Group Policy Management Overview](/microsoft-desktop-optimization-pack/agpm/).
 
 > [!IMPORTANT]
 > You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
 
 **New version of a supported app**
 
-When a new version of an app is deployed in the organization, you need to determine whether to continue to support the previous version of that app. To add the new version, you might only need to create a new rule for each file that is associated with the app. If you're using publisher conditions and the version isn't specified, then the existing rule or rules might be sufficient to allow the updated file to run. You must ensure, however, that the updated app hasn't altered the file names or added files to support new functionality. If so, then you must modify the existing rules or create new rules. To continue to reuse a publisher-based rule without a specific file version, you must also ensure that the file's digital signature is still identical to the previous version—the publisher, product name, and file name (if configured in your rule) must all match for the rule to be correctly applied.
+When a new version of an app is deployed in the organization, you need to determine whether to continue to support the previous version of that app. To add the new version, you might only need to create a new rule for each file that is associated with the app. If you're using publisher conditions and the version isn't specified, then the existing rule or rules might be sufficient to allow the updated file to run. You must ensure, however, that the updated app hasn't altered the file names or added files to support new functionality. If so, then you must modify the existing rules or create new rules. To continue to reuse a publisher-based rule without a specific file version, you must also ensure that the file's digital signature is still identical to the previous version-the publisher, product name, and file name (if configured in your rule) must all match for the rule to be correctly applied.
 
 To determine whether a file has been modified during an app update, review the publisher's release details provided with the update package. You can also review the publisher's web page to retrieve this information. Each file can also be inspected to determine the version.
 
@@ -149,7 +132,7 @@ The following table contains the added sample data that was collected when deter
 ||||Windows files|C:\Windows|Create a path exception to the default rule to exclude \Windows\Temp|Allow||Help desk|
 |Human Resources|HR-All|Yes|Check Payout|C:\Program Files\Woodgrove\HR\Checkcut.exe|File is signed; create a publisher condition|Allow|HR-AppLockerHRRules|Web help|
 ||||Time Sheet Organizer|C:\Program Files\Woodgrove\HR\Timesheet.exe|File isn't signed; create a file hash condition|Allow||Web help|
-||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|File is signed; create a publisher condition|Deny||Web help|
+||||Internet Explorer 7|C:\Program Files\Internet Explorer</p>|File is signed; create a publisher condition|Deny||Web help|
 ||||Windows files|C:\Windows|Use the default rule for the Windows path|Allow||Help desk|
 
 The following two tables illustrate examples of documenting considerations to maintain and manage AppLocker policies.
@@ -173,4 +156,3 @@ The following table is an example of what to consider and record.
 |--- |--- |--- |--- |--- |
 |Bank Tellers|Planned: Monthly through business office triage<p>Emergency: Request through help desk|Through business office triage<p>30-day notice required|General policy: Keep past versions for 12 months<p>List policies for each application|Coordinated through business office<p>30-day notice required|
 |Human Resources|Planned: Monthly through HR triage<p>Emergency: Request through help desk|Through HR triage<p>30-day notice required|General policy: Keep past versions for 60 months<p>List policies for each application|Coordinated through HR<p>30-day notice required|
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
index 5aa365b37a..d4039c3443 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md
@@ -1,30 +1,13 @@
 ---
-title: Refresh an AppLocker policy 
+title: Refresh an AppLocker policy
 description: This topic for IT professionals describes the steps to force an update for an AppLocker policy.
-ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Refresh an AppLocker policy
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -36,7 +19,7 @@ To use Group Policy to distribute the AppLocker policy change, you need to retri
 
 [Edit an AppLocker policy](edit-an-applocker-policy.md) and [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md).
 
-To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
+To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
 **To manually refresh the AppLocker policy by using Group Policy**
 
@@ -65,6 +48,6 @@ To make the same change on another device, you can use any of the following meth
 
 -   From the device that you made the change on, export the AppLocker policy, and then import the policy onto the other device. To do these tasks, use the AppLocker **Export Policy** and **Import Policy** features to copy the rules from the changed computer.
 
-    >**Caution:**  When importing rules from another computer, all the rules will be applied, not just the one that was updated. Merging policies allows both existing and updated (or new) rules to be applied.
-     
+    >**Caution:**  When importing rules from another computer, all the rules will be applied, not just the one that was updated. Merging policies allows both existing and updated (or new) rules to be applied.
+     
 -   Merge AppLocker policies. For information on the procedures to do this merging, see [Merge AppLocker policies manually](merge-applocker-policies-manually.md) and [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
index 5df2060dbd..70a6f0b415 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md
@@ -1,30 +1,13 @@
 ---
-title: Requirements for deploying AppLocker policies 
+title: Requirements for deploying AppLocker policies
 description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
-ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Requirements for deploying AppLocker policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md
similarity index 54%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md
index 23c6363413..5d2b189772 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/requirements-to-use-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Requirements to use AppLocker 
+title: Requirements to use AppLocker
 description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
-ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Requirements to use AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -47,21 +30,21 @@ The following table shows the Windows versions on which AppLocker features are s
 
 | Version | Can be configured | Can be enforced | Available rules | Notes |
 | - | - | - | - | - |
-| Windows 10 and Windows 11| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul> |
-| Windows Server 2019<br/>Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
+| Windows 10 and Windows 11| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul> |
+| Windows Server 2019<br/>Windows Server 2016<br/>Windows Server 2012 R2<br/>Windows Server 2012| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
 | Windows 8.1 Pro| Yes| No| N/A||
-| Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
+| Windows 8.1 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
 | Windows RT 8.1| No| No| N/A||
 | Windows 8 Pro| Yes| No| N/A||
-| Windows 8 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL||
+| Windows 8 Enterprise| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL||
 | Windows RT| No| No| N/A| |
-| Windows Server 2008 R2 Standard| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
-| Windows Server 2008 R2 Enterprise|Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
-| Windows Server 2008 R2 Datacenter| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
-| Windows Server 2008 R2 for Itanium-Based Systems| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
-| Windows 7 Ultimate| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
-| Windows 7 Enterprise| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
-| Windows 7 Professional| Yes| No| Executable<br/>Windows Installer<br/>Script<br/>DLL| No AppLocker rules are enforced.|
+| Windows Server 2008 R2 Standard| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
+| Windows Server 2008 R2 Enterprise|Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
+| Windows Server 2008 R2 Datacenter| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
+| Windows Server 2008 R2 for Itanium-Based Systems| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
+| Windows 7 Ultimate| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
+| Windows 7 Enterprise| Yes| Yes| Executable<br/>Windows Installer<br/>Script<br/>DLL| Packaged app rules won't be enforced.|
+| Windows 7 Professional| Yes| No| Executable<br/>Windows Installer<br/>Script<br/>DLL| No AppLocker rules are enforced.|
  
 
 AppLocker isn't supported on versions of the Windows operating system not listed above. Software Restriction Policies can be used with those versions. However, the SRP Basic User feature isn't supported on the above operating systems.
@@ -75,4 +58,4 @@ AppLocker isn't supported on versions of the Windows operating system not listed
 - [Optimize AppLocker performance](optimize-applocker-performance.md)
 - [Use AppLocker and Software Restriction Policies in the same domain](use-applocker-and-software-restriction-policies-in-the-same-domain.md)
 - [Manage packaged apps with AppLocker](manage-packaged-apps-with-applocker.md)
-- [AppLocker Design Guide](applocker-policies-design-guide.md)
\ No newline at end of file
+- [AppLocker Design Guide](applocker-policies-design-guide.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
index f02e55d1b8..9f331d58f0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md
@@ -1,30 +1,13 @@
 ---
-title: Run the Automatically Generate Rules wizard 
+title: Run the Automatically Generate Rules wizard
 description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
-ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Run the Automatically Generate Rules wizard
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -52,4 +35,4 @@ You can perform this task by using the Group Policy Management Console for an Ap
      
 8. Review the files that were analyzed and the rules that will be automatically created. To make changes, click **Previous** to return to the page where you can change your selections. After reviewing the rules, click **Create**.
 
->**Note:**  If you are running the wizard to create your first rules for a GPO, you will be prompted to create the default rules, which allow critical system files to run, after completing the wizard. You may edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after replacing them with your custom rules.
+>**Note:**  If you are running the wizard to create your first rules for a GPO, you will be prompted to create the default rules, which allow critical system files to run, after completing the wizard. You may edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after replacing them with your custom rules.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md
index 77e77e2f49..ea18273ead 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/script-rules-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Script rules in AppLocker 
+title: Script rules in AppLocker
 description: This article describes the file formats and available default rules for the script rule collection.
-ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 06/15/2022
-ms.technology: itpro-security
 ---
 
 # Script rules in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 This article describes the file formats and available default rules for the script rule collection.
 
 AppLocker defines script rules to include only the following file formats:
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md
index ddcf98dc38..69f190b3f5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/security-considerations-for-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Security considerations for AppLocker 
+title: Security considerations for AppLocker
 description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
-ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Security considerations for AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -43,9 +26,9 @@ AppLocker runs in the context of Administrator or LocalSystem, which is the high
 
 When files are being secured in a directory with a rule of the path condition type, whether using the allow or deny action on the rule, it's still necessary and good practice to restrict access to those files by setting the access control lists (ACLs) according to your security policy.
 
-AppLocker doesn't protect against running 16-bit DOS binaries in the Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or later when there's already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it's a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the executable rule collection for NTVDM.exe.
+AppLocker doesn't protect against running 16-bit DOS binaries in the Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or later when there's already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it's a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the executable rule collection for NTVDM.exe.
 
-You can't use AppLocker (or Software Restriction Policies) to prevent code from running outside the Win32 subsystem. In particular, this rule applies to the (POSIX) subsystem in Windows NT. If it's a requirement to prevent applications from running in the POSIX subsystem, you must disable the subsystem.
+You can't use AppLocker (or Software Restriction Policies) to prevent code from running outside the Win32 subsystem. In particular, this rule applies to the (POSIX) subsystem in Windows NT. If it's a requirement to prevent applications from running in the POSIX subsystem, you must disable the subsystem.
 
 AppLocker can only control VBScript, JScript, .bat files, .cmd files, and Windows PowerShell scripts. It doesn't control all interpreted code that runs within a host process, for example, Perl scripts and macros. Interpreted code is a form of executable code that runs within a host process. For example, Windows batch files (\*.bat) run within the context of the Windows Command Host (cmd.exe). To control interpreted code by using AppLocker, the host process must call AppLocker before it runs the interpreted code, and then enforce the decision returned by AppLocker. Not all host processes call into AppLocker and, therefore, AppLocker can't control every kind of interpreted code, such as Microsoft Office macros.
 
@@ -61,4 +44,4 @@ You can block the Windows Subsystem for Linux by blocking LxssManager.dll.
  
 ## Related topics
 
-- [AppLocker technical reference](applocker-technical-reference.md)
\ No newline at end of file
+- [AppLocker technical reference](applocker-technical-reference.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
index 43ddf77312..15f51ed1d5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/select-types-of-rules-to-create.md
@@ -1,30 +1,13 @@
 ---
-title: Select the types of rules to create 
+title: Select the types of rules to create
 description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
-ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Select the types of rules to create
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
similarity index 72%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index 44df75bc53..bd085cda47 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -1,30 +1,13 @@
 ---
-title: Test an AppLocker policy by using Test-AppLockerPolicy 
+title: Test an AppLocker policy by using Test-AppLockerPolicy
 description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
-ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Test an AppLocker policy by using Test-AppLockerPolicy
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -41,17 +24,17 @@ Any user account can be used to complete this procedure.
     1.  Open a Windows PowerShell command prompt window as an administrator.
     2.  Use the **Get-AppLockerPolicy** cmdlet to export the effective AppLocker policy to an XML file:
 
-        `Get-AppLockerPolicy –Effective –XML > <PathofFiletoExport.XML>`
+        `Get-AppLockerPolicy -Effective -XML > <PathofFiletoExport.XML>`
 
 2.  Use the **Get-ChildItem** cmdlet to specify the directory that you want to test, specify the **Test-AppLockerPolicy** cmdlet with the XML file from the previous step to test the policy, and use the **Export-CSV** cmdlet to export the results to a file to be analyzed:
 
-    `Get-ChildItem <DirectoryPathtoReview> -Filter <FileExtensionFilter> -Recurse | Convert-Path | Test-AppLockerPolicy –XMLPolicy <PathToExportedPolicyFile> -User <domain\username> -Filter <TypeofRuletoFilterFor> | Export-CSV <PathToExportResultsTo.CSV>`
+    `Get-ChildItem <DirectoryPathtoReview> -Filter <FileExtensionFilter> -Recurse | Convert-Path | Test-AppLockerPolicy -XMLPolicy <PathToExportedPolicyFile> -User <domain\username> -Filter <TypeofRuletoFilterFor> | Export-CSV <PathToExportResultsTo.CSV>`
 
 The following shows example input for **Test-AppLockerPolicy**:
 
 ```syntax
-PS C:\ Get-AppLockerPolicy –Effective –XML > C:\Effective.xml
-PS C:\ Get-ChildItem 'C:\Program Files\Microsoft Office\' –filter *.exe –Recurse | Convert-Path | Test-AppLockerPolicy –XMLPolicy C:\Effective.xml –User contoso\zwie –Filter Denied,DeniedByDefault | Export-CSV C:\BlockedFiles.csv
+PS C:\ Get-AppLockerPolicy -Effective -XML > C:\Effective.xml
+PS C:\ Get-ChildItem 'C:\Program Files\Microsoft Office\' -filter *.exe -Recurse | Convert-Path | Test-AppLockerPolicy -XMLPolicy C:\Effective.xml -User contoso\zwie -Filter Denied,DeniedByDefault | Export-CSV C:\BlockedFiles.csv
 ```
 
 In the example, the effective AppLocker policy is exported to the file C:\\Effective.xml. The **Get-ChildItem** cmdlet is used to recursively gather path names for the .exe files in C:\\Program Files\\Microsoft Office\\. The XMLPolicy parameter specifies that the C:\\Effective.xml file is an XML AppLocker policy file. By specifying the User parameter, you can test the rules for specific users, and the **Export-CSV** cmdlet allows the results to be exported to a comma-separated file. In the example, `-FilterDenied,DeniedByDefault` displays only those files that will be blocked for the user under the policy.
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
index 9a6dd54ca3..de4fc78024 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md
@@ -1,30 +1,13 @@
 ---
-title: Test and update an AppLocker policy 
+title: Test and update an AppLocker policy
 description: This topic discusses the steps required to test an AppLocker policy prior to deployment.
-ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Test and update an AppLocker policy
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -67,10 +50,8 @@ After you've identified which rules need to be edited or added to the policy, yo
 
 ## Step 6: Repeat policy testing, analysis, and policy modification
 
-Repeat the previous steps 3–5 until all the rules perform as intended before applying enforcement.
+Repeat the previous steps 3-5 until all the rules perform as intended before applying enforcement.
 
 ## Other resources
 
 -   For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
index 9ce6b9e70c..a683153f73 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/tools-to-use-with-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Tools to use with AppLocker 
+title: Tools to use with AppLocker
 description: This topic for the IT professional describes the tools available to create and administer AppLocker policies.
-ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Tools to use with AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -64,4 +47,4 @@ The following tools can help you administer the application control policies cre
 
 ## Related topics
 
-- [AppLocker technical reference](applocker-technical-reference.md)
\ No newline at end of file
+- [AppLocker technical reference](applocker-technical-reference.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
index 9b4ba84412..db76a5a1bb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md
@@ -1,30 +1,13 @@
 ---
-title: Understand AppLocker enforcement settings 
+title: Understand AppLocker enforcement settings
 description: This topic describes the AppLocker enforcement settings for rule collections.
-ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understand AppLocker enforcement settings
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
similarity index 97%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
index 7fb08dd316..d9f21105f1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md
@@ -1,30 +1,13 @@
 ---
-title: Understand AppLocker policy design decisions 
+title: Understand AppLocker policy design decisions
 description: Review some common considerations while you're planning to use AppLocker to deploy application control policies within a Windows environment.
-ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 10/13/2017
-ms.technology: itpro-security
 ---
 
 # Understand AppLocker policy design decisions
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -107,7 +90,7 @@ If your organization supports multiple Windows operating systems, app control po
 
 ### Are there specific groups in your organization that need customized application control policies?
 
-Most business groups or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization.
+Most business groups or departments have specific security requirements that pertain to data access and the applications used to access that data. You should consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization.
 
 | Possible answers | Design considerations |
 | - | - |
@@ -132,7 +115,6 @@ Preventing your users from accessing known, deployed, or personal applications w
 | Yes | Involve the support department early in the planning phase because your users may inadvertently be blocked from using their applications, or they may seek exceptions to use specific applications. |
 | No | Invest time in developing online support processes and documentation before deployment. |
 
-
 ### Do you know what applications require restrictive policies?
 Any successful application control policy implementation is based on your knowledge and understanding of app usage within the organization or business group. In addition, the application control design is dependent on the security requirements for data and the apps that access that data.
 
@@ -151,7 +133,6 @@ Implementing a successful application control policy is based on your knowledge
 |  Strict written policy or guidelines to follow | You need to develop AppLocker rules that reflect those policies, and then test and maintain the rules. |
 | No process in place | You need to determine if you have the resources to develop an application control policy, and for which groups. |
 
-
 ### Does your organization already have SRP deployed?
 
 Although SRP and AppLocker have the same goal, AppLocker is a major revision of SRP.
@@ -196,4 +177,3 @@ Because the effectiveness of application control policies is dependent on the ab
 The next step in the process is to record and analyze your answers to the preceding questions. If AppLocker is the right solution for your goals, you can set your application control policy objectives and plan your AppLocker rules. This process culminates in creating your planning document.
 
 -   For info about setting your policy goals, see [Determine your application control objectives](determine-your-application-control-objectives.md).
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index e0f5c0575d..363423b61d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -1,30 +1,13 @@
 ---
-title: Understand AppLocker rules and enforcement setting inheritance in Group Policy 
+title: Understand AppLocker rules and enforcement setting inheritance in Group Policy
 description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
-ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understand AppLocker rules and enforcement setting inheritance in Group Policy
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -42,7 +25,7 @@ Group Policy merges AppLocker policy in two ways:
     1.  **Explicit deny.** An administrator created a rule to deny a file.
     2.  **Explicit allow.** An administrator created a rule to allow a file.
     3.  **Implicit deny.** This is also called the default deny because all files that are not affected by an allow rule are automatically blocked.
-     
+     
 -   **Enforcement settings.** The last write to the policy is applied. For example, if a higher-level GPO has the enforcement setting configured to **Enforce rules** and the closest GPO has the setting configured to **Audit only**, **Audit only** is enforced. If enforcement is not configured on the closest GPO, the setting from the closest linked GPO will be enforced.
 Because a computer's effective policy includes rules from each linked GPO, duplicate rules or conflicting rules could be enforced on a user's computer. Therefore, you should carefully plan your deployment to ensure that only rules that are necessary are present in a GPO.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
index 82fc009a1b..d06e82f836 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md
@@ -1,30 +1,13 @@
 ---
-title: Understand the AppLocker policy deployment process 
+title: Understand the AppLocker policy deployment process
 description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
-ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understand the AppLocker policy deployment process
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -44,5 +27,3 @@ The following topics contain information about designing, planning, deploying, a
 -   For info about the AppLocker policy deployment requirements and process, see [AppLocker deployment guide](applocker-policies-deployment-guide.md).
 -   For info about AppLocker policy maintenance and monitoring, see [Administer AppLocker](administer-applocker.md).
 -   For info about AppLocker policy architecture, components, and processing, see [AppLocker technical reference](applocker-technical-reference.md).
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
similarity index 72%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index 1e8aee1c7e..a10756f305 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding AppLocker allow and deny actions on rules 
+title: Understanding AppLocker allow and deny actions on rules
 description: This topic explains the differences between allow and deny actions on AppLocker rules.
-ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding AppLocker allow and deny actions on rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -46,7 +29,7 @@ Although you can use AppLocker to create a rule to allow all files to run and th
 | File hash | A user could modify the hash for a file.|
 | Path | A user could move the denied file to a different location and run it from there.|
  
->**Important:**  If you choose to use the deny action on rules, you must ensure that you first create rules that allow the Windows system files to run. AppLocker enforces rules for allowed applications by default, so after one or more rules have been created for a rule collection (affecting the Windows system files), only the apps that are listed as being allowed will be permitted to run. Therefore, creating a single rule in a rule collection to deny a malicious file from running will also deny all other files on the computer from running.
+>**Important:**  If you choose to use the deny action on rules, you must ensure that you first create rules that allow the Windows system files to run. AppLocker enforces rules for allowed applications by default, so after one or more rules have been created for a rule collection (affecting the Windows system files), only the apps that are listed as being allowed will be permitted to run. Therefore, creating a single rule in a rule collection to deny a malicious file from running will also deny all other files on the computer from running.
  
 ## Related topics
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
index d15cdff954..764edf8acd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-default-rules.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding AppLocker default rules 
+title: Understanding AppLocker default rules
 description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
-ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding AppLocker default rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
similarity index 68%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
index a54b284804..7a6eea342e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding AppLocker rule behavior 
+title: Understanding AppLocker rule behavior
 description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
-ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding AppLocker rule behavior
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -37,8 +20,8 @@ A rule can be configured to use either an allow or deny action:
 -   **Allow**. You can specify which files are allowed to run in your environment and for which users or groups of users. You can also configure exceptions to identify files that are excluded from the rule.
 -   **Deny**. You can specify which files aren't allowed to run in your environment and for which users or groups of users. You can also configure exceptions to identify files that are excluded from the rule.
 
->**Important:**  You can use a combination of allow actions and deny actions. However, we recommend using allow actions with exceptions because deny actions override allow actions in all cases. Deny actions can also be circumvented. For example, if you configure a deny action for a file or folder path, the user can still run the file from any other path.
- 
+>**Important:**  You can use a combination of allow actions and deny actions. However, we recommend using allow actions with exceptions because deny actions override allow actions in all cases. Deny actions can also be circumvented. For example, if you configure a deny action for a file or folder path, the user can still run the file from any other path.
+ 
 ## Related topics
 
 - [How AppLocker works](how-applocker-works-techref.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
similarity index 64%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
index 94c277a12b..3f9f5ad500 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding AppLocker rule collections 
+title: Understanding AppLocker rule collections
 description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
-ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding AppLocker rule collections
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -40,7 +23,7 @@ An AppLocker rule collection is a set of rules that apply to one of five types:
 
 If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps.
 
->**Important:**  Each app can load several DLLs, and AppLocker must check each DLL before it is allowed to run. Therefore, creating DLL rules might cause performance problems on some computers. Denying some DLLs from running can also create app compatibility problems. As a result, the DLL rule collection is not enabled by default.
+>**Important:**  Each app can load several DLLs, and AppLocker must check each DLL before it is allowed to run. Therefore, creating DLL rules might cause performance problems on some computers. Denying some DLLs from running can also create app compatibility problems. As a result, the DLL rule collection is not enabled by default.
  
 For info about how to enable the DLL rule collection, see [Enable the DLL rule collection](enable-the-dll-rule-collection.md).
 
@@ -48,4 +31,3 @@ For info about how to enable the DLL rule collection, see [Enable the DLL rule c
 
 - [How AppLocker works](how-applocker-works-techref.md)
 - [Understanding AppLocker default rules](understanding-applocker-default-rules.md)
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
index 7bdf8b04f3..bad3241ee2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding AppLocker rule condition types 
+title: Understanding AppLocker rule condition types
 description: This topic for the IT professional describes the three types of AppLocker rule conditions.
-ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding AppLocker rule condition types
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -58,15 +41,15 @@ Selecting the appropriate condition for each rule depends on the overall applica
     
         > [!NOTE]
         > To determine how many applications on a reference computer are digitally signed, you can use the **Get-AppLockerFileInformation** Windows PowerShell cmdlet for a directory of files. For example, 
-        `Get-AppLockerFileInformation –Directory C:\Windows\ -FileType EXE -recurse` displays the properties for all .exe and .com files within the Windows directory.
-         
+        `Get-AppLockerFileInformation -Directory C:\Windows\ -FileType EXE -recurse` displays the properties for all .exe and .com files within the Windows directory.
+         
 2.  What rule condition type does your organization prefer?
     
     If your organization is already using Software Restriction Policies (SRP) to restrict what files users can run, rules using file hash or path conditions are probably already in place.
     
     > [!NOTE]
     > For a list of supported operating system versions and editions to which SRP and AppLocker rules can be applied, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
-     
+     
 ## Related topics
 
 - [How AppLocker works](how-applocker-works-techref.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
index 4ac6b603d7..416310d176 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding AppLocker rule exceptions 
+title: Understanding AppLocker rule exceptions
 description: This topic describes the result of applying AppLocker rule exceptions to rule collections.
-ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding AppLocker rule exceptions
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index 0582d50ebd..9c95ff5c19 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding the file hash rule condition in AppLocker 
+title: Understanding the file hash rule condition in AppLocker
 description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it's applied.
-ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding the file hash rule condition in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
index 2e970ac2c4..4a28e77011 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding the path rule condition in AppLocker 
+title: Understanding the path rule condition in AppLocker
 description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it's applied.
-ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding the path rule condition in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -44,7 +27,6 @@ The asterisk (\*) wildcard character can be used within **Path** field. The aste
 
 AppLocker uses path variables for well-known directories in Windows. Path variables aren't environment variables. The AppLocker engine can only interpret AppLocker path variables. The following table details these path variables.
 
-
 |               Windows directory or drive                | AppLocker path variable |      Windows environment variable      |
 |---------------------------------------------------------|-------------------------|----------------------------------------|
 |                         Windows                         |        %WINDIR%         |              %SystemRoot%              |
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index 76fed21426..a915c31c36 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Understanding the publisher rule condition in AppLocker 
+title: Understanding the publisher rule condition in AppLocker
 description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it's applied.
-ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Understanding the publisher rule condition in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -42,7 +25,7 @@ Wildcard characters can be used as values in the publisher rule fields according
 
 -   **Publisher**
 
-    The asterisk (\*) character used by itself represents any publisher. When combined with any string value, the rule is limited to the publisher with a value in the signed certificate that matches the character string. In other words, the asterisk isn't treated as a wildcard character if used with other characters in this field. For example, using the characters "M\*" limits the publisher name to only a publisher with the name "M\*." Using the characters "\*x\*" limits the publisher name only to the name “\*x\*”. A question mark (?) isn't a valid wildcard character in this field.
+    The asterisk (\*) character used by itself represents any publisher. When combined with any string value, the rule is limited to the publisher with a value in the signed certificate that matches the character string. In other words, the asterisk isn't treated as a wildcard character if used with other characters in this field. For example, using the characters "M\*" limits the publisher name to only a publisher with the name "M\*." Using the characters "\*x\*" limits the publisher name only to the name "\*x\*". A question mark (?) isn't a valid wildcard character in this field.
 
 -   **Product name**
 
@@ -62,7 +45,7 @@ Wildcard characters can be used as values in the publisher rule fields according
 
 The following table describes how a publisher condition is applied.
 
-| Option | The publisher condition allows or denies…|
+| Option | The publisher condition allows or denies...|
 | - | - |
 | **All signed files** | All files that are signed by a publisher.| 
 | **Publisher only** | All files that are signed by the named publisher.| 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index e63ab0e64b..c86f226134 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -1,30 +1,13 @@
 ---
-title: Use a reference device to create and maintain AppLocker policies 
+title: Use a reference device to create and maintain AppLocker policies
 description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
-ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # Use a reference device to create and maintain AppLocker policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -36,7 +19,7 @@ An AppLocker reference device is a baseline device you can use to configure poli
 
 An AppLocker reference device that is used to create and maintain AppLocker policies should contain the corresponding apps for each organizational unit (OU) to mimic your production environment.
 
->**Important:**  The reference device must be running one of the supported editions of Windows. For information about operating system requirements for AppLocker, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
+>**Important:**  The reference device must be running one of the supported editions of Windows. For information about operating system requirements for AppLocker, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
  
 You can perform AppLocker policy testing on the reference device by using the **Audit only** enforcement setting or Windows PowerShell cmdlets. You can also use the reference device as part of a testing configuration that includes policies that are created by using Software Restriction Policies.
 
@@ -44,13 +27,13 @@ You can perform AppLocker policy testing on the reference device by using the **
 
 With AppLocker, you can automatically generate rules for all files within a folder. AppLocker scans the specified folder and creates the condition types that you choose for each file in that folder. For information on how to automatically generate rules, see [Run the Automatically Generate Rules wizard](run-the-automatically-generate-rules-wizard.md).
 
->**Note:**  If you run this wizard to create your first rules for a Group Policy Object (GPO), after you complete the wizard, you will be prompted to create the default rules, which allow critical system files to run. You can edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after you replace them with your custom rules.
+>**Note:**  If you run this wizard to create your first rules for a Group Policy Object (GPO), after you complete the wizard, you will be prompted to create the default rules, which allow critical system files to run. You can edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after you replace them with your custom rules.
  
 ## Step 2: Create the default rules on the reference device
 
 AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You must run the default rules for each rule collection. For info about default rules and considerations for using them, see [Understanding AppLocker default rules](understanding-applocker-default-rules.md). For the procedure to create default rules, see [Create AppLocker default rules](create-applocker-default-rules.md).
 
->**Important:**  You can use the default rules as a template when you create your own rules. This allows files within the Windows directory to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules.
+>**Important:**  You can use the default rules as a template when you create your own rules. This allows files within the Windows directory to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules.
  
 ## Step 3: Modify rules and the rule collection on the reference device
 
@@ -72,7 +55,7 @@ You should test each set of rules to ensure that they perform as intended. The *
 -   [Test an AppLocker Policy with Test-AppLockerPolicy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791772(v=ws.10))
 -   [Discover the Effect of an AppLocker Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee791823(v=ws.10))
 
->**Caution:**  If you have set the enforcement setting on the rule collection to **Enforce rules** or you have not configured the rule collection, the policy will be implemented when the GPO is updated in the next step. If you have set the enforcement setting on the rule collection to **Audit only**, application access events are written to the AppLocker log, and the policy will not take effect.
+>**Caution:**  If you have set the enforcement setting on the rule collection to **Enforce rules** or you have not configured the rule collection, the policy will be implemented when the GPO is updated in the next step. If you have set the enforcement setting on the rule collection to **Audit only**, application access events are written to the AppLocker log, and the policy will not take effect.
  
 ## Step 5: Export and import the policy into production
 
@@ -94,4 +77,4 @@ If more refinements or updates are necessary after a policy is deployed, use the
 
 ## See also
 
-- [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)
\ No newline at end of file
+- [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 1cfb01105a..a8a22bcdb4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -1,29 +1,13 @@
 ---
-title: Use AppLocker and Software Restriction Policies in the same domain 
+title: Use AppLocker and Software Restriction Policies in the same domain
 description: This article for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
-ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 11/07/2022
-ms.technology: itpro-security
 ---
 
 # Use AppLocker and Software Restriction Policies in the same domain
 
-**Applies to**
-
-- Windows 10
-- Windows Server 2016
-
 This article for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
 
 > [!IMPORTANT]
@@ -31,7 +15,7 @@ This article for IT professionals describes concepts and procedures to help you
 
 ## Using AppLocker and Software Restriction Policies in the same domain
 
-AppLocker is supported on systems running Windows 8.1. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It's recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
+AppLocker is supported on systems running Windows 8.1. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It's recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
 
 The following table compares the features and functions of Software Restriction Policies (SRP) and AppLocker.
 
@@ -41,15 +25,15 @@ The following table compares the features and functions of Software Restriction
 |Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.<br/><br/>AppLocker permits customization of error messages to direct users to a Web page for help.|
 |Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in (if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.|
 |Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.|
-|Enforcement mode|SRP works in the “blocklist mode” where administrators can create rules for files that they don't want to allow in this Enterprise whereas the rest of the file is allowed to run by default.<br/><br/>SRP can also be configured in the “allowlist mode” so that by default all files are blocked. In "allowlist mode", administrators need to create allow rules for files that they want to run.|AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there's a matching allow rule.|
+|Enforcement mode|SRP works in the "blocklist mode" where administrators can create rules for files that they don't want to allow in this Enterprise whereas the rest of the file is allowed to run by default.<br/><br/>SRP can also be configured in the "allowlist mode" so that by default all files are blocked. In "allowlist mode", administrators need to create allow rules for files that they want to run.|AppLocker by default works in the "allowlist mode" where only those files are allowed to run for which there's a matching allow rule.|
 |File types that can be controlled|SRP can control the following file types:<li>Executables<li>Dlls<li>Scripts<li>Windows Installers<br/><br/>SRP can't control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:<li>Executables<li>Dlls<li>Scripts<li>Windows Installers<li>Packaged apps and installers<br/><br/>AppLocker maintains a separate rule collection for each of the five file types.|
 |Designated file types|SRP supports an extensible list of file types that are considered executable. Administrators can add extensions for files that should be considered executable.|AppLocker currently supports the following file extensions:<li>Executables (.exe, .com)<li>Dlls (.ocx, .dll)<li>Scripts (.vbs, .js, .ps1, .cmd, .bat)<li>Windows Installers (.msi, .mst, .msp)<li>Packaged app installers (.appx)|
 |Rule types|SRP supports four types of rules:<li>Hash<li>Path<li>Signature<li>Internet zone|AppLocker supports three types of rules:<li>File hash<li>Path<li>Publisher|
-|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.<br/><br/>Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, and not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.|
+|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.<br/><br/>Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, and not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.|
 |Support for different security levels|With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.<br/><br/>SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker doesn't support security levels.|
 |Manage Packaged apps and Packaged app installers.|Not supported|.appx is a valid file type which AppLocker can manage.|
 |Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.|
-|Support for rule exceptions|SRP doesn't support rule exceptions.|AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.|
+|Support for rule exceptions|SRP doesn't support rule exceptions.|AppLocker rules can have exceptions, which allow you to create rules such as "Allow everything from Windows except for regedit.exe".|
 |Support for audit mode|SRP doesn't support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you're satisfied with the results, you can start enforcing the policy.|
 |Support for exporting and importing policies|SRP doesn't support policy import/export.|AppLocker supports the importing and exporting of policies. This support by AppLocker allows you to create AppLocker policy on a sample device, test it out and then export that policy and import it back into the desired GPO.|
 |Rule enforcement|Internally, SRP rules enforcement happens in the user-mode, which is less secure.|Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode, which is more secure than enforcing them in the user-mode.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
index 6c0c369c78..aed93b7f33 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -1,30 +1,13 @@
 ---
-title: Use the AppLocker Windows PowerShell cmdlets 
+title: Use the AppLocker Windows PowerShell cmdlets
 description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
-ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Use the AppLocker Windows PowerShell cmdlets
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -35,7 +18,7 @@ This topic for IT professionals describes how each AppLocker Windows PowerShell
 The five AppLocker cmdlets are designed to streamline the administration of an AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the
 Microsoft Management Console (MMC) snap-in extension to the Local Security Policy snap-in and Group Policy Management Console.
 
-To edit or update a Group Policy Object (GPO) by using the AppLocker cmdlets, you must have Edit Setting permission. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission. To perform tasks by using the
+To edit or update a Group Policy Object (GPO) by using the AppLocker cmdlets, you must have Edit Setting permission. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission. To perform tasks by using the
 Local Security policy snap-in, you must be a member of the local **Administrators** group, or equivalent, on the computer.
 
 ### Retrieve application information
@@ -63,4 +46,4 @@ The [Test-AppLockerPolicy](/powershell/module/applocker/test-applockerpolicy) cm
 
 ## Other resources
 
--   For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
\ No newline at end of file
+-   For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index c7de76bb21..35cecd0bee 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Using Event Viewer with AppLocker 
+title: Using Event Viewer with AppLocker
 description: This article lists AppLocker events and describes how to use Event Viewer with AppLocker.
-ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
-ms.technology: itpro-security
 ms.date: 02/02/2023
 ---
 
 # Using Event Viewer with AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -89,4 +72,3 @@ The following table contains information about the events that you can use to de
 ## Related articles
 
 - [Tools to use with AppLocker](tools-to-use-with-applocker.md)
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
similarity index 59%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
index b7aec02c5b..e822da9f1b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -1,30 +1,13 @@
 ---
-title: Use Software Restriction Policies and AppLocker policies 
+title: Use Software Restriction Policies and AppLocker policies
 description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
-ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Use Software Restriction Policies and AppLocker policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -32,23 +15,23 @@ This topic for the IT professional describes how to use Software Restriction Pol
 
 ## Understand the difference between SRP and AppLocker
 
-You might want to deploy application control policies in Windows operating systems earlier than Windows Server 2008 R2 or Windows 7. You can use AppLocker policies only on the supported versions and editions of Windows as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). However, you can use SRP on those supported editions of Windows plus Windows Server 2003 and Windows XP. To compare features and functions in SRP and AppLocker so that you can determine when to use each technology to meet your application control objectives, see [Determine your application control objectives](determine-your-application-control-objectives.md).
+You might want to deploy application control policies in Windows operating systems earlier than Windows Server 2008 R2 or Windows 7. You can use AppLocker policies only on the supported versions and editions of Windows as listed in [Requirements to use AppLocker](requirements-to-use-applocker.md). However, you can use SRP on those supported editions of Windows plus Windows Server 2003 and Windows XP. To compare features and functions in SRP and AppLocker so that you can determine when to use each technology to meet your application control objectives, see [Determine your application control objectives](determine-your-application-control-objectives.md).
 
 ## Use SRP and AppLocker in the same domain
 
 SRP and AppLocker use Group Policy for domain management. However, when policies are generated by SRP and AppLocker exist in the same domain, and they're applied through Group Policy, AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker. For info about how inheritance in Group Policy applies to AppLocker policies and policies generated by SRP, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md).
 
->**Important:**  As a best practice, use separate Group Policy Objects to implement your SRP and AppLocker policies. To reduce troubleshooting issues, do not combine them in the same GPO.
+>**Important:**  As a best practice, use separate Group Policy Objects to implement your SRP and AppLocker policies. To reduce troubleshooting issues, do not combine them in the same GPO.
  
 The following scenario provides an example of how each type of policy would affect a bank teller software app, where the app is deployed on different Windows desktop operating systems and managed by the Tellers GPO.
 
 | Operating system | Tellers GPO with AppLocker policy | Tellers GPO with SRP | Tellers GPO with AppLocker policy and SRP |
 | - | - | - | - |
-| Windows 10, Windows 8.1, Windows 8, and Windows 7 | AppLocker policies in the GPO are applied, and they supersede any local AppLocker policies.| Local AppLocker policies supersede policies generated by SRP that are applied through the GPO. | AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.| 
-| Windows Vista| AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP.AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.| 
-| Windows XP| AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.| 
+| Windows 10, Windows 8.1, Windows 8, and Windows 7 | AppLocker policies in the GPO are applied, and they supersede any local AppLocker policies.| Local AppLocker policies supersede policies generated by SRP that are applied through the GPO. | AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.| 
+| Windows Vista| AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP.AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.| 
+| Windows XP| AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.| 
  
->**Note:**  For info about supported versions and editions of the Windows operating system, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
+>**Note:**  For info about supported versions and editions of the Windows operating system, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
  
 ## Test and validate SRPs and AppLocker policies that are deployed in the same environment
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md
index 3a6fb08e52..e976eb85b8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: What Is AppLocker 
+title: What Is AppLocker
 description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
-ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # What Is AppLocker?
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -83,5 +66,3 @@ The following table compares the application control functions of Software Restr
 ## Related topics
 
 - [AppLocker technical reference](applocker-technical-reference.md)
-
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
similarity index 82%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
index 43981062e8..9f51d9f474 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
@@ -1,30 +1,13 @@
 ---
-title: Windows Installer rules in AppLocker 
+title: Windows Installer rules in AppLocker
 description: This topic describes the file formats and available default rules for the Windows Installer rule collection.
-ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Windows Installer rules in AppLocker
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -47,5 +30,3 @@ The purpose of this collection is to allow you to control the installation of fi
 ## Related topics
 
 - [Understanding AppLocker default rules](understanding-applocker-default-rules.md)
- 
- 
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md
index ca6e21acbd..0f287537b8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md
@@ -1,30 +1,13 @@
 ---
-title: Working with AppLocker policies 
+title: Working with AppLocker policies
 description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
-ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
 ms.topic: conceptual
 ms.date: 09/21/2017
-ms.technology: itpro-security
 ---
 
 # Working with AppLocker policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -46,5 +29,4 @@ This topic for IT professionals provides links to procedural topics about creati
 | [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md) | This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.| 
 | [Merge AppLocker policies manually](merge-applocker-policies-manually.md) | This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).| 
 | [Refresh an AppLocker policy](refresh-an-applocker-policy.md) | This topic for IT professionals describes the steps to force an update for an AppLocker policy.| 
-| [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md) | This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.| 
-
+| [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md) | This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md
index 2cec2568d1..57c5eaa7cd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -1,30 +1,14 @@
 ---
-title: Working with AppLocker rules 
+title: Working with AppLocker rules
 description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
-ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9
-ms.reviewer: 
-manager: aaroncz
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: vinaypamnani-msft
 ms.localizationpriority: medium
 msauthor: v-anbic
 ms.date: 08/27/2018
-ms.technology: itpro-security
 ms.topic: conceptual
 ---
 
 # Working with AppLocker rules
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -67,7 +51,7 @@ The AppLocker console is organized into rule collections, which are executable f
 | Packaged apps and packaged app installers | .appx| 
 | DLL files | .dll<br/>.ocx| 
  
->**Important:**  If you use DLL rules, you need to create an allow rule for each DLL that is used by all of the allowed apps.
+>**Important:**  If you use DLL rules, you need to create an allow rule for each DLL that is used by all of the allowed apps.
 
 When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used.
 
@@ -93,7 +77,7 @@ This condition identifies an app based on its digital signature and extended att
  
 When you select a reference file for a publisher condition, the wizard creates a rule that specifies the publisher, product, file name, and version number. You can make the rule more generic by moving up the slider or by using a wildcard character (\*) in the product, file name, or version number fields.
 
->**Note:**  To enter custom values for any of the fields of a publisher rule condition in the Create Rules Wizard, you must select the **Use custom values** check box. When this check box is selected, you cannot use the slider.
+>**Note:**  To enter custom values for any of the fields of a publisher rule condition in the Create Rules Wizard, you must select the **Use custom values** check box. When this check box is selected, you cannot use the slider.
  
 The **File version** and **Package version** control whether a user can run a specific version, earlier versions, or later versions of the app. You can choose a version number and then configure the following options:
 
@@ -103,8 +87,7 @@ The **File version** and **Package version** control whether a user can run a sp
 
 The following table describes how a publisher condition is applied.
 
-
-| Option | The publisher condition allows or denies… |
+| Option | The publisher condition allows or denies... |
 |---|---|
 | **All signed files** | All files that are signed by any publisher.| 
 | **Publisher only**| All files that are signed by the named publisher.| 
@@ -132,7 +115,7 @@ The following table details these path variables.
 | Removable media (for example, a CD or DVD)| %REMOVABLE%| |
 | Removable storage device (for example, a USB flash drive)| %HOT% | |
  
->**Important:**  Because a path rule condition can be configured to include a large number of folders and files, path conditions should be carefully planned. For example, if an allow rule with a path condition includes a folder location that non-administrators are allowed to write data into, a user can copy unapproved files into that location and run the files. For this reason, it is a best practice to not create path conditions for standard user writable locations, such as a user profile.
+>**Important:**  Because a path rule condition can be configured to include a large number of folders and files, path conditions should be carefully planned. For example, if an allow rule with a path condition includes a folder location that non-administrators are allowed to write data into, a user can copy unapproved files into that location and run the files. For this reason, it is a best practice to not create path conditions for standard user writable locations, such as a user profile.
  
 ### <a href="" id="bkmk-filehash"></a>File hash
 
@@ -202,7 +185,7 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
 3.  In the console tree, double-click **Application Control Policies**, right-click **AppLocker**, and then click **Properties**.
 4.  Click the **Advanced** tab, select the **Enable the DLL rule collection** check box, and then click **OK**.
 
-    >**Important:**  Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed apps.
+    >**Important:**  Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed apps.
      
 ## AppLocker wizards
 
@@ -221,7 +204,7 @@ You can create rules by using two AppLocker wizards:
     -   **A publisher condition with a specific product version set** If you create a publisher rule condition that uses the **Exactly** version option, the rule can't persist if a new version of the app is installed. A new publisher condition must be created, or the version must be edited in the rule to be made less specific.
 
 -   If an app isn't digitally signed, you can't use a publisher rule condition for that app.
--   AppLocker rules can't be used to manage computers running a Windows operating system earlier than Windows Server 2008 R2 or Windows 7. Software Restriction Policies must be used instead. If AppLocker rules are defined in a Group Policy Object (GPO), only those rules are applied. To ensure interoperability between Software Restriction Policies rules and AppLocker rules, define Software Restriction Policies rules and AppLocker rules in different GPOs.
+-   AppLocker rules can't be used to manage computers running a Windows operating system earlier than Windows Server 2008 R2 or Windows 7. Software Restriction Policies must be used instead. If AppLocker rules are defined in a Group Policy Object (GPO), only those rules are applied. To ensure interoperability between Software Restriction Policies rules and AppLocker rules, define Software Restriction Policies rules and AppLocker rules in different GPOs.
 -   The packaged apps and packaged apps installer rule collection is available on devices running at least Windows Server 2012 and Windows 8.
 -   When the rules for the executable rule collection are enforced and the packaged apps and packaged app installers rule collection doesn't contain any rules, no packaged apps and packaged app installers are allowed to run. In order to allow any packaged apps and packaged app installers, you must create rules for the packaged apps and packaged app installers rule collection.
 -   When an AppLocker rule collection is set to **Audit only**, the rules aren't enforced. When a user runs an application that is included in the rule, the app is opened and runs normally, and information about that app is added to the AppLocker event log.
diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
index 04b3c1eaac..965a20c625 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/LOB-win32-apps-on-s.md
@@ -1,25 +1,15 @@
 ---
 title: Allow LOB Win32 apps on Intune-managed S Mode devices
 description: Using Windows Defender Application Control (WDAC) supplemental policies, you can expand the S Mode base policy on your Intune-managed devices.
-ms.prod: windows-client
 ms.localizationpriority: medium
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/05/2023
-ms.technology: itpro-security
 ms.topic: how-to
 ---
 
 # Allow line-of-business Win32 apps on Intune-managed S Mode devices
 
-**Applies to:**
-
-- Windows 10
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
 
 You can use Microsoft Intune to deploy and run critical Win32 applications, and Windows components that are normally blocked in S mode, on your Intune-managed Windows 10 in S mode devices. For example, PowerShell.exe.
 
@@ -31,7 +21,7 @@ For an overview and brief demo of this feature, see this video:
 
 ## Policy authorization process
 
-![Basic diagram of the policy authorization flow.](images/wdac-intune-policy-authorization.png)
+![Basic diagram of the policy authorization flow.](../images/wdac-intune-policy-authorization.png)
 
 The general steps for expanding the S mode base policy on your Intune-managed Windows 10 in S mode devices are to generate a supplemental policy, sign that policy, upload the signed policy to Intune, and assign it to user or device groups. Because you need access to PowerShell cmdlets to generate your supplemental policy, you should create and manage your policies on a non-S mode device. Once the policy has been uploaded to Intune, before deploying the policy more broadly, assign it to a single test Windows 10 in S mode device to verify expected functioning.
 
@@ -39,7 +29,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi
 
     This policy expands the S mode base policy to authorize more applications. Anything authorized by either the S mode base policy or your supplemental policy is allowed to run. Your supplemental policies can specify filepath rules, trusted publishers, and more.
 
-    For more information on creating supplemental policies, see [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](select-types-of-rules-to-create.md).
+    For more information on creating supplemental policies, see [Deploy multiple WDAC policies](../design/deploy-multiple-wdac-policies.md). For more information on the right type of rules to create for your policy, see [Deploy WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md).
 
     The following instructions are a basic set for creating an S mode supplemental policy:
 
@@ -81,7 +71,7 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi
 
 2. Sign the policy.
 
-    Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md).
+    Supplemental S mode policies must be digitally signed. To sign your policy, use your organization's custom Public Key Infrastructure (PKI). For more information on signing using an internal CA, see [Create a code signing cert for WDAC](create-code-signing-cert-for-wdac.md).
 
       > [!TIP]
       > For more information, see [Azure Code Signing, democratizing trust for developers and consumers](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669).
@@ -97,19 +87,19 @@ The general steps for expanding the S mode base policy on your Intune-managed Wi
 
 ## Standard process for deploying apps through Intune
 
-![Basic diagram for deploying apps through Intune.](images/wdac-intune-app-deployment.png)
+![Basic diagram for deploying apps through Intune.](../images/wdac-intune-app-deployment.png)
 
 For more information on the existing procedure of packaging signed catalogs and app deployment, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
 
 ## Optional: Process for deploying apps using catalogs
 
-![Basic diagram for deploying Apps using catalogs.](images/wdac-intune-app-catalogs.png)
+![Basic diagram for deploying Apps using catalogs.](../images/wdac-intune-app-catalogs.png)
 
 Your supplemental policy can be used to significantly relax the S mode base policy, but there are security trade-offs you must consider in doing so. For example, you can use a signer rule to trust an external signer, but that authorizes all apps signed by that certificate, which may include apps you don't want to allow as well.
 
 Instead of authorizing signers external to your organization, Intune has functionality to make it easier to authorize existing applications by using signed catalogs. This feature doesn't require repackaging or access to the source code. It works for apps that may be unsigned or even signed apps when you don't want to trust all apps that may share the same signing certificate.
 
-The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-windows-defender-application-control.md).
+The basic process is to generate a catalog file for each app using Package Inspector, then sign the catalog files using a custom PKI. To authorize the catalog signing certificate in the supplemental policy, use the **Add-SignerRule** PowerShell cmdlet as shown earlier in step 1 of the [Policy authorization process](#policy-authorization-process). After that, use the [Standard process for deploying apps through Intune](#standard-process-for-deploying-apps-through-intune) outlined earlier. For more information on generating catalogs, see [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-wdac.md).
 
 > [!NOTE]
 > Every time an app updates, you need to deploy an updated catalog. Try to avoid using catalog files for applications that auto-update, and direct users not to update applications on their own.
diff --git a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
similarity index 75%
rename from windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
index 356adb95d7..98ac6cf37d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/audit-wdac-policies.md
@@ -1,33 +1,15 @@
 ---
-title: Use audit events to create WDAC policy rules 
+title: Use audit events to create WDAC policy rules
 description: Audits allow admins to discover apps, binaries, and scripts that should be added to the WDAC policy.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 05/03/2018
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Use audit events to create WDAC policy rules
 
-**Applies to:**
-
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
 
 Running Application Control in audit mode lets you discover applications, binaries, and scripts that are missing from your WDAC policy but should be included.
 
@@ -36,18 +18,18 @@ While a WDAC policy is running in audit mode, any binary that runs but would hav
 ## Overview of the process to create WDAC policy to allow apps using audit events
 
 > [!Note]
-> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md).
+> You must have already deployed a WDAC audit mode policy to use this process. If you have not already done so, see [Deploying Windows Defender Application Control policies](wdac-deployment-guide.md).
 
 To familiarize yourself with creating WDAC rules from audit events, follow these steps on a device with a WDAC audit mode policy.
 
 1. Install and run an application not allowed by the WDAC policy but that you want to allow.
 
-2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md).
+2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](../operations/event-id-explanations.md).
 
    **Figure 1. Exceptions to the deployed WDAC policy**
-   ![Event showing exception to WDAC policy.](images/dg-fig23-exceptionstocode.png)
+   ![Event showing exception to WDAC policy.](../images/dg-fig23-exceptionstocode.png)
 
-3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
+3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
 
    ```powershell
    $PolicyName= "Lamna_FullyManagedClients_Audit"
@@ -59,13 +41,13 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**.
 
    ```powershell
-   New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash –UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings
+   New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash -UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings
    ```
 
    > [!NOTE]
-   > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of  **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md).
+   > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **FilePublisher** rule level with a fallback level of  **Hash**, which may be more specific than desired. You can re-run the above command using different **-Level** and **-Fallback** options to meet your needs. For more information about WDAC rule levels, see [Understand WDAC policy rules and file rules](../design/select-types-of-rules-to-create.md).
 
-5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](wdac-wizard-editing-policy.md)).
+5. Find and review the WDAC policy file **EventsPolicy.xml** that should be found on your desktop. Ensure that it only includes file and signer rules for applications, binaries, and scripts you wish to allow. You can remove rules by manually editing the policy XML or use the WDAC Policy Wizard tool (see [Editing existing base and supplemental WDAC policies with the Wizard](../design/wdac-wizard-editing-policy.md)).
 
 6. Find and review the text file **EventsPolicyWarnings.txt** that should be found on your desktop. This file will include a warning for any files that WDAC couldn't create a rule for at either the specified rule level or fallback rule level.
 
@@ -74,6 +56,6 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 
 7. Merge **EventsPolicy.xml** with the Base policy **Lamna_FullyManagedClients_Audit.xml** or convert it to a supplemental policy.
 
-    For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](deploy-multiple-windows-defender-application-control-policies.md).
+    For information on merging policies, refer to [Merge Windows Defender Application Control policies](merge-wdac-policies.md) and for information on supplemental policies see [Use multiple Windows Defender Application Control Policies](../design/deploy-multiple-wdac-policies.md).
 
 8. Convert the Base or Supplemental policy to binary and deploy using your preferred method.
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
index 8050e17b08..cfa497a317 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/create-code-signing-cert-for-wdac.md
@@ -1,35 +1,17 @@
 ---
-title: Create a code signing cert for Windows Defender Application Control 
+title: Create a code signing cert for Windows Defender Application Control
 description: Learn how to set up a publicly issued code signing certificate, so you can sign catalog files or WDAC policies internally.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
 ms.topic: conceptual
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 12/01/2022
-ms.technology: itpro-security
 ---
 
 # Optional: Create a code signing cert for Windows Defender Application Control  
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](wdac-deployment-guide.md).
 
 If you have an internal CA, complete these steps to create a code signing certificate.
 
@@ -45,7 +27,7 @@ If you have an internal CA, complete these steps to create a code signing certif
 
 2. When connected, right-click **Certificate Templates**, and then select **Manage** to open the Certification Templates Console.
 
-    ![CA snap-in showing Certificate Templates.](images/dg-fig27-managecerttemp.png)
+    ![CA snap-in showing Certificate Templates.](../images/dg-fig27-managecerttemp.png)
 
     Figure 1. Manage the certificate templates
 
@@ -61,7 +43,7 @@ If you have an internal CA, complete these steps to create a code signing certif
 
 8. In the **Edit Basic Constraints Extension** dialog box, select **Enable this extension**, as shown in Figure 2.
 
-    ![Edit Basic Constraints Extension.](images/dg-fig29-enableconstraints.png)
+    ![Edit Basic Constraints Extension.](../images/dg-fig29-enableconstraints.png)
 
     Figure 2. Select constraints on the new template
 
@@ -77,7 +59,7 @@ When this certificate template has been created, you must publish it to the CA p
 
 1. In the Certification Authority MMC snap-in, right-click **Certification Templates**, point to **New**, and then select **Certificate Template to Issue**, as shown in Figure 3.
 
-    ![Select Certificate Template to Issue.](images/dg-fig30-selectnewcert.png)
+    ![Select Certificate Template to Issue.](../images/dg-fig30-selectnewcert.png)
 
     Figure 3. Select the new certificate template to issue
 
@@ -95,7 +77,7 @@ Now that the template is available to be issued, you must request one from the c
 
 4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4.
 
-    ![Request Certificates: more information required.](images/dg-fig31-getmoreinfo.png)
+    ![Request Certificates: more information required.](../images/dg-fig31-getmoreinfo.png)
 
     Figure 4. Get more information for your code signing certificate
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
index e49832fb80..bc9542abec 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-catalog-files-to-support-wdac.md
@@ -1,31 +1,19 @@
 ---
 title: Deploy catalog files to support Windows Defender Application Control
 description: Catalog files simplify running unsigned applications in the presence of a Windows Defender Application Control (WDAC) policy.
-ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: how-to
-author: jsuther1974
-ms.reviewer: jgeurten
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/30/2022
-ms.technology: itpro-security
 ---
 
 # Deploy catalog files to support Windows Defender Application Control
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
 
 *Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging.
 
-You need to [obtain a code signing certificate for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism.
+You need to [obtain a code signing certificate for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism.
 
 Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files are able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code, because most malware is unsigned.
 
@@ -46,7 +34,7 @@ To create a catalog file for an existing app, you can use a tool called **Packag
     $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip"
     ```
 
-    Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deployment/deploy-wdac-policies-with-script.md).
+    Then apply the policy as described in [Deploy Windows Defender Application Control policies with script](deploy-wdac-policies-with-script.md).
 
 2. Start Package Inspector to monitor file creation on a **local drive** where you install the app, for example, drive C:
 
@@ -121,7 +109,7 @@ For the code signing certificate that you use to sign the catalog file, import i
 
 3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1.
 
-   ![Digital Signature list in file Properties.](images/dg-fig12-verifysigning.png)
+   ![Digital Signature list in file Properties.](../images/dg-fig12-verifysigning.png)
 
    Figure 1. Verify that the signing certificate exists.
 
@@ -144,7 +132,7 @@ The following process walks you through the deployment of a signed catalog file
    > [!NOTE]
    > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies.
 
-   ![Group Policy Management, create a GPO.](images/dg-fig13-createnewgpo.png)
+   ![Group Policy Management, create a GPO.](../images/dg-fig13-createnewgpo.png)
 
    Figure 2. Create a new GPO.
 
@@ -154,7 +142,7 @@ The following process walks you through the deployment of a signed catalog file
 
 5. Within the selected GPO, navigate to **Computer Configuration\\Preferences\\Windows Settings\\Files**. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3.
 
-   ![Group Policy Management Editor, New File.](images/dg-fig14-createnewfile.png)
+   ![Group Policy Management Editor, New File.](../images/dg-fig14-createnewfile.png)
 
    Figure 3. Create a new file.
 
@@ -164,7 +152,7 @@ The following process walks you through the deployment of a signed catalog file
 
 7. To keep versions consistent, in the **New File Properties** dialog box as shown in Figure 4, select **Replace** from the **Action** list so that the newest version is always used.
 
-   ![File Properties, Replace option.](images/dg-fig15-setnewfileprops.png)
+   ![File Properties, Replace option.](../images/dg-fig15-setnewfileprops.png)
 
    Figure 4. Set the new file properties.
 
@@ -197,7 +185,7 @@ Complete the following steps to create a new deployment package for catalog file
 
 3. Name the package, set your organization as the manufacturer, and select an appropriate version number.
 
-    ![Create Package and Program Wizard.](images/dg-fig16-specifyinfo.png)
+    ![Create Package and Program Wizard.](../images/dg-fig16-specifyinfo.png)
 
     Figure 5. Specify information about the new package.
 
@@ -218,7 +206,7 @@ Complete the following steps to create a new deployment package for catalog file
     - From the **Program can run** list, select **Whether or not a user is logged on**.
     - From the **Drive mode** list, select **Runs with UNC name**.
 
-    ![Standard Program page of wizard.](images/dg-fig17-specifyinfo.png)
+    ![Standard Program page of wizard.](../images/dg-fig17-specifyinfo.png)
 
     Figure 6. Specify information about the standard program.
 
@@ -246,7 +234,7 @@ After you create the deployment package, deploy it to a collection so that the c
 
     - Select the **Commit changes at deadline or during a maintenance window (requires restarts)** check box.
 
-    ![Deploy Software Wizard, User Experience page.](images/dg-fig18-specifyux.png)
+    ![Deploy Software Wizard, User Experience page.](../images/dg-fig18-specifyux.png)
 
     Figure 7. Specify the user experience.
 
@@ -271,13 +259,13 @@ You can configure software inventory to find catalog files on your managed syste
 
 3. Name the new policy, and under **Select and then configure the custom settings for client devices**, select the **Software Inventory** check box, as shown in Figure 8.
 
-    ![Create Custom Client Device Settings.](images/dg-fig19-customsettings.png)
+    ![Create Custom Client Device Settings.](../images/dg-fig19-customsettings.png)
 
     Figure 8. Select custom settings.
 
 4. In the navigation pane, select **Software Inventory**, and then select **Set Types**, as shown in Figure 9.
 
-    ![Software Inventory settings for devices.](images/dg-fig20-setsoftwareinv.png)
+    ![Software Inventory settings for devices.](../images/dg-fig20-setsoftwareinv.png)
 
     Figure 9. Set the software inventory.
 
@@ -290,7 +278,7 @@ You can configure software inventory to find catalog files on your managed syste
 
 7. In the **Path Properties** dialog box, select **Variable or path name**, and then type `C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}` in the box, as shown in Figure 10.
 
-    ![Path Properties, specifying a path.](images/dg-fig21-pathproperties.png)
+    ![Path Properties, specifying a path.](../images/dg-fig21-pathproperties.png)
 
     Figure 10. Set the path properties.
 
@@ -313,7 +301,7 @@ At the time of the next software inventory cycle, when the targeted clients rece
 
 ## Allow apps signed by your catalog signing certificate in your WDAC policy
 
-Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](windows-defender-application-control-design-guide.md).
+Now that you have your signed catalog file, you can add a signer rule to your policy that allows anything signed with that certificate. If you haven't yet created a WDAC policy, see the [Windows Defender Application Control design guide](../design/wdac-design-guide.md).
 
 On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the following sample:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
index 5c703094c7..aed9b36b5b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-group-policy.md
@@ -1,36 +1,18 @@
 ---
-title: Deploy WDAC policies via Group Policy 
+title: Deploy WDAC policies via Group Policy
 description: Windows Defender Application Control (WDAC) policies can easily be deployed and managed with Group Policy. Learn how by following this step-by-step guide.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 01/23/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Deploy Windows Defender Application Control policies by using Group Policy
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Group Policy, deploy new signed WDAC Base policies [via script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script#deploying-signed-policies) and activate the policy with a system restart.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
@@ -50,7 +32,7 @@ To deploy and manage a Windows Defender Application Control policy with Group Po
 2. Create a new GPO: right-click an OU and then select **Create a GPO in this domain, and Link it here**.
 
    > [!NOTE]
-   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../plan-windows-defender-application-control-management.md).
+   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate), as discussed in [Plan for Windows Defender Application Control lifecycle policy management](../design/plan-wdac-management.md).
 
    ![Group Policy Management, create a GPO.](../images/dg-fig24-creategpo.png)
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md
index 83e3847164..c7086b6b5e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-using-intune.md
@@ -1,32 +1,20 @@
 ---
-title: Deploy WDAC policies using Mobile Device Management (MDM) 
+title: Deploy WDAC policies using Mobile Device Management (MDM)
 description: You can use an MDM like Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
-ms.date: 01/23/2023
+ms.date: 08/30/2023
 ms.topic: how-to
 ---
 
 # Deploy WDAC policies using Mobile Device Management (MDM)
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps.
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies *with a reboot* on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Instead of Mobile Device Management (MDM), deploy new signed WDAC Base policies [via script](deploy-wdac-policies-with-script.md) and activate the policy with a system restart.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
@@ -40,17 +28,17 @@ Intune's built-in Windows Defender Application Control support allows you to con
 - [Optional] Reputable apps as defined by the Intelligent Security Graph (ISG)
 
 > [!NOTE]
-> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. You can use Intune's custom OMA-URI feature to deploy your own multiple-policy format WDAC policies and leverage features available on Windows 10 1903+ or Windows 11 as described later in this topic.
+> Intune's built-in policies use the pre-1903 single-policy format version of the DefaultWindows policy. Use the [improved Intune WDAC experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to create and deploy multiple-policy format files. Or, you can use Intune's custom OMA-URI feature to deploy your own multiple-policy format WDAC policies and leverage features available on Windows 10 1903+ or Windows 11 as described later in this topic.
 
 > [!NOTE]
-> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP will always request a reboot when applying WDAC policies. You can use Intune's custom OMA-URI feature with the ApplicationControl CSP to deploy your own WDAC policies rebootlessly.
+> Intune currently uses the AppLocker CSP to deploy its built-in policies. The AppLocker CSP always requests a device restart when it applies WDAC policies. Use the [improved Intune WDAC experience](/mem/intune/protect/endpoint-security-app-control-policy), currently in public preview, to deploy your own WDAC policies without a restart. Or, you can use Intune's custom OMA-URI feature with the ApplicationControl CSP.
 
 To use Intune's built-in WDAC policies, configure [Endpoint Protection for Windows 10 (and later)](/mem/intune/protect/endpoint-protection-windows-10?toc=/intune/configuration/toc.json&bc=/intune/configuration/breadcrumb/toc.json).
 
 ## Deploy WDAC policies with custom OMA-URI
 
 > [!NOTE]
-> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../deploy-multiple-windows-defender-application-control-policies.md) which allow more granular policy.
+> Policies deployed through Intune custom OMA-URI are subject to a 350,000 byte limit. Customers should create Windows Defender Application Control policies that use signature-based rules, the Intelligent Security Graph, and managed installers where practical. Customers whose devices are running 1903+ builds of Windows are also encouraged to use [multiple policies](../design/deploy-multiple-wdac-policies.md) which allow more granular policy.
 
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
@@ -58,6 +46,9 @@ You should now have one or more WDAC policies converted into binary form. If not
 
 Beginning with Windows 10 1903, custom OMA-URI policy deployment can use the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies.
 
+> [!NOTE]
+> You must convert your custom policy XML to binary form before deploying with OMA-URI.
+
 The steps to use Intune's custom OMA-URI functionality are:
 
 1. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
@@ -65,10 +56,9 @@ The steps to use Intune's custom OMA-URI functionality are:
 2. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
     - **OMA-URI**: `./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy`
     - **Data type**: Base64 (file)
-    - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf. 
+    - **Certificate file**: Upload your binary format policy file. To do this, change your {GUID}.cip file to {GUID}.bin. You don't need to upload a Base64 file, as Intune converts the uploaded .bin file to Base64 on your behalf.
 
-    > [!div class="mx-imgBorder"]
-    > ![Configure custom WDAC.](../images/wdac-intune-custom-oma-uri.png)
+    :::image type="content" alt-text="Configure custom WDAC." source="../images/wdac-intune-custom-oma-uri.png" lightbox="../images/wdac-intune-custom-oma-uri.png":::
 
 > [!NOTE]
 > For the _Policy GUID_ value, do not include the curly brackets.
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
similarity index 95%
rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
index 72b2f4c5a2..d4135733c2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
@@ -1,12 +1,6 @@
 ---
 title: Deploy Windows Defender Application Control policies with Configuration Manager
 description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
-ms.prod: windows-client
-ms.technology: itpro-security
-author: jgeurten
-ms.reviewer: aaroncz
-ms.author: jogeurte
-manager: aaroncz
 ms.date: 06/27/2022
 ms.topic: how-to
 ms.localizationpriority: medium
@@ -14,12 +8,6 @@ ms.localizationpriority: medium
 
 # Deploy WDAC policies by using Microsoft Configuration Manager
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index cd5c8ce323..a96124b086 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -1,28 +1,14 @@
 ---
-title: Deploy Windows Defender Application Control (WDAC) policies using script 
+title: Deploy Windows Defender Application Control (WDAC) policies using script
 description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
-keywords: security, malware
-ms.prod: windows-client
-audience: ITPro
-author: jsuther1974
-ms.reviewer: aaroncz
-ms.author: jogeurte
 ms.manager: jsuther
-manager: aaroncz
 ms.date: 01/23/2023
-ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
 ---
 
 # Deploy WDAC policies using script
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -31,7 +17,7 @@ This article describes how to deploy Windows Defender Application Control (WDAC)
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. Skip all steps below that use CiTool, RefreshPolicy.exe, or WMI to initiate a policy activation. Instead, copy the policy binary to the correct system32 and EFI locations and then activate the policy with a system restart.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
index be973cf600..5c4d60cfa8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/disable-wdac-policies.md
@@ -1,33 +1,15 @@
 ---
-title: Remove Windows Defender Application Control policies  
+title: Remove Windows Defender Application Control policies
 description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/04/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Remove Windows Defender Application Control (WDAC) policies
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 ## Removing WDAC policies
 
@@ -55,7 +37,7 @@ To make a policy effectively inactive before removing it, you can first replace
 5. If applicable, remove option **0 Enabled:UMCI** to convert the policy to kernel mode only.
 
 > [!IMPORTANT]
-> After a policy has been removed, you must restart the computer for it to take effect. You can't remove WDAC policies rebootlessly.
+> After you remove a policy, restart the computer for it to take effect. You can't remove WDAC policies without restarting the device.
 
 ### Remove WDAC policies using CiTool.exe
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
similarity index 78%
rename from windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
index 082b0a5d27..9000c01d85 100644
--- a/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/enforce-wdac-policies.md
@@ -1,30 +1,16 @@
 ---
-title: Enforce Windows Defender Application Control (WDAC) policies 
+title: Enforce Windows Defender Application Control (WDAC) policies
 description: Learn how to switch a WDAC policy from audit to enforced mode.
-keywords: security, malware
-ms.prod: windows-client
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: jogeurte
 ms.manager: jsuther
-manager: aaroncz
 ms.date: 04/22/2021
-ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
 ---
 
 # Enforce Windows Defender Application Control (WDAC) policies
 
-**Applies to:**
-
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 You should now have one or more Windows Defender Application Control policies broadly deployed in audit mode. You have analyzed events collected from the devices with those policies and you're ready to enforce. Use this procedure to prepare and deploy your WDAC policies in enforcement mode.
 
@@ -33,11 +19,11 @@ You should now have one or more Windows Defender Application Control policies br
 
 ## Convert WDAC **base** policy from audit to enforced
 
-As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As described in [common Windows Defender Application Control deployment scenarios](../design/common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 
 **Alice Pena** is the IT team lead responsible for Lamna's WDAC rollout.
 
-Alice previously created and deployed a policy for the organization's [fully managed devices](create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-windows-defender-application-control-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode.
+Alice previously created and deployed a policy for the organization's [fully managed devices](../design/create-wdac-policy-for-fully-managed-devices.md). They updated the policy based on audit event data as described in [Use audit events to create WDAC policy rules](audit-wdac-policies.md) and redeployed it. All remaining audit events are as expected and Alice is ready to switch to enforcement mode.
 
 1. Initialize the variables that will be used and create the enforced policy by copying the audit version.
 
@@ -55,8 +41,7 @@ Alice previously created and deployed a policy for the organization's [fully man
    $EnforcedPolicyID = $EnforcedPolicyID.Substring(11)
    ```
 
-
-3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment.
+3. *[Optionally]* Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to enable rule options 9 ("Advanced Boot Options Menu") and 10 ("Boot Audit on Failure"). Option 9 allows users to disable WDAC enforcement for a single boot session from a pre-boot menu. Option 10 instructs Windows to switch the policy from enforcement to audit only if a boot critical kernel-mode driver is blocked. We strongly recommend these options when deploying a new enforced policy to your first deployment ring. Then, if no issues are found, you can remove the options and restart your deployment.
 
    ```powershell
    Set-RuleOption -FilePath $EnforcedPolicyXML -Option 9
@@ -111,4 +96,4 @@ Since the enforced policy was given a unique PolicyID in the previous procedure,
 
 ## Deploy your enforced policy and supplemental policies
 
-Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md).
+Now that your base policy is in enforced mode, you can begin to deploy it to your managed endpoints. For information about deploying policies, see [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md).
diff --git a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
index 53b1e0a448..20bf91ea2a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/merge-wdac-policies.md
@@ -1,30 +1,16 @@
 ---
-title: Merge Windows Defender Application Control policies (WDAC) 
+title: Merge Windows Defender Application Control policies (WDAC)
 description: Learn how to merge WDAC policies as part of your policy lifecycle management.
-keywords: security, malware
-ms.prod: windows-client
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: jogeurte
 ms.manager: jsuther
-manager: aaroncz
 ms.date: 04/22/2021
-ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
 ---
 
 # Merge Windows Defender Application Control (WDAC) policies
 
-**Applies to:**
-
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This article shows how to merge multiple policy XML files together and how to merge rules directly into a policy. Windows Defender Application Control deployments often include a few base policies and optional supplemental policies for specific use cases.
 
@@ -33,7 +19,7 @@ This article shows how to merge multiple policy XML files together and how to me
 
 ## Merge multiple WDAC policy XML files together
 
-There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-windows-defender-application-control-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session.
+There are many scenarios where you may want to merge two or more policy files together. For example, if you [use audit events to create Windows Defender Application Control policy rules](audit-wdac-policies.md), you can merge those rules with your existing WDAC base policy. To merge the two WDAC policies referenced in that article, complete the following steps in an elevated Windows PowerShell session.
 
 1. Initialize the variables that will be used:
 
@@ -57,7 +43,7 @@ There are many scenarios where you may want to merge two or more policy files to
 
 Besides merging multiple policy XML files, you can also merge rules created with the New-CIPolicyRule cmdlet directly into an existing WDAC policy XML file. Directly merging rules is a convenient way to update your policy without creating extra policy XML files. For example, to add rules that allow the WDAC Wizard and the WDAC RefreshPolicy.exe tool, follow these steps:
 
-1. Install the [WDAC Wizard](wdac-wizard.md) packaged MSIX app.
+1. Install the [WDAC Wizard](../design/wdac-wizard.md) packaged MSIX app.
 2. Download the [Refresh Policy tool](https://aka.ms/refreshpolicy) for your processor architecture and save it to your desktop as RefreshPolicy.exe.
 3. From a PowerShell session, run the following commands to create packaged app allow rules for the WDAC Wizard:
 
@@ -94,4 +80,4 @@ Now that you have your new, merged policy, you can convert and deploy the policy
 
 2. Upload your merged policy XML and the associated binary to the source control solution you are using for your Windows Defender Application Control policies. such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
 
-3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md)
+3. Deploy the merged policy using your preferred deployment solution. See [Deploying Windows Defender Application Control (WDAC) policies](wdac-deployment-guide.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
index 32b34dfe20..8bc12aa239 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection.md
@@ -1,27 +1,15 @@
 ---
 title: Use code signing for added control and protection with WDAC
 description: Code signing can be used to better control Win32 app authorization and add protection for your Windows Defender Application Control (WDAC) policies.
-ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: conceptual
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/29/2022
-ms.technology: itpro-security
 ---
 
 # Use code signing for added control and protection with Windows Defender Application Control
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
 
 ## What is code signing and why is it important?
 
@@ -38,7 +26,7 @@ You can use catalog files to easily add a signature to an existing application w
 > [!NOTE]
 > Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge.
 
-To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
+To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-wdac.md).
 
 ## Signed WDAC policies
 
@@ -51,5 +39,5 @@ For more information on using signed policies, see [Use signed policies to prote
 Some ways to obtain code signing certificates for your own use, include:
 
 - Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list).
-- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
+- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md
index ef0985446c..72139cebfa 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-signed-policies-to-protect-wdac-against-tampering.md
@@ -1,31 +1,19 @@
 ---
 title: Use signed policies to protect Windows Defender Application Control against tampering
 description: Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows 10 and Windows 11.
-ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: conceptual
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/04/2022
-ms.technology: itpro-security
 ---
 
 # Use signed policies to protect Windows Defender Application Control against tampering
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
 
 Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure or blue screen. With this goal in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to provide this protection for signed WDAC policies.
 
-If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md#obtain-code-signing-certificates-for-your-own-use).
+If you don't currently have a code signing certificate you can use to sign your policies, see [Obtain code signing certificates for your own use](use-code-signing-for-better-control-and-protection.md#obtain-code-signing-certificates-for-your-own-use).
 
 > [!WARNING]
 > Boot failure, or blue screen, may occur if your signing certificate doesn't follow these rules:
@@ -35,7 +23,7 @@ If you don't currently have a code signing certificate you can use to sign your
 > - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
 
-Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
+Before you attempt to deploy a signed policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](../design/select-types-of-rules-to-create.md).
 
 > [!NOTE]
 > When signing a Base policy that has existing Supplemental policies, you must also switch to signed policy for all of the Supplementals. Authorize the signed supplemental policies by adding a `<SupplementalPolicySigner>` rule to the Base policy.
@@ -51,7 +39,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
    ```
 
    > [!NOTE]
-   > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information.
+   > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](../design/create-wdac-policy-using-reference-computer.md) article. If you sign another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information.
 
 2. Navigate to your desktop as the working directory:
 
@@ -71,7 +59,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
     ```
 
     > [!IMPORTANT]
-    > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-windows-defender-application-control-policies.md#remove-wdac-policies-causing-boot-stop-failures).
+    > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed policies causing boot failure, see [Remove Windows Defender Application Control policies causing boot stop failures](disable-wdac-policies.md#remove-wdac-policies-causing-boot-stop-failures).
 
 4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option:
 
@@ -101,7 +89,7 @@ Before you attempt to deploy a signed policy, you should first deploy an unsigne
 
 If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files:
 
-1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
+1. Import the .pfx code signing certificate into the user's personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-wdac.md).
 
 2. Sign the WDAC policy by using SignTool.exe:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
similarity index 76%
rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
rename to windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
index a961918d5c..90bdaa9748 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md
@@ -1,29 +1,17 @@
 ---
 title: Deploying Windows Defender Application Control (WDAC) policies
 description: Learn how to plan and implement a WDAC deployment.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: jgeurten
-ms.reviewer: aaroncz
-ms.author: jogeurte
-manager: jsuther
 ms.date: 01/23/2023
 ms.topic: overview
 ---
 
 # Deploying Windows Defender Application Control (WDAC) policies
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](windows-defender-application-control-design-guide.md), do so now before proceeding.
+You should now have one or more Windows Defender Application Control (WDAC) policies ready to deploy. If you haven't yet completed the steps described in the [WDAC Design Guide](../design/wdac-design-guide.md), do so now before proceeding.
 
 ## Convert your WDAC policy XML to binary
 
@@ -56,13 +44,13 @@ All Windows Defender Application Control policy changes should be deployed in au
 ## Choose how to deploy WDAC policies
 
 > [!IMPORTANT]
-> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) enabled. We recommend [deploying via script](deployment/deploy-wdac-policies-with-script.md) in this case.
+> Due to a known issue, you should always activate new **signed** WDAC Base policies with a reboot on systems with [**memory integrity**](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) enabled. We recommend [deploying via script](deploy-wdac-policies-with-script.md) in this case.
 >
 > This issue does not affect updates to signed Base policies that are already active on the system, deployment of unsigned policies, or deployment of supplemental policies (signed or unsigned). It also does not affect deployments to systems that are not running memory integrity.
 
 There are several options to deploy Windows Defender Application Control policies to managed endpoints, including:
 
-- [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune
-- [Deploy using Microsoft Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md)
-- [Deploy via script](deployment/deploy-wdac-policies-with-script.md)
-- [Deploy via group policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md)
+- [Deploy using a Mobile Device Management (MDM) solution](deploy-wdac-policies-using-intune.md), such as Microsoft Intune
+- [Deploy using Microsoft Configuration Manager](deploy-wdac-policies-with-memcm.md)
+- [Deploy via script](deploy-wdac-policies-with-script.md)
+- [Deploy via group policy](deploy-wdac-policies-using-group-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
similarity index 91%
rename from windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
index abfdd65aed..ad1b478b40 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/allow-com-object-registration-in-wdac-policy.md
@@ -1,33 +1,15 @@
 ---
-title: Allow COM object registration in a WDAC policy 
+title: Allow COM object registration in a WDAC policy
 description: You can allow COM object registration in a Windows Defender Application Control policy.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: vinaypamnani-msft
-ms.reviewer: jsuther
-ms.author: vinpa
-manager: aaroncz
-ms.technology: itpro-security
 ms.date: 04/05/2023
 ms.topic: article
 ---
 
 # Allow COM object registration in a Windows Defender Application Control policy
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
 
 The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
 
@@ -38,8 +20,8 @@ Windows Defender Application Control (WDAC) enforces a built-in allowlist for CO
 > [!NOTE]
 > To add this functionality to other versions of Windows 10, you can install the following or later updates.
 
-- [Windows 10, 1809 June 18, 2019—KB4501371 (OS Build 17763.592)](https://support.microsoft.com/help/4501371/windows-10-update-kb4501371)
-- [Windows 10, 1607 June 18, 2019—KB4503294 (OS Build 14393.3053)](https://support.microsoft.com/help/4503294/windows-10-update-kb4503294)
+- [Windows 10, 1809 June 18, 2019-KB4501371 (OS Build 17763.592)](https://support.microsoft.com/help/4501371/windows-10-update-kb4501371)
+- [Windows 10, 1607 June 18, 2019-KB4503294 (OS Build 14393.3053)](https://support.microsoft.com/help/4503294/windows-10-update-kb4503294)
 
 ### Get COM object GUID
 
@@ -49,13 +31,13 @@ You can get the COM application GUID from the 8036 COM object block events in Ev
 
 Three elements:
 
-- Provider: platform on which code is running (values are  PowerShell, WSH, IE, VBA, MSI, or a wildcard “AllHostIds”)
+- Provider: platform on which code is running (values are  PowerShell, WSH, IE, VBA, MSI, or a wildcard "AllHostIds")
 - Key: GUID for the program you wish to run, in the format Key="{33333333-4444-4444-1616-161616161616}"
 - ValueName: needs to be set to "EnterpriseDefinedClsId"
 
 One attribute:
 
-- Value: needs to be “true” for allow and “false” for deny
+- Value: needs to be "true" for allow and "false" for deny
 
   > [!NOTE]
   > Deny only works in base policies, not supplemental policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
index e8331a7fcf..bcce7c5578 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
@@ -1,31 +1,19 @@
 ---
-title: Microsoft recommended block rules
+title: Applications that can bypass WDAC and how to block them
 description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: jsuther1974
-ms.reviewer: jgeurten
-ms.author: vinpa
-manager: aaroncz
-ms.date: 11/04/2022
+ms.date: 06/14/2023
 ms.topic: reference
 ---
 
-# Microsoft recommended block rules
+# Applications that can bypass WDAC and how to block them
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
->[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md).
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
 
 Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC.
 
-Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including WDAC:
+Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. An attacker can use these applications or files to circumvent application allow policies, including WDAC:
 
 - addinprocess.exe
 - addinprocess32.exe
@@ -72,7 +60,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 
 <sup>1</sup> A vulnerability in bginfo.exe was fixed in version 4.22. If you use BGInfo, for security, make sure to download and run the latest version of [BGInfo](/sysinternals/downloads/bginfo). BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
 
-<sup>2</sup> If you're using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end-user device that isn't being used in a development context, we recommend that you block msbuild.exe.
+<sup>2</sup> If you're using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. Otherwise, we recommend that you block msbuild.exe.
 
 <sup>*</sup> Microsoft recognizes the efforts of people in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
 
@@ -99,9 +87,9 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 > [!NOTE]
 > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
 
-Certain software applications may allow other code to run by design. Such applications should be blocked by your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, you should add *deny* rules to your application control policies for that application’s previous, less secure versions.
+Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that application's previous, less secure versions.
 
-Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes.
+Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can be blocked by their corresponding hashes.
 
 As of October 2017, system.management.automation.dll is updated to revoke earlier versions by hash values, instead of version rules.
 
@@ -111,14 +99,14 @@ If you wish to use this blocklist policy on Windows Server 2016, locate the deny
 - msxml6.dll
 - jscript9.dll
 
-The blocklist policy below includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone WDAC policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy below using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the sample policy below.
+The blocklist policy that follows includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone WDAC policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy that follows using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the blocklist policy.
 
 **WDAC policy XML**:
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.1.0.0</VersionEx>
+  <VersionEx>10.1.0.2</VersionEx>
   <PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
@@ -159,6 +147,14 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
     <Deny ID="ID_DENY_DOTNET" FriendlyName="dotnet.exe" FileName="dotnet.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_HVCISCAN_AMD_1" FriendlyName="HVCIScan.exe with missing resources AMD Hash Sha1" Hash="424823CD625834C05D55C7B825B0D8059D589748" />
+    <Deny ID="ID_DENY_HVCISCAN_AMD_2" FriendlyName="HVCIScan.exe with missing resources AMD Hash Sha256" Hash="4968BA3E491CF6471C5D1C6CBECE84294012298D8EB6D32C03E476892F34279C" />
+    <Deny ID="ID_DENY_HVCISCAN_AMD_3" FriendlyName="HVCIScan.exe with missing resources AMD Hash Page Sha1" Hash="FCFA167F5F1FC88E0886132AB0B2E0C32B4B1BF5" />
+    <Deny ID="ID_DENY_HVCISCAN_AMD_4" FriendlyName="HVCIScan.exe with missing resources AMD Hash Page Sha256" Hash="283F6E8998E7A20C68FFD8715E6F130EC7648055285883686336F5711DB1C978" />
+    <Deny ID="ID_DENY_HVCISCAN_ARM_1" FriendlyName="HVCIScan.exe with missing resources ARM Hash Sha1" Hash="A72B1B9554B682F9180E5051C1DA1F2601DCD773" />
+    <Deny ID="ID_DENY_HVCISCAN_ARM_2" FriendlyName="HVCIScan.exe with missing resources ARM Hash Sha256" Hash="AC399FA29FAB56F01F63B499766D489198021C54C000463342E0382AD3AF29BE" />
+    <Deny ID="ID_DENY_HVCISCAN_ARM_3" FriendlyName="HVCIScan.exe with missing resources ARM Hash Page Sha1" Hash="9FD720F1D4913073054D93CF446C9ADC7F0BA445" />
+    <Deny ID="ID_DENY_HVCISCAN_ARM_4" FriendlyName="HVCIScan.exe with missing resources ARM Hash Page Sha256" Hash="8CBB25C135FBB43C67F70E933C482A8F6DA9F37FF4761FA061BBD91B30CEFE17" />
     <Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
@@ -190,7 +186,7 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
     <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <!-- pick the correct version of msxml3.dll, msxml6.dll, and jscript9.dll based on the release you are supporting -->
-    <!-- the versions of these files in the 1903 release have this issue fixed, so they don’t need to be blocked -->
+    <!-- the versions of these files in the 1903 release have this issue fixed, so they don't need to be blocked -->
     <!-- RS1 Windows 1607
     <Deny  ID="ID_DENY_MSXML3"        FriendlyName="msxml3.dll"         FileName="msxml3.dll" MinimumFileVersion ="8.110.14393.2550"/>
     <Deny  ID="ID_DENY_MSXML6"        FriendlyName="msxml6.dll"         FileName="msxml6.dll" MinimumFileVersion ="6.30.14393.2550"/>
@@ -1500,6 +1496,14 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
           <FileRuleRef RuleID="ID_DENY_D_604" />
           <FileRuleRef RuleID="ID_DENY_D_605" />
           <FileRuleRef RuleID="ID_DENY_D_606" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_1" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_2" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_3" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_4" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_1" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_2" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_3" />
+          <FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_4" />
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
@@ -1507,9 +1511,21 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
   <UpdatePolicySigners />
   <CiSigners />
   <HvciOptions>0</HvciOptions>
+  <Settings>
+    <Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
+      <Value>
+        <String>Microsoft Windows Recommended User Mode BlockList</String>
+      </Value>
+    </Setting>
+    <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
+      <Value>
+        <String>10.1.0.2</String>
+      </Value>
+    </Setting>
+  </Settings>
 </SiPolicy>
 ```
 
 ## More information
 
-- [Merge WDAC policies](merge-windows-defender-application-control-policies.md)
+- [Merge WDAC policies](../deployment/merge-wdac-policies.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
index 4d96a0ba7f..2d96cac781 100644
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/common-wdac-use-cases.md
@@ -1,35 +1,17 @@
 ---
-title: Policy creation for common WDAC usage scenarios 
+title: Policy creation for common WDAC usage scenarios
 description: Develop a plan for deploying Windows Defender Application Control (WDAC) in your organization based on these common scenarios.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/05/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Windows Defender Application Control deployment in different scenarios: types of devices
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described.
+Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply "turn on." The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It's common for organizations to have device use cases across each of the categories described.
 
 ## Types of devices
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
similarity index 95%
rename from windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
index 9c86b54151..6154ff435d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -1,33 +1,15 @@
 ---
-title: Allow apps deployed with a WDAC managed installer 
+title: Allow apps deployed with a WDAC managed installer
 description: Explains how to configure a custom Managed Installer.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 02/02/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Automatically allow apps deployed by a managed installer with Windows Defender Application Control
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2019 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune.
 
@@ -230,15 +212,15 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables
     Set-RuleOption -FilePath <XML filepath> -Option 13
     ```
 
-4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control-deployment-guide.md).
+4. Deploy your WDAC policy. See [Deploying Windows Defender Application Control (WDAC) policies](../deployment/wdac-deployment-guide.md).
 
 > [!NOTE]
 > Your WDAC policy must include rules for all system/boot components, kernel drivers, and any other authorized applications that can't be deployed through a managed installer.
 
 ## Remove Managed Installer feature
 
-To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems).
+To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](../applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems).
 
 ## Related articles
 
-- [Managed installer and ISG technical reference and troubleshooting guide](configure-wdac-managed-installer.md)
+- [Managed installer and ISG technical reference and troubleshooting guide](../operations/configure-wdac-managed-installer.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
index ff87d17d02..3dcec18e4f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-deny-policy.md
@@ -1,19 +1,7 @@
 ---
 title: Create WDAC Deny Policy
 description: Explains how to create WDAC deny policies
-keywords: WDAC, policy
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
-ms.technology: itpro-security
 ms.date: 12/31/2017
 ms.topic: article
 ---
@@ -72,7 +60,7 @@ Merge-CIPolicy -PolicyPaths $ DenyPolicy, $ExistingPolicy -OutputFilePath $Exist
 
 ## Best Practices
 
-1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](windows-defender-application-control-operational-guide.md)
+1. **Test first in Audit mode** - as with all new policies, we recommend rolling out your new deny policy in Audit Mode and monitoring the [3076 audit block events](../operations/event-id-explanations.md) to ensure only the applications you intended to block are blocked. More information on monitoring block events via the Event Viewer logs and Advanced Hunting: [Managing and troubleshooting Windows Defender Application Control policies](../operations/wdac-operational-guide.md)
 
 2. **Recommended Deny Rules Types** - signer and file attribute rules are recommended from a security, manageability, and performance perspective. Hash rules should only be used if necessary. Since the hash of a file changes with any change to the file, it's hard to keep up with a hash-based block policy where the attacker can trivially update the file. While WDAC has optimized parsing of hash rules, some devices may see performance impacts at runtime evaluation if policies have tens of thousands or more hash rules.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md
index d19e40f9be..76720b9535 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-fully-managed-devices.md
@@ -1,40 +1,22 @@
 ---
-title: Create a WDAC policy for fully managed devices 
+title: Create a WDAC policy for fully managed devices
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in system core.
-keywords: security, malware
 ms.topic: conceptual
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/07/2022
-ms.technology: itpro-security
 ---
 
 # Create a WDAC policy for fully managed devices
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
 
 > [!NOTE]
 > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 
-As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 
 **Alice Pena** is the IT team lead tasked with the rollout of WDAC.
 
@@ -54,12 +36,12 @@ Alice's team develops a simple console application, called *LamnaITInstaller.exe
 
 Based on the above, Alice defines the pseudo-rules for the policy:
 
-1. **“Windows works”** rules that authorize:
+1. **"Windows works"** rules that authorize:
    - Windows
    - WHQL (third-party kernel drivers)
    - Windows Store signed apps
 
-2. **"ConfigMgr works”** rules that include signer and hash rules for Configuration Manager components to properly function.
+2. **"ConfigMgr works"** rules that include signer and hash rules for Configuration Manager components to properly function.
 3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer)
 
 The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are:
@@ -163,5 +145,5 @@ Alice has defined a policy for Lamna's fully managed devices that makes some tra
 
 ## Up next
 
-- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-initial-default-policy.md)
-- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md)
\ No newline at end of file
+- [Create a Windows Defender Application Control policy for fixed-workload devices using a reference computer](create-wdac-policy-using-reference-computer.md)
+- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md
similarity index 89%
rename from windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md
index af912de157..d4b6d3f256 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-for-lightly-managed-devices.md
@@ -1,40 +1,22 @@
 ---
-title: Create a WDAC policy for lightly managed devices 
+title: Create a WDAC policy for lightly managed devices
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
-keywords: security, malware
 ms.topic: conceptual
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/07/2022
-ms.technology: itpro-security
 ---
 
 # Create a WDAC policy for lightly managed devices
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **lightly managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this article. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC-managed devices as described in later articles.
 
 > [!NOTE]
 > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 
-As in [Windows Defender Application Control deployment in different scenarios: types of devices](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As in [Windows Defender Application Control deployment in different scenarios: types of devices](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 
 **Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads.
 
@@ -52,12 +34,12 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo
 
 Based on the above, Alice defines the pseudo-rules for the policy:
 
-1. **“Windows works”** rules that authorize:
+1. **"Windows works"** rules that authorize:
    - Windows
    - WHQL (third-party kernel drivers)
    - Windows Store signed apps
 
-1. **"ConfigMgr works”** rules that include:
+1. **"ConfigMgr works"** rules that include:
     - Signer and hash rules for Configuration Manager components to properly function.
     - **Allow Managed Installer** rule to authorize Configuration Manager as a managed installer.
 
@@ -97,7 +79,7 @@ Alice follows these steps to complete this task:
 1. Modify the policy to remove unsupported rule:
 
     > [!NOTE]
-    > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](windows-defender-application-control.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step.
+    > `SmartAppControl.xml` is available on Windows 11 version 22H2 and later. This policy includes "Enabled:Conditional Windows Lockdown Policy" rule that is unsupported for enterprise WDAC policies and must be removed. For more information, see [WDAC and Smart App Control](../wdac.md#wdac-and-smart-app-control). If you are using an example policy other than `SmartAppControl.xml`, skip this step.
 
     ```powershell
     [xml]$xml = Get-Content $LamnaPolicy
@@ -191,7 +173,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
 - **Intelligent Security Graph (ISG)**
 
-  See [security considerations with the Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md#security-considerations-with-the-isg-option)
+  See [security considerations with the Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md#security-considerations-with-the-isg-option)
 
   Possible mitigations:
 
@@ -227,4 +209,4 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 ## Up next
 
 - [Create a Windows Defender Application Control policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md)
-- [Prepare to deploy Windows Defender Application Control policies](windows-defender-application-control-deployment-guide.md)
\ No newline at end of file
+- [Prepare to deploy Windows Defender Application Control policies](../deployment/wdac-deployment-guide.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
similarity index 87%
rename from windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
index 7a10547365..77a4402365 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/create-wdac-policy-using-reference-computer.md
@@ -1,46 +1,28 @@
 ---
-title: Create a WDAC policy using a reference computer 
+title: Create a WDAC policy using a reference computer
 description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 08/08/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Create a WDAC policy using a reference computer
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This section outlines the process to create a Windows Defender Application Control (WDAC) policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on WDAC on systems "in the wild" and you want to minimize the potential impact on users' productivity.
 
 > [!NOTE]
 > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 
-As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As described in [common Windows Defender Application Control deployment scenarios](common-wdac-use-cases.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 
 **Alice Pena** is the IT team lead tasked with the rollout of WDAC.
 
 ## Create a custom base policy using a reference device
 
-Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on.
+Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a "golden" image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on.
 
 > [!NOTE]
 > Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy. <br><br> Each installed software application should be validated as trustworthy before you create a policy. <br><br> We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts. You can remove or disable such software on the reference computer.
@@ -53,7 +35,7 @@ Alice identifies the following key factors to arrive at the "circle-of-trust" fo
 
 Based on the above, Alice defines the pseudo-rules for the policy:
 
-1. **“Windows works”** rules that authorize:
+1. **"Windows works"** rules that authorize:
    - Windows
    - WHQL (third-party kernel drivers)
    - Windows Store signed apps
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
index 63c927ae1a..1d76e0e5a9 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/deploy-multiple-wdac-policies.md
@@ -1,33 +1,15 @@
 ---
-title: Use multiple Windows Defender Application Control Policies 
+title: Use multiple Windows Defender Application Control Policies
 description: Windows Defender Application Control supports multiple code integrity policies for one device.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 07/19/2021
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Use multiple Windows Defender Application Control Policies
 
-**Applies to:**
-
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 Prior to Windows 10 1903, Windows Defender Application Control only supported a single active policy on a system at any given time. This limited customers in situations where multiple policies with different intents would be useful. Beginning with Windows 10 version 1903, WDAC supports up to 32 active policies on a device at once in order to enable the following scenarios:
 
@@ -116,4 +98,3 @@ For more information on deploying multiple policies, optionally using Microsoft
 * If the maximum number of policies is exceeded, the device may bluescreen referencing ci.dll with a bug check value of 0x0000003b. 
 * If policies are loaded without requiring a reboot such as `PS_UpdateAndCompareCIPolicy`, they will still count towards this limit. 
 * This may pose an especially large challenge if the value of `{PolicyGUID}.cip` changes between releases. It may result in a long window between a change and the resultant reboot.
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md
index fdbd1d7ecc..e186ea2bb6 100644
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/example-wdac-base-policies.md
@@ -2,26 +2,14 @@
 title: Example Windows Defender Application Control base policies
 description: When creating a Windows Defender Application Control (WDAC) policy for an organization, start from one of the many available example base policies.
 ms.topic: reference
-ms.prod: windows-client
 ms.localizationpriority: medium
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 03/31/2023
-ms.technology: itpro-security
 ---
 
 # Windows Defender Application Control example base policies
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. For more information, see [Windows Defender Application Control feature availability](../feature-availability.md).
 
 When you create policies for use with Windows Defender Application Control (WDAC), start from an existing base policy and then add or remove rules to build your own custom policy. Windows includes several example policies that you can use. These example policies are provided "as-is". You should thoroughly test the policies you deploy using safe deployment methods.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
index aa63cd5b61..db1a336471 100644
--- a/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/manage-packaged-apps-with-wdac.md
@@ -1,33 +1,15 @@
 ---
-title: Manage packaged apps with WDAC  
+title: Manage packaged apps with WDAC
 description: Packaged apps, also known as Universal Windows apps, allow you to control the entire app by using a single Windows Defender Application Control (WDAC) rule.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 03/01/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Manage Packaged Apps with Windows Defender Application Control
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
 
 This article for IT professionals describes concepts and lists procedures to help you manage packaged apps with Windows Defender Application Control (WDAC) as part of your overall application control strategy.
 
@@ -96,7 +78,7 @@ Use the following steps to create a WDAC PFN rule for an app that is installed o
 7. Select **Create Rule**.
 8. Create any other rules desired, then complete the Wizard.
 
-![Create PFN rule from WDAC Wizard](images/wdac-wizard-custom-pfn-rule.png)
+![Create PFN rule from WDAC Wizard](../images/wdac-wizard-custom-pfn-rule.png)
 
 ##### Create a PFN rule using a custom string
 
@@ -109,4 +91,4 @@ Use the following steps to create a PFN rule with a custom string value:
 5. Select **Create Rule**.
 6. Create any other rules desired, then complete the Wizard.
 
-![Create PFN rule with custom string from WDAC Wizard](images/wdac-wizard-custom-manual-pfn-rule.png)
+![Create PFN rule with custom string from WDAC Wizard](../images/wdac-wizard-custom-manual-pfn-rule.png)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
similarity index 67%
rename from windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
index cae9d23e45..398a529b8e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
@@ -1,34 +1,17 @@
 ---
-title: Microsoft recommended driver block rules 
+title: Microsoft recommended driver block rules
 description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.
-keywords: security, malware, kernel mode, driver
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
 ms.collection:
-  - highpri
-  - tier3
-author: jgeurten
-ms.reviewer: jsuther
-ms.author: vinpa
-manager: aaroncz
-ms.date: 02/08/2023
-ms.technology: itpro-security
+- highpri
+- tier3
+- must-keep
+ms.date: 06/06/2023
 ms.topic: article
 ---
 
 # Microsoft recommended driver block rules
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -51,19 +34,17 @@ With Windows 11 2022 update, the vulnerable driver blocklist  is enabled by defa
 
 > [!NOTE]
 >
-> - The Windows Security app is updated separately from the OS and ships out of box. The version with the vulnerable driver blocklist toggle is in the final validation ring and will ship to all customers very soon. Initially, you will be able to view the configuration state only and the toggle will appear grayed out. The ability to turn the toggle on or off will come with a future Windows update.
+> - **Windows Security** is updated separately from the OS and ships out of box. The version with the vulnerable driver blocklist toggle is in the final validation ring and will ship to all customers very soon. Initially, you will be able to view the configuration state only and the toggle will appear grayed out. The ability to turn the toggle on or off will come with a future Windows update.
 >
-> - For Windows Insiders, the option to turn Microsoft's vulnerable driver blocklist on or off using the Windows Security app is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.
+> - For Windows Insiders, the option to turn Microsoft's vulnerable driver blocklist on or off using **Windows Security** settings is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.
 
 The blocklist is updated with each new major release of Windows, typically 1-2 times per year, including most recently with the Windows 11 2022 update released in September 2022. The most current blocklist is now also available for Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally publish future updates through regular Windows servicing.
 
 Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies.
 
-[!INCLUDE [microsoft-vulnerable-driver-blocklist](../../../../includes/licensing/microsoft-vulnerable-driver-blocklist.md)]
-
 ## Blocking vulnerable drivers using WDAC
 
-Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
+Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
 
 > [!IMPORTANT]
 > Microsoft also recommends enabling Attack Surface Reduction (ASR) rule [**Block abuse of exploited vulnerable signed drivers**](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) to prevent an application from writing a vulnerable signed driver to disk. The ASR rule doesn't block a driver already existing on the system from loading, however enabling **Microsoft vulnerable driver blocklist** or applying this WDAC policy will prevent the existing driver from loading.
@@ -100,7 +81,7 @@ To check that the policy was successfully applied on your computer:
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.25860.0</VersionEx>
+  <VersionEx>10.0.25930.0</VersionEx>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
     <Rule>
@@ -221,10 +202,10 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_ATILLK_1D" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Sha256" Hash="FB19F241DDAE74EC4A0F87DFF025EC68DC809F9DD883649C0E58822DE28E6F1B" />
     <Deny ID="ID_DENY_ATILLK_1E" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Page Sha1" Hash="6698BB12B9D9D511C018D9EA8F70C61A03A041AD" />
     <Deny ID="ID_DENY_ATILLK_1F" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Page Sha256" Hash="47F6DFDDDA4F164448F14C0417839DB860BC4E9C4679BE3980B05BE920462870" />
-    <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
-    <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
-    <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
-    <Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandai.sys Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
+    <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
+    <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
+    <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
+    <Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
     <Deny ID="ID_DENY_BS_RCIO64_SHA1" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
     <Deny ID="ID_DENY_BS_RCIO64_SHA256" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
     <Deny ID="ID_DENY_BS_RCIO64_SHA1_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
@@ -377,6 +358,12 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_AMIFLDRV_36" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Sha256" Hash="2EE914C20B3E4A321BCD2EA2F0F437CDA6DA09DC0819CD6F06960C0567F4CB19" />
     <Deny ID="ID_DENY_AMIFLDRV_37" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha1" Hash="ABD4616FF35256B5D52813FB80596326047D3768" />
     <Deny ID="ID_DENY_AMIFLDRV_38" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha256" Hash="BB52155AD4262C8995115147847BC740873F8AA036D0118E263FD8C84AF9C649" />
+    <Deny ID="ID_DENY_ASIO_1" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Sha1" Hash="B25550309C902A21B03367AE27694C5A29B891B5" />
+    <Deny ID="ID_DENY_ASIO_2" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Sha256" Hash="C3E3719CA592BA65A67F594EC1A08D0D7AD724B088BE77D48CB33627C56F4614" />
+    <Deny ID="ID_DENY_ASIO_3" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Page Sha1" Hash="EA7DBFB3ECFFAA134D4C3A76024F9B65126DFDC1" />
+    <Deny ID="ID_DENY_ASIO_4" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Page Sha256" Hash="EA9A321D58DD45D747C41AD6F0C30B3B11F134755CE3E69DC3DC34257E420493" />
+    <Deny ID="ID_DENY_ASIO_5" FriendlyName="asio\923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782 Hash Sha1" Hash="E471BA6D1327D1026EB2C6A905E2BAD3952DABBD" />
+    <Deny ID="ID_DENY_ASIO_6" FriendlyName="asio\923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782 Hash Sha256" Hash="ED302EA33FEB557B879F64C4B7835947A9CA31054573E1487F5BBC38449753FF" />
     <Deny ID="ID_DENY_ASUPIO64_SHA1" FriendlyName="AsUpIO64.sys Hash Sha1" Hash="2A95F882DD9BAFCC57F144A2708A7EC67DD7844C" />
     <Deny ID="ID_DENY_ASUPIO64_SHA256" FriendlyName="AsUpIO64.sys Hash Sha256" Hash="7F75D91844B0C162EEB24D14BCF63B7F230E111DAA7B0A26EAA489EEB22D9057" />
     <Deny ID="ID_DENY_ASUPIO64_SHA1_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha1" Hash="316E7872A227F0EAD483D244805E9FF4D3569F6F" />
@@ -529,6 +516,28 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_BSHWMIO64_SHA256_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Sha256" Hash="7EA9B2420483183CF7B25D6577848F2DFE2AE064A61D931D6B8B65B31A1B2685" />
     <Deny ID="ID_DENY_BSHWMIO64_SHA1_PAGE_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Page Sha1" Hash="7E21A9D03BCB6DD7597AD70B59CBD1F5930FFBF1" />
     <Deny ID="ID_DENY_BSHWMIO64_SHA256_PAGE_1" FriendlyName="BS_HWMIo64.sys\6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf Hash Page Sha256" Hash="74C425BFDDD93700379E677F5CED47FC0FB4FFFC8B2E416A5247D91E5F2704E3" />
+    <Deny ID="ID_DENY_BS_RCIO_08" FriendlyName="BS_RCIO\1d0105b5e41fe0280f66d7a24eb00a04c03caaec Hash Sha1" Hash="1D0105B5E41FE0280F66D7A24EB00A04C03CAAEC" />
+    <Deny ID="ID_DENY_BS_RCIO_09" FriendlyName="BS_RCIO\d9111b2bedf78a769bb0799b964663cd119edaa8 Hash Sha1" Hash="D9111B2BEDF78A769BB0799B964663CD119EDAA8" />
+    <Deny ID="ID_DENY_BS_RCIO_10" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Sha1" Hash="3311E4E94E8A6DD81859719FBE0FCBF187F0BD8A" />
+    <Deny ID="ID_DENY_BS_RCIO_11" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Sha256" Hash="F67E60228084151FDCB84E94A48693DB864CF606B65FAEF5A1D829175380DBFA" />
+    <Deny ID="ID_DENY_BS_RCIO_12" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Page Sha1" Hash="6C5340CA145D93FB04F8C45297B013D7A76CC816" />
+    <Deny ID="ID_DENY_BS_RCIO_13" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Page Sha256" Hash="DB004632D7E5EB01B13D826E476A45812BAD3E84A07D00F331D4C17A94A15366" />
+    <Deny ID="ID_DENY_BS_RCIO_14" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Sha1" Hash="3C8CAB4C08A37A105200FEB8F07DD818C8F03BFF" />
+    <Deny ID="ID_DENY_BS_RCIO_15" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Sha256" Hash="545190E8B2A910E153B12559A9875154A1B40D6424CB4A6299A84B2DC99DF700" />
+    <Deny ID="ID_DENY_BS_RCIO_16" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Page Sha1" Hash="0B20D30317527C83B72A0F5ED6416060BF005A02" />
+    <Deny ID="ID_DENY_BS_RCIO_17" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Page Sha256" Hash="A2BFCECB9099B2022B51EB15977DF4EF228305FC24A3AD0F36FF43F7309B2820" />
+    <Deny ID="ID_DENY_BS_RCIO_18" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
+    <Deny ID="ID_DENY_BS_RCIO_19" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
+    <Deny ID="ID_DENY_BS_RCIO_1A" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
+    <Deny ID="ID_DENY_BS_RCIO_1B" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha256" Hash="9378F7DFF94D9409D38FA1A125C52734D6BAEA90913FC3CEE2659FD36AB0DA29" />
+    <Deny ID="ID_DENY_BS_RCIO_1C" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Sha1" Hash="7297D6511634ECA91FEA5C5F3FAAB785DD13082B" />
+    <Deny ID="ID_DENY_BS_RCIO_1D" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Sha256" Hash="B3346AA8A3760128C99D7A80E8BBEEE66840CE419B9819E30CB08354C096EF93" />
+    <Deny ID="ID_DENY_BS_RCIO_1E" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Page Sha1" Hash="F93F92147E77B2C40BB13A30B7A469961B6E37F6" />
+    <Deny ID="ID_DENY_BS_RCIO_1F" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Page Sha256" Hash="1497746B441564887F2AE97FAAC17145C727F170B225073A3CC45CF6BBABACF0" />
+    <Deny ID="ID_DENY_BS_RCIO_20" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Sha1" Hash="B798995FBAAB33D0DB4AC8C58551254768C76554" />
+    <Deny ID="ID_DENY_BS_RCIO_21" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Sha256" Hash="30591EA53FBA8BAD22A017CF5A268211790706B7863F007CE20A77F2E3459170" />
+    <Deny ID="ID_DENY_BS_RCIO_22" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Page Sha1" Hash="AF5B84A2456E2621F920D61130DDAAD32CD4729F" />
+    <Deny ID="ID_DENY_BS_RCIO_23" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Page Sha256" Hash="6F698A9123CC763F0F035CF50177BF5690B4644802746C8C2F06F59CFC0D9F81" />
     <Deny ID="ID_DENY_DHKERNEL_1" FriendlyName="YY_DhKernel\80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3 Hash Sha1" Hash="B92959042D232605ABBA254BC0368B87EC047079" />
     <Deny ID="ID_DENY_DHKERNEL_2" FriendlyName="YY_DhKernel\80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3 Hash Sha256" Hash="C786F3CA229DA18B2806AF4D57ECAD603859EE548549B19F71A623F477FC740E" />
     <Deny ID="ID_DENY_DHKERNEL_3" FriendlyName="YY_DhKernel\80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3 Hash Page Sha1" Hash="CFE049C9BAB44EDD22D135330F7825063F1307B4" />
@@ -583,6 +592,68 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_DIRECTIO_39" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
     <Deny ID="ID_DENY_DIRECTIO_3A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
     <Deny ID="ID_DENY_DIRECTIO_3B" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="D0559503988DAA407FCC11E59079560CB456BB84" />
+    <Deny ID="ID_DENY_DIRECTIO_42" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Sha1" Hash="59C8F056DEA50A4B6F6F63E50037089965568910" />
+    <Deny ID="ID_DENY_DIRECTIO_43" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Sha256" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
+    <Deny ID="ID_DENY_DIRECTIO_44" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Page Sha1" Hash="76F561B94050F02639B216A27D221DCE66135A43" />
+    <Deny ID="ID_DENY_DIRECTIO_45" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Page Sha256" Hash="2C75CAEE18ECB8F6A3B41EF6CE13A65D847BC912423AB095CE760979D8D8E3B4" />
+    <Deny ID="ID_DENY_DIRECTIO_46" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Sha1" Hash="956C004DBED19D2682F159E03D4FAA3E2E8FC56C" />
+    <Deny ID="ID_DENY_DIRECTIO_47" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Sha256" Hash="A8492A553EE840235FD12FA47B6CAF1E5A8C82C3F4B681921246D7F192ED9126" />
+    <Deny ID="ID_DENY_DIRECTIO_48" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Page Sha1" Hash="08B00DD47D591EE66BC89CFFA424EDC7A9D2F880" />
+    <Deny ID="ID_DENY_DIRECTIO_49" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Page Sha256" Hash="533C0CFEA1AF366C116F563D24F1D0845F6619330E2655BDD12CEF97E99B7F52" />
+    <Deny ID="ID_DENY_DIRECTIO_4A" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Sha1" Hash="7AE9EB8FC6B922524C0A571AAA006731B5CD4F0B" />
+    <Deny ID="ID_DENY_DIRECTIO_4B" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Sha256" Hash="FCA8E921D56DF22EE5A9C9FCE349385F4C8C5D490A880CB65DD01F8F13D73510" />
+    <Deny ID="ID_DENY_DIRECTIO_4C" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Page Sha1" Hash="397D2707C1AE3FB2921278CF9ABA87160D4BBD6D" />
+    <Deny ID="ID_DENY_DIRECTIO_4D" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Page Sha256" Hash="EF081F46B22B000E24A64FB82439950F76350844B6276E3BD0409CD2114A6A58" />
+    <Deny ID="ID_DENY_DIRECTIO_4E" FriendlyName="DirectIO32\16461fe1855e4cb4a5e3203f98a69376ad2dc8f69f1d43463206fdd6784b7fbf Hash Sha1" Hash="A48F4D7F1B02DACD4EB4FD51745765FCDB4BA0DE" />
+    <Deny ID="ID_DENY_DIRECTIO_4F" FriendlyName="DirectIO32\16461fe1855e4cb4a5e3203f98a69376ad2dc8f69f1d43463206fdd6784b7fbf Hash Sha256" Hash="FF8FDB301AD9AA29DCA21E43BA7946AF92E980C6CA448A58DD3EFE4D9BD336AE" />
+    <Deny ID="ID_DENY_DIRECTIO_50" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Sha1" Hash="01EB3760261439B8E230EBA09E9A63F5D3088C54" />
+    <Deny ID="ID_DENY_DIRECTIO_51" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Sha256" Hash="BC0CBC6B88892F3EFF2B47F65CEA98D1E66E4FBC9D3423AEBA511854D5250A44" />
+    <Deny ID="ID_DENY_DIRECTIO_52" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Page Sha1" Hash="E9141B742FA38ABDB1EA415D8431EE9A540CCCC8" />
+    <Deny ID="ID_DENY_DIRECTIO_53" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Page Sha256" Hash="7FBBDD248A335EF984CD773BE07AD88894C8FA9FB252378EA830863BD8233AB5" />
+    <Deny ID="ID_DENY_DIRECTIO_54" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Sha1" Hash="1AD46A8E038A62E146DDB5A4FE8CA5A56C53F018" />
+    <Deny ID="ID_DENY_DIRECTIO_55" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Sha256" Hash="542CD21B0C835B818E6B2EEA2EFE5B340FF3D554B2B7E13AF084F0817CC920FD" />
+    <Deny ID="ID_DENY_DIRECTIO_56" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Page Sha1" Hash="7CB9C71D717C466A9AD64F61AFABAF30BFE7372D" />
+    <Deny ID="ID_DENY_DIRECTIO_57" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Page Sha256" Hash="9683B754C9C90E54D066D8B9FD958BA0449883E77AC6DD6078F1607ED0377378" />
+    <Deny ID="ID_DENY_DIRECTIO_58" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
+    <Deny ID="ID_DENY_DIRECTIO_59" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Sha256" Hash="38FA9B5B66A11FD7387012C5C4BBD414ECA8361273D57DBA1E49AA6AF23337F3" />
+    <Deny ID="ID_DENY_DIRECTIO_5A" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Page Sha1" Hash="C13AB8D1FEBD9E93E48E87CEA571C673DF3A10F3" />
+    <Deny ID="ID_DENY_DIRECTIO_5B" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Page Sha256" Hash="32394AC2E1F86BC84C9DCFB55763F8AA48DC1B1890815F2AAF924220530A1E5B" />
+    <Deny ID="ID_DENY_DIRECTIO_5C" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Sha1" Hash="6E2EA1D108B9F05F2D077ED6C254A70E2B11251D" />
+    <Deny ID="ID_DENY_DIRECTIO_5D" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Sha256" Hash="FB7CB120D51E217EE4CC50BEE619603BE5EB6091634DF45ACC5249AED283C9BE" />
+    <Deny ID="ID_DENY_DIRECTIO_5E" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Page Sha1" Hash="B267D4B987B094591C411F3992595751D75FC16E" />
+    <Deny ID="ID_DENY_DIRECTIO_5F" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Page Sha256" Hash="DB2CE6D1D435DA700134970EFED70EE117E653E8044BA16D08A089FC2DC828DD" />
+    <Deny ID="ID_DENY_DIRECTIO_60" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Sha1" Hash="9703903219C7D7F88748FD68F277649B82F2DF83" />
+    <Deny ID="ID_DENY_DIRECTIO_61" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Sha256" Hash="C3A215473D836C1D7315F371BFF4DEA956D7D1B440E43B4671F6E3772BAE00DD" />
+    <Deny ID="ID_DENY_DIRECTIO_62" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Page Sha1" Hash="AB47DE03075B4AD717C0660CAA216067A78D6CEB" />
+    <Deny ID="ID_DENY_DIRECTIO_63" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Page Sha256" Hash="7B86328F3D0DAAF1E254D555F368CE95B687F30DE3D993E3D541AD20EA0DE20E" />
+    <Deny ID="ID_DENY_DIRECTIO_64" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Sha1" Hash="ABE422F9289FE922F671CC70C78046E2BDE5E309" />
+    <Deny ID="ID_DENY_DIRECTIO_65" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Sha256" Hash="C0752DC13548FE8D3B5A7A73C04EBCD7BCFA5E4ECEC9BA233D193BD36ED4B54E" />
+    <Deny ID="ID_DENY_DIRECTIO_66" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Page Sha1" Hash="D0353D279CAF5B6AEEE6640E52B10E2EFE45A807" />
+    <Deny ID="ID_DENY_DIRECTIO_67" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Page Sha256" Hash="615C190AACB1BB2625960748710E8C5F9AA0D228FDC411B283CE87D27E601C15" />
+    <Deny ID="ID_DENY_DIRECTIO_68" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Sha1" Hash="DE239BDA4C75F8B2CFBBF74823466491D2E1F76D" />
+    <Deny ID="ID_DENY_DIRECTIO_69" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Sha256" Hash="D6753D2E6CF2F11932B4FEDD4362AB57651F8F3BAA886EACE22FD98A14EBC2E8" />
+    <Deny ID="ID_DENY_DIRECTIO_6A" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Page Sha1" Hash="AADCEE4B8CF695774BD0B45C758AE442A67198A7" />
+    <Deny ID="ID_DENY_DIRECTIO_6B" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Page Sha256" Hash="4B451FD9DFCE1E5396171122D32F5282DA86F179187360D8C501C235636D48EF" />
+    <Deny ID="ID_DENY_DIRECTIO_6C" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Sha1" Hash="EF06513DC0F8456E09260857FD63EE1222C60C82" />
+    <Deny ID="ID_DENY_DIRECTIO_6D" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Sha256" Hash="507CEE84E2924E81916C8BF090EFB1BEAB3C258A79E1E1BF3637B8B7824D0A86" />
+    <Deny ID="ID_DENY_DIRECTIO_6E" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Page Sha1" Hash="5F0FA0C7FDB6B6EEC654050DC3263A80EFE09A9A" />
+    <Deny ID="ID_DENY_DIRECTIO_6F" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Page Sha256" Hash="B511E7F23B0AC8DB6BA83C3099EE19F9B8FF6222988A1AA8F68B6ABD683EB4B4" />
+    <Deny ID="ID_DENY_DIRECTIO_70" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Sha1" Hash="6FED30DE2007FAD6EC008C640F74741DCCE3DF0D" />
+    <Deny ID="ID_DENY_DIRECTIO_71" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Sha256" Hash="A9EB36FB737735DFF8245E1AA599054C0214FB9DE0CBA371357ED59FDE451308" />
+    <Deny ID="ID_DENY_DIRECTIO_72" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Page Sha1" Hash="BCC1292F68AA179DA3EDFF5D5D6D1D991BEA7EB5" />
+    <Deny ID="ID_DENY_DIRECTIO_73" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Page Sha256" Hash="AC8A4EE171C6E4905B370F7E01F6C11F7669BE4613E8DACACB5428B5E87DB390" />
+    <Deny ID="ID_DENY_ECHO_1" FriendlyName="Inspect EchoDriver\a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47 Hash Sha1" Hash="503901E0DA00E491F28389F17CAFD1F1D5243C60" />
+    <Deny ID="ID_DENY_ECHO_2" FriendlyName="Inspect EchoDriver\a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47 Hash Sha256" Hash="48DC7FD16AACDC8792F8BAD1B1F7CA9D675DDAC7767E957EA8C4227150D64E2D" />
+    <Deny ID="ID_DENY_ECHO_3" FriendlyName="Inspect EchoDriver\a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47 Hash Page Sha1" Hash="0CE7E3B661DB16FBCFE93376127DC37EA23313A5" />
+    <Deny ID="ID_DENY_ECHO_4" FriendlyName="Inspect EchoDriver\a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47 Hash Page Sha256" Hash="23C062104693B80CEC745DEC40B433D0D0B683C63496740B943CCB0D22F7361B" />
+    <Deny ID="ID_DENY_ECHO_5" FriendlyName="Inspect EchoDriver\ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77 Hash Sha1" Hash="18CD81740893FA24F1AFBB9D187A60AF9C5B2902" />
+    <Deny ID="ID_DENY_ECHO_6" FriendlyName="Inspect EchoDriver\ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77 Hash Sha256" Hash="4160DAE22484062CCC3750CC9CAC8F929D8701694160A3B508715610814AA28D" />
+    <Deny ID="ID_DENY_ECHO_7" FriendlyName="Inspect EchoDriver\ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77 Hash Page Sha1" Hash="2EFC7864E1E8AA87EFFEB13A2A3402CDC64FB6D2" />
+    <Deny ID="ID_DENY_ECHO_8" FriendlyName="Inspect EchoDriver\ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77 Hash Page Sha256" Hash="3709D170C4F5A7668C9180AFBDB8A4F6E9EE6E6A6C048B55D34FEA9DAA253127" />
+    <Deny ID="ID_DENY_ECHO_9" FriendlyName="Inspect EchoDriver\ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9 Hash Sha1" Hash="678620A9CC9E7FFE179BC5CDA0A2DD0597E231EE" />
+    <Deny ID="ID_DENY_ECHO_A" FriendlyName="Inspect EchoDriver\ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9 Hash Sha256" Hash="92F9D73CEC5AB3352C4B3CBF4574D13B2E506CBA24CC74580E19E941063EAF7D" />
+    <Deny ID="ID_DENY_ECHO_B" FriendlyName="Inspect EchoDriver\ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9 Hash Page Sha1" Hash="832832028D40A3CFD08D364554FCE0B4F37317FF" />
+    <Deny ID="ID_DENY_ECHO_C" FriendlyName="Inspect EchoDriver\ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9 Hash Page Sha256" Hash="49ED19D5E1E122936035A48EA99FFD68CA4915578107888D5C2B0BB9E30E67C0" />
     <Deny ID="ID_DENY_EIO64_1" FriendlyName="Asus EIO64\b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 Hash Sha1" Hash="200BE5A696990EE97B4C3176234CDE46C3EBC2CE" />
     <Deny ID="ID_DENY_EIO64_2" FriendlyName="Asus EIO64\b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 Hash Sha256" Hash="72B36C64F0B349D7816C8E5E2D1A7F59807DE0C87D3F071A04DBC56BEC9C00DB" />
     <Deny ID="ID_DENY_EIO64_3" FriendlyName="Asus EIO64\b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 Hash Page Sha1" Hash="DB88BFE5F3DE4E3CC778FE456B542EC4135433A4" />
@@ -690,18 +761,26 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_MHYPROTRG_6" FriendlyName="mhyprotrpg.sys\f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa Hash Sha256" Hash="5195443274EE3A382E947F03FD409437730434C2AF0C1BB1C99F5BA1953F989E" />
     <Deny ID="ID_DENY_MHYPROTRG_7" FriendlyName="mhyprotrpg.sys\f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa Hash Page Sha1" Hash="54FB65D429E10B277EB7B980768CA828A538EF08" />
     <Deny ID="ID_DENY_MHYPROTRG_8" FriendlyName="mhyprotrpg.sys\f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa Hash Page Sha256" Hash="FFEA367EECDCE7C46CDB2FF029D98AB95B8FB9CCD32F602E365DCE53E61C70B6" />
-    <Deny ID="ID_DENY_MSIO_SHA1_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
-    <Deny ID="ID_DENY_MSIO_SHA256_1" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
-    <Deny ID="ID_DENY_MSIO_SHA1_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
-    <Deny ID="ID_DENY_MSIO_SHA256_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha256" Hash="C1D2036235A489FDD8B3970C9EF01567443A87D17B0AD5C2A033D4C471D0ECDE" />
-    <Deny ID="ID_DENY_MSIO_SHA1_2" FriendlyName="MsIo.sys Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
-    <Deny ID="ID_DENY_MSIO_SHA256_2" FriendlyName="MsIo.sys Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
-    <Deny ID="ID_DENY_MSIO_SHA1_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
-    <Deny ID="ID_DENY_MSIO_SHA256_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
-    <Deny ID="ID_DENY_MSIO_SHA1_3" FriendlyName="MsIo.sys Hash Sha1" Hash="07660D1867E20BE0212A96CBA6B5FE6BE7776EAF" />
-    <Deny ID="ID_DENY_MSIO_SHA256_3" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
-    <Deny ID="ID_DENY_MSIO_SHA1_4" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
-    <Deny ID="ID_DENY_MSIO_SHA256_4" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
+    <Deny ID="ID_DENY_MSIO_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
+    <Deny ID="ID_DENY_MSIO_2" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
+    <Deny ID="ID_DENY_MSIO_3" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
+    <Deny ID="ID_DENY_MSIO_4" FriendlyName="MsIo.sys Hash Page Sha256" Hash="C1D2036235A489FDD8B3970C9EF01567443A87D17B0AD5C2A033D4C471D0ECDE" />
+    <Deny ID="ID_DENY_MSIO_5" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
+    <Deny ID="ID_DENY_MSIO_6" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
+    <Deny ID="ID_DENY_MSIO_7" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
+    <Deny ID="ID_DENY_MSIO_8" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
+    <Deny ID="ID_DENY_MSIO_9" FriendlyName="MsIo.sys Hash Sha1" Hash="07660D1867E20BE0212A96CBA6B5FE6BE7776EAF" />
+    <Deny ID="ID_DENY_MSIO_10" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
+    <Deny ID="ID_DENY_MSIO_11" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
+    <Deny ID="ID_DENY_MSIO_12" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
+    <Deny ID="ID_DENY_MSR_1" FriendlyName="Datapath msr.sys\6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1.sys Hash Sha1" Hash="381CC2B974D440EDEA0BBC010C4BEF4CDC2169B7" />
+    <Deny ID="ID_DENY_MSR_2" FriendlyName="Datapath msr.sys\6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1.sys Hash Sha256" Hash="D23F28169D6E5C09A89E5136A4FF899A3B6F886535BB0254A27DD00A2753C412" />
+    <Deny ID="ID_DENY_MSR_3" FriendlyName="Datapath msr.sys\6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1.sys Hash Page Sha1" Hash="5CB0D5676E465F6F389BED975B426705AC30DBC6" />
+    <Deny ID="ID_DENY_MSR_4" FriendlyName="Datapath msr.sys\6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1.sys Hash Page Sha256" Hash="F05027D011C6123FA6EFB78AEA60528568FC80F6D9FD5CD1232F9B79B4216D3B" />
+    <Deny ID="ID_DENY_MSR_5" FriendlyName="Datapath msr.sys\ede9a3858a12d5ddea21a310e5721bf86c2248539f42c9e0c3c29ae5b0148ba5 Hash Sha1" Hash="2146BF058139453C0447786D6F6D5FC454AB955F" />
+    <Deny ID="ID_DENY_MSR_6" FriendlyName="Datapath msr.sys\ede9a3858a12d5ddea21a310e5721bf86c2248539f42c9e0c3c29ae5b0148ba5 Hash Sha256" Hash="1F8812611CF7120E89E769CC908FABC0C9E49B27FDED8DDE6A3DE51D9CE34F09" />
+    <Deny ID="ID_DENY_MSR_7" FriendlyName="Datapath msr.sys\ede9a3858a12d5ddea21a310e5721bf86c2248539f42c9e0c3c29ae5b0148ba5 Hash Page Sha1" Hash="81DE92B2555D9A29C5E48CB4893ADF0131EAD233" />
+    <Deny ID="ID_DENY_MSR_8" FriendlyName="Datapath msr.sys\ede9a3858a12d5ddea21a310e5721bf86c2248539f42c9e0c3c29ae5b0148ba5 Hash Page Sha256" Hash="CA90FFB147D600E7F42E8790CBD9FE7D69C7463DE88B08723E210750E1E272BD" />
     <Deny ID="ID_DENY_NVFLASH_1" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Sha1" Hash="213C4EC78132D6C0FDFDD7B640107E0CE4990A0E" />
     <Deny ID="ID_DENY_NVFLASH_2" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Sha256" Hash="91EE89520105CCBCECA6EE0E34070F28C8DC5A3D73EC65F384DA5DA4F2A36DC0" />
     <Deny ID="ID_DENY_NVFLASH_3" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Page Sha1" Hash="C24D6F9132486AF1EB2937D9366275126A5A35E1" />
@@ -980,35 +1059,38 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4" />
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102" />
     <Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A" />
-    <Deny ID="ID_DENY_RTCORE_1" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha1" Hash="4A68C2D7A4C471E062A32C83A36EEDB45A619683" />
-    <Deny ID="ID_DENY_RTCORE_2" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha256" Hash="478C36F8AF7844A80E24C1822507BEEF6314519185717EC7AE224A0E04B2F330" />
-    <Deny ID="ID_DENY_RTCORE_3" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha1" Hash="84152FA241C3808F8C7752964589C957E440403F" />
-    <Deny ID="ID_DENY_RTCORE_4" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha256" Hash="A807532037A3549AE3E046F183D782BCB78B6193163EA448098140563CF857CB" />
-    <Deny ID="ID_DENY_RTCORE_5" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha1" Hash="DA1BD3AD4A8FE1E28C1DE28A7BF66AD82DA0DD29" />
-    <Deny ID="ID_DENY_RTCORE_6" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha256" Hash="61A1F530A5D47339275657D7883911D64F64909569CF13D2E6868DF01A2A72CB" />
-    <Deny ID="ID_DENY_RTCORE_7" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha1" Hash="BD2340853235FE2757829E7F899CE25BD65C5434" />
-    <Deny ID="ID_DENY_RTCORE_8" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha256" Hash="74860E5563D3993635DC41E47BB34837C8B53ECBFF539244E1EC608E7B53D42D" />
-    <Deny ID="ID_DENY_RTCORE_9" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha1" Hash="38B353D8480885DE5DCF299DECA99CE4F26A1D20" />
-    <Deny ID="ID_DENY_RTCORE_A" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha256" Hash="5182CAF10DE9CEC0740ECDE5A081C21CDC100D7EB328FFE6F3F63183889FEC6B" />
-    <Deny ID="ID_DENY_RTCORE_B" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha1" Hash="1A4F647C27D093675A674E5A8D83063A83231D28" />
-    <Deny ID="ID_DENY_RTCORE_C" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha256" Hash="46D4A0CE75FA97837C7B6869D29AF9D6068F9023346E9D34C0E26E41198CDB80" />
-    <Deny ID="ID_DENY_RTCORE_D" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha1" Hash="5717BF3E520ACCFFF5AD9943E53A3B118FB67F2E" />
-    <Deny ID="ID_DENY_RTCORE_E" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha256" Hash="918D2E68A724B58D37443AEA159E70BF8B1B5EBB089C395CAD1D62745ECDAA19" />
-    <Deny ID="ID_DENY_RTCORE_F" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha1" Hash="03E1FB2499B9361141E2AC4FCCB9CCE2A48A0342" />
-    <Deny ID="ID_DENY_RTCORE_10" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha256" Hash="556B8ACD6EFF7D5A2A0320CD22CAD122254ABDEDCBBD749DB14CD8D314D609BE" />
-    <Deny ID="ID_DENY_RTCORE_11" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha1" Hash="43D3A3C1F7B14CFCC051CAE2534DBBBB4C7FC120" />
-    <Deny ID="ID_DENY_RTCORE_12" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha256" Hash="B8EB26B6F79020AE988E4FB752DC06E1B6779749BF4F8DF2872FC2B92BAB8020" />
-    <Deny ID="ID_DENY_RTCORE_13" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha1" Hash="6AE84C64765F9271C4758D387AD1E07B64F7966D" />
-    <Deny ID="ID_DENY_RTCORE_14" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha256" Hash="AA60FC20276D6779BBEA2A629C2FBAA3CE60ED2C2AD26230101FFF01A6E79A24" />
-    <Deny ID="ID_DENY_RTCORE_15" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha1" Hash="B3249BACDA6E43AA2C46C2AF802C9EE0B7E2FD7B" />
-    <Deny ID="ID_DENY_RTCORE_16" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha256" Hash="3C9829A16EB85272B0E1A2917FEFFAAB8DDB23E633B168B389669339A0CEE0B5" />
-    <Deny ID="ID_DENY_RTCORE_17" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha1" Hash="060C4D64F67F9300F2DBD09F68B4B591AAAFA698" />
-    <Deny ID="ID_DENY_RTCORE_18" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha256" Hash="BF0439DB3DCC00355291FEFF1D31F5B48CD1334DBBA3DAEB761E7084335D40E7" />
-    <Deny ID="ID_DENY_RTCORE_19" FriendlyName="RTCore64\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Sha1" Hash="8498265D4CA81B83EC1454D9EC013D7A9C0C87BF" />
-    <Deny ID="ID_DENY_RTCORE_1A" FriendlyName="RTCore64\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Sha256" Hash="606BECED7746CDB684D3A44F41E48713C6BBE5BFB1486C52B5CCA815E99D31B4" />
-    <Deny ID="ID_DENY_RTCORE_1B" FriendlyName="RTCore64\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Page Sha1" Hash="3B05785D8AD770E4356BC8041606B08BDAB56C99" />
-    <Deny ID="ID_DENY_RTCORE_1C" FriendlyName="RTCore64\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Page Sha256" Hash="2DC771BED765E9FE8E79171A851BA158B8E84034FE0518A619F47F3450FFA2BC" />
-    <Deny ID="ID_DENY_RTCORE_1D" FriendlyName="RTCore64\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Sha256" Hash="6279821BF9ECCED596F474C8FC547DAB0BDDBB3AB972390596BD4C5C7B85C685" />
+    <Deny ID="ID_DENY_RTCORE_29" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha1" Hash="4A68C2D7A4C471E062A32C83A36EEDB45A619683" />
+    <Deny ID="ID_DENY_RTCORE_2A" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha256" Hash="478C36F8AF7844A80E24C1822507BEEF6314519185717EC7AE224A0E04B2F330" />
+    <Deny ID="ID_DENY_RTCORE_2B" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha1" Hash="84152FA241C3808F8C7752964589C957E440403F" />
+    <Deny ID="ID_DENY_RTCORE_2C" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha256" Hash="A807532037A3549AE3E046F183D782BCB78B6193163EA448098140563CF857CB" />
+    <Deny ID="ID_DENY_RTCORE_2D" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha1" Hash="DA1BD3AD4A8FE1E28C1DE28A7BF66AD82DA0DD29" />
+    <Deny ID="ID_DENY_RTCORE_2E" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha256" Hash="61A1F530A5D47339275657D7883911D64F64909569CF13D2E6868DF01A2A72CB" />
+    <Deny ID="ID_DENY_RTCORE_2F" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha1" Hash="BD2340853235FE2757829E7F899CE25BD65C5434" />
+    <Deny ID="ID_DENY_RTCORE_30" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha256" Hash="74860E5563D3993635DC41E47BB34837C8B53ECBFF539244E1EC608E7B53D42D" />
+    <Deny ID="ID_DENY_RTCORE_31" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha1" Hash="38B353D8480885DE5DCF299DECA99CE4F26A1D20" />
+    <Deny ID="ID_DENY_RTCORE_32" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha256" Hash="5182CAF10DE9CEC0740ECDE5A081C21CDC100D7EB328FFE6F3F63183889FEC6B" />
+    <Deny ID="ID_DENY_RTCORE_33" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha1" Hash="1A4F647C27D093675A674E5A8D83063A83231D28" />
+    <Deny ID="ID_DENY_RTCORE_34" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha256" Hash="46D4A0CE75FA97837C7B6869D29AF9D6068F9023346E9D34C0E26E41198CDB80" />
+    <Deny ID="ID_DENY_RTCORE_35" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha1" Hash="5717BF3E520ACCFFF5AD9943E53A3B118FB67F2E" />
+    <Deny ID="ID_DENY_RTCORE_36" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha256" Hash="918D2E68A724B58D37443AEA159E70BF8B1B5EBB089C395CAD1D62745ECDAA19" />
+    <Deny ID="ID_DENY_RTCORE_37" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha1" Hash="03E1FB2499B9361141E2AC4FCCB9CCE2A48A0342" />
+    <Deny ID="ID_DENY_RTCORE_38" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha256" Hash="556B8ACD6EFF7D5A2A0320CD22CAD122254ABDEDCBBD749DB14CD8D314D609BE" />
+    <Deny ID="ID_DENY_RTCORE_39" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha1" Hash="43D3A3C1F7B14CFCC051CAE2534DBBBB4C7FC120" />
+    <Deny ID="ID_DENY_RTCORE_3A" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha256" Hash="B8EB26B6F79020AE988E4FB752DC06E1B6779749BF4F8DF2872FC2B92BAB8020" />
+    <Deny ID="ID_DENY_RTCORE_3B" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha1" Hash="6AE84C64765F9271C4758D387AD1E07B64F7966D" />
+    <Deny ID="ID_DENY_RTCORE_3C" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha256" Hash="AA60FC20276D6779BBEA2A629C2FBAA3CE60ED2C2AD26230101FFF01A6E79A24" />
+    <Deny ID="ID_DENY_RTCORE_3D" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha1" Hash="B3249BACDA6E43AA2C46C2AF802C9EE0B7E2FD7B" />
+    <Deny ID="ID_DENY_RTCORE_3E" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha256" Hash="3C9829A16EB85272B0E1A2917FEFFAAB8DDB23E633B168B389669339A0CEE0B5" />
+    <Deny ID="ID_DENY_RTCORE_3F" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha1" Hash="060C4D64F67F9300F2DBD09F68B4B591AAAFA698" />
+    <Deny ID="ID_DENY_RTCORE_40" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha256" Hash="BF0439DB3DCC00355291FEFF1D31F5B48CD1334DBBA3DAEB761E7084335D40E7" />
+    <Deny ID="ID_DENY_RTCORE_41" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Sha1" Hash="8498265D4CA81B83EC1454D9EC013D7A9C0C87BF" />
+    <Deny ID="ID_DENY_RTCORE_42" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Sha256" Hash="606BECED7746CDB684D3A44F41E48713C6BBE5BFB1486C52B5CCA815E99D31B4" />
+    <Deny ID="ID_DENY_RTCORE_43" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Page Sha1" Hash="3B05785D8AD770E4356BC8041606B08BDAB56C99" />
+    <Deny ID="ID_DENY_RTCORE_44" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Page Sha256" Hash="2DC771BED765E9FE8E79171A851BA158B8E84034FE0518A619F47F3450FFA2BC" />
+    <Deny ID="ID_DENY_RTCORE_45" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Sha1" Hash="A7CE1394D10DCFDE7B8A1C90667826DA68933673" />
+    <Deny ID="ID_DENY_RTCORE_46" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Sha256" Hash="6279821BF9ECCED596F474C8FC547DAB0BDDBB3AB972390596BD4C5C7B85C685" />
+    <Deny ID="ID_DENY_RTCORE_47" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Page Sha1" Hash="9E504DB591D321F1F8CEA62A5A111DA0EFB26447" />
+    <Deny ID="ID_DENY_RTCORE_48" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Page Sha256" Hash="BEDC7276543DAAFC11D44F5F603F8AA48C61837F7C4C9446F10FA522F3275D17" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1" FriendlyName="semav6msr64.sys Hash Sha1" Hash="E3DBE2AA03847DF621591A4CAD69A5609DE5C237" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
     <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
@@ -1035,16 +1117,60 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_SUPERBMC_15" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Sha256" Hash="976C015B28197CCD15F807B776F705BDF612FC622FB0A4B9901B90F180BF2F8A" />
     <Deny ID="ID_DENY_SUPERBMC_16" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Page Sha1" Hash="2303BEAB201455CC543E0CCE9D4D8698338787EB" />
     <Deny ID="ID_DENY_SUPERBMC_17" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Page Sha256" Hash="161DC4F7ED741397F6BD6C2B012DBDF6E397CF02212C7DAAF303338206B1E3A7" />
-    <Deny ID="ID_DENY_WINIO_1" FriendlyName="WinIo64A.sys\0c74d09da7baf7c05360346e4c3512d0cd433d59 Hash Sha1" Hash="0C74D09DA7BAF7C05360346E4C3512D0CD433D59" />
-    <Deny ID="ID_DENY_WINIO_2" FriendlyName="WinIo64B.sys\f18e669127c041431cde8f2d03b15cfc20696056 Hash Sha1" Hash="F18E669127C041431CDE8F2D03B15CFC20696056" />
-    <Deny ID="ID_DENY_WINIO_3" FriendlyName="WinIo64B.sys\80ca9c9cce4b5e6afb92a56b5bfd954eca0ff690 Hash Sha1" Hash="80CA9C9CCE4B5E6AFB92A56B5BFD954ECA0FF690" />
-    <Deny ID="ID_DENY_WINIO_4" FriendlyName="WinIo64A.sys\c21043466942961203e751c9cebcd159e661fa1a Hash Sha1" Hash="C21043466942961203E751C9CEBCD159E661FA1A" />
-    <Deny ID="ID_DENY_WINIO_5" FriendlyName="WinIo64.sys\40cc2318ffffd458023c8cd1e285a5ad51adf538 Hash Sha1" Hash="40CC2318FFFFD458023C8CD1E285A5AD51ADF538" />
-    <Deny ID="ID_DENY_WINIO_6" FriendlyName="WinIO32B.sys\f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f Hash Sha1" Hash="F1C8C3926D0370459A1B7F0CF3D17B22FF9D0C7F" />
-    <Deny ID="ID_DENY_WINIO_7" FriendlyName="WinIO32.sys\8fb149fc476cf5bf18dc575334edad7caf210996 Hash Sha1" Hash="8FB149FC476CF5BF18DC575334EDAD7CAF210996" />
-    <Deny ID="ID_DENY_WINIO_8" FriendlyName="WinIO32A.sys\01779ee53f999464465ed690d823d160f73f10e7 Hash Sha1" Hash="01779EE53F999464465ED690D823D160F73F10E7" />
-    <Deny ID="ID_DENY_WINIO_9" FriendlyName="WinIo64C.sys\b242b0332b9c9e8e17ec27ef10d75503d20d97b6 Hash Sha1" Hash="B242B0332B9C9E8E17EC27EF10D75503D20D97B6" />
-    <Deny ID="ID_DENY_WINIO_10" FriendlyName="WinIO64C.sys\a65fabaf64aa1934314aae23f25cdf215cbaa4b6 Hash Sha1" Hash="A65FABAF64AA1934314AAE23F25CDF215CBAA4B6" />
+    <Deny ID="ID_DENY_SYSDRV3S_1" FriendlyName="CodeSys SysDrv3S\0dd9daf0852a5b1b436199e9f2bf318f641f43173ab0dc22ad8c7e9cbaee9ad3 Hash Sha1" Hash="3AA0ABAF4EA1F90D1B5D2F26ABE7FE9F0BB14A76" />
+    <Deny ID="ID_DENY_SYSDRV3S_2" FriendlyName="CodeSys SysDrv3S\0dd9daf0852a5b1b436199e9f2bf318f641f43173ab0dc22ad8c7e9cbaee9ad3 Hash Sha256" Hash="8A4E6D1A5E0309EAD41B11CEB479C6A874CF6E57F2B416C12025E1B485009F37" />
+    <Deny ID="ID_DENY_SYSDRV3S_3" FriendlyName="CodeSys SysDrv3S\0dd9daf0852a5b1b436199e9f2bf318f641f43173ab0dc22ad8c7e9cbaee9ad3 Hash Page Sha1" Hash="F4C12BA9B5B73C159EB920060B8E4CEE9D729187" />
+    <Deny ID="ID_DENY_SYSDRV3S_4" FriendlyName="CodeSys SysDrv3S\0dd9daf0852a5b1b436199e9f2bf318f641f43173ab0dc22ad8c7e9cbaee9ad3 Hash Page Sha256" Hash="841C8C6B5D9779B98FB3DB2B90695469FED42885E8F5A81983F35C6B470CCC8F" />
+    <Deny ID="ID_DENY_SYSDRV3S_5" FriendlyName="CodeSys SysDrv3S\161a50482380727ffa0dd94e193a023f4445dddd3a05340fe2db07fc3ec5b5f3 Hash Sha1" Hash="80D203BB42A5D58D87C82481238BFF1A01ECAC6D" />
+    <Deny ID="ID_DENY_SYSDRV3S_6" FriendlyName="CodeSys SysDrv3S\161a50482380727ffa0dd94e193a023f4445dddd3a05340fe2db07fc3ec5b5f3 Hash Sha256" Hash="7A15788A9942659E061E0A51F806E564B2A49ADB7BCB8F6A3548EDD4528426A0" />
+    <Deny ID="ID_DENY_SYSDRV3S_7" FriendlyName="CodeSys SysDrv3S\161a50482380727ffa0dd94e193a023f4445dddd3a05340fe2db07fc3ec5b5f3 Hash Page Sha1" Hash="B1723ED6AD1808E932C3040B5F4744BB9C85DD9F" />
+    <Deny ID="ID_DENY_SYSDRV3S_8" FriendlyName="CodeSys SysDrv3S\161a50482380727ffa0dd94e193a023f4445dddd3a05340fe2db07fc3ec5b5f3 Hash Page Sha256" Hash="20D30D12CAF158058ECDED6BE4282838CA1E328F777DE67D62681891B58E0A13" />
+    <Deny ID="ID_DENY_SYSDRV3S_9" FriendlyName="CodeSys SysDrv3S\cf4efec43474c5aacf4b0971d44eaf8dd6357e594cdb1390085a5070a0df51d4 Hash Sha1" Hash="43D91E7B7B2E65263E40FC2E29F517552A1D2C41" />
+    <Deny ID="ID_DENY_SYSDRV3S_A" FriendlyName="CodeSys SysDrv3S\cf4efec43474c5aacf4b0971d44eaf8dd6357e594cdb1390085a5070a0df51d4 Hash Sha256" Hash="327DD7D2115ED486AD66181E3A0C86AD64F41A6D28943D3E76B1BDE937EAB628" />
+    <Deny ID="ID_DENY_SYSDRV3S_B" FriendlyName="CodeSys SysDrv3S\cf4efec43474c5aacf4b0971d44eaf8dd6357e594cdb1390085a5070a0df51d4 Hash Page Sha1" Hash="1A38DD65ED3E011409F6146ECD6C513E4312D409" />
+    <Deny ID="ID_DENY_SYSDRV3S_C" FriendlyName="CodeSys SysDrv3S\cf4efec43474c5aacf4b0971d44eaf8dd6357e594cdb1390085a5070a0df51d4 Hash Page Sha256" Hash="65D44B0B174524208204C1BCD08A9628B851FB49E22719FF0BA9C05473CCC273" />
+    <Deny ID="ID_DENY_SYSINFO_1" FriendlyName="Noriyuki Miyazaki SysInfo\4fea15aabc4fc63a3e991412caf17283bbd257172ef7e255f40f5e22e0286902 Hash Sha1" Hash="E833F4E364DC5EFBABF1570DA86D1FA3E55804A7" />
+    <Deny ID="ID_DENY_SYSINFO_2" FriendlyName="Noriyuki Miyazaki SysInfo\4fea15aabc4fc63a3e991412caf17283bbd257172ef7e255f40f5e22e0286902 Hash Sha256" Hash="0122CDCF450F03B95B04560F77C2BB4643F379FBD903B07EA1300F9B974D32A3" />
+    <Deny ID="ID_DENY_SYSINFO_3" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Sha1" Hash="CA88F321631C1552E3E0BCD1F26AD3435CC9F1AE" />
+    <Deny ID="ID_DENY_SYSINFO_4" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Sha256" Hash="A82D08EF67BDFCCF0A2CF6D507C9FBB6AC42BD74BF2ADE46EC07FE253DEB6573" />
+    <Deny ID="ID_DENY_SYSINFO_5" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Page Sha1" Hash="3131729221F49ADBC0ED9FC3529F0AC915CBEFA9" />
+    <Deny ID="ID_DENY_SYSINFO_6" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Page Sha256" Hash="954CCDEAB26CE6555FCD780AD646620DE11F32F2E8347E12C6C95CF6C14DF6CC" />
+    <Deny ID="ID_DENY_SYSINFO_7" FriendlyName="Noriyuki Miyazaki SysInfo\b85e9b69ad23bfb37452fe0b67dfa71e5980a8e4310b021bc6f8c36f893bc625 Hash Sha1" Hash="D6E675670E57B3758C1D9F04F51F0C0C46956805" />
+    <Deny ID="ID_DENY_SYSINFO_8" FriendlyName="Noriyuki Miyazaki SysInfo\b85e9b69ad23bfb37452fe0b67dfa71e5980a8e4310b021bc6f8c36f893bc625 Hash Sha256" Hash="6EE124F31A765CDBBB27831B8F3297F844A5F375E408A5953693B2E65F20165B" />
+    <Deny ID="ID_DENY_WINIO_1" FriendlyName="PartnerTech WinIo64A.sys\0c74d09da7baf7c05360346e4c3512d0cd433d59 Hash Sha1" Hash="0C74D09DA7BAF7C05360346E4C3512D0CD433D59" />
+    <Deny ID="ID_DENY_WINIO_2" FriendlyName="PartnerTech WinIo64B.sys\f18e669127c041431cde8f2d03b15cfc20696056 Hash Sha1" Hash="F18E669127C041431CDE8F2D03B15CFC20696056" />
+    <Deny ID="ID_DENY_WINIO_3" FriendlyName="PartnerTech WinIO32B.sys\f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f Hash Sha1" Hash="F1C8C3926D0370459A1B7F0CF3D17B22FF9D0C7F" />
+    <Deny ID="ID_DENY_WINIO_4" FriendlyName="PartnerTech WinIO32A.sys\01779ee53f999464465ed690d823d160f73f10e7 Hash Sha1" Hash="01779EE53F999464465ED690D823D160F73F10E7" />
+    <Deny ID="ID_DENY_WINIO_5" FriendlyName="PartnerTech WinIo64C.sys\b242b0332b9c9e8e17ec27ef10d75503d20d97b6 Hash Sha1" Hash="B242B0332B9C9E8E17EC27EF10D75503D20D97B6" />
+    <Deny ID="ID_DENY_WINIO_6" FriendlyName="PartnerTech WinIO64C.sys\a65fabaf64aa1934314aae23f25cdf215cbaa4b6 Hash Sha1" Hash="A65FABAF64AA1934314AAE23F25CDF215CBAA4B6" />
+    <Deny ID="ID_DENY_WINIO_7" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Sha1" Hash="40CC2318FFFFD458023C8CD1E285A5AD51ADF538" />
+    <Deny ID="ID_DENY_WINIO_8" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Sha256" Hash="B3CBB2B364A494F096E68DC48CCA89799ED27E6B97B17633036E363A98FD4421" />
+    <Deny ID="ID_DENY_WINIO_9" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Page Sha1" Hash="2C68648ABBCCA6420CA2FFB2AAAD16F7EF68BD9D" />
+    <Deny ID="ID_DENY_WINIO_10" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Page Sha256" Hash="6100C1247235D8DBC92ACA2E70F714E57B7793FD8B674394FA35580403E92ED5" />
+    <Deny ID="ID_DENY_WINIO_11" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Sha1" Hash="8FB149FC476CF5BF18DC575334EDAD7CAF210996" />
+    <Deny ID="ID_DENY_WINIO_12" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Sha256" Hash="40A8FD2D1DE93611AC88F29352476FBE0C2607B1D973DAB8923FF0811F92F659" />
+    <Deny ID="ID_DENY_WINIO_13" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Page Sha1" Hash="499B2E14CF3EBDC070364DDA7E911E697F331617" />
+    <Deny ID="ID_DENY_WINIO_14" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Page Sha256" Hash="570ED09D3E177FC64B3DBCC1F30880390CBE9D81EBC001AF80289DFA0F310CCF" />
+    <Deny ID="ID_DENY_WINIO_15" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Sha1" Hash="CC993C45125ED6917226511978DC6675B9E8BBD6" />
+    <Deny ID="ID_DENY_WINIO_16" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Sha256" Hash="2BABEC61087FA6A5A56D2D32C4C5B5BCE57B2337989E7B29E6E68651375D54A0" />
+    <Deny ID="ID_DENY_WINIO_17" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Page Sha1" Hash="46DB3BB27A5FF81ADABCD894CA1D18749854C7E7" />
+    <Deny ID="ID_DENY_WINIO_18" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Page Sha256" Hash="E25A654EDB45939F8E5DA3478A28207CDB05B2680519384A3386353A9553AE28" />
+    <Deny ID="ID_DENY_WINIO_19" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Sha1" Hash="B02CE0386B5753C74DD3519967C5B67F07C024FF" />
+    <Deny ID="ID_DENY_WINIO_20" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Sha256" Hash="67B31C23313DB5920EEC365049927ABE826C3C529B29114BF8D05F71F4CBCC7E" />
+    <Deny ID="ID_DENY_WINIO_21" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Page Sha1" Hash="7097A32B166DF975810F5115D940BCDB20CF4F08" />
+    <Deny ID="ID_DENY_WINIO_22" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Page Sha256" Hash="2B2C30493A4ADBF07FF05DC32BA7503AD718836B4D08B93DF85416C8F8064159" />
+    <Deny ID="ID_DENY_WINIO_23" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Sha1" Hash="80CA9C9CCE4B5E6AFB92A56B5BFD954ECA0FF690" />
+    <Deny ID="ID_DENY_WINIO_24" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Sha256" Hash="9199979B9F3EA2108299D028373A6EFFCC41C81A46EECB430CC6653211D2913D" />
+    <Deny ID="ID_DENY_WINIO_25" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Page Sha1" Hash="2F0B56687B6ABB6A88928D0E1D4515B29C4B0D26" />
+    <Deny ID="ID_DENY_WINIO_26" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Page Sha256" Hash="D1E90D9FEC3A58C6BAA9841721372377BF36994D77A9796BD29B32E97D560F98" />
+    <Deny ID="ID_DENY_WINIO_27" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Sha1" Hash="C21043466942961203E751C9CEBCD159E661FA1A" />
+    <Deny ID="ID_DENY_WINIO_28" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Sha256" Hash="961012D06EEAABD9EFF9B36173E566BF148A5C8F743F3329C70D8918EBA26093" />
+    <Deny ID="ID_DENY_WINIO_29" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Page Sha1" Hash="3F0F7100E95E977E4AE56C36169980D7AB3399B9" />
+    <Deny ID="ID_DENY_WINIO_30" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Page Sha256" Hash="76EA02A9E0406A3786E39BC11715A7026AB0F18D1C92152780040E94E0F1FED6" />
+    <Deny ID="ID_DENY_WINIO_31" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Sha1" Hash="8E93E37A72A13DAC1C4C0BC1DA6BDFB8BA8D9CB3" />
+    <Deny ID="ID_DENY_WINIO_32" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Sha256" Hash="5B6C10E103D42B17E5DDD6BEEC295BBF51CE56547134CE8D675A008A8243F615" />
+    <Deny ID="ID_DENY_WINIO_33" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Page Sha1" Hash="746414A878978FA039A6521F392167913CEA7C8D" />
+    <Deny ID="ID_DENY_WINIO_34" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Page Sha256" Hash="45DFA3B42C2789A741C5F29862A8CFC5998D889F96C5783C1A27AC03DE1A407A" />
     <Deny ID="ID_DENY_WINRING0_SHA1" FriendlyName="WinRing0.sys Hash Sha1" Hash="12EB825418A932B1E4C6697DC7647E89AE52CF3F" />
     <Deny ID="ID_DENY_WINRING0_SHA256" FriendlyName="WinRing0.sys Hash Sha256" Hash="4582ADB2E67EEBAFF755AE740C1F24BC3AF78E0F28E8E8DECB99F86BF155AB23" />
     <Deny ID="ID_DENY_WINRING0_SHA1_PAGE" FriendlyName="WinRing0.sys Hash Page Sha1" Hash="497AFEB0D5B97D4B863704A2F77FFEF31220402D" />
@@ -1057,15 +1183,18 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_DBK_32" FriendlyName="Cheat Engine Driver" FileName="dbk32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_DBK_64" FriendlyName="Cheat Engine Driver" FileName="dbk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_GDRV" FriendlyName="gdrv.sys" FileName="gdrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
-    <Deny ID="ID_DENY_KLMD" FriendlyName="Kaspersky klmd.sys FileRule" FileName="klmd.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <Deny ID="ID_DENY_KLMD" FriendlyName="Kaspersky klmd.sys FileRule" FileName="klmd.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.13.0.10"/>
     <Deny ID="ID_DENY_PCHUNTER_1" FriendlyName="PCHunter Driver" FileName="PCHunter.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_PCHUNTER_2" FriendlyName="PCHunter Driver" FileName="安全专用" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <Deny ID="ID_DENY_PHYMEMX_64" FriendlyName="Phymemx64 Memory Mapping Driver" FileName="phymemx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ALSYSIO" FriendlyName="ALSysIO\01af9b2e49907308312be623a125a4cd71da9e626a54dfa746336e5d69c0a70a FileAttribute" FileName="ALSysIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.10.65535" />
     <FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_AMDPP" FriendlyName="AMDPowerProfiler.sys FileAttribute" FileName="AMDPowerProfiler.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.1.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_ASR_AUTOCHECK_1" FriendlyName="ASRAutoCheck\2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4 FileAttribute" FileName="AsrAutoChkUpdDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ASR_AUTOCHECK_2" FriendlyName="ASRAutoCheck\4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe FileAttribute" FileName="AsrAutoChkUpdDrv_1_0_32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ASWARPOT" FriendlyName="Avast aswArpot FileAttribute" FileName="aswArPot.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.4.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ASWSP" FriendlyName="Avast aswSP.sys\1dccd1e13da17bd541a66b48d62e914df390818c15f5f599c636d42c05996ace FileAttribute" FileName="aswSP.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="20.8.0.0"/>
+    <FileAttrib ID="ID_FILEATTRIB_ASWSNX" FriendlyName="Aswsnx FileAttribute" FileName="aswSnx.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="17.1.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ATILLK" FriendlyName="atillk64 FileAttribute" FileName="atillk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_AVGELAM" FriendlyName="Avast aswElam/avgElam Overpermissive ELAM FileAttribute" FileName="aswElam.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.6.400.65535" />
@@ -1074,12 +1203,17 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
     <FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_BS_RCIO_W10" FriendlyName="BS_RCIO\7c6f16af074c3f1c74fc69734f1c8b8a03b0594ac2085d5a0c582fc8cc378858 FileAttribute" FileName="BS_RCIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_BS_MEM" FriendlyName="BSMEM64_W10 FileAttribute" FileName="BSMEM64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2201" />
     <FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
-    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
+    <FileAttrib ID="ID_FILEATTRIB_CORSAIRLLACCESS" FriendlyName="CorsairLLAccess\000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b FileAttribute" FileName="Corsair LL Access" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.23.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="CPUID cpuz.sys\1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.5.6" />
+    <FileAttrib ID="ID_FILEATTRIB_CTIIO" FriendlyName="MicSys CtiIo\2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109 FileAttribute" FileName="CtiIo64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.23.0405" />
     <FileAttrib ID="ID_FILEATTRIB_DRIVER7" FriendlyName="Asus driver7.sys\1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb FileAttribute" FileName="Driver7" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_EIO64" FriendlyName="ASUS EIO64.sys\1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718 FileAttribute" FileName="EIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
+    <FileAttrib ID="ID_FILEATTRIB_EELAM" FriendlyName="ESET eelam Overpermissive ELAM FileAttribute" FileName="eelam.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.16.0" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
+    <FileAttrib ID="ID_FILEATTRIB_ETDSUPPORT" FriendlyName="HP EtdSupport\0d383e469d0e27ebb713770f01f7f1a57068a7d30478221e6f2276125048d1c9 FileAttribute" FileName="etdsupp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_FAIRPLAY" FriendlyName="Deny FairplayKD.sys MTA San Andreas Versions 367.*" ProductName="MTA San Andreas" MinimumFileVersion="367.0.0.0" MaximumFileVersion="367.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_GMER" FriendlyName="GMEREK gmer64 FileAttribute" FileName="gmer64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_HAXM" FriendlyName="haXM.sys FileAttribute" FileName="HaXM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@@ -1090,13 +1224,16 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_HWINFO_3" FriendlyName="REALiX_HWiNFO64I FileAttribute" FileName="HWiNFO64I.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.98.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_HWRWDRV" FriendlyName="HwRwDrv FileAttribute" FileName="HwRwDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_IOBITUNLOCKER" FriendlyName="IObitUnlocker FileAttribute" FileName="IObitUnlocker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.3.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_IOMEM" FriendlyName="DT Research iomem\2b507e0ad4515d9d47fb7f0bfa1f1eb11de25db4fca49fc1417ea991dc33b6bf FileAttribute" FileName="iomem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_LGCORETEMP" FriendlyName="LogiTech LgCoreTemp\93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131 FileAttribute" FileName="LgCoreTemp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
     <FileAttrib ID="ID_FILEATTRIB_LV_DIAG" FriendlyName="LenovoDiagnosticsDriver FileAttribute" FileName="LenovoDiagnosticsDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_LV561V64" FriendlyName="LV561V64 LogiTech FileAttribute" FileName="Lv561av.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_MONITOR" FriendlyName="IOBit Monitor.sys FileAttribute" FileName="Monitor.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="15.0.0.2" />
+    <FileAttrib ID="ID_FILEATTRIB_MSIO" FriendlyName="MicSys MSIO\0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff FileAttribute" FileName="MsIo64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_MYDRIVERS" FriendlyName="mydrivers.sys FileAttribute" FileName="mydrivers.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
@@ -1105,10 +1242,12 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
     <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_NVFLASH" FriendlyName="Nvidia NVFlash FileAttribute" FileName="nvflash.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.9.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_OPENLIBSYS" FriendlyName="OpenLibSys\91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c FileAttribute" FileName="OpenLibSys.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_PANIO_1" FriendlyName="PanIOx64\6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74 FileAttribute" FileName="PanIOx64.sys" MinimumFileVersion="1.0.0.1" />
     <FileAttrib ID="ID_FILEATTRIB_PANIO_2" FriendlyName="PanIO\f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960 FileAttribute" FileName="PanIO.sys" MinimumFileVersion="1.0.0.1" />
     <FileAttrib ID="ID_FILEATTRIB_PANIOMON_1" FriendlyName="PanMonFltx64\06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf FileAttribute" FileName="PanMonFltX64.sys" MinimumFileVersion="1.0.0.1" />
     <FileAttrib ID="ID_FILEATTRIB_PANIOMON_2" FriendlyName="PanMonFlt\7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7 FileAttribute" FileName="PanMonFlt.sys" MinimumFileVersion="1.0.0.1" />
+    <FileAttrib ID="ID_FILEATTRIB_PCDOC" FriendlyName="PC-Doctor pcdsrvc\06a5d8632ecdd64da4e44ddf3495a62657b513b1139cb8a3a78f641d4e31bf95 FileAttribute" FileName="pcdsrvc" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.2.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_PHYMEM" FriendlyName="Phymem FileAttribute" FileName="phymem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_PHYSMEM" FriendlyName="Physmem.sys FileAttribute" FileName="physmem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_PROCEXP" FriendlyName="Sysinternals Process Explorer FileAttribute" FileName="procexp.Sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="16.65535.65535.65535" />
@@ -1123,6 +1262,8 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_SANDRA_DRIVER" FriendlyName="" FileName="sandra.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.12.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
     <FileAttrib ID="ID_FILEATTRIB_SUPERBMC" FriendlyName="Superbmc FileAttribute" FileName="superbmc.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.2.1.0" />
+    <FileAttrib ID="ID_FILEATTRIB_SYMELAM" FriendlyName="SymELAM\021badff5a3c84ee422d9fa40a842f89b1c60e0164eabd58da7374327ea99d3c FileAttribute" FileName="SymELAM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.4.0.83" />
+    <FileAttrib ID="ID_FILEATTRIB_SYSDRV3S" FriendlyName="SysDrv3s\0dd9daf0852a5b1b436199e9f2bf318f641f43173ab0dc22ad8c7e9cbaee9ad3 FileAttribute" FileName="SysDrv3S.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.6.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_TMEL" FriendlyName="TrendMicro TMEL Overpermissive ELAM FileAttribute" FileName="Tmel.sys" MinimumFileVersion="1.6.0.1002" MaximumFileVersion="1.6.0.1004" />
     <FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_VBOX" FriendlyName="VBoxDrv.sys FileAttribute" FileName="VBoxDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.0.0.0" />
@@ -1132,17 +1273,25 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_WCPU" FriendlyName="WCPU\159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980 FileAttribute" FileName="CPU Driver" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_WINRING0" FriendlyName="WinRing0.sys" FileName="WinRing0.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_WISEUNLO" FriendlyName="WiseUnlo FileAttribute" FileName="WiseUnlo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ZEMANA_1" FriendlyName="Zemana Antilog\05ece4f6bda72e7fd61fa950e80b811d3dbe0b4b1d53b0532d8df051d1ff074c FileAttribute" FileName="AntiLog32.sys" MinimumFileVersion="1.9.5.600" />
+    <FileAttrib ID="ID_FILEATTRIB_ZEMANA_2" FriendlyName="Zemana Zam\40b62ba97ba2edd3e01ed62d26ae8c09f36144ab33db18b42e5f1ccf82db1754 FileAttribute" FileName="ZAM.exe" MinimumFileVersion="2.74.0.259" />
+    <FileAttrib ID="ID_FILEATTRIB_ZEMANA_3" FriendlyName="Zemana PerfectGuard\fe48f38bc05a6f3d6590e0be572f1b5dd67fe0b7c97b891a586e3e67f5a5513e FileAttribute" FileName="PerfectGuard.sys" MinimumFileVersion="1.9.5.104" />
+
   </FileRules>
   <!--Signers-->
   <Signers>
     <Signer ID="ID_SIGNER_VERISIGN_2010" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ASR_AUTOCHECK_1" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ASR_AUTOCHECK_2" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_DRIVER7" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ETDSUPPORT" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_IOMEM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_KEVP64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
@@ -1153,6 +1302,9 @@ To check that the policy was successfully applied on your computer:
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
       <CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
@@ -1170,7 +1322,7 @@ To check that the policy was successfully applied on your computer:
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertOemID Value="ENE Technology Inc." />
     </Signer>
-    <Signer ID="ID_SIGNER_MB_RB_HACKS" Name="Microsoft Windows Third Party Component CA 2014 ENE Tech OPUS">
+    <Signer ID="ID_SIGNER_MB_RB_HACKS" Name="Microsoft Windows Third Party Component CA 2014 MB Rb online OPUS">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertOemID Value="MB Rb online" />
     </Signer>
@@ -1181,6 +1333,8 @@ To check that the policy was successfully applied on your computer:
     <Signer ID="ID_SIGNER_DIGICERT_EV" Name="DigiCert EV Code Signing CA (SHA2)">
       <CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_EIO64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
@@ -1202,6 +1356,9 @@ To check that the policy was successfully applied on your computer:
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
     </Signer>
     <Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
       <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
@@ -1258,12 +1415,16 @@ To check that the policy was successfully applied on your computer:
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ETDSUPPORT" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HWRWDRV" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LV_DIAG" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
       <FileAttribRef RuleID="ID_FILEATTRIB_PROCEXP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
@@ -1272,10 +1433,15 @@ To check that the policy was successfully applied on your computer:
     <Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
       <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ALSYSIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_MEM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO_W10" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CORSAIRLLACCESS" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CTIIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HAXM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HW" />
       <FileAttribRef RuleID="ID_FILEATTRIB_HWINFO_1" />
@@ -1283,13 +1449,16 @@ To check that the policy was successfully applied on your computer:
       <FileAttribRef RuleID="ID_FILEATTRIB_IOBITUNLOCKER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_MSIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MYDRIVERS" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NVFLASH" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDRV3S" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_VMDRV" />
@@ -1303,9 +1472,14 @@ To check that the policy was successfully applied on your computer:
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ALSYSIO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
     </Signer>
     <Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
       <CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
@@ -1366,7 +1540,9 @@ To check that the policy was successfully applied on your computer:
     <Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
       <CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_LGCORETEMP" />
       <FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
     </Signer>
@@ -1623,14 +1799,37 @@ To check that the policy was successfully applied on your computer:
       <CertPublisher Value="AVAST Software s.r.o." />
       <FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
     </Signer>
-    <Signer ID="ID_SIGNER_TMEL" Name="Microsoft Windows Third Party Component CA 2014">
-      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
-      <FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
+    <Signer ID="ID_SIGNER_ASWSNX_1" Name="DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1">
+      <CertRoot Type="TBS" Value="65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
     </Signer>
-    <Signer ID="ID_SIGNER_MS_ELAM" Name="Microsoft Code Signing PCA 2010">
+    <Signer ID="ID_SIGNER_ASWSNX_2" Name="DigiCert Trusted Root G4">
+      <CertRoot Type="TBS" Value="11533EFD6B326A4E065A936DE300FE0586A479F93D569D2403BD62C7AD35F1B2199DAEE3ADB510F429C4FC97B4B024E3" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWSNX_3" Name="DigiCert High Assurance Code Signing CA-1">
+      <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
+      <CertPublisher Value="AVAST Software a.s." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ASWSNX_4" Name="DigiCert Assured ID Code Signing CA-1">
+      <CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
+      <CertPublisher Value="AVG Technologies USA, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MS_ELAM" Name="Microsoft Windows Third Party Component CA 2014">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_AVGELAM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_EELAM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYMELAM" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MS_ELAM_1" Name="Microsoft Code Signing PCA 2010">
       <CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
       <FileAttribRef RuleID="ID_FILEATTRIB_AVGELAM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_EELAM" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYMELAM" />
     </Signer>
     <Signer ID="ID_SIGNER_AVGELAM_1" Name="DigiCert High Assurance Code Signing CA-1">
       <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
@@ -1641,6 +1840,7 @@ To check that the policy was successfully applied on your computer:
       <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
       <CertPublisher Value="AVAST Software s.r.o." />
       <FileAttribRef RuleID="ID_FILEATTRIB_AVGELAM" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
     </Signer>
     <Signer ID="ID_SIGNER_GMEREK" Name="GlobalSign CodeSigning CA - G2">
       <CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
@@ -1752,6 +1952,58 @@ To check that the policy was successfully applied on your computer:
       <CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
       <FileAttribRef RuleID="ID_FILEATTRIB_PROCEXP" />
     </Signer>
+    <Signer ID="ID_SIGNER_OPENLIBSYS" Name="GlobalSign Primary Object Publishing CA">
+      <CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
+      <CertPublisher Value="Noriyuki MIYAZAKI" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_OPENLIBSYS" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PCDOC" Name="DigiCert EV Code Signing CA">
+      <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
+      <CertPublisher Value="PC-Doctor, Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
+    </Signer>
+    <Signer ID="ID_SIGNER_SYSDRV3S" Name="GlobalSign 3S-Smart">
+      <CertRoot Type="TBS" Value="BD1765C56594221373893EF26D97F88C144FB0E5A0111215B45D7239C3444DF7" />
+      <CertPublisher Value="3S-Smart Software Solutions GmbH" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_SYSDRV3S" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PAVEL_Y_1" Name="DigiCert SHA2 Assured ID Code Signing CA">
+      <CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
+      <CertPublisher Value="Pavel Yosifovich" />
+    </Signer>
+    <Signer ID="ID_SIGNER_PAVEL_Y_2" Name="DigiCert SHA2 High Assurance Code Signing CA">
+      <CertRoot Type="TBS" Value="0BF095B845B69928B5D7DFD1C42AE4F90FEB8DC97F7830598C93E848877021FB" />
+      <CertPublisher Value="Pavel Yosifovich" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ALSYSIO_1" Name="COMODO RSA Code Signing CA">
+      <CertRoot Type="TBS" Value="4805A7E23D6C8FF5E149F197B744BCB2346E73F19A48835A2F64129183981109256B75EA371A331746D01FD4E135AB6E" />
+      <CertPublisher Value="ALCPU" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ALSYSIO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ALSYSIO_2" Name="UTN-USERFirst-Object">
+      <CertRoot Type="TBS" Value="C45627B5584BF62327DF60D6185744A2D2F2BCBF" />
+      <CertPublisher Value="ALCPU" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ALSYSIO" />
+    </Signer>
+    <Signer ID="ID_SIGNER_MICKS" Name="Microsoft Windows Third Party Component CA 2014">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertOemID Value="Micks Auto Transport" />
+    </Signer>
+    <Signer ID="ID_SIGNER_ETDSUPPORT" Name="DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1">
+      <CertRoot Type="TBS" Value="65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64" />
+      <CertPublisher Value="HP Inc." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_ETDSUPPORT" />
+    </Signer>
+    <Signer ID="ID_SIGNER_CPUZ_1" Name="DigiCert EV Code Signing CA">
+      <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
+      <CertPublisher Value="CPUID S.A.R.L.U." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+    </Signer>
+    <Signer ID="ID_SIGNER_CPUZ_2" Name="Certum Extended Validation Code Signing 2021 CA">
+      <CertRoot Type="TBS" Value="56F431D13FD6F7974905196A6367D252A955C5FE34DB1E48CFA3EB569707809D63DE4A0FF8FEF57BE69C23284D9144EA" />
+      <CertPublisher Value="CPUID" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
+    </Signer>
     <Signer ID="ID_SIGNER_BAOJI" Name="VeriSign Class 3 Code Signing 2010 CA - Baoji zhihengtaiye co.,ltd">
       <CertRoot Type="TBS" Value="ED37AD43BC52426943019F77F35ED1A6B063B5B7" />
     </Signer>
@@ -1832,6 +2084,18 @@ To check that the policy was successfully applied on your computer:
       <CertPublisher Value="Sun Microsystems, Inc." />
       <FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
     </Signer>
+    <Signer ID="ID_SIGNER_ZEMANA_1" Name="DigiCert High Assurance Code Signing CA-1">
+      <CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
+      <CertPublisher Value="Zemana Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_ZEMANA_2" Name="VeriSign Class 3 Code Signing 2010 CA">
+      <CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
+      <CertPublisher Value="Zemana Ltd." />
+    </Signer>
+    <Signer ID="ID_SIGNER_ZEMANA_3" Name="Microsoft Windows Third Party Component CA 2014">
+      <CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
+      <CertOemID Value="ZEMANA A.Ş." />
+    </Signer>
   </Signers>
   <!--Driver Signing Scenarios-->
   <SigningScenarios>
@@ -1842,6 +2106,8 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2009" />
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010" />
           <DeniedSigner SignerId="ID_SIGNER_AGNITUM_2010_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ALSYSIO_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ALSYSIO_2" />
           <DeniedSigner SignerId="ID_SIGNER_AMDPP" />
           <DeniedSigner SignerId="ID_SIGNER_ATILLK" />
           <DeniedSigner SignerId="ID_SIGNER_ASROCK_RWDRV" />
@@ -1851,6 +2117,10 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_4" />
           <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_5" />
           <DeniedSigner SignerId="ID_SIGNER_ASWARPOT_6" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWSNX_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWSNX_2" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWSNX_3" />
+          <DeniedSigner SignerId="ID_SIGNER_ASWSNX_4" />
           <DeniedSigner SignerId="ID_SIGNER_AVGELAM_1" />
           <DeniedSigner SignerId="ID_SIGNER_AVGELAM_2" />
           <DeniedSigner SignerId="ID_SIGNER_BAOJI" />
@@ -1859,9 +2129,12 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_CAPCOM" />
           <DeniedSigner SignerId="ID_SIGNER_CHEAT_ENGINE" />
           <DeniedSigner SignerId="ID_SIGNER_COMODO_IQVW" />
+          <DeniedSigner SignerId="ID_SIGNER_CPUZ_1" />
+          <DeniedSigner SignerId="ID_SIGNER_CPUZ_2" />
           <DeniedSigner SignerId="ID_SIGNER_DIGICERT_EV" />
           <DeniedSigner SignerId="ID_SIGNER_ELBY" />
           <DeniedSigner SignerId="ID_SIGNER_ENE" />
+          <DeniedSigner SignerId="ID_SIGNER_ETDSUPPORT" />
           <DeniedSigner SignerId="ID_SIGNER_FAIRPLAY_1" />
           <DeniedSigner SignerId="ID_SIGNER_FAIRPLAY_2" />
           <DeniedSigner SignerId="ID_SIGNER_FAIRPLAY_3" />
@@ -1897,6 +2170,10 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_HWRWDRV_1" />
           <DeniedSigner SignerId="ID_SIGNER_HWRWDRV_2" />
           <DeniedSigner SignerId="ID_SIGNER_INTEL_IQVW" />
+          <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_1" />
+          <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_2" />
+          <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_3" />
+          <DeniedSigner SignerId="ID_SIGNER_IOBITUNLOCKER_4" />
           <DeniedSigner SignerId="ID_SIGNER_JCOS_1" />
           <DeniedSigner SignerId="ID_SIGNER_JCOS_2" />
           <DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
@@ -1905,10 +2182,12 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_LV_LOGITECH" />
           <DeniedSigner SignerId="ID_SIGNER_MAN_MUS" />
           <DeniedSigner SignerId="ID_SIGNER_MB_RB_HACKS" />
+          <DeniedSigner SignerId="ID_SIGNER_MICKS" />
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL" />
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
           <DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
           <DeniedSigner SignerId="ID_SIGNER_MS_ELAM" />
+          <DeniedSigner SignerId="ID_SIGNER_MS_ELAM_1" />
           <DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_1" />
           <DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_2" />
           <DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_3" />
@@ -1916,8 +2195,12 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_NVFLASH" />
           <DeniedSigner SignerId="ID_SIGNER_NVFLASH_2" />
           <DeniedSigner SignerId="ID_SIGNER_NVFLASH_3" />
+          <DeniedSigner SignerId="ID_SIGNER_OPENLIBSYS"/>
           <DeniedSigner SignerId="ID_SIGNER_PAN" />
+          <DeniedSigner SignerId="ID_SIGNER_PAVEL_Y_1" />
+          <DeniedSigner SignerId="ID_SIGNER_PAVEL_Y_2" />
           <DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
+          <DeniedSigner SignerId="ID_SIGNER_PCDOC"/>
           <DeniedSigner SignerId="ID_SIGNER_PROCEXP_1" />
           <DeniedSigner SignerId="ID_SIGNER_PROCEXP_2" />
           <DeniedSigner SignerId="ID_SIGNER_PROCEXP_3" />
@@ -1929,11 +2212,11 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_SANDRA" />
           <DeniedSigner SignerId="ID_SIGNER_SANDRA_THAWTE" />
           <DeniedSigner SignerId="ID_SIGNER_SPEEDFAN" />
+          <DeniedSigner SignerId="ID_SIGNER_SYSDRV3S" />
           <DeniedSigner SignerId="ID_SIGNER_PHYMEM" />
           <DeniedSigner SignerId="ID_SIGNER_PHYMEM_1" />
           <DeniedSigner SignerId="ID_SIGNER_PHYMEM_2" />
           <DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
-          <DeniedSigner SignerId="ID_SIGNER_TMEL" />
           <DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
           <DeniedSigner SignerId="ID_SIGNER_VBOX" />
           <DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
@@ -1966,944 +2249,1092 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
           <DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE" />
           <DeniedSigner SignerId="ID_SIGNER_VBOX_SUN" />
+          <DeniedSigner SignerId="ID_SIGNER_ZEMANA_1" />
+          <DeniedSigner SignerId="ID_SIGNER_ZEMANA_2" />
+          <DeniedSigner SignerId="ID_SIGNER_ZEMANA_3" />
         </DeniedSigners>
         <FileRulesRef>
-            <FileRuleRef RuleID="ID_ALLOW_ALL_1" />
-            <FileRuleRef RuleID="ID_DENY_AGENT64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_AGENT64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_AGENT64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_AGENT64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_2" />
-            <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_2" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_5A" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_5B" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_5C" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_5D" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_5E" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_5F" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_60" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_61" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_62" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_63" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_64" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_65" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_66" />
-            <FileRuleRef RuleID="ID_DENY_ASRDRV104_67" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_39" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3A" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3B" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3C" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3D" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3E" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3F" />
-            <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_40" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_2" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_3" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_4" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_5" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_6" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_7" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_8" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_9" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_A" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_B" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_C" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_D" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_E" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_F" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_10" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_11" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_12" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_13" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_14" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_15" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_16" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_17" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_18" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_19" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_1A" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_1B" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_1C" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_1D" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_1E" />
-            <FileRuleRef RuleID="ID_DENY_ATILLK_1F" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_3" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_4" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_5" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_6" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_7" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_8" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_9" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_A" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_B" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_C" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_D" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_E" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_F" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_10" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_11" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_12" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_13" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_14" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_15" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_16" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_17" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_18" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_19" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1A" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1B" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1C" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1D" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1E" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1F" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_20" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_21" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_22" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_23" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_24" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_25" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_26" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_27" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_28" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_29" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2A" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2B" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2C" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2D" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2E" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2F" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_30" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_31" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_32" />
-            <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_33" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GMER_1" />
-            <FileRuleRef RuleID="ID_DENY_GMER_2" />
-            <FileRuleRef RuleID="ID_DENY_GMER_3" />
-            <FileRuleRef RuleID="ID_DENY_GMER_4" />
-            <FileRuleRef RuleID="ID_DENY_GMER_5" />
-            <FileRuleRef RuleID="ID_DENY_GMER_6" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_3" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_4" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_5" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_6" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_7" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_8" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_9" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_A" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_B" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_C" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_11" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_12" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_13" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_14" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_15" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_16" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_17" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_18" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_19" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1A" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1B" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1C" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1D" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1E" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1F" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_20" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_21" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_22" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_23" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_24" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_25" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_26" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_27" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_28" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_29" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2A" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2B" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2C" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2D" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2E" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2F" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_30" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_31" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_32" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_33" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_34" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_35" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_36" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_37" />
-            <FileRuleRef RuleID="ID_DENY_AMIFLDRV_38" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_22" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_23" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_24" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_25" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_26" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_27" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_28" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_29" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_2A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_2B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_2C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_2D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_2E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_2F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_30" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_31" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_32" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_33" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_34" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_35" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_36" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_37" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_38" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_39" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_3A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_3B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_3C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_3D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_3E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_3F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_40" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_41" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_42" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_43" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_44" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_45" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_46" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_47" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_48" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_49" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_4A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_4B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_4C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_4D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_4E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_4F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_50" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_51" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_52" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_53" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_54" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_55" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_56" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_57" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_58" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_59" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_5A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_5B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_5C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_5D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_5E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_5F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_60" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_61" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_62" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_63" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_64" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_65" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_66" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_67" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_68" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_69" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_6A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_6B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_6C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_6D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_6E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_6F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_70" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_71" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_72" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_73" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_74" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_75" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_76" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_77" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_78" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_79" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_7A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_7B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_7C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_7D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_7E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_7F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_80" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_81" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_82" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_83" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_84" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_85" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_86" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_87" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_88" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_89" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_8A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_8B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_8C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_8D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_8E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_8F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_90" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_91" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_92" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_93" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_94" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_95" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_96" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_97" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_98" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_99" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_9A" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_9B" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_9C" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_9D" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_9E" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_9F" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A0" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A1" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A2" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A3" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A4" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A5" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A6" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A7" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A8" />
-            <FileRuleRef RuleID="ID_DENY_BEDAISY_A9" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_1" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_1" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_1" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_2" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_3" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_4" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_5" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_6" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_8" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_9" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_10"/>
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_11" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_12" />
-            <FileRuleRef RuleID="ID_DENY_DHKERNEL_13" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_12" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_13" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_14" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_15" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_16" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_17" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_18" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_19" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_1A" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_1B" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_1C" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_1D" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_1E" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_1F" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_20" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_21" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_22" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_23" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_24" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_25" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_26" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_27" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_28" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_29" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_2A" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_2B" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_2C" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_2D" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_2E" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_2F" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_30" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_31" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_32" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_33" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_34" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_35" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_36" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_37" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_38" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_39" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_3A" />
-            <FileRuleRef RuleID="ID_DENY_DIRECTIO_3B" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_1" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_2" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_3" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_4" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_5" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_6" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_7" />
-            <FileRuleRef RuleID="ID_DENY_EIO64_8" />
-            <FileRuleRef RuleID="ID_DENY_HW_22" />
-            <FileRuleRef RuleID="ID_DENY_HW_23" />
-            <FileRuleRef RuleID="ID_DENY_HW_24" />
-            <FileRuleRef RuleID="ID_DENY_HW_25" />
-            <FileRuleRef RuleID="ID_DENY_HWRWDRV_2" />
-            <FileRuleRef RuleID="ID_DENY_HWRWDRV_3" />
-            <FileRuleRef RuleID="ID_DENY_HWRWDRV_4" />
-            <FileRuleRef RuleID="ID_DENY_HWRWDRV_5" />
-            <FileRuleRef RuleID="ID_DENY_HWRWDRV_6" />
-            <FileRuleRef RuleID="ID_DENY_HWRWDRV_7" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_11" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_12" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_13" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_14" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_15" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_16" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_17" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_18" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_19" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_1A" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_1B" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_1C" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_1D" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_1E" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_1F" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_20" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_21" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_22" />
-            <FileRuleRef RuleID="ID_DENY_INPOUTX_23" />
-            <FileRuleRef RuleID="ID_DENY_KLMD" />
-            <FileRuleRef RuleID="ID_DENY_LGCORETEMP_1" />
-            <FileRuleRef RuleID="ID_DENY_LGCORETEMP_2" />
-            <FileRuleRef RuleID="ID_DENY_LGCORETEMP_3" />
-            <FileRuleRef RuleID="ID_DENY_LGCORETEMP_4" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_1" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_2" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_3" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_4" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_5" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_6" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_7" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_8" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_9" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_A" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_B" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_C" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_D" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_E" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_F" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_10" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_11" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_12" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_13" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_14" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_15" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_16" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_17" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_18" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_19" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_1A" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_1B" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT2_1C" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_11" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_12" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_13" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_14" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_15" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_16" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_17" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_18" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_19" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_1A" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_1B" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_1C" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_1D" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_1E" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_1F" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_20" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_21" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROT3_22" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_1" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_2" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_3" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_4" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_5" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_6" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_7" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTECT_8" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_1" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_2" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_3" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_4" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_1" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_2" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_3" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_4" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_5" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_6" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_7" />
-            <FileRuleRef RuleID="ID_DENY_MHYPROTRG_8" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_1" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_1" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_1" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_2" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_2" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_2" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_2" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_3" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_3" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA1_4" />
-            <FileRuleRef RuleID="ID_DENY_MSIO_SHA256_4" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_6" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_7" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_8" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_9" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_C" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_D" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_E" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_F" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_10" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_11" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_12" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_13" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_14" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_15" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_16" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_17" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_18" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_19" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1C" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1D" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1E" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_1F" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_20" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_21" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_22" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_23" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_24" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_25" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_26" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_27" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_28" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_29" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2C" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2D" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2E" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_2F" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_30" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_31" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_32" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_33" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_34" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_35" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_36" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_37" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_38" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_39" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3C" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3D" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3E" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_3F" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_40" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_41" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_42" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_43" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_44" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_45" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_46" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_47" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_48" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_49" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4C" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4D" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4E" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_4F" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_50" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_51" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_52" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_53" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_54" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_55" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_56" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_57" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_58" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_59" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5C" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5D" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5E" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_5F" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_60" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_61" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_62" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_63" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_64" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_65" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_66" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_67" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_68" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_69" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_6A" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_6B" />
-            <FileRuleRef RuleID="ID_DENY_NVFLASH_6C" />
-            <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_1" />
-            <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_2" />
-            <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_3" />
-            <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_4" />
-            <FileRuleRef RuleID="ID_DENY_PCHUNTER_3" />
-            <FileRuleRef RuleID="ID_DENY_PCHUNTER_4" />
-            <FileRuleRef RuleID="ID_DENY_PCHUNTER_5" />
-            <FileRuleRef RuleID="ID_DENY_PCHUNTER_6" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PHYDMACC_1" />
-            <FileRuleRef RuleID="ID_DENY_PHYDMACC_2" />
-            <FileRuleRef RuleID="ID_DENY_PHYDMACC_3" />
-            <FileRuleRef RuleID="ID_DENY_PHYDMACC_4" />
-            <FileRuleRef RuleID="ID_DENY_PHYDMACC_5" />
-            <FileRuleRef RuleID="ID_DENY_PHYDMACC_6" />
-            <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1" />
-            <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256" />
-            <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256_PAGE" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_70" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_71" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_72" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_70" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_71" />
-            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_72" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_1" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_2" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_3" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_4" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_5" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_6" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_7" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_8" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_9" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_A" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_B" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_C" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_D" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_E" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_F" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_10" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_11" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_12" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_13" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_14" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_15" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_16" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_17" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_18" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_19" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_1A" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_1B" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_1C" />
-            <FileRuleRef RuleID="ID_DENY_RTCORE_1D" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_2" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_3" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_4" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_5" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_6" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_7" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_8" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_9" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_A" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_B" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_C" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_D" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_E" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_F" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_10" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_11" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_12" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_13" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_14" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_15" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_16" />
-            <FileRuleRef RuleID="ID_DENY_SUPERBMC_17" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_1" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_2" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_3" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_4" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_5" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_6" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_7" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_8" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_9" />
-            <FileRuleRef RuleID="ID_DENY_WINIO_10" />
-            <FileRuleRef RuleID="ID_DENY_PROCESSHACKER" />
-            <FileRuleRef RuleID="ID_DENY_AMP" />
-            <FileRuleRef RuleID="ID_DENY_ASMMAP" />
-            <FileRuleRef RuleID="ID_DENY_ASMMAP_64" />
-            <FileRuleRef RuleID="ID_DENY_DBK_32" />
-            <FileRuleRef RuleID="ID_DENY_DBK_64" />
-            <FileRuleRef RuleID="ID_DENY_GDRV" />
-            <FileRuleRef RuleID="ID_DENY_PCHUNTER_1" />
-            <FileRuleRef RuleID="ID_DENY_PCHUNTER_2" />
-            <FileRuleRef RuleID="ID_DENY_PHYMEMX_64" />
+          <FileRuleRef RuleID="ID_ALLOW_ALL_1" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AGENT64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_2" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5A" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5B" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5C" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5D" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5E" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_5F" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_60" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_61" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_62" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_63" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_64" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_65" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_66" />
+          <FileRuleRef RuleID="ID_DENY_ASRDRV104_67" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_39" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3A" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3B" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3C" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3D" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3E" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_3F" />
+          <FileRuleRef RuleID="ID_DENY_ASRSETUPDRV103_40" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_2" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_3" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_4" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_5" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_6" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_7" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_8" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_9" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_A" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_B" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_C" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_D" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_E" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_F" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_10" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_11" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_12" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_13" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_14" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_15" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_16" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_17" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_18" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_19" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1A" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1B" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1C" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1D" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1E" />
+          <FileRuleRef RuleID="ID_DENY_ATILLK_1F" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_3" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_4" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_5" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_6" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_7" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_8" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_9" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_A" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_B" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_C" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_D" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_E" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_F" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_10" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_11" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_12" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_13" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_14" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_15" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_16" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_17" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_18" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_19" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1A" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1B" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1C" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1D" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1E" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_1F" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_20" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_21" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_22" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_23" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_24" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_25" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_26" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_27" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_28" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_29" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2A" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2B" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2C" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2D" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2E" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_2F" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_30" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_31" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_32" />
+          <FileRuleRef RuleID="ID_DENY_IOBITUNLOCKER_33" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_32_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_DBUTIL_64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GMER_1" />
+          <FileRuleRef RuleID="ID_DENY_GMER_2" />
+          <FileRuleRef RuleID="ID_DENY_GMER_3" />
+          <FileRuleRef RuleID="ID_DENY_GMER_4" />
+          <FileRuleRef RuleID="ID_DENY_GMER_5" />
+          <FileRuleRef RuleID="ID_DENY_GMER_6" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_3" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_4" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_5" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_6" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_7" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_8" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_9" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_A" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_B" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_11" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_12" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_13" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_14" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_15" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_16" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_17" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_18" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_19" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1A" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1B" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1D" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1E" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_1F" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_20" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_21" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_22" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_23" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_24" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_25" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_26" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_27" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_28" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_29" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2A" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2B" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2C" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2D" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2E" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_2F" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_30" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_31" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_32" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_33" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_34" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_35" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_36" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_37" />
+          <FileRuleRef RuleID="ID_DENY_AMIFLDRV_38" />
+          <FileRuleRef RuleID="ID_DENY_ASIO_1"/>
+          <FileRuleRef RuleID="ID_DENY_ASIO_2"/>
+          <FileRuleRef RuleID="ID_DENY_ASIO_3"/>
+          <FileRuleRef RuleID="ID_DENY_ASIO_4"/>
+          <FileRuleRef RuleID="ID_DENY_ASIO_5"/>
+          <FileRuleRef RuleID="ID_DENY_ASIO_6"/>
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_22" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_23" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_24" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_25" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_26" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_27" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_28" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_29" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_2A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_2B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_2C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_2D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_2E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_2F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_30" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_31" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_32" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_33" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_34" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_35" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_36" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_37" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_38" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_39" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_3A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_3B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_3C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_3D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_3E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_3F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_40" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_41" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_42" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_43" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_44" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_45" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_46" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_47" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_48" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_49" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_4A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_4B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_4C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_4D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_4E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_4F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_50" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_51" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_52" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_53" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_54" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_55" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_56" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_57" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_58" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_59" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_5A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_5B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_5C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_5D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_5E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_5F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_60" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_61" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_62" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_63" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_64" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_65" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_66" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_67" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_68" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_69" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_6A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_6B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_6C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_6D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_6E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_6F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_70" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_71" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_72" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_73" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_74" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_75" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_76" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_77" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_78" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_79" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_7A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_7B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_7C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_7D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_7E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_7F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_80" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_81" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_82" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_83" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_84" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_85" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_86" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_87" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_88" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_89" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_8A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_8B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_8C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_8D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_8E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_8F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_90" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_91" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_92" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_93" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_94" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_95" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_96" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_97" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_98" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_99" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_9A" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_9B" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_9C" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_9D" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_9E" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_9F" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A0" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A1" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A2" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A3" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A4" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A5" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A6" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A7" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A8" />
+          <FileRuleRef RuleID="ID_DENY_BEDAISY_A9" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE_1" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_08" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_09" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_10" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_11" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_12" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_13" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_14" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_15" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_16" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_17" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_18" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_19" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_1A" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_1B" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_1C" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_1D" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_1E" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_1F" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_20" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_21" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_22" />
+          <FileRuleRef RuleID="ID_DENY_BS_RCIO_23" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_1" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_2" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_3" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_4" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_5" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_6" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_8" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_9" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_10"/>
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_11" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_12" />
+          <FileRuleRef RuleID="ID_DENY_DHKERNEL_13" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_12" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_13" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_14" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_15" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_16" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_17" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_18" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_19" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_1F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_20" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_21" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_22" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_23" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_24" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_25" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_26" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_27" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_28" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_29" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_2F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_30" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_31" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_32" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_33" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_34" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_35" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_36" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_37" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_38" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_39" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_3A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_3B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_42" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_43" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_44" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_45" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_46" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_47" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_48" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_49" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_4A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_4B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_4C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_4D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_4E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_4F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_50" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_51" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_52" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_53" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_54" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_55" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_56" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_57" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_58" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_59" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_5A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_5B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_5C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_5D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_5E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_5F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_60" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_61" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_62" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_63" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_64" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_65" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_66" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_67" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_68" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_69" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_6A" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_6B" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_6C" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_6D" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_6E" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_6F" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_70" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_71" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_72" />
+          <FileRuleRef RuleID="ID_DENY_DIRECTIO_73" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_1" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_2" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_3" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_4" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_5" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_6" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_7" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_8" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_9" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_A" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_B" />
+          <FileRuleRef RuleID="ID_DENY_ECHO_C" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_1" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_2" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_3" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_4" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_5" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_6" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_7" />
+          <FileRuleRef RuleID="ID_DENY_EIO64_8" />
+          <FileRuleRef RuleID="ID_DENY_HW_22" />
+          <FileRuleRef RuleID="ID_DENY_HW_23" />
+          <FileRuleRef RuleID="ID_DENY_HW_24" />
+          <FileRuleRef RuleID="ID_DENY_HW_25" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_2" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_3" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_4" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_5" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_6" />
+          <FileRuleRef RuleID="ID_DENY_HWRWDRV_7" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_11" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_12" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_13" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_14" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_15" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_16" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_17" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_18" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_19" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1A" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1B" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1C" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1D" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1E" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_1F" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_20" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_21" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_22" />
+          <FileRuleRef RuleID="ID_DENY_INPOUTX_23" />
+          <FileRuleRef RuleID="ID_DENY_KLMD" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_1" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_2" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_3" />
+          <FileRuleRef RuleID="ID_DENY_LGCORETEMP_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_2" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_3" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_5" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_6" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_7" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_8" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_9" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_A" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_B" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_C" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_D" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_E" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_F" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_10" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_11" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_12" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_13" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_14" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_15" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_16" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_17" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_18" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_19" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1A" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1B" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT2_1C" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_11" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_12" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_13" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_14" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_15" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_16" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_17" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_18" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_19" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1A" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1B" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1C" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1D" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1E" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_1F" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_20" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_21" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROT3_22" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_1" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_2" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_3" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_5" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_6" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_7" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTECT_8" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_1" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_2" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_3" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTNAP_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_1" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_2" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_3" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_4" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_5" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_6" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_7" />
+          <FileRuleRef RuleID="ID_DENY_MHYPROTRG_8" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_1" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_2" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_3" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_4" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_5" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_6" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_7" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_8" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_9" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_10" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_11" />
+          <FileRuleRef RuleID="ID_DENY_MSIO_12" />
+          <FileRuleRef RuleID="ID_DENY_MSR_1" />
+          <FileRuleRef RuleID="ID_DENY_MSR_2" />
+          <FileRuleRef RuleID="ID_DENY_MSR_3" />
+          <FileRuleRef RuleID="ID_DENY_MSR_4" />
+          <FileRuleRef RuleID="ID_DENY_MSR_5" />
+          <FileRuleRef RuleID="ID_DENY_MSR_6" />
+          <FileRuleRef RuleID="ID_DENY_MSR_7" />
+          <FileRuleRef RuleID="ID_DENY_MSR_8" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_7" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_8" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_9" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_10" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_11" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_12" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_13" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_14" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_15" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_16" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_17" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_18" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_19" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_1F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_20" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_21" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_22" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_23" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_24" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_25" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_26" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_27" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_28" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_29" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_2F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_30" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_31" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_32" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_33" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_34" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_35" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_36" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_37" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_38" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_39" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_3F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_40" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_41" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_42" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_43" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_44" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_45" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_46" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_47" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_48" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_49" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_4F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_50" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_51" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_52" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_53" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_54" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_55" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_56" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_57" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_58" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_59" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5C" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5D" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5E" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_5F" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_60" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_61" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_62" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_63" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_64" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_65" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_66" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_67" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_68" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_69" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6A" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6B" />
+          <FileRuleRef RuleID="ID_DENY_NVFLASH_6C" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_1" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_2" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_3" />
+          <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_4" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_3" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_4" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_5" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_6" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PHYDMACC_1" />
+          <FileRuleRef RuleID="ID_DENY_PHYDMACC_2" />
+          <FileRuleRef RuleID="ID_DENY_PHYDMACC_3" />
+          <FileRuleRef RuleID="ID_DENY_PHYDMACC_4" />
+          <FileRuleRef RuleID="ID_DENY_PHYDMACC_5" />
+          <FileRuleRef RuleID="ID_DENY_PHYDMACC_6" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA1_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_WINRING0_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_70" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_71" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_72" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_70" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_71" />
+          <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_72" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_29" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_2A" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_2B" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_2C" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_2D" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_2E" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_2F" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_30" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_31" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_32" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_33" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_34" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_35" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_36" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_37" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_38" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_39" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_3A" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_3B" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_3C" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_3D" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_3E" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_3F" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_40" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_41" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_42" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_43" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_44" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_45" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_46" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_47" />
+          <FileRuleRef RuleID="ID_DENY_RTCORE_48" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_2" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_3" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_4" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_5" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_6" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_7" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_8" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_9" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_A" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_B" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_C" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_D" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_E" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_F" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_10" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_11" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_12" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_13" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_14" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_15" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_16" />
+          <FileRuleRef RuleID="ID_DENY_SUPERBMC_17" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_1" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_2" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_3" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_4" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_5" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_6" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_7" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_8" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_9" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_A" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_B" />
+          <FileRuleRef RuleID="ID_DENY_SYSDRV3S_C" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_1" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_2" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_3" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_4" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_5" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_6" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_7" />
+          <FileRuleRef RuleID="ID_DENY_SYSINFO_8" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_1" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_2" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_3" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_4" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_5" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_6" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_7" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_8" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_9" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_10" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_11" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_12" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_13" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_14" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_15" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_16" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_17" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_18" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_19" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_20" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_21" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_22" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_23" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_24" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_25" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_26" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_27" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_28" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_29" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_30" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_31" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_32" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_33" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_34" />
+          <FileRuleRef RuleID="ID_DENY_PROCESSHACKER" />
+          <FileRuleRef RuleID="ID_DENY_AMP" />
+          <FileRuleRef RuleID="ID_DENY_ASMMAP" />
+          <FileRuleRef RuleID="ID_DENY_ASMMAP_64" />
+          <FileRuleRef RuleID="ID_DENY_DBK_32" />
+          <FileRuleRef RuleID="ID_DENY_DBK_64" />
+          <FileRuleRef RuleID="ID_DENY_GDRV" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_1" />
+          <FileRuleRef RuleID="ID_DENY_PCHUNTER_2" />
+          <FileRuleRef RuleID="ID_DENY_PHYMEMX_64" />
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>
@@ -2926,7 +3357,7 @@ To check that the policy was successfully applied on your computer:
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.25860.0</String>
+        <String>10.0.25930.0</String>
       </Value>
     </Setting>
   </Settings>
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
index ae484f697c..c51eebd95c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/plan-wdac-management.md
@@ -1,33 +1,15 @@
 ---
-title: Plan for WDAC policy management 
+title: Plan for WDAC policy management
 description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/02/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Plan for Windows Defender Application Control lifecycle policy management
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This topic describes the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control (WDAC) policies.
 
@@ -37,7 +19,7 @@ The first step in implementing application control is to consider how your polic
 
 Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include:
 
-1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing.
+1. [Define (or refine) the "circle-of-trust"](understand-wdac-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing.
 2. [Deploy the audit mode policy](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) to intended devices.
 3. [Monitor audit block events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks.
 4. Repeat steps 2-3 until the remaining block events meet expectations.
@@ -45,7 +27,7 @@ Most Windows Defender Application Control policies will evolve over time and pro
 6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
 7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.  
 
-![Recommended WDAC policy deployment process.](images/policyflow.png)
+![Recommended WDAC policy deployment process.](../images/policyflow.png)
 
 ### Keep WDAC policies in a source control or document management solution
 
@@ -56,7 +38,7 @@ To effectively manage Windows Defender Application Control policies, you should
 Use the [Set-CIPolicyIDInfo](/powershell/module/configci/set-cipolicyidinfo) cmdlet to give each policy a descriptive name and set a unique ID in order to differentiate each policy when reviewing Windows Defender Application Control events or when viewing the policy XML document. Although you can specify a string value for PolicyId, for policies using the multiple policy format we recommend using the -ResetPolicyId switch to let the system autogenerate a unique ID for the policy.
 
 > [!NOTE]
-> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-windows-defender-application-control-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10.
+> PolicyID only applies to policies using the [multiple policy format](deploy-multiple-wdac-policies.md) on computers running Windows 10, version 1903 and above, or Windows 11. Running -ResetPolicyId on a policy created for pre-1903 computers will convert it to multiple policy format and prevent it from running on those earlier versions of Windows 10.
 > PolicyID should be set only once per policy and use different PolicyID's for the audit and enforced mode versions of each policy.
 
 In addition, we recommend using the [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) cmdlet to increment the policy's internal version number when you make changes to the policy. The version must be defined as a standard four-part version string (for example, "1.0.0.0").
@@ -71,7 +53,7 @@ Each time that a process is blocked by Windows Defender Application Control, eve
 
 Collecting these events in a central location can help you maintain your Windows Defender Application Control policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)).
 
-Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) feature.
+Additionally, Windows Defender Application Control events are collected by [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint) and can be queried using the [advanced hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md) feature.
 
 ## Application and user support policy
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
index 5975fa917b..4a1aaf70e2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/script-enforcement.md
@@ -1,28 +1,14 @@
 ---
 title: Understand WDAC script enforcement
 description: WDAC script enforcement
-keywords: security, malware
-ms.prod: windows-client
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: jogeurte
 ms.manager: jsuther
-manager: aaroncz
 ms.date: 05/26/2023
-ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
 ---
 
 # Script enforcement with Windows Defender Application Control (WDAC)
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
index 3630632cf7..a5798f2f02 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
@@ -1,33 +1,15 @@
 ---
-title: Understand Windows Defender Application Control (WDAC) policy rules and file rules 
+title: Understand Windows Defender Application Control (WDAC) policy rules and file rules
 description: Learn how WDAC policy rules and file rules can control your Windows 10 and Windows 11 computers.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
-ms.date: 05/26/2023
-ms.technology: itpro-security
+ms.date: 08/11/2023
 ms.topic: article
 ---
 
 # Understand Windows Defender Application Control (WDAC) policy rules and file rules
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md).
 
 Windows Defender Application Control (WDAC) can control what runs on Windows 10, Windows 11, and Windows Server 2016 and later, by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted.
 
@@ -38,7 +20,7 @@ To modify the policy rule options of an existing WDAC policy XML, use the [WDAC
 You can set several rule options within a WDAC policy. Table 1 describes each rule option, and whether supplemental policies can set them. Some rule options are reserved for future work or not supported.
 
 > [!NOTE]
-> We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode.
+> We recommend that you use **Enabled:Audit Mode** initially because it allows you to test new WDAC policies before you enforce them. With audit mode, no application is blocked-instead the policy logs an event whenever an application outside the policy is started. To allow these applications, you can capture the policy information from the event log, and then merge that information into the existing policy. When the **Enabled:Audit Mode** is deleted, the policy runs in enforced mode.
 
 ### Table 1. Windows Defender Application Control policy - policy rule options
 
@@ -50,7 +32,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No |
 | **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not prerelease Windows builds. | No |
 | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes |
-| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | Yes |
+| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | No |
 | **7 Allowed:Debug Policy Augmented** | This option isn't currently supported. | Yes |
 | **8 Required:EV Signers** | This option isn't currently supported. | No |
 | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | No |
@@ -80,17 +62,17 @@ Each file rule level has advantages and disadvantages. Use Table 2 to select the
 | Rule level | Description |
 |----------- | ----------- |
 | **Hash** | Specifies individual [Authenticode/PE image hash values](#more-information-about-hashes) for each discovered binary. This level is the most specific level, and requires more effort to maintain the current product versions' hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. |
-| **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level, but it doesn't typically require a policy update when any binary is modified. |
+| **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level, but it doesn't typically require a policy update when any binary is modified. By default, this level uses the OriginalFileName attribute of the file's resource header. Use [-SpecificFileNameLevel](#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) to choose an alternative attribute, such as ProductName. |
 | **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. FilePath rules only apply to user mode binaries and can't be used to allow kernel mode drivers. More information about FilePath level rules can be found later in this article. |
 | **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. |
 | **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). |
-| **FilePublisher** | This level combines the "FileName" attribute of the signed file, plus "Publisher" (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. |
+| **FilePublisher** | This level combines the "FileName" attribute of the signed file, plus "Publisher" (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. By default, this level uses the OriginalFileName attribute of the file's resource header. Use [-SpecificFileNameLevel](#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) to choose an alternative attribute, such as ProductName. |
 | **LeafCertificate** | Adds trusted signers at the individual signing certificate level. The benefit of using this level versus the individual hash level is that new versions of the product have different hash values but typically the same signing certificate. When this level is used, no policy update would be needed to run the new version of the application. However, leaf certificates typically have shorter validity periods than other certificate levels, so the WDAC policy must be updated whenever these certificates change. |
 | **PcaCertificate** | Adds the highest available certificate in the provided certificate chain to signers. This level is typically one certificate below the root because the scan doesn't resolve the complete certificate chain via the local root stores or with an online check. |
 | **RootCertificate** | Not supported. |
 | **WHQL** | Only trusts binaries that have been submitted to Microsoft and signed by the Windows Hardware Qualification Lab (WHQL). This level is primarily for kernel binaries. |
 | **WHQLPublisher** | This level combines the WHQL level and the CN on the leaf certificate, and is primarily for kernel binaries. |
-| **WHQLFilePublisher** | This level combines the "FileName" attribute of the signed file, plus "WHQLPublisher", plus a minimum version number. This level is primarily for kernel binaries. |
+| **WHQLFilePublisher** | This level combines the "FileName" attribute of the signed file, plus "WHQLPublisher", plus a minimum version number. This level is primarily for kernel binaries. By default, this level uses the OriginalFileName attribute of the file's resource header. Use [-SpecificFileNameLevel](#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) to choose an alternative attribute, such as ProductName. |
 
 > [!NOTE]
 > When you create WDAC policies with [New-CIPolicy](/powershell/module/configci/new-cipolicy), you can specify a primary file rule level, by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate, but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
@@ -117,18 +99,35 @@ As part of normal operations, they'll eventually install software updates, or pe
 
 ## File rule precedence order
 
-WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-windows-defender-application-control-with-intelligent-security-graph.md) if allowed by the policy.
+WDAC has a built-in file rule conflict logic that translates to precedence order. It first processes all explicit deny rules it finds. Then, it processes any explicit allow rules. If no deny or allow rule exists, WDAC checks for a [Managed Installer claim](../deployment/deploy-wdac-policies-with-memcm.md) if allowed by the policy. Lastly, WDAC falls back to the [ISG](use-wdac-with-intelligent-security-graph.md) if allowed by the policy.
 
 > [!NOTE]
 > To make it easier to reason over your WDAC policies, we recommend maintaining separate ALLOW and DENY policies on Windows versions that support [multiple WDAC policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies).
 
+## Use -SpecificFileNameLevel with FileName, FilePublisher, or WHQLFilePublisher level rules
+
+By default, the FileName, FilePublisher, and WHQLFilePublisher rule levels will use the OriginalFileName attribute from the file's resource header. You can use an alternative resource header attribute for your rules by setting the **-SpecificFileNameLevel**. For instance, a software developer may use the same ProductName for all binaries that are part of an app. Using -SpecificFileNameLevel, you can create a single rule to cover all of those binaries in your policy rather than individual rules for every file.
+
+Table 3 describes the available resource header attribute options you can set with -SpecificFileNameLevel.
+
+### Table 3. -SpecificFileNameLevel options
+
+| SpecificFileNameLevel value | Description |
+|----------- | ----------- |
+| **FileDescription** |  Specifies the file description provided by the developer of the binary. |
+| **InternalName** |  Specifies the internal name of the binary. |
+| **OriginalFileName** | Specifies the original file name, or the name with which the file was first created, of the binary. |
+| **PackageFamilyName** | Specifies the package family name of the binary. The package family name consists of two parts: the name of the file and the publisher ID. |
+| **ProductName** |  Specifies the name of the product with which the binary ships. |
+| **Filepath** |  Specifies the file path of the binary. |
+
 ## More information about filepath rules
 
 Filepath rules don't provide the same security guarantees that explicit signer rules do, since they're based on mutable access permissions. Filepath rules are best suited for environments where most users are running as standard rather than admin. Path rules are best suited to allow paths that you expect to remain admin-writeable only. You may want to avoid path rules for directories where standard users can modify ACLs on the folder.
 
 ### User-writable filepaths
 
-By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath and its parent directories (recursively) don't allow standard users write access.
+By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath only allow write access for admin users.
 
 There's a defined list of SIDs that WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable, even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described earlier.
 
@@ -180,22 +179,10 @@ During validation, WDAC selects which hashes are calculated based on how the fil
 
 In the cmdlets, rather than try to predict which hash will be used, we precalculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page).  This method is also resilient to changes in how the file is signed since your WDAC policy has more than one hash available for the file already.
 
-### Why does scan create eight hash rules for certain XML files?
+### Why does scan create eight hash rules for certain files?
 
 Separate rules are created for UMCI and KMCI. If the cmdlets can't determine that a file will only run in user-mode or in the kernel, then rules are created for both signing scenarios out of an abundance of caution. If you know that a particular file will only load in either user-mode or kernel, then you can safely remove the extra rules.
 
-## Windows Defender Application Control filename rules
+### When does WDAC use the flat file hash value?
 
-File name rule levels let you specify file attributes to base a rule on. File name rules provide the same security guarantees that explicit signer rules do, as they're based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules.
-
-Use Table 3 to select the appropriate file name level for your use cases. For instance, an LOB or production application and its binaries may all share the same product name. This option lets you easily create targeted policies based on the Product Name filename rule level.
-
-### Table 3. Windows Defender Application Control policy - filename levels
-
-| Rule level | Description |
-|----------- | ----------- |
-| **File Description** |  Specifies the file description provided by the developer of the binary. |
-| **Internal Name** |  Specifies the internal name of the binary. |
-| **Original File Name** | Specifies the original file name, or the name with which the file was first created, of the binary. |
-| **Package Family Name** |  Specifies the package family name of the binary. The package family name consists of two parts: the name of the file and the publisher ID. |
-| **Product Name** |  Specifies the name of the product with which the binary ships. |
+There are some rare cases where a file's format doesn't conform to the Authenticode spec and so WDAC falls back to use the flat file hash. This can occur for a number of reasons, such as if changes are made to the in-memory version of the file at runtime. In such cases, you'll see that the hash shown in the correlated 3089 signature information event matches the flat file hash from the 3076/3077 block event. To create rules for files with an invalid format, you can add hash rules to the policy for the flat file hash using the WDAC Wizard or by editing the policy XML directly.
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
index a32f372530..026cd262be 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understand-wdac-policy-design-decisions.md
@@ -1,33 +1,15 @@
 ---
-title: Understand Windows Defender Application Control policy design decisions  
+title: Understand Windows Defender Application Control policy design decisions
 description: Understand Windows Defender Application Control policy design decisions.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-manager: aaroncz
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: isbrahm
-ms.author: vinpa
 ms.date: 02/08/2018
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Understand Windows Defender Application Control policy design decisions 
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment.
 
@@ -44,7 +26,7 @@ You should consider using Windows Defender Application Control as part of your o
 
 ## Decide what policies to create
 
-Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-windows-defender-application-control-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create.
+Beginning with Windows 10, version 1903, Windows Defender Application Control allows [multiple simultaneous policies](deploy-multiple-wdac-policies.md) to be applied to each device. This concurrent application opens up many new use cases for organizations, but your policy management can easily become unwieldy without a well-thought-out plan for the number and types of policies to create.
 
 The first step is to define the desired "circle-of-trust" for your WDAC policies. By "circle-of-trust," we mean a description of the business intent of the policy expressed in natural language. This "circle-of-trust" definition will guide you as you create the actual policy rules for your policy XML.
 
@@ -63,8 +45,8 @@ Organizations with well-defined, centrally managed app management and deployment
 | Possible answers | Design considerations|
 | - | - |
 | All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
-| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. |
-| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. |
+| Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-wdac-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. |
+| Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-wdac-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. |
 | Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.|
 
 ### Are internally developed line-of-business (LOB) apps and apps developed by third-party companies digitally signed?
@@ -73,12 +55,12 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 
 | Possible answers | Design considerations |
 | - | - |
-| All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | 
+| All apps used in your organization must be signed. | Organizations that enforce [codesigning](../deployment/use-code-signing-for-better-control-and-protection.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
+| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](../deployment/deploy-catalog-files-to-support-wdac.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | 
  
 ### Are there specific groups in your organization that need customized application control policies?
 
-Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group’s priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.
+Most business teams or departments have specific security requirements that pertain to data access and the applications used to access that data. Consider the scope of the project for each group and the group's priorities before you deploy application control policies for the entire organization. There's overhead in managing policies that might lead you to choose between broad, organization-wide policies and multiple team-specific policies.
 
 | Possible answers | Design considerations |
 | - | - |
diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
index f5533a24b5..0c615d15e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/understanding-wdac-policy-settings.md
@@ -1,14 +1,8 @@
 ---
 title: Understanding Windows Defender Application Control (WDAC) secure settings
 description: Learn about secure settings in Windows Defender Application Control.
-ms.prod: windows-client
 ms.localizationpriority: medium
-author: jgeurten
-ms.reviewer: vinpa
-ms.author: jogeurte
-manager: aaroncz
 ms.date: 04/05/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
@@ -30,7 +24,7 @@ An example settings section of a Windows Defender Application Control policy:
 
 ## Example Scenario
 
-An application that may want to restrict its capabilities, when used on a system with an active Windows Defender Application Control policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso’s Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don’t want Foo Application to execute macros on a system with a WDAC policy.
+An application that may want to restrict its capabilities, when used on a system with an active Windows Defender Application Control policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso's Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don't want Foo Application to execute macros on a system with a WDAC policy.
 
 ## WldpQuerySecurityPolicy
 
@@ -67,7 +61,7 @@ Pointer to receive the value type.
 
 #### Value [in, out]
 
-Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function returns the required buffer size for Value.
+Pointer to a buffer to receive the value. The buffer should be of size "ValueSize". If this value is NULL, this function returns the required buffer size for Value.
 
 #### ValueSize [in, out]
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
similarity index 83%
rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 041c912aaf..7fa7fe71a2 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -1,33 +1,15 @@
 ---
-title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules 
+title: Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
 description: WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-manager: aaroncz
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
 ms.date: 11/02/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules 
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2019 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 You can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
index 6fbf9468f0..ee718c6bff 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph.md
@@ -1,33 +1,15 @@
 ---
-title: Authorize reputable apps with the Intelligent Security Graph (ISG) 
+title: Authorize reputable apps with the Intelligent Security Graph (ISG)
 description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
-ms.technology: itpro-security
 ms.date: 12/31/2017
 ms.topic: article
 ---
 
 # Authorize reputable apps with the Intelligent Security Graph (ISG)
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2019 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 Application control can be difficult to implement in organizations that don't deploy and manage applications through an IT-managed system. In such environments, users can acquire the applications they want to use for work, making it hard to build an effective application control policy.
 
@@ -112,4 +94,4 @@ Packaged apps aren't supported with the ISG and will need to be separately autho
 The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.  
 
 > [!NOTE]
-> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
+> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](../deployment/deploy-wdac-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
index c00f4edca6..8f866fa055 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-and-dotnet.md
@@ -1,20 +1,8 @@
 ---
-title: Windows Defender Application Control and .NET 
+title: Windows Defender Application Control and .NET
 description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 08/10/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
@@ -26,11 +14,11 @@ The EA set on the NI file only applies to the currently active WDAC policies. If
 
 In some cases, if an NI file is blocked, you may see a "false positive" block event in the *CodeIntegrity - Operational* event log as described in [WDAC Admin Tips & Known Issues](/windows/security/threat-protection/windows-defender-application-control/operations/known-issues#net-native-images-may-generate-false-positive-block-events).
 
-To mitigate any performance impact caused when the WDAC EA isn't valid or missing, use any of the following strategies:
+To mitigate any performance impact caused when the WDAC EA isn't valid or missing:
 
-1. Work with the app developer to pre-compile their NI and digitally sign it. Then, ensure your WDAC policies allow that signature;
-2. Run *ngen.exe update* to force .NET to regenerate all NI files immediately after applying changes to your WDAC policies;
-3. [Create and sign a catalog file](/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control) for the native images
+- Avoid updating the WDAC policies often.
+- Run `ngen update` (on all machine architectures) to force .NET to regenerate all NI files immediately after applying changes to your WDAC policies.
+- Migrate applications to .NET Core (.NET 6 or greater).
 
 ## WDAC and .NET hardening
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md
similarity index 63%
rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md
index 11fc572242..84a5e4839a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-design-guide.md
@@ -1,33 +1,15 @@
 ---
-title: Windows Defender Application Control design guide 
+title: Windows Defender Application Control design guide
 description: Microsoft Windows Defender Application Control allows organizations to control what apps and drivers will run on their managed Windows devices.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/20/2018
-ms.technology: itpro-security
 ---
 
 # Windows Defender Application Control design guide
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 This guide covers design and planning for Windows Defender Application Control (WDAC). It's intended to help security architects, security administrators, and system administrators create a plan that addresses specific application control requirements for different departments or business groups within an organization.
 
@@ -46,10 +28,10 @@ Once these business factors are in place, you're ready to begin planning your Wi
 
 | Topic | Description |
 | - | - |
-| [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. |
-| [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. |
+| [Plan for WDAC policy management](plan-wdac-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. |
+| [Understand WDAC policy design decisions](understand-wdac-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions, when you plan a deployment of application control policies. |
 | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. |
-| [Policy creation for common WDAC usage scenarios](types-of-devices.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. |
+| [Policy creation for common WDAC usage scenarios](common-wdac-use-cases.md) | This set of topics outlines common use case scenarios, and helps you begin to develop a plan for deploying WDAC in your organization. |
 | [Policy creation using the WDAC Wizard tool](wdac-wizard.md) | This set of topics describes how to use the WDAC Wizard desktop app to easily create, edit, and merge WDAC policies. |
 
-After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies.
+After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](../deployment/wdac-deployment-guide.md) covers creating and testing policies, deploying the enforcement setting, and managing and maintaining policies.
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md
new file mode 100644
index 0000000000..38dd2726e4
--- /dev/null
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-base-policy.md
@@ -0,0 +1,121 @@
+---
+title: Windows Defender Application Control Wizard Base Policy Creation
+description: Creating new base application control policies with the Microsoft Windows Defender Application (WDAC) Wizard.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 06/07/2023
+---
+
+# Creating a new Base Policy with the Wizard
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+
+When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules.
+
+## Template Base Policies
+
+Each of the template policies has a unique set of policy allowlist rules that affect the circle-of-trust and security model of the policy. The following table lists the policies in increasing order of trust and freedom. For instance, the Default Windows mode policy trusts fewer application publishers and signers than the Signed and Reputable mode policy. The Default Windows policy has a smaller circle-of-trust with better security than the Signed and Reputable policy, but at the expense of compatibility.  
+
+| Template Base Policy | Description |
+|---------------------------------|-------------------------------------------------------------------|
+| **Default Windows Mode**      | Default Windows mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li></ul>|
+| **Allow Microsoft Mode**      | Allow mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>*All Microsoft-signed software*</li></ul>|
+| **Signed and Reputable Mode** | Signed and Reputable mode authorizes the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>All Microsoft-signed software</li><li>*Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-wdac-with-intelligent-security-graph.md)*</li></ul>|
+
+*Italicized content denotes the changes in the current policy with respect to the policy prior.*
+
+More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md).
+
+![Selecting a base template for the policy.](../images/wdac-wizard-template-selection.png)
+
+Once the base template is selected, give the policy a name and choose where to save the application control policy on disk.
+
+## Configuring Policy Rules
+
+Upon page launch, policy rules are automatically enabled/disabled depending on the chosen template from the previous page. Choose to enable or disable the desired policy rule options by pressing the slider button next to the policy rule titles. A short description of each rule appears at the bottom of the page when the mouse hovers over the rule title.
+
+### Policy Rules Description
+
+The following table has a description of each policy rule, beginning with the left-most column. The [Policy rules article](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules) provides a fuller description of each policy rule.
+
+| Rule option | Description |
+|------------ | ----------- |
+| **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all Windows Defender Application Control policies. Setting this rule option allows the F8 menu to appear to physically present users. |
+| **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
+| **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 isn't supported and may have unintended results. |
+|**[Hypervisor-protected code integrity (HVCI)](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
+| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). |
+| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
+| **Require WHQL** | By default, legacy drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Henceforth, every new Windows-compatible driver must be WHQL certified. |
+| **Update Policy without Rebooting** | Use this option to allow future Windows Defender Application Control policy updates to apply without requiring a system reboot. |
+| **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
+| **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. |
+
+> [!div class="mx-imgBorder"]
+> ![Rule options UI for Windows Allowed mode policy.](../images/wdac-wizard-rule-options-UI-advanced-collapsed.png)
+
+### Advanced Policy Rules Description
+
+Selecting the **+ Advanced Options** label shows another column of policy rules, advanced policy rules. The following table provides a description of each advanced policy rule.
+
+| Rule option | Description |
+|------------ | ----------- |
+| **Boot Audit on Failure** | Used when the Windows Defender Application Control (WDAC) policy is in enforcement mode. When a driver fails during startup, the WDAC policy is placed in audit mode so that Windows loads. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
+| **Disable Flight Signing** | If enabled, WDAC policies block flightroot-signed binaries. This option would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. |
+| **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. |
+| **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
+| **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option causes WDAC to periodically revalidate the reputation for files authorized by the ISG.|
+| **Require EV Signers** | This option isn't currently supported. |
+
+![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-rule-options-UI.png)
+
+> [!NOTE]
+> We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked-instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default.
+
+## Creating custom file rules
+
+[File rules](select-types-of-rules-to-create.md#windows-defender-application-control-file-rule-levels) in an application control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create custom file rules for your policy. The Wizard supports four types of file rules:
+
+### Publisher Rules
+
+The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The following table shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule.
+
+| Rule Condition | WDAC Rule Level | Description |
+|------------ | ----------- | ----------- |
+| **Issuing CA** | PCACertificate | Highest available certificate is added to the signers. This certificate is typically the PCA certificate, one level below the root certificate. Any file signed by this certificate is affected. |
+| **Publisher** | Publisher | This rule is a combination of the PCACertificate rule and the common name (CN) of the leaf certificate. Any file signed by a major CA but with a leaf from a specific company, for example, a device driver corp, is affected. |
+| **File version** | SignedVersion | This rule is a combination of PCACertificate, publisher, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. |
+| **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. |
+
+![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png)
+
+### Filepath Rules
+
+Filepath rules don't provide the same security guarantees that explicit signer rules do, as they're based on mutable access permissions. To create a filepath rule, select the file using the *Browse* button.
+
+### File Attribute Rules
+
+The Wizard supports the creation of [file name rules](select-types-of-rules-to-create.md#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) based on authenticated file attributes. File name rules are useful when an application and its dependencies (for example, DLLs) may all share the same product name, for instance. This rule level allows users to easily create targeted policies based on the Product Name file name parameter. To select the file attribute to create the rule, move the slider on the Wizard to the desired attribute. The following table describes each of the supported file attributes off which to create a rule.
+
+| Rule level | Description |
+|------------ | ----------- |
+| **Original Filename** | Specifies the original file name, or the name with which the file was first created, of the binary. |
+| **File description** | Specifies the file description provided by the developer of the binary. |
+| **Product name** | Specifies the name of the product with which the binary ships. |
+| **Internal name** | Specifies the internal name of the binary. |
+
+> [!div class="mx-imgBorder"]
+> ![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png)
+
+### File Hash Rules
+
+Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause extra administrative overhead to maintain the current product version's hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard uses file hash as the fallback in case a file rule can't be created using the specified file rule level.
+
+#### Deleting Signing Rules
+  
+The policy signing rules list table on the left of the page documents the allow and deny rules in the template, and any custom rules you create. Template signing rules and custom rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. You're then prompted for another confirmation. Select `Yes` to remove the rule from the policy and the rules table.
+
+## Up next
+
+- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md)
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md
new file mode 100644
index 0000000000..2d1d9a8c91
--- /dev/null
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-create-supplemental-policy.md
@@ -0,0 +1,94 @@
+---
+title: Windows Defender Application Control Wizard Supplemental Policy Creation
+description: Creating supplemental application control policies with the WDAC Wizard.
+ms.localizationpriority: medium
+ms.topic: conceptual
+ms.date: 06/07/2023
+---
+
+# Creating a new Supplemental Policy with the Wizard
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
+
+Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are used, applications allowed by the base or any of its supplemental policies are allowed to run.
+
+Prerequisite information about application control can be accessed through the [WDAC design guide](wdac-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules.
+
+## Expanding a Base Policy
+
+Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The WDAC Wizard verifies if the base policy allows supplementals and shows the following confirmation.
+
+![Base policy allows supplemental policies.](../images/wdac-wizard-supplemental-expandable.png)
+
+If the base policy isn't configured for supplemental policies, the Wizard attempts to convert the policy to one that can be supplemented. Once successful, the Wizard shows a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed.  
+
+![Wizard confirms modification of base policy.](../images/wdac-wizard-confirm-base-policy-modification.png)
+
+Policies that can't be supplemented, for instance another supplemental policy, are detected by the Wizard and show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-wdac-policies.md).
+
+![Wizard detects a bad base policy.](../images/wdac-wizard-supplemental-not-base.png)
+
+## Configuring Policy Rules
+
+Upon page launch, policy rules are automatically enabled/disabled depending on the chosen base policy from the previous page. Most of the supplemental policy rules are inherited from the base policy. The Wizard automatically parses the base policy and sets the required supplemental policy rules to match the base policy rules. Inherited policy rules are grayed out and aren't modifiable in the user interface.
+
+A short description of the rule is shown at the bottom of the page when the cursor is placed on the rule title.
+
+### Configurable Supplemental Policy Rules Description
+
+Supplemental policies can only configure three policy rules. The following table describes each policy rule, beginning with the left-most column. Selecting the **+ Advanced Options** label shows another column of policy rules, the advanced policy rules.
+
+| Rule option | Description |
+|------------ | ----------- |
+| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft's Intelligent Security Graph (ISG). |
+| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
+| **Disable Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. |
+
+![Rule options UI for Windows Allowed mode.](../images/wdac-wizard-supplemental-policy-rule-options-UI.png)
+
+## Creating custom file rules
+
+File rules in an application control policy specify the level at which applications are identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting **+ Custom Rules** opens the custom file rule conditions panel to create and customize targeted file rules for your policy. The Wizard supports four types of file rules:
+
+### Publisher Rules
+
+The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The following table shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level, and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule.
+
+| Rule Condition | WDAC Rule Level | Description |
+|------------ | ----------- | ----------- |
+| **Issuing CA** | PCACertificate | Highest available certificate is added to the signers. This certificate is typically the PCA certificate, one level below the root certificate. Any file signed by this certificate is affected. |
+| **Publisher** | Publisher | This rule is a combination of the PCACertificate rule and the common name (CN) of the leaf certificate. Any file signed by a major CA but with a leaf from a specific company, for example, a device driver publisher, is affected. |
+| **File version** | SignedVersion | This rule is a combination of the PCACertificate and Publisher rule, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. |
+| **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. |
+
+![Custom filepublisher file rule creation.](../images/wdac-wizard-custom-publisher-rule.png)
+
+### Filepath Rules
+
+Filepath rules don't provide the same security guarantees that explicit signer rules do, as they're based on mutable access permissions. To create a filepath rule, select the file using the *Browse* button.
+
+### File Attribute Rules
+
+The Wizard supports the creation of [file name rules](select-types-of-rules-to-create.md#use--specificfilenamelevel-with-filename-filepublisher-or-whqlfilepublisher-level-rules) based on authenticated file attributes. File name rules are useful when an application and its dependencies (for example, DLLs) may all share the same product name, for instance. This rule level allows users to easily create targeted policies based on the Product Name file name. To select the file attribute to create the rule, move the slider on the Wizard to the desired attribute. The following table describes each of the supported file attributes off which to create a rule.
+
+| Rule level | Description |
+|------------ | ----------- |
+| **Original Filename** | Specifies the original file name, or the name with which the file was first created, of the binary. |
+| **File description** | Specifies the file description provided by the developer of the binary. |
+| **Product name** | Specifies the name of the product with which the binary ships. |
+| **Internal name** | Specifies the internal name of the binary. |
+
+![Custom file attributes rule.](../images/wdac-wizard-custom-file-attribute-rule.png)
+
+### File Hash Rules
+
+Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause extra administrative overhead to maintain the current product versions' hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard uses file hash as the fallback in case a file rule can't be created using the specified file rule level.
+
+#### Deleting Signing Rules
+  
+The table on the left of the page documents the allow and deny rules in the template, and any custom rules you create. Rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. You're again prompted for another confirmation. Select `Yes` to remove the rule from the policy and the rules table.
+
+## Up next
+
+- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md
similarity index 88%
rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md
index 89d6fab2aa..95692365fc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-editing-policy.md
@@ -1,33 +1,15 @@
 ---
 title: Editing Windows Defender Application Control Policies with the Wizard
 description: Editing existing base and supplemental policies with the Microsoft WDAC Wizard.
-keywords: allowlisting, blocklisting, security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 10/14/2020
-ms.technology: itpro-security
 ---
 
 # Editing existing base and supplemental WDAC policies with the Wizard
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 The Windows Defender Application Control Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities: 
 <ul>
@@ -40,7 +22,7 @@ The Windows Defender Application Control Wizard makes editing and viewing WDAC p
 
 The `Policy Rules` page will load with the in-edit policy rules configured per the set rules. Selecting the `+ Advanced Options` button will reveal the advanced policy rule options panel. This grouping of rules contains other policy rule options that are less common to most users. To edit any of the rules, flip the corresponding policy rule state.  For instance, to disable Audit Mode and enable Enforcement Mode in the figure below, the button beside the `Audit Mode` label needs only to be pressed. Once the policy rules are configured, select the Next button to continue the next stage of editing: [Adding File Rules](#adding-file-rules).
 
-![Configuring the policy rules.](images/wdac-wizard-edit-policy-rules.png)
+![Configuring the policy rules.](../images/wdac-wizard-edit-policy-rules.png)
 
 A description of the policy rule is shown at the bottom of the page when the cursor is placed over the rule title. For a complete list of the policy rules and their capabilities, see the [Windows Defender Application Control policy rules table](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules).
 
@@ -54,7 +36,7 @@ Selecting the `+ Custom Rules` button will open the Custom Rules panel. For more
 
 The WDAC Wizard makes deleting file rules from an existing policy quick and easy. To remove any type of file rule: publisher rule, path rule, filename rule, or a hash rule, select the rule in the `Policy Signing Rules List` table on the left-hand side of the page. Selecting the rule will highlight the entire row. Once the row is highlighted, select the remove icon underneath the table. The Wizard will prompt for user confirmation before removing the file rule. Once removed, the rule will no longer appear in the policy or the table. 
 
-![Removing file rule from policy during edit.](images/wdac-wizard-edit-remove-file-rule.png)
+![Removing file rule from policy during edit.](../images/wdac-wizard-edit-remove-file-rule.png)
 
 **Note:** removing a publisher rule will also remove the associated File Attribute rules. For instance, in the xml block below, removing ID_SIGNER_CONTOSO_PUBLISHER would also remove the rules ID_FILEATTRIB_LOB_APP_1 and ID_FILEATTRIB_LOB_APP_2. 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md
similarity index 79%
rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md
index be4fce9d9b..2db7264ca4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-merging-policies.md
@@ -1,21 +1,9 @@
 ---
 title: Windows Defender Application Control Wizard Policy Merging Operation
 description: Merging multiple policies into a single application control policy with the Microsoft WDAC Wizard.
-keywords: allowlisting, blocklisting, security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 10/14/2020
-ms.technology: itpro-security
 ---
 
 # Merging existing policies with the WDAC Wizard
@@ -25,8 +13,8 @@ Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC
 Select the policies you wish to merge into one policy using the `+ Add Policy` button under the table. Once added, policies will be enumerated within the table. To remove a policy from the table, if accidentally added, highlight the policy row and select the `- Remove Policy` button. Confirmation will be required before the policy is withdrawn from the table. 
 
 > [!NOTE]
-> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-windows-defender-application-control-policies.md).
+> The policy type and ID of the final output policy will be determined based on the type and ID of the **first policy** in the policy list table. For instance, if a legacy policy format policy and a multi-policy format policy are merged together, the output format of the policy will be whichever policy is specified first in the table. For more information on policy formats, visit the [Multiple Windows Defender Application Control (WDAC) Policies page](deploy-multiple-wdac-policies.md).
 
 Lastly, select a filepath save location for the final merged policy using the `Browse` button. If a minimum of two policies are selected, and the save location is specified, select the `Next` button to build the policy. 
 
-![Merging WDAC policies into a final WDAC policy.](images/wdac-wizard-merge.png)
+![Merging WDAC policies into a final WDAC policy.](../images/wdac-wizard-merge.png)
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md
index c89baad871..6710d78572 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md
@@ -1,33 +1,15 @@
 ---
 title: Windows Defender Application Control Wizard WDAC Event Parsing
 description: Creating WDAC policy rules from the WDAC event logs and the MDE Advanced Hunting WDAC events.
-keywords: WDAC event parsing, allow listing, block listing, security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/01/2023
-ms.technology: itpro-security
 ---
 
 # Creating WDAC Policy Rules from WDAC Events in the Wizard
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.html), the WDAC Wizard supports creating WDAC policy rules from the following event log types: 
 
@@ -35,7 +17,6 @@ As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.ht
 2. [Exported WDAC events (EVTX files) from any system](#wdac-event-log-file-parsing)
 3. [Exported WDAC events from MDE Advanced Hunting](#mde-advanced-hunting-wdac-event-parsing)
 
-
 ## WDAC Event Viewer Log Parsing
 
 To create rules from the WDAC event logs on the system:
@@ -47,7 +28,7 @@ To create rules from the WDAC event logs on the system:
    The Wizard will parse the relevant audit and block events from the CodeIntegrity (WDAC) Operational and AppLocker MSI and Script logs. You'll see a notification when the Wizard successfully finishes reading the events. 
 
    > [!div class="mx-imgBorder"]
-   > [![Parse WDAC and AppLocker event log system events](images/wdac-wizard-event-log-system.png)](images/wdac-wizard-event-log-system-expanded.png)
+   > [![Parse WDAC and AppLocker event log system events](../images/wdac-wizard-event-log-system.png)](../images/wdac-wizard-event-log-system-expanded.png)
 
 4. Select the Next button to view the audit and block events and create rules.
 5. [Generate rules from the events](#creating-policy-rules-from-the-events).
@@ -64,14 +45,14 @@ To create rules from the WDAC `.EVTX` event logs files on the system:
    The Wizard will parse the relevant audit and block events from the selected log files. You'll see a notification when the Wizard successfully finishes reading the events. 
 
    > [!div class="mx-imgBorder"]
-   > [![Parse evtx file WDAC events](images/wdac-wizard-event-log-files.png)](images/wdac-wizard-event-log-files-expanded.png)
+   > [![Parse evtx file WDAC events](../images/wdac-wizard-event-log-files.png)](../images/wdac-wizard-event-log-files-expanded.png)
 
 5. Select the Next button to view the audit and block events and create rules.
 6. [Generate rules from the events](#creating-policy-rules-from-the-events).
 
 ## MDE Advanced Hunting WDAC Event Parsing
 
-To create rules from the WDAC events in [MDE Advanced Hunting](querying-application-control-events-centrally-using-advanced-hunting.md):
+To create rules from the WDAC events in [MDE Advanced Hunting](../operations/querying-application-control-events-centrally-using-advanced-hunting.md):
 
 1. Navigate to the Advanced Hunting section within the MDE console and query the WDAC events. **The Wizard requires the following fields** in the Advanced Hunting csv file export: 
 
@@ -101,7 +82,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](querying-applicat
 2. Export the WDAC event results by selecting the **Export** button in the results view.
 
    > [!div class="mx-imgBorder"]
-   > [![Export the MDE Advanced Hunting results to CSV](images/wdac-wizard-event-log-mde-ah-export.png)](images/wdac-wizard-event-log-mde-ah-export-expanded.png)
+   > [![Export the MDE Advanced Hunting results to CSV](../images/wdac-wizard-event-log-mde-ah-export.png)](../images/wdac-wizard-event-log-mde-ah-export-expanded.png)
 
 3. Select **Policy Editor** from the WDAC Wizard main page.
 4. Select **Convert Event Log to a WDAC Policy**.
@@ -111,7 +92,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](querying-applicat
    The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You'll see a notification when the Wizard successfully finishes reading the events. 
 
    > [!div class="mx-imgBorder"]
-   > [![Parse the Advanced Hunting CSV WDAC event files](images/wdac-wizard-event-log-mde-ah-parsing.png)](images/wdac-wizard-event-log-mde-ah-parsing-expanded.png)
+   > [![Parse the Advanced Hunting CSV WDAC event files](../images/wdac-wizard-event-log-mde-ah-parsing.png)](../images/wdac-wizard-event-log-mde-ah-parsing-expanded.png)
 
 7. Select the Next button to view the audit and block events and create rules.
 8. [Generate rules from the events](#creating-policy-rules-from-the-events).
@@ -128,14 +109,13 @@ To create a rule and add it to the WDAC policy:
 4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label will be added to the selected row confirming that the rule will be generated.
 
    > [!div class="mx-imgBorder"]
-   > [![Adding a publisher rule to the WDAC policy](images/wdac-wizard-event-rule-creation.png)](images/wdac-wizard-event-rule-creation-expanded.png)
+   > [![Adding a publisher rule to the WDAC policy](../images/wdac-wizard-event-rule-creation.png)](../images/wdac-wizard-event-rule-creation-expanded.png)
 
 5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies. 
 
 > [!WARNING]
 > It is not recommended to deploy the event log policy on its own, as it likely lacks rules to authorize Windows and may cause blue screens.
 
-
 ## Up next
 
 - [Merging Windows Defender Application Control (WDAC) policies using the Wizard](wdac-wizard-merging-policies.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
rename to windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md
index cc3fb987e1..2f67ee3ad7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard.md
@@ -1,27 +1,15 @@
 ---
 title: Windows Defender Application Control Wizard
 description: The Windows Defender Application Control policy wizard tool allows you to create, edit, and merge application control policies in a simple to use Windows application.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: jgeurten
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 05/24/2022
 ---
 
 # Windows Defender Application Control Wizard
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 The Windows Defender Application Control policy wizard is an open-source Windows desktop application written in C# and bundled as an MSIX package. It was built to provide security architects with security, and system administrators with a more user-friendly means to create, edit, and merge Application Control policies. This tool uses the [ConfigCI PowerShell cmdlets](/powershell/module/configci) in the backend so the output policy of the tool and PowerShell cmdlets is identical.
 
@@ -31,7 +19,7 @@ Download the tool from the official [Windows Defender Application Control Policy
 
 ### Supported clients
 
-As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [Application Control feature availability](feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements:
+As the tool uses the cmdlets in the background, it's functional on clients only where the cmdlets are supported. For more information, see [Application Control feature availability](../feature-availability.md). Specifically, the tool verifies that the client meets one of the following requirements:
 
 - Windows 10, version 1909 or later
 - For pre-1909 builds, the Enterprise SKU of Windows is installed
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md
similarity index 81%
rename from windows/security/threat-protection/windows-defender-application-control/feature-availability.md
rename to windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md
index 6a4d3454bd..4797a379d3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/feature-availability.md
@@ -1,26 +1,13 @@
 ---
 title: Windows Defender Application Control feature availability
 description: Compare Windows Defender Application Control (WDAC) and AppLocker feature availability.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: jgeurten
-ms.reviewer: aaroncz
-ms.author: jogeurte
-manager: aaroncz
 ms.date: 05/26/2023
-ms.custom: asr
 ms.topic: overview
 ---
 
 # Windows Defender Application Control and AppLocker feature availability
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. See below to learn more.
 
@@ -28,7 +15,7 @@ ms.topic: overview
 |-------------|------|-------------|
 | Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later.  | Available on Windows 8 or later.   |
 | SKU availability     | Available on Windows 10, Windows 11, and Windows Server 2016 or later. <br> WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies are supported on all editions Windows 10 version 2004 and newer with [KB 5024351](https://support.microsoft.com/help/5024351).<br><br>Windows versions older than version 2004, including Windows Server 2019:<br><ul><li>Policies deployed through GP are only supported on Enterprise and Server editions.</li><li>Policies deployed through MDM are supported on all editions.</li></ul>|
-| Management solutions   | <ul><li>[Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md)</li><li>[Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>[Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
+| Management solutions   | <ul><li>[Intune](deployment/deploy-wdac-policies-using-intune.md)</li><li>[Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](deployment/deploy-wdac-policies-using-group-policy.md) </li><li>[Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
 | Per-User and Per-User group rules | Not available (policies are device-wide).  | Available on Windows 8+.  |
 | Kernel mode policies  | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |
 | [Rule option 11 - Disabled:Script Enforcement](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement)  | Available on all versions of Windows 10 except 1607 LTSB, Windows 11, and Windows Server 2019 and above. **Disabled:Script Enforcement** is not supported on **Windows Server 2016** or on **Windows 10 1607 LTSB** and should not be used on those platforms. Doing so will result in unexpected script enforcement behaviors. | MSI and Script rule collection is separately configurable. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-task-mgr.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-task-mgr.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-task-mgr.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg-token.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg-token.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg-token.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/appid-pid-windbg.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-pid-windbg.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-1.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-1.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-1.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-2.png b/windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/appid-wdac-wizard-2.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/appid-wdac-wizard-2.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/bit-toggling-keyboard-icon.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/bit-toggling-keyboard-icon.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/calculator-menu-icon.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/calculator-menu-icon.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png b/windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/calculator-with-hex-in-binary.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/calculator-with-hex-in-binary.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig12-verifysigning.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig12-verifysigning.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig12-verifysigning.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig13-createnewgpo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig13-createnewgpo.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig13-createnewgpo.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig14-createnewfile.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig14-createnewfile.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig14-createnewfile.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig15-setnewfileprops.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig15-setnewfileprops.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig15-setnewfileprops.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig16-specifyinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig16-specifyinfo.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig16-specifyinfo.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig17-specifyinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig17-specifyinfo.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig17-specifyinfo.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig18-specifyux.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig18-specifyux.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig18-specifyux.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig19-customsettings.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig19-customsettings.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig19-customsettings.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig20-setsoftwareinv.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig21-pathproperties.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig21-pathproperties.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig21-pathproperties.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig23-exceptionstocode.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig23-exceptionstocode.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig23-exceptionstocode.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig24-creategpo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig24-creategpo.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig24-creategpo.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig26-enablecode.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig26-enablecode.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig26-enablecode.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig27-managecerttemp.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig27-managecerttemp.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig27-managecerttemp.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig29-enableconstraints.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig29-enableconstraints.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig29-enableconstraints.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig30-selectnewcert.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig30-selectnewcert.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig30-selectnewcert.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png b/windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/dg-fig31-getmoreinfo.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3077.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/event-3077.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3077.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3089.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/event-3089.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3089.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png b/windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/event-3099-options.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/event-3099-options.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png b/windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/hex-icon.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/hex-icon.png
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png
new file mode 100644
index 0000000000..817c745bd8
Binary files /dev/null and b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png differ
diff --git a/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png
new file mode 100644
index 0000000000..66a137086a
Binary files /dev/null and b/windows/security/application-security/application-control/windows-defender-application-control/images/known-issue-appid-dll-rule.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-confirm-wdac-rule.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy-2.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-policy.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-2.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule-3.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-create-wdac-rule.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-2.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-3.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac-4.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg b/windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg
rename to windows/security/application-security/application-control/windows-defender-application-control/images/memcm/memcm-deploy-wdac.jpg
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/policyflow.png b/windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/policyflow.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/policyflow.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-edit-gp.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-edit-gp.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-edit-gp.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-catalogs.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-catalogs.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-catalogs.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-deployment.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-app-deployment.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-app-deployment.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-policy-authorization.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-policy-authorization.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-intune-policy-authorization.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-confirm-base-policy-modification.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-file-attribute-rule.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-manual-pfn-rule.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-pfn-rule.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-custom-publisher-rule.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-policy-rules.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-edit-remove-file-rule.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files-expanded.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-files.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-files.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export-expanded.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-export.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing-expanded.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-mde-ah-parsing.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system-expanded.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-log-system.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-log-system.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation-expanded.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-event-rule-creation.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-merge.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-merge.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-merge.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI-advanced-collapsed.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-rule-options-UI.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-expandable.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-not-base.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-supplemental-policy-rule-options-UI.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-template-selection.png b/windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-application-control/images/wdac-wizard-template-selection.png
rename to windows/security/application-security/application-control/windows-defender-application-control/images/wdac-wizard-template-selection.png
diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
similarity index 62%
rename from windows/security/threat-protection/windows-defender-application-control/index.yml
rename to windows/security/application-security/application-control/windows-defender-application-control/index.yml
index 4ef7702d87..1b1d46e536 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml
@@ -19,7 +19,7 @@ landingContent:
       - linkListType: overview
         links:
           - text: What is Application Control?
-            url: windows-defender-application-control.md
+            url: wdac.md
           - text: What is Windows Defender Application Control (WDAC)?
             url: wdac-and-applocker-overview.md
           - text: What is AppLocker?
@@ -32,31 +32,31 @@ landingContent:
       - linkListType: overview
         links:
           - text: Using code signing to simplify application control
-            url: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
-          - text: Microsoft's Recommended Blocklist
-            url: microsoft-recommended-block-rules.md
+            url: deployment/use-code-signing-for-better-control-and-protection.md
+          - text: Applications that can bypass WDAC and how to block them
+            url: design/applications-that-can-bypass-wdac.md
           - text: Microsoft's Recommended Driver Blocklist
-            url: microsoft-recommended-driver-block-rules.md
+            url: design/microsoft-recommended-driver-block-rules.md
           - text: Example WDAC policies
-            url: example-wdac-base-policies.md
+            url: design/example-wdac-base-policies.md
           - text: LOB Win32 apps on S Mode
-            url: LOB-win32-apps-on-s.md
+            url: deployment/LOB-win32-apps-on-s.md
           - text: Managing multiple policies
-            url: deploy-multiple-windows-defender-application-control-policies.md
+            url: design/deploy-multiple-wdac-policies.md
       - linkListType: how-to-guide
         links:
           - text: Create a WDAC policy for a lightly managed device
-            url: create-wdac-policy-for-lightly-managed-devices.md
+            url: design/create-wdac-policy-for-lightly-managed-devices.md
           - text: Create a WDAC policy for a fully managed device
-            url: create-wdac-policy-for-fully-managed-devices.md
+            url: design/create-wdac-policy-for-fully-managed-devices.md
           - text: Create a WDAC policy for a fixed-workload
-            url: create-initial-default-policy.md
+            url: design/create-wdac-policy-using-reference-computer.md
           - text: Create a WDAC deny list policy
-            url: create-wdac-deny-policy.md
+            url: design/create-wdac-deny-policy.md
           - text: Deploying catalog files for WDAC management
-            url: deploy-catalog-files-to-support-windows-defender-application-control.md
+            url: deployment/deploy-catalog-files-to-support-wdac.md
           - text: Using the WDAC Wizard
-            url: wdac-wizard.md
+            url: design/wdac-wizard.md
       #- linkListType: Tutorial (videos)
       #  links:
       #    - text: Using the WDAC Wizard
@@ -69,44 +69,44 @@ landingContent:
       - linkListType: overview
         links:
           - text: Understanding policy and file rules
-            url: select-types-of-rules-to-create.md
+            url: design/select-types-of-rules-to-create.md
           - text: Understanding WDAC secure settings
-            url: understanding-wdac-policy-settings.md
+            url: design/understanding-wdac-policy-settings.md
       - linkListType: how-to-guide
         links:
           - text: Allow managed installer and configure managed installer rules
-            url: configure-authorized-apps-deployed-with-a-managed-installer.md
+            url: design/configure-authorized-apps-deployed-with-a-managed-installer.md
           - text: Allow reputable apps with ISG
-            url: use-windows-defender-application-control-with-intelligent-security-graph.md
+            url: design/use-wdac-with-intelligent-security-graph.md
           - text: Managed MSIX and Appx Packaged Apps
-            url: manage-packaged-apps-with-windows-defender-application-control.md
+            url: design/manage-packaged-apps-with-wdac.md
           - text: Allow com object registration
-            url: allow-com-object-registration-in-windows-defender-application-control-policy.md
+            url: design/allow-com-object-registration-in-wdac-policy.md
           - text: Manage plug-ins, add-ins and modules
-            url: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+            url: design/use-wdac-policy-to-control-specific-plug-ins-add-ins-and-modules.md
   # Card
   - title: Learn how to deploy WDAC Policies
     linkLists:
       - linkListType: overview
         links:
           - text: Using signed policies to protect against tampering
-            url: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+            url: deployment/use-signed-policies-to-protect-wdac-against-tampering.md
           - text: Audit mode policies
-            url: audit-windows-defender-application-control-policies.md
+            url: deployment/audit-wdac-policies.md
           - text: Enforcement mode policies
-            url: enforce-windows-defender-application-control-policies.md
+            url: deployment/enforce-wdac-policies.md
           - text: Disabling WDAC policies
-            url: disable-windows-defender-application-control-policies.md
+            url: deployment/disable-wdac-policies.md
       - linkListType: tutorial
         links:
           - text: Deployment with MDM
-            url: deployment/deploy-windows-defender-application-control-policies-using-intune.md
+            url: deployment/deploy-wdac-policies-using-intune.md
           - text: Deployment with Configuration Manager
             url: deployment/deploy-wdac-policies-with-memcm.md
           - text: Deployment with script and refresh policy
             url: deployment/deploy-wdac-policies-with-script.md
           - text: Deployment with group policy
-            url: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+            url: deployment/deploy-wdac-policies-using-group-policy.md
   # Card
   - title: Learn how to troubleshoot and debug WDAC events
     linkLists:
@@ -115,10 +115,10 @@ landingContent:
           - text: Debugging and troubleshooting
             url: operations/wdac-debugging-and-troubleshooting.md
           - text: Understanding event IDs
-            url: event-id-explanations.md
+            url: operations/event-id-explanations.md
           - text: Understanding event Tags
-            url: event-tag-explanations.md
+            url: operations/event-tag-explanations.md
       - linkListType: how-to-guide
         links:
           - text: Querying events using advanced hunting
-            url: querying-application-control-events-centrally-using-advanced-hunting.md
\ No newline at end of file
+            url: operations/querying-application-control-events-centrally-using-advanced-hunting.md
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md
index 7c5b349e1f..170525c906 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/citool-commands.md
@@ -1,14 +1,10 @@
 ---
 title: Managing CI Policies and Tokens with CiTool
 description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool
-author: valemieux
-ms.author: jogeurte
-ms.reviewer: jsuther1974
 ms.topic: how-to
 ms.date: 04/05/2023
-ms.custom: template-how-to
-ms.prod: windows-client
-ms.technology: itpro-security
+appliesto:
+- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
 
 # CiTool technical reference
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md
index 6be18a4bd1..44d5693f5a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-wdac-managed-installer.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/configure-wdac-managed-installer.md
@@ -1,33 +1,15 @@
 ---
-title: Managed installer and ISG technical reference and troubleshooting guide 
+title: Managed installer and ISG technical reference and troubleshooting guide
 description: Explains how to configure a custom Manged Installer.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 11/11/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Managed installer and ISG technical reference and troubleshooting guide
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2019 and above
-
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
 
 ## Enabling managed installer and Intelligent Security Graph (ISG) logging events
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md
similarity index 93%
rename from windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md
index 1b123b517a..a100e1a2c0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-id-explanations.md
@@ -1,25 +1,13 @@
 ---
 title: Understanding Application Control event IDs
 description: Learn what different Windows Defender Application Control event IDs signify.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 03/24/2023
 ms.topic: reference
 ---
 
 # Understanding Application Control events
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later (limited events)
-
 ## WDAC Events Overview
 
 WDAC logs events when a policy is loaded, when a file is blocked, or when a file would be blocked if in audit mode. These block events include information that identifies the policy and gives more details about the block. WDAC doesn't generate events when a binary is allowed. However, you can turn on allow audit events for files authorized by a managed installer or the Intelligent Security Graph (ISG) as described later in this article.
@@ -28,13 +16,13 @@ WDAC logs events when a policy is loaded, when a file is blocked, or when a file
 
 WDAC events are generated under two locations in the Windows Event Viewer:
 
-- **Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational** includes events about Application Control policy activation and the control of executables, dlls, and drivers.
-- **Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script** includes events about the control of MSI installers, scripts, and COM objects.
+- **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational** includes events about Application Control policy activation and the control of executables, dlls, and drivers.
+- **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** includes events about the control of MSI installers, scripts, and COM objects.
 
 Most app and script failures that occur when WDAC is active can be diagnosed using these two event logs. This article describes in greater detail the events that exist in these logs. To understand the meaning of different data elements, or tags, found in the details of these events, see [Understanding Application Control event tags](event-tag-explanations.md).
 
 > [!NOTE]
-> **Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script** events are not included on Windows Server Core edition.
+> **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script** events are not included on Windows Server Core edition.
 
 ## WDAC block events for executables, dlls, and drivers
 
@@ -51,13 +39,13 @@ These events are found in the **CodeIntegrity - Operational** event log.
 
 ## WDAC block events for packaged apps, MSI installers, scripts, and COM objects
 
-These events are found in the **AppLocker – MSI and Script** event log.
+These events are found in the **AppLocker - MSI and Script** event log.
 
 | Event ID | Explanation |
 |--------|-----------|
 | 8028 | This event indicates that a script host, such as PowerShell, queried Application Control about a file the script host was about to run. Since the policy was in audit mode, the script or MSI file should have run, but wouldn't have passed the WDAC policy if it was enforced. Some script hosts may have additional information in their logs. Note: Most third-party script hosts don't integrate with Application Control. Consider the risks from unverified scripts when choosing which script hosts you allow to run. |
 | 8029 | This event is the enforcement mode equivalent of event 8028. Note: While this event says that a script was blocked, the script hosts control the actual script enforcement behavior. The script host may allow the file to run with restrictions and not block the file outright. For example, PowerShell runs script not allowed by your WDAC policy in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). |
-| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](allow-com-object-registration-in-windows-defender-application-control-policy.md). |
+| 8036| COM object was blocked. To learn more about COM object authorization, see [Allow COM object registration in a Windows Defender Application Control policy](../design/allow-com-object-registration-in-wdac-policy.md). |
 | 8037 | This event indicates that a script host checked whether to allow a script to run, and the file passed the WDAC policy. |
 | 8038 | Signing information event correlated with either an 8028 or 8029 event. One 8038 event is generated for each signature of a script file. Contains the total number of signatures on a script file and an index as to which signature it is. Unsigned script files generate a single 8038 event with TotalSignatureCount 0. These events are correlated with 8028 and 8029 events and can be matched using the `Correlation ActivityID` found in the **System** portion of the event. |
 | 8039 | This event indicates that a packaged app (MSIX/AppX) was allowed to install or run because the WDAC policy is in audit mode. But, it would have been blocked if the policy was enforced. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
similarity index 84%
rename from windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
index b48aea608c..7fb31cd8a4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/event-tag-explanations.md
@@ -1,20 +1,8 @@
 ---
-title: Understanding Application Control event tags 
+title: Understanding Application Control event tags
 description: Learn what different Windows Defender Application Control event tags signify.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 05/09/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
@@ -102,22 +90,22 @@ The Application Control policy rule option values can be derived from the "Optio
 - Identify the hex code listed in the "Options" field.
 - Convert the hex code to binary.
 
-:::image type="content" source="images/event-3099-options.png" alt-text="Event 3099 policy rule options.":::
+:::image type="content" source="../images/event-3099-options.png" alt-text="Event 3099 policy rule options.":::
 
 For a simple solution for converting hex to binary, follow these steps:
 
 1. Open the Calculator app.
-1. Select the menu icon. :::image type="icon" source="images/calculator-menu-icon.png" border="false":::
+1. Select the menu icon. :::image type="icon" source="../images/calculator-menu-icon.png" border="false":::
 1. Select **Programmer** mode.
-1. Select **HEX**. :::image type="icon" source="images/hex-icon.png" border="false":::
+1. Select **HEX**. :::image type="icon" source="../images/hex-icon.png" border="false":::
 1. Enter your hex code. For example, `80881000`.
-1. Switch to the **Bit Toggling Keyboard**. :::image type="icon" source="images/bit-toggling-keyboard-icon.png" border="false":::
+1. Switch to the **Bit Toggling Keyboard**. :::image type="icon" source="../images/bit-toggling-keyboard-icon.png" border="false":::
 
-:::image type="content" source="images/calculator-with-hex-in-binary.png" alt-text="An example of the calculator app in programmer mode, with a hex code converted into binary.":::
+:::image type="content" source="../images/calculator-with-hex-in-binary.png" alt-text="An example of the calculator app in programmer mode, with a hex code converted into binary.":::
 
 This view provides the hex code in binary form, with each bit address shown separately.  The bit addresses start at 0 in the bottom right.  Each bit address correlates to a specific event policy-rule option.  If the bit address holds a value of 1, the setting is in the policy.
 
-Next, use the bit addresses and their values from the following table to determine the state of each [policy rule-option](select-types-of-rules-to-create.md#table-1-windows-defender-application-control-policy---policy-rule-options). For example, if the bit address of 16 holds a value of 1, then the **Enabled: Audit Mode (Default)** option is in the policy. This setting means that the policy is in audit mode.
+Next, use the bit addresses and their values from the following table to determine the state of each [policy rule-option](../design/select-types-of-rules-to-create.md#table-1-windows-defender-application-control-policy---policy-rule-options). For example, if the bit address of 16 holds a value of 1, then the **Enabled: Audit Mode (Default)** option is in the policy. This setting means that the policy is in audit mode.
 
 | Bit Address | Policy Rule Option |
 |-------|------|
@@ -169,7 +157,7 @@ The rule means trust anything signed by a certificate that chains to this root C
 | 18 | Microsoft ECC Product Root CA 2018 |
 | 19 | Microsoft ECC Devices Root CA 2017 |
 
-For well-known roots, the TBS hashes for the certificates are baked into the code for Windows Defender Application Control. For example, they don’t need to be listed as TBS hashes in the policy file.
+For well-known roots, the TBS hashes for the certificates are baked into the code for Windows Defender Application Control. For example, they don't need to be listed as TBS hashes in the policy file.
 
 ## Status values
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
similarity index 96%
rename from windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
index 3ade157db4..9edd163212 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/inbox-wdac-policies.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/inbox-wdac-policies.md
@@ -1,28 +1,14 @@
 ---
 title: Inbox WDAC policies
 description: This article describes the inbox WDAC policies that may be active on a device.
-keywords: security, malware
-ms.prod: windows-client
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: jogeurte
 ms.manager: jsuther
-manager: aaroncz
 ms.date: 03/10/2023
-ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
 ---
 
 # Inbox WDAC policies
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
similarity index 80%
rename from windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
index a9c0d42e86..0666d011c5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/known-issues.md
@@ -1,28 +1,14 @@
 ---
 title: WDAC Admin Tips & Known Issues
 description: WDAC Known Issues
-keywords: security, malware
-ms.prod: windows-client
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: jogeurte
 ms.manager: jsuther
-manager: aaroncz
 ms.date: 05/09/2023
-ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
 ---
 
 # WDAC Admin Tips & Known Issues
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -87,11 +73,26 @@ Installing .msi files directly from the internet to a computer protected by WDAC
 For example, this command fails:
 
 ```console
-msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
+msiexec -i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
 ```
 
 As a workaround, download the MSI file and run it locally:
 
 ```console
-msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi  
+msiexec -i c:\temp\Windows10_Version_1511_ADMX.msi  
 ```
+### Slow boot and performance with custom policies
+
+WDAC will evaluate all running processes, including inbox Windows processes. If policies don't build off the WDAC templates or don't trust the Windows signers, you'll see slower boot times, degraded performance and possibly boot issues. For these reasons, it's strongly recommended to build off the [WDAC base templates](../design/example-wdac-base-policies.md). 
+
+#### AppId Tagging policy considerations
+
+If the AppId Tagging Policy wasn't built off the WDAC base templates or doesn't allow the Windows in-box signers, you'll notice a significant increase in boot times (~2 minutes). 
+
+If you can't allowlist the Windows signers, or build off the WDAC base templates, it is strongly recommended to add the following rule to your policies to improve the performance:
+
+:::image type="content" source="../images/known-issue-appid-dll-rule.png" alt-text="Allow all dlls in the policy.":::
+
+:::image type="content" source="../images/known-issue-appid-dll-rule-xml.png" alt-text="Allow all dll files in the xml policy.":::
+
+Since AppId Tagging policies evaluate but can't tag dll files, this rule will short circuit dll evaluation and improve evaluation performance.
diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
similarity index 94%
rename from windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
index 22112f4c42..f6671dc740 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/querying-application-control-events-centrally-using-advanced-hunting.md
@@ -1,20 +1,8 @@
 ---
-title: Query Application Control events with Advanced Hunting 
+title: Query Application Control events with Advanced Hunting
 description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
 ms.date: 03/01/2022
-ms.technology: itpro-security
 ms.topic: article
 ---
 
@@ -25,7 +13,7 @@ While Event Viewer helps to see the impact on a single system, IT Pros want to g
 
 In November 2018, we added functionality in Microsoft Defender for Endpoint that makes it easy to view WDAC events centrally from all connected systems.
 
-Advanced hunting in Microsoft Defender for Endpoint allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with “AppControl”.
+Advanced hunting in Microsoft Defender for Endpoint allows customers to query data using a rich set of capabilities. WDAC events can be queried with using an ActionType that starts with "AppControl".
 This capability is supported beginning with Windows version 1607.
 
 ## Action Types
@@ -74,7 +62,6 @@ The query results can be used for several important functions related to managin
 - Monitoring blocks from policies in enforced mode
   Policies deployed in enforced mode may block executables or scripts that fail to meet any of the included allow rules. Legitimate new applications and updates or potentially unwanted or malicious software could be blocked. In either case, the Advanced hunting queries report the blocks for further investigation.
 
-
 Query Example #2: Query to determine audit blocks in the past seven days
 
 ```
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
similarity index 90%
rename from windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
index 190cbc0ca8..dc6c98cb9b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-debugging-and-troubleshooting.md
@@ -1,24 +1,12 @@
 ---
 title: WDAC debugging and troubleshooting guide
 description: Learn how to debug and troubleshoot app and script failures when using WDAC
-author: valemieux
-ms.author: jogeurte
-ms.reviewer: jsuther1974
 ms.topic: how-to
 ms.date: 04/06/2023
-ms.custom: template-how-to
-ms.prod: windows-client
-ms.technology: itpro-security
 ---
 
 # WDAC debugging and troubleshooting
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and later
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
@@ -92,8 +80,8 @@ Run the following commands from an elevated PowerShell window to collect the dia
 
 WDAC events are generated under two locations:
 
-- Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
-- Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
+- Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational
+- Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script
 
 Within the CiDiag output directory, these event logs are called CIOperational.evtx and ALMsiAndScript.evtx, respectively.
 
@@ -101,14 +89,14 @@ Within the CiDiag output directory, these event logs are called CIOperational.ev
 
 Sometimes, you may be able to supplement the information contained in the core WDAC event logs with information found in these other event logs. CIDiag.exe doesn't collect the ones shown in *italics*.
 
-- Applications and Services logs – Microsoft – Windows – CodeIntegrity – Verbose
-- Applications and Services logs – Microsoft – Windows – AppLocker – EXE and DLL
-- Applications and Services logs – Microsoft – Windows – AppLocker – Packaged app-Deployment
-- Applications and Services logs – Microsoft – Windows – AppLocker – Packaged app-Execution
-- Applications and Services logs – Microsoft – Windows – AppID - Operational
-- Applications and Services logs – Microsoft – Windows – CAPI2 - Operational
-- Applications and Services logs – Microsoft – Windows – DeviceGuard - Operational
-- *Applications and Services logs – Microsoft – Windows – PowerShell - \**
+- Applications and Services logs - Microsoft - Windows - CodeIntegrity - Verbose
+- Applications and Services logs - Microsoft - Windows - AppLocker - EXE and DLL
+- Applications and Services logs - Microsoft - Windows - AppLocker - Packaged app-Deployment
+- Applications and Services logs - Microsoft - Windows - AppLocker - Packaged app-Execution
+- Applications and Services logs - Microsoft - Windows - AppID - Operational
+- Applications and Services logs - Microsoft - Windows - CAPI2 - Operational
+- Applications and Services logs - Microsoft - Windows - DeviceGuard - Operational
+- *Applications and Services logs - Microsoft - Windows - PowerShell - \**
 - *Windows - Application*
 - *Windows - System*
 
@@ -119,10 +107,10 @@ Having gathered the necessary diagnostic information from a device, you're ready
 1. Verify the set of WDAC policies that are active and enforced. Confirm that only those policies you expect to be active are currently active. Be aware of the [Windows inbox policies](inbox-wdac-policies.md) that may also be active. You can use either of these methods:
 
     - Review the output from *CiTool.exe -lp*, if applicable, which was saved to the CIDiag output directory as CiToolOutput.json. See [use Microsoft Edge to view the formatted json file](/microsoft-edge/devtools-guide-chromium/json-viewer/json-viewer).
-    - Review all [policy activation events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-policy-activation-events) from the core WDAC event log found at  **Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx.
+    - Review all [policy activation events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-policy-activation-events) from the core WDAC event log found at  **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx.
 
-2. Review any [block events for executables, dlls, and drivers](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-block-events-for-executables-dlls-and-drivers) from the core WDAC event log found at  **Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx. Use information from the block events and their correlated 3089 signature details event(s) to investigate any blocks that are unexplained or unexpected. See the blocked executable example described later in this article for reference.
-3. Review any [block events for packaged apps, MSI installers, scripts, and COM objects](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects) from the core script enforcement event log found at  **Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script**. Within the CIDiag output directory, this event log is called ALMsiAndScript.evtx. Use information from the block events and their correlated 8038 signature details event(s) to investigate any blocks that are unexplained or unexpected.
+2. Review any [block events for executables, dlls, and drivers](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-block-events-for-executables-dlls-and-drivers) from the core WDAC event log found at  **Applications and Services logs - Microsoft - Windows - CodeIntegrity - Operational**. Within the CIDiag output directory, this event log is called CIOperational.evtx. Use information from the block events and their correlated 3089 signature details event(s) to investigate any blocks that are unexplained or unexpected. See the blocked executable example described later in this article for reference.
+3. Review any [block events for packaged apps, MSI installers, scripts, and COM objects](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#wdac-block-events-for-packaged-apps-msi-installers-scripts-and-com-objects) from the core script enforcement event log found at  **Applications and Services logs - Microsoft - Windows - AppLocker - MSI and Script**. Within the CIDiag output directory, this event log is called ALMsiAndScript.evtx. Use information from the block events and their correlated 8038 signature details event(s) to investigate any blocks that are unexplained or unexpected.
 
 Most WDAC-related issues, including app and script failures, can be diagnosed using the preceding steps.
 
@@ -132,7 +120,7 @@ Here's an example of detailed EventData from a typical WDAC enforcement mode blo
 
 #### Event 3077 - WDAC enforcement block event
 
-![Example 3077 block event for PowerShell.exe.](/windows/security/threat-protection/windows-defender-application-control/images/event-3077.png)
+![Example 3077 block event for PowerShell.exe.](../images/event-3077.png)
 
 | Element name | Description |
 | ----- | ----- |
@@ -160,7 +148,7 @@ Here's an example of detailed EventData from a typical WDAC enforcement mode blo
 
 #### Event 3089 - WDAC signature information event
 
-![Example 3089 signature information event for PowerShell.exe.](/windows/security/threat-protection/windows-defender-application-control/images/event-3089.png)
+![Example 3089 signature information event for PowerShell.exe.](../images/event-3089.png)
 
 | Element name | Description |
 | ----- | ----- |
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
similarity index 85%
rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
rename to windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
index 6acc9a240c..9b0edc0e23 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/operations/wdac-operational-guide.md
@@ -1,33 +1,15 @@
 ---
-title: Managing and troubleshooting Windows Defender Application Control policies 
+title: Managing and troubleshooting Windows Defender Application Control policies
 description: Gather information about how your deployed Windows Defender Application Control policies are behaving.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: jsuther1974
-ms.reviewer: jogeurte
-ms.author: vinpa
-manager: aaroncz
 ms.date: 03/30/2023
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Windows Defender Application Control operational guide
 
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
 You now understand how to design and deploy your Windows Defender Application Control (WDAC) policies. This guide explains how to understand the effects your policies have and how to troubleshoot when they aren't behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender for Endpoint Advanced Hunting feature.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
similarity index 86%
rename from windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
rename to windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
index 9290f836ef..ef5997b774 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview.md
@@ -1,32 +1,13 @@
 ---
 title: WDAC and AppLocker Overview
 description: Compare Windows application control technologies.
-keywords: security, malware, allow-list, block-list
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-author: vinaypamnani-msft
-ms.reviewer: jsuther
-ms.author: vinpa
-manager: aaroncz
 ms.date: 04/04/2023
-ms.custom: asr
-ms.technology: itpro-security
 ms.topic: article
 ---
 
 # Windows Defender Application Control and AppLocker Overview
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
@@ -40,9 +21,9 @@ Windows Defender Application Control policies apply to the managed computer as a
 
 - Attributes of the codesigning certificate(s) used to sign an app and its binaries
 - Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
-- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md)
-- The identity of the process that initiated the installation of the app and its binaries ([managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md))
-- The [path from which the app or file is launched](select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
+- The reputation of the app as determined by Microsoft's [Intelligent Security Graph](design/use-wdac-with-intelligent-security-graph.md)
+- The identity of the process that initiated the installation of the app and its binaries ([managed installer](design/configure-authorized-apps-deployed-with-a-managed-installer.md))
+- The [path from which the app or file is launched](design/select-types-of-rules-to-create.md#more-information-about-filepath-rules) (beginning with Windows 10 version 1903)
 - The process that launched the app or binary
 
 > [!NOTE]
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
similarity index 61%
rename from windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
rename to windows/security/application-security/application-control/windows-defender-application-control/wdac.md
index 9f1f0f96d3..22e5196913 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md
@@ -1,39 +1,21 @@
 ---
 title: Application Control for Windows
 description: Application Control restricts which applications users are allowed to run and the code that runs in the system core.
-keywords: security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-audience: ITPro
-ms.collection: 
-  - highpri
-  - tier3
-author: vinaypamnani-msft
-ms.reviewer: jsuther
-ms.author: vinpa
-manager: aaroncz
-ms.date: 04/06/2023
-ms.custom: asr
-ms.technology: itpro-security
+ms.collection:
+- highpri
+- tier3
+- must-keep
+ms.date: 08/30/2023
 ms.topic: article
 ---
 
 # Application Control for Windows
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-With thousands of new malicious files created every day, using traditional methods like antivirus solutions—signature-based detection to fight against malware—provides an inadequate defense against new attacks.
+With thousands of new malicious files created every day, using traditional methods like antivirus solutions-signature-based detection to fight against malware-provides an inadequate defense against new attacks.
 
 In most organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. However, when a user runs a process, that process has the same level of access to data that the user has. As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software.
 
@@ -51,9 +33,9 @@ Windows 10 and Windows 11 include two technologies that can be used for applicat
 
 ## WDAC and Smart App Control
 
-Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** rule which isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy).
+Starting in Windows 11 version 22H2, [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) provides application control for consumers. Smart App Control is based on WDAC, allowing enterprise customers to create a policy that offers the same security and compatibility with the ability to customize it to run line-of-business (LOB) apps. To make it easier to implement this policy, an [example policy](design/example-wdac-base-policies.md) is provided. The example policy includes **Enabled:Conditional Windows Lockdown Policy** option that isn't supported for WDAC enterprise policies. This rule must be removed before you use the example policy. To use this example policy as a starting point for creating your own policy, see [Create a custom base policy using an example WDAC base policy](design/create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy).
 
-Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control will automatically turn off for enterprise managed devices unless the user has turned it on first. To turn Smart App Control on or off across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` to one of the values listed below. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect.
+Smart App Control is only available on clean installation of Windows 11 version 22H2 or later, and starts in evaluation mode. Smart App Control is automatically turned off for enterprise managed devices unless the user has turned it on first. To turn off Smart App Control across your organization's endpoints, you can set the **VerifiedAndReputablePolicyState** (DWORD) registry value under `HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy` as shown in the following table. After you change the registry value, you must either restart the device or use [CiTool.exe -r](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands#refresh-the-wdac-policies-on-the-system) for the change to take effect.
 
 | Value | Description |
 |-------|-------------|
@@ -66,18 +48,18 @@ Smart App Control is only available on clean installation of Windows 11 version
 
 ### Smart App Control Enforced Blocks
 
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control:
+Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
 
 - Infdefaultinstall.exe
 - Microsoft.Build.dll
 - Microsoft.Build.Framework.dll
 - Wslhost.dll
 
-[!INCLUDE [windows-defender-application-control-wdac](../../../../includes/licensing/windows-defender-application-control-wdac.md)]
+[!INCLUDE [windows-defender-application-control-wdac](../../../../../includes/licensing/windows-defender-application-control-wdac.md)]
 
 ## Related articles
 
-- [WDAC design guide](windows-defender-application-control-design-guide.md)
-- [WDAC deployment guide](windows-defender-application-control-deployment-guide.md)
-- [WDAC operational guide](windows-defender-application-control-operational-guide.md)
+- [WDAC design guide](design/wdac-design-guide.md)
+- [WDAC deployment guide](deployment/wdac-deployment-guide.md)
+- [WDAC operational guide](operations/wdac-operational-guide.md)
 - [AppLocker overview](applocker/applocker-overview.md)
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/TOC.yml
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/TOC.yml
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/TOC.yml
diff --git a/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
new file mode 100644
index 0000000000..5b544490b0
--- /dev/null
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/configure-md-app-guard.md
@@ -0,0 +1,62 @@
+---
+title: Configure the Group Policy settings for Microsoft Defender Application Guard
+description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
+ms.localizationpriority: medium
+ms.date: 07/11/2023
+ms.topic: how-to
+---
+
+# Configure Microsoft Defender Application Guard policy settings
+
+Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain.
+
+Application Guard uses both network isolation and application-specific settings.
+
+[!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management](../../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md)]
+
+For more information about Microsoft Defender Application Guard (MDAG) for Edge in stand-alone mode, see [Microsoft Defender Application Guard overview](md-app-guard-overview.md).
+
+## Network isolation settings
+
+These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
+
+> [!NOTE]
+> For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you don't need to configure network isolation policy to enable Application Guard for Microsoft Edge in managed mode.
+
+> [!NOTE]
+> You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the **Domains categorized as both work and personal** policy.
+
+|Policy name|Supported versions|Description|
+|-----------|------------------|-----------|
+|Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT| A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
+|Enterprise resource domains hosted in the cloud| At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (`|`) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
+|Domains categorized as both work and personal| At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
+
+## Network isolation settings wildcards
+
+|Value|Number of dots to the left|Meaning|
+|-----|--------------------------|-------|
+|`contoso.com`|0|Trust only the literal value of `contoso.com`.|
+|`www.contoso.com`|0|Trust only the literal value of `www.contoso.com`.|
+|`.contoso.com`|1|Trust any domain that ends with the text `contoso.com`. Matching sites include `spearphishingcontoso.com`, `contoso.com`, and `www.contoso.com`.|
+|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
+
+## Application-specific settings
+These settings, located at `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard`, can help you to manage your organization's implementation of Application Guard.
+
+|Name|Supported versions|Description|Options|
+|-----------|------------------|-----------|-------|
+|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** This is effective only in managed mode. Turns on the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns off the clipboard functionality for Application Guard.|
+|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether Application Guard can use the print functionality.|**Enabled.** This is effective only in managed mode. Turns on the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for other printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
+|Allow Persistence|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
+|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
+|Allow files to download to host operating system|Windows 10 Enterprise or Pro, 1803 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise or Pro or Education|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.|
+|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won't load any third-party graphics drivers or interact with any connected graphics hardware.|
+|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
+|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise or Pro, 1809 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise or Pro|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates aren't shared with Microsoft Defender Application Guard.|
+|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Education, 1809 or higher<p>Windows 11 Enterprise and Education|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** Event logs aren't collected from your Application Guard container.|
+## Application Guard support dialog settings
+
+These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, you're presented with a dialog box. By default, this dialog box only contains the error information and a button for you to report it to Microsoft via the feedback hub. However, it's possible to provide additional information in the dialog box.
+
+[Use Group Policy to enable and customize contact information](/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
similarity index 93%
rename from windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
index 4f5e1124a1..370243790a 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.yml
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/faq-md-app-guard.yml
@@ -2,25 +2,15 @@
 metadata:
   title: FAQ - Microsoft Defender Application Guard (Windows 10)
   description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard.
-  ms.mktglfcycl: manage
-  ms.sitesec: library
-  ms.pagetype: security
   ms.localizationpriority: medium
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: vinaypamnani-msft
-  ms.author: vinpa
-  ms.reviewer:
-  manager: aaroncz
-  ms.custom: asr
   ms.topic: faq
-  ms.date: 12/31/2017
+  ms.date: 07/11/2023
 title: Frequently asked questions - Microsoft Defender Application Guard
 summary: |
 
-  
+
   This article lists frequently asked questions with answers for Microsoft Defender Application Guard (Application Guard). Questions span features, integration with the Windows operating system, and general configuration.
-  
+
   ## Frequently Asked Questions
 
 sections:
@@ -30,34 +20,34 @@ sections:
           Can I enable Application Guard on machines equipped with 4-GB RAM?
         answer: |
           We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
-          
+
           `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)
-          
+
           `HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB` (Default is 8 GB.)
-          
+
           `HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB` (Default is 5 GB.)
-       
+
       - question: |
           My network configuration uses a proxy and I’m running into a “Cannot resolve External URLs from MDAG Browser: Error: err_connection_refused”. How do I resolve that?
         answer: |
          The manual or PAC server must be a hostname (not IP) that is neutral on the site-list. Additionally, if the PAC script returns a proxy, it must meet those same requirements.
-         
+
          To ensure the FQDNs (Fully Qualified Domain Names) for the “PAC file” and the “proxy servers the PAC file redirects to” are added as Neutral Resources in the Network Isolation policies used by Application Guard, you can:
-        
+
          - Verify this addition by going to edge://application-guard-internals/#utilities and entering the FQDN for the pac/proxy in the “check url trust” field and verifying that it says “Neutral.”
          - It must be an FQDN. A simple IP address won't work.
          - Optionally, if possible, the IP addresses associated with the server hosting the above should be removed from the Enterprise IP Ranges in the Network Isolation policies used by Application Guard.
-        
+
       - question: |
           How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)?
         answer: |
           Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This annotation applies to Windows 10 Enterprise edition, version 1709 or higher. These annotations would be for the proxy policies under Network Isolation in Group Policy or Intune.
-          
+
       - question: |
           Which Input Method Editors (IME) in 19H1 aren't supported?
         answer: |
           The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard:
-          
+
           - Vietnam Telex keyboard
           - Vietnam number key-based keyboard
           - Hindi phonetic keyboard
@@ -70,7 +60,7 @@ sections:
           - Gujarati phonetic keyboard
           - Odia phonetic keyboard
           - Punjabi phonetic keyboard
-          
+
       - question: |
           I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering?
         answer: |
@@ -80,19 +70,19 @@ sections:
           What is the WDAGUtilityAccount local account?
         answer: |
           WDAGUtilityAccount is part of Application Guard, beginning with Windows 10, version 1709 (Fall Creators Update). It remains disabled by default, unless Application Guard is enabled on your device. WDAGUtilityAccount is used to sign in to the Application Guard container as a standard user with a random password. It's NOT a malicious account. It requires *Logon as a service* permissions to be able to function correctly. If this permission is denied, you might see the following error:
-          
+
           **Error: 0x80070569, Ext error: 0x00000001; RDP: Error: 0x00000000, Ext error: 0x00000000 Location: 0x00000000**
-          
+
       - question: |
           How do I trust a subdomain in my site list?
         answer: |
           To trust a subdomain, you must precede your domain with two dots (..). For example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), and the second dot recognizes the start of the domain name (`contoso.com`). These two dots prevent sites such as `fakesitecontoso.com` from being trusted.
-          
+
       - question: |
           Are there differences between using Application Guard on Windows Pro vs Windows Enterprise?
         answer: |
           When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode doesn't. For more information, see [Prepare to install Microsoft Defender Application Guard](./install-md-app-guard.md).
-          
+
       - question: |
           Is there a size limit to the domain lists that I need to configure?
         answer: |
@@ -107,15 +97,15 @@ sections:
           Why do the Network Isolation policies in Group Policy and CSP look different?
         answer: |
           There's not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP.
-          
+
           - Mandatory network isolation GP policy to deploy Application Guard: **DomainSubnets or CloudResources**
-          
+
           - Mandatory network isolation CSP policy to deploy Application Guard: **EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)**
-          
+
           - For EnterpriseNetworkDomainNames, there's no mapped CSP policy.
-          
+
           Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard doesn't work and results in an error message (**0x80070013 ERROR_WRITE_PROTECT**).
-          
+
       - question: |
           Why did Application Guard stop working after I turned off hyperthreading?
         answer: |
@@ -130,70 +120,70 @@ sections:
           Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach the PAC file?
         answer: |
           This issue is a known one. To mitigate this issue, you need to create two firewall rules. For information about creating a firewall rule by using Group Policy, see the following resources:
-          
-          - [Create an inbound icmp rule](../windows-firewall/create-an-inbound-icmp-rule.md)
-          - [Open Group Policy management console for Microsoft Defender Firewall](../windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+
+          - [Create an inbound icmp rule](../../../operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md)
+          - [Open Group Policy management console for Microsoft Defender Firewall](../../../operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 
           ### First rule (DHCP Server)
           - Program path: `%SystemRoot%\System32\svchost.exe`
-          
+
           - Local Service: `Sid:  S-1-5-80-2009329905-444645132-2728249442-922493431-93864177  (Internet Connection Service (SharedAccess))`
-          
+
           - Protocol UDP
-          
+
           - Port 67
-          
+
           ### Second rule (DHCP Client)
           This rule is the same as the first rule, but scoped to local port 68. In the Microsoft Defender Firewall user interface go through the following steps:
-          
+
           1. Right-click on inbound rules, and then create a new rule.
-          
+
           2. Choose **custom rule**.
-          
+
           3. Specify the following program path: `%SystemRoot%\System32\svchost.exe`.
-          
+
           4. Specify the following settings:
               - Protocol Type: UDP
               - Specific ports: 67
               - Remote port: any
-          
+
           5. Specify any IP addresses.
-          
+
           6. Allow the connection.
-          
+
           7. Specify to use all profiles.
-          
+
           8. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
-          
+
           9. In the **Programs and services** tab, under the **Services** section, select **settings**.
-          
+
           10. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
-          
+
       - question: |
           How can I disable portions of Internet Connection Service (ICS) without breaking Application Guard?
         answer: |
           ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We don't recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys.
-          
+
           1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**.
-          
+
           2. Disable IpNat.sys from ICS load as follows: <br/>
           `System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1`
-          
+
           3. Configure ICS (SharedAccess) to be enabled as follows: <br/>
           `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3`
-          
+
           4. (This step is optional) Disable IPNAT as follows: <br/>
           `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4`
-          
+
           5. Reboot the device.
-          
+
       - question: |
           Why doesn't the container fully load when device control policies are enabled?
         answer: |
           Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure AppGuard works properly.
-          
+
           Policy: Allow installation of devices that match any of the following device IDs:
-          
+
           - `SCSI\DiskMsft____Virtual_Disk____`
           - `{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\msvhdhba`
           - `VMS_VSF`
@@ -206,7 +196,7 @@ sections:
           - `root\storvsp`
           - `vms_vsmp`
           - `VMS_PP`
-          
+
           Policy: Allow installation of devices using drivers that match these device setup classes
           - `{71a27cdd-812a-11d0-bec7-08002be2092f}`
 
@@ -218,25 +208,25 @@ sections:
           1. Ensure that the FragmentAware DWORD is set to 1 in this registry setting: `\Registry\Machine\SYSTEM\CurrentControlSet\Services\Winnat`.
 
           2. Reboot the device.
-          
+
       - question: |
           What does the _Allow users to trust files that open in Microsoft Defender Application Guard_ option in the Group policy do?
         answer: |
           This policy was present in Windows 10 prior to version 2004. It was removed from later versions of Windows as it doesn't enforce anything for either Edge or Office.
-         
+
       - question: |
           How do I open a support ticket for Microsoft Defender Application Guard?
         answer: |
          - Visit [Create a new support request](https://support.serviceshub.microsoft.com/supportforbusiness/create).
          - Under the Product Family, select Windows. Select the product and the product version you need help with. For the category that best describes the issue, select, **Windows Security Technologies**. In the final option, select **Windows Defender Application Guard**.
-         
+
       - question: |
           Is there a way to enable or disable the behavior where the host Edge tab auto-closes when navigating to an untrusted site?
         answer: |
           Yes. Use this Edge flag to enable or disable this behavior: `--disable-features="msWdagAutoCloseNavigatedTabs"`
-          
+
 additionalContent: |
 
   ## See also
-  
+
   [Configure Microsoft Defender Application Guard policy settings](./configure-md-app-guard.md)
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/app-guard-chrome-extension-evaluation-page.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/app-guard-chrome-extension-evaluation-page.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/app-guard-chrome-extension-evaluation-page.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/app-guard-chrome-extension-evaluation-page.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/app-guard-chrome-extension-launchIng-edge.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/app-guard-chrome-extension-launchIng-edge.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/app-guard-chrome-extension-launchIng-edge.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/app-guard-chrome-extension-launchIng-edge.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/app-guard-chrome-extension-new-app-guard-page.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/app-guard-chrome-extension-new-app-guard-page.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/app-guard-chrome-extension-new-app-guard-page.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/app-guard-chrome-extension-new-app-guard-page.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-root-certificates.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-allow-root-certificates.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-allow-root-certificates.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-allow-root-certificates.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-clipboard.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-clipboard.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-clipboard.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-clipboard.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-download.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-download.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-download.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-download.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation-neutral.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-network-isolation-neutral.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation-neutral.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-network-isolation-neutral.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-network-isolation.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-network-isolation.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-network-isolation.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-persistence.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-persistence.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-persistence.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-persistence.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-print.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-print.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-print.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-print.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-turn-on.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-turn-on.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-turn-on.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-vgpu.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-vgpu.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-gp-vgpu.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-gp-vgpu.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-hardware-isolation.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-hardware-isolation.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-hardware-isolation.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-hardware-isolation.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-new-window.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-new-window.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-new-window.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-new-window.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-turned-on-with-trusted-site.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-turned-on-with-trusted-site.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-turned-on-with-trusted-site.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-turned-on-with-trusted-site.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-visual-cues.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-visual-cues.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/appguard-visual-cues.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/appguard-visual-cues.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/application-guard-container-v-host.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/application-guard-container-v-host.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/application-guard-container-v-host.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/application-guard-container-v-host.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on-off.png b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/turn-windows-features-on-off.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-application-guard/images/turn-windows-features-on-off.png
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/images/turn-windows-features-on-off.png
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
similarity index 91%
rename from windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
index 6f0853d443..ac710efb7a 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard.md
@@ -1,22 +1,11 @@
 ---
 title: Enable hardware-based isolation for Microsoft Edge
 description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 11/30/2022
-ms.reviewer:
-manager: aaroncz
-ms.custom: asr
-ms.technology: itpro-security
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+ms.date: 07/11/2023
+ms.topic: how-to
 ms.collection:
   - highpri
   - tier2
-ms.topic: how-to
 ---
 
 # Prepare to install Microsoft Defender Application Guard
@@ -38,7 +27,8 @@ Standalone mode is applicable for:
 
 - Windows 10 Enterprise edition, version 1709 and later
 - Windows 10 Pro edition, version 1803 and later
-- Windows 11 and later
+- Windows 10 Education edition, version 1809 and later
+- Windows 11 Enterprise, Education, or Pro editions
 
 ## Enterprise-managed mode
 
@@ -47,7 +37,8 @@ You and your security department can define your corporate boundaries by explici
 Enterprise-managed mode is applicable for:
 
 - Windows 10 Enterprise edition, version 1709 and later
-- Windows 11 and later
+- Windows 10 Education edition, version 1809 and later
+- Windows 11 Enterprise or Education editions
 
 The following diagram shows the flow between the host PC and the isolated container.
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md
similarity index 98%
rename from windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md
index 0f2bca60b2..b5b54f3574 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-browser-extension.md
@@ -1,25 +1,13 @@
 ---
 title: Microsoft Defender Application Guard Extension
 description: Learn about the Microsoft Defender Application Guard browser extension, which extends Application Guard's protection to more web browsers.
-ms.prod: windows-client
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 09/09/2021
-ms.reviewer: 
-manager: aaroncz
-ms.custom: asr
-ms.technology: itpro-security
+ms.date: 07/11/2023
 ms.topic: conceptual
 ---
 
 # Microsoft Defender Application Guard Extension
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
 [Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/).
 
 [Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10 and Windows 11, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers.
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
similarity index 89%
rename from windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
index 1f4264f709..d1547ce21e 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -1,19 +1,9 @@
 ---
-title: Microsoft Defender Application Guard 
+title: Microsoft Defender Application Guard
 description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
-ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 05/01/2023
-ms.reviewer: 
-manager: aaroncz
-ms.custom: asr
-ms.technology: itpro-security
-ms.collection: 
+ms.date: 07/11/2023
+ms.collection:
   - highpri
   - tier2
 ms.topic: conceptual
@@ -21,11 +11,6 @@ ms.topic: conceptual
 
 # Microsoft Defender Application Guard overview
 
-**Applies to** 
-
-- Windows 10
-- Windows 11
-
 Microsoft Defender Application Guard (MDAG) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
 
 ## What is Application Guard and how does it work?
@@ -48,9 +33,9 @@ Application Guard has been created to target several types of devices:
 
 - **Personal devices**. These personally owned desktops or mobile laptops aren't domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
 
-[!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-standalone-mode](../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md)]
+[!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-standalone-mode](../../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md)]
 
-For more information about Microsoft Defender Application Guard (MDAG) for Edge enterprise mode, [Configure Microsoft Defender Application Guard policy settings.](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)
+For more information about Microsoft Defender Application Guard (MDAG) for Edge enterprise mode, [Configure Microsoft Defender Application Guard policy settings.](configure-md-app-guard.md)
 
 ## Related articles
 
@@ -64,4 +49,3 @@ For more information about Microsoft Defender Application Guard (MDAG) for Edge
 | [Microsoft Defender Application Guard for Microsoft Office](/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
 |[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.yml)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
 |[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|
-
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
similarity index 80%
rename from windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
index f8cbef2b18..e27e886eea 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -1,24 +1,13 @@
 ---
 title: System requirements for Microsoft Defender Application Guard
 description: Learn about the system requirements for installing and running Microsoft Defender Application Guard.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.topic: overview
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 08/25/2022
-ms.reviewer: sazankha
-manager: aaroncz
+ms.date: 07/11/2023
 ---
 
 # System requirements for Microsoft Defender Application Guard
 
-**Applies to** 
-
-- Windows 10 Education, Enterprise, and Professional
-- Windows 11 Education, Enterprise, and Professional
-
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
 > [!NOTE]
@@ -45,6 +34,6 @@ Your environment must have the following hardware to run Microsoft Defender Appl
 
 | Software | Description |
 |--------|-----------|
-| Operating system | Windows 10 Enterprise edition, version 1809 or later <br/> Windows 10 Professional edition, version 1809 or later <br/> Windows 10 Professional for Workstations edition, version 1809 or later <br/> Windows 10 Professional Education edition, version 1809 or later <br/> Windows 10 Education edition, version 1809 or later <br/> Windows 11 Education, Enterprise, and Professional editions |
+| Operating system | Windows 10 Enterprise or Education editions, version 1809 or later <br/> Windows 10 Professional edition, version 1809 or later (only [standalone mode](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard#standalone-mode) is supported)  <br/> Windows 11 Education or Enterprise editions <br/> Windows 11 Professional edition (only [Standalone mode](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/install-md-app-guard#standalone-mode) is supported) |
 | Browser | Microsoft Edge |
 | Management system <br> (only for managed devices)| [Microsoft Intune](/intune/) <p> **OR** <p> [Microsoft Configuration Manager](/configmgr/) <p> **OR** <p> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <p> **OR** <p>Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Microsoft MDM solutions, see the documentation that came with your product. |
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
similarity index 97%
rename from windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
rename to windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index 4357712bc7..03756108fa 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/application-security/application-isolation/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -1,25 +1,13 @@
 ---
 title: Testing scenarios with Microsoft Defender Application Guard
 description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.reviewer: sazankha
-manager: aaroncz
-ms.date: 09/23/2022
-ms.custom: asr
+ms.date: 07/11/2023
 ms.topic: conceptual
 ---
 
 # Application Guard testing scenarios
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
 We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
 
 ## Application Guard in standalone mode
@@ -28,7 +16,7 @@ You can see how an employee would use standalone mode with Application Guard.
 
 ### To test Application Guard in Standalone mode
 
-1. [Install Application Guard](./install-md-app-guard.md).
+1. [Install Application Guard](install-md-app-guard.md).
 
 2. Restart the device, start Microsoft Edge, and then select **New Application Guard window** from the menu.
 
@@ -51,7 +39,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
 
 Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, and Windows 11 which includes the functionality. Then, you must use Group Policy to set up the required settings.
 
-1. [Install Application Guard](./install-md-app-guard.md#install-application-guard).
+1. [Install Application Guard](install-md-app-guard.md#install-application-guard).
 
 2. Restart the device, and then start Microsoft Edge.
 
diff --git a/windows/security/application-security/application-isolation/toc.yml b/windows/security/application-security/application-isolation/toc.yml
index cb920b5e4e..c8ed951135 100644
--- a/windows/security/application-security/application-isolation/toc.yml
+++ b/windows/security/application-security/application-isolation/toc.yml
@@ -1,20 +1,20 @@
 items:
 - name: Microsoft Defender Application Guard (MDAG)
-  href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+  href: microsoft-defender-application-guard/md-app-guard-overview.md
 - name: MDAG for Edge standalone mode
-  href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+  href: microsoft-defender-application-guard/md-app-guard-overview.md
 - name: MDAG for Edge enterprise mode and enterprise management 🔗
   href: /deployedge/microsoft-edge-security-windows-defender-application-guard
 - name: MDAG for Microsoft Office
   href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
 - name: MDAG configure via MDM 🔗
   href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
-- name: Windows containers 🔗
+- name: App containers 🔗
   href: /virtualization/windowscontainers/about
 - name: Windows Sandbox
-  href: ./windows-sandbox/windows-sandbox-overview.md
+  href: windows-sandbox/windows-sandbox-overview.md
   items:
   - name: Windows Sandbox architecture
-    href: ./windows-sandbox/windows-sandbox-architecture.md
+    href: windows-sandbox/windows-sandbox-architecture.md
   - name: Windows Sandbox configuration
-    href: ./windows-sandbox/windows-sandbox-configure-using-wsb-file.md
\ No newline at end of file
+    href: windows-sandbox/windows-sandbox-configure-using-wsb-file.md
diff --git a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index a0d3dc4bea..888bca39ce 100644
--- a/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -156,14 +156,16 @@ Supported values:
 
 ### Protected client
 
-Applies more security settings to the sandbox Remote Desktop client, decreasing its attack surface.
+When Protected Client mode is enabled, Sandbox adds a new layer of security boundary by running inside an [AppContainer Isolation](/windows/win32/secauthz/appcontainer-isolation) execution environment.
+
+AppContainer Isolation provides Credential, Device, File, Network, Process, and Window isolation.
 
 `<ProtectedClient>value</ProtectedClient>`
 
 Supported values:
 
-- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
-- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
+- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the Sandbox runs in AppContainer Isolation.
+- *Disable*: Runs the Sandbox in the standard mode without extra security mitigations.
 - *Default*: This value is the default value for Protected Client mode. Currently, this default value denotes that the sandbox doesn't run in Protected Client mode.
 
 > [!NOTE]
diff --git a/windows/security/application-security/index.md b/windows/security/application-security/index.md
new file mode 100644
index 0000000000..6d2ac65456
--- /dev/null
+++ b/windows/security/application-security/index.md
@@ -0,0 +1,14 @@
+---
+title: Windows application security
+description: Get an overview of application security in Windows
+ms.date: 08/02/2023
+ms.topic: conceptual
+---
+
+# Windows application security
+
+Cybercriminals can take advantage of poorly secured applications to access valuable resources. With Windows, IT admins can combat common application attacks from the moment a device is provisioned. For example, IT can remove local admin rights from user accounts, so that PCs run with least privilege to prevent malicious applications from accessing sensitive resources.
+
+Learn more about application security features in Windows.
+
+[!INCLUDE [application](../includes/sections/application.md)]
diff --git a/windows/security/application-security/toc.yml b/windows/security/application-security/toc.yml
index 5e2bd70284..84c5873b45 100644
--- a/windows/security/application-security/toc.yml
+++ b/windows/security/application-security/toc.yml
@@ -1,8 +1,8 @@
 items:
 - name: Overview
-  href: ../apps.md
-- name: Application Control
+  href: index.md
+- name: Application and driver control
   href: application-control/toc.yml
-- name: Application Isolation
+- name: Application isolation
   href: application-isolation/toc.yml
 
diff --git a/windows/security/apps.md b/windows/security/apps.md
deleted file mode 100644
index a2e62786ce..0000000000
--- a/windows/security/apps.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: Windows application security
-description: Get an overview of application security in Windows
-ms.reviewer:
-manager: aaroncz
-ms.author: paoloma
-author: paolomatarazzo
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 03/09/2023
-ms.topic: article
----
-
-# Windows application security
-
-Cyber-criminals regularly gain access to valuable data by hacking applications. This can include *code injection* attacks, in which attackers insert malicious code that can tamper with data, or even destroy it. An application may have its security misconfigured, leaving open doors for hackers. Or vital customer and corporate information may leave sensitive data exposed. Windows protects your valuable data with layers of application security.
-
-The following table summarizes the Windows security features and capabilities for apps:
-
-| Security Measures | Features & Capabilities |
-|:---|:---|
-| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
-| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
-| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md) |
-| Email Security |  With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](identity-protection/configure-s-mime.md) |
-| Microsoft Defender SmartScreen |  Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) |
diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml
deleted file mode 100644
index 19748bed13..0000000000
--- a/windows/security/breadcrumb/toc.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-items:
-- name: Docs
-  tocHref: /
-  topicHref: /
-  items:
-  - name: Windows
-    tocHref: /windows/
-    topicHref: /windows/resources/
-    items:
-    - name: Security
-      tocHref: /windows-server/security/credentials-protection-and-management/
-      topicHref: /windows/security/
-    - name: Security
-      tocHref: /windows-server/identity/laps/
-      topicHref: /windows/security/
-    - name: Security
-      tocHref: /azure/active-directory/authentication/
-      topicHref: /windows/security/
diff --git a/windows/security/cloud-security/index.md b/windows/security/cloud-security/index.md
new file mode 100644
index 0000000000..b31f712e0f
--- /dev/null
+++ b/windows/security/cloud-security/index.md
@@ -0,0 +1,18 @@
+---
+title: Windows and cloud security
+description: Get an overview of cloud security features in Windows
+ms.date: 08/02/2023
+ms.topic: overview
+author: paolomatarazzo
+ms.author: paoloma
+---
+
+# Windows and cloud security
+
+Today's workforce has more freedom and mobility than ever before, and the risk of data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
+
+From identity and device management to Office apps and data storage, Windows and integrated cloud services can help improve productivity, security, and resilience anywhere.
+
+Learn more about cloud security features in Windows.
+
+[!INCLUDE [cloud-services](../includes/sections/cloud-services.md)]
diff --git a/windows/security/cloud-security/toc.yml b/windows/security/cloud-security/toc.yml
index a927cf5384..7c46b6e146 100644
--- a/windows/security/cloud-security/toc.yml
+++ b/windows/security/cloud-security/toc.yml
@@ -1,6 +1,6 @@
 items:
 - name: Overview
-  href: ../cloud.md
+  href: index.md
 - name: Join Active Directory and Azure AD with single sign-on (SSO) 🔗
   href: /azure/active-directory/devices/concept-azure-ad-join
 - name: Security baselines with Intune 🔗
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
deleted file mode 100644
index 6d99441988..0000000000
--- a/windows/security/cloud.md
+++ /dev/null
@@ -1,33 +0,0 @@
----
-title: Windows and cloud security
-description: Get an overview of cloud services supported in Windows 11 and Windows 10
-ms.reviewer: 
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 09/20/2021
-ms.localizationpriority: medium
-ms.custom: 
-search.appverid: MET150
-ms.prod: windows-client
-ms.technology: itpro-security
----
-
-# Windows and cloud security
-
-Today's workforce has more freedom and mobility than ever before. With the growth of enterprise cloud adoption, increased personal app usage, and increased use of third-party apps, the risk of data exposure is at its highest. Enabling Zero-Trust protection, Windows 11 works with Microsoft cloud services. Windows and cloud services together help organizations strengthen their multi-cloud security infrastructure, protect hybrid cloud workloads, and safeguard sensitive information while controlling access and mitigating threats.
-
-Windows 11 includes the cloud services that are listed in the following table:<br/><br/>
-
-| Service type | Description |
-|:---|:---|
-| Mobile device management (MDM) and Microsoft Intune | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](/windows/client-management/mdm/). |
-| Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](/windows-server/identity/ad-ds/manage/understand-microsoft-accounts).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>If there's a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
-| Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
-
-## Next steps
-
-- [Learn more about MDM and Windows 11](/windows/client-management/mdm/)
-- [Learn more about Windows security](index.yml)
\ No newline at end of file
diff --git a/windows/security/context/context.yml b/windows/security/context/context.yml
deleted file mode 100644
index aa53a529eb..0000000000
--- a/windows/security/context/context.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-### YamlMime: ContextObject
-brand: windows
-breadcrumb_path: ../breadcrumb/toc.yml
-toc_rel: ../toc.yml
\ No newline at end of file
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index e387747efd..817a43769a 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -39,7 +39,7 @@
         "tier2"
       ],
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "ms.localizationpriority": "medium",
       "ms.prod": "windows-client",
       "ms.technology": "itpro-security",
@@ -53,6 +53,7 @@
           "folder_relative_path_in_docset": "./"
         }
       },
+      "titleSuffix": "Windows Security",
       "contributors_to_exclude": [
         "rjagiewich",
         "traya1",
@@ -71,23 +72,79 @@
       ]
     },
     "fileMetadata": {
-      "author": {
-        "application-security/application-isolation/windows-sandbox/**/*.md": "vinaypamnani-msft",
+      "author":{
+        "application-security//**/*.md": "vinaypamnani-msft",
+        "application-security//**/*.yml": "vinaypamnani-msft",
+        "application-security/application-control/windows-defender-application-control/**/*.md": "jsuther1974",
+        "application-security/application-control/windows-defender-application-control/**/*.yml": "jsuther1974",
+        "hardware-security/**/*.md": "vinaypamnani-msft",
+        "hardware-security/**/*.yml": "vinaypamnani-msft",
+        "information-protection/**/*.md": "vinaypamnani-msft",
+        "information-protection/**/*.yml": "vinaypamnani-msft",
         "identity-protection/**/*.md": "paolomatarazzo",
+        "identity-protection/**/*.yml": "paolomatarazzo",
+        "operating-system-security/**/*.md": "vinaypamnani-msft",
+        "operating-system-security/**/*.yml": "vinaypamnani-msft",
+        "operating-system-security/data-protection/**/*.md": "paolomatarazzo",
+        "operating-system-security/data-protection/**/*.yml": "paolomatarazzo",
         "operating-system-security/network-security/**/*.md": "paolomatarazzo",
-        "operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms"
+        "operating-system-security/network-security/**/*.yml": "paolomatarazzo",
+        "operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms",
+        "operating-system-security/network-security/windows-firewall/**/*.yml": "ngangulyms"
       },
-      "ms.author": {
-        "application-security/application-isolation/windows-sandbox/**/*.md": "vinpa",
+      "ms.author":{
+        "application-security//**/*.md": "vinpa",
+        "application-security//**/*.yml": "vinpa",
+        "application-security/application-control/windows-defender-application-control/**/*.md": "jsuther",
+        "application-security/application-control/windows-defender-application-control/**/*.yml": "jsuther",
+        "hardware-security//**/*.md": "vinpa",
+        "hardware-security//**/*.yml": "vinpa",
+        "information-protection/**/*.md": "vinpa",
+        "information-protection/**/*.yml": "vinpa",
         "identity-protection/**/*.md": "paoloma",
+        "identity-protection/**/*.yml": "paoloma",
+        "operating-system-security/**/*.md": "vinpa",
+        "operating-system-security/**/*.yml": "vinpa",
+        "operating-system-security/data-protection/**/*.md": "paoloma",
+        "operating-system-security/data-protection/**/*.yml": "paoloma",
         "operating-system-security/network-security/**/*.md": "paoloma",
-        "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
+        "operating-system-security/network-security/**/*.yml": "paoloma",
+        "operating-system-security/network-security/windows-firewall/*.md": "nganguly",
+        "operating-system-security/network-security/windows-firewall/*.yml": "nganguly"
       },
       "appliesto": {
-        "application-security/application-isolation/windows-sandbox/**/*.md": [
+        "application-security//**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
         ],
+        "application-security/application-control/user-account-control/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "application-security/application-control/windows-defender-application-control/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "hardware-security/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+        ],
+        "hardware-security/pluton/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+        ],
+        "hardware-security/tpm/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
         "identity-protection/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
@@ -106,14 +163,38 @@
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
         ],
-        "identity-protection/user-account-control/**/*.md": [
+        "identity-protection/virtual-smart-cards/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
         ],
-        "identity-protection/virtual-smart-cards/**/*.md": [
+        "operating-system-security/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+        ],
+        "operating-system-security/data-protection/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "operating-system-security/data-protection/**/*.yml": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "operating-system-security/data-protection/personal-data-encryption/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+        ],
+        "operating-system-security/data-protection/personal-data-encryption/*.yml": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+        ],
+        "operating-system-security/device-management/windows-security-configuration-framework/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
@@ -129,21 +210,25 @@
         ]
       },
       "ms.reviewer": {
+        "application-security/application-control/windows-defender-application-control/**/*.md": "vinpa",
+        "application-security/application-isolation/microsoft-defender-application-guard/*.md": "sazankha",
         "identity-protection/hello-for-business/*.md": "erikdau",
         "identity-protection/credential-guard/*.md": "zwhittington",
         "identity-protection/access-control/*.md": "sulahiri",
         "operating-system-security/network-security/windows-firewall/*.md": "paoloma",
-        "operating-system-security/network-security/vpn/*.md": "pesmith"
+        "operating-system-security/network-security/vpn/*.md": "pesmith",
+        "operating-system-security/data-protection/personal-data-encryption/*.md":"rhonnegowda",
+        "operating-system-security/device-management/windows-security-configuration-framework/*.md": "jmunck"
       },
       "ms.collection": {
+        "application-security/application-control/windows-defender-application-control/**/*.md": [ "tier3", "must-keep" ],
         "identity-protection/hello-for-business/*.md": "tier1",
-        "information-protection/bitlocker/*.md": "tier1",
-        "information-protection/personal-data-encryption/*.md": "tier1",
         "information-protection/pluton/*.md": "tier1",
         "information-protection/tpm/*.md": "tier1",
         "threat-protection/auditing/*.md": "tier3",
-        "threat-protection/windows-defender-application-control/*.md": "tier3",
-        "operating-system-security/network-security/windows-firewall/*.md": "tier3"
+        "operating-system-security/data-protection/bitlocker/*.md": "tier1",
+        "operating-system-security/data-protection/personal-data-encryption/*.md": "tier1",
+        "operating-system-security/network-security/windows-firewall/*.md": [ "tier3", "must-keep" ]
       }
     },
     "template": [],
diff --git a/windows/security/encryption-data-protection.md b/windows/security/encryption-data-protection.md
deleted file mode 100644
index 781c1f164d..0000000000
--- a/windows/security/encryption-data-protection.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-title: Encryption and data protection in Windows
-description: Get an overview encryption and data protection in Windows 11 and Windows 10
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: overview
-ms.date: 09/22/2022
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.reviewer: rafals
----
-
-# Encryption and data protection in Windows client
-
-When people travel with their computers and devices, their confidential information travels with them. Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. 
-Encryption and data protection features include:
-
-- Encrypted Hard Drive
-- BitLocker
-
-## Encrypted Hard Drive
-
-Encrypted Hard Drive uses the rapid encryption provided by BitLocker Drive Encryption to enhance data security and management.
-By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
-
-Encrypted hard drives provide:
-
-- Better performance: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
-- Strong security based in hardware: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system.
-- Ease of use: Encryption is transparent to the user, and the user doesn't need to enable it. Encrypted hard drives are easily erased using on-board encryption key; there's no need to re-encrypt data on the drive.
-- Lower cost of ownership: There's no need for new infrastructure to manage encryption keys, since BitLocker uses your existing infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process.
-
-Encrypted hard drives are a new class of hard drives that are self-encrypted at a hardware level and allow for full disk hardware encryption. 
-
-## BitLocker
-
-BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. 
-
-BitLocker provides encryption for the operating system, fixed data, and removable data drives, using technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot, and TPM. 
-
-Windows consistently improves data protection by improving existing options and providing new strategies.
-
-## Personal Data Encryption (PDE)
-<!-- Max 5963468 OS 32516487 -->
-(*Applies to: Windows 11, version 22H2 and later*)
-
-[!INCLUDE [Personal Data Encryption (PDE) description](information-protection/personal-data-encryption/includes/pde-description.md)]
-
-## See also
-
-- [Encrypted Hard Drive](information-protection/encrypted-hard-drive.md)
-- [BitLocker](information-protection/bitlocker/bitlocker-overview.md)
-- [Personal Data Encryption (PDE)](information-protection/personal-data-encryption/overview-pde.md)
diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
similarity index 90%
rename from windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
rename to windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
index f0fd6be3e9..17cc685415 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
@@ -1,30 +1,22 @@
 ---
 title: Enable memory integrity
 description: This article explains the steps to opt in to using memory integrity on Windows devices.
-ms.prod: windows-client
-ms.mktglfcycl: deploy
 ms.localizationpriority: medium
-ms.author: vinpa
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
-ms.collection: 
+ms.collection:
   - highpri
   - tier2
 ms.topic: conceptual
 ms.date: 03/16/2023
-ms.reviewer: 
-ms.technology: itpro-security
+appliesto:
+  - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
+  - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+  - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>"
+  - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>"
+  - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
 ---
 
 # Enable virtualization-based protection of code integrity
 
-**Applies to** 
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 or higher
-
 **Memory integrity** is a virtualization-based security (VBS) feature available in Windows. Memory integrity and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows kernel. VBS uses the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. Memory integrity is a critical component that protects and hardens Windows by running kernel mode code integrity within the isolated virtual environment of VBS. Memory integrity also restricts kernel memory allocations that could be used to compromise the system.
 
 > [!NOTE]
@@ -45,17 +37,17 @@ ms.technology: itpro-security
 
 To enable memory integrity on Windows devices with supporting hardware throughout an enterprise, use any of these options:
 
-- [Windows Security app](#windows-security-app)
+- [Windows Security settings](#windows-security)
 - [Microsoft Intune (or another MDM provider)](#enable-memory-integrity-using-intune)
 - [Group Policy](#enable-memory-integrity-using-group-policy)
 - [Microsoft Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
 - [Registry](#use-registry-keys-to-enable-memory-integrity)
 
-### Windows Security app
+### Windows Security
 
-**Memory integrity** can be turned on in the Windows Security app and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
+**Memory integrity** can be turned on in **Windows Security** settings and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
 
-Beginning with Windows 11 22H2, the Windows Security app shows a warning if memory integrity is turned off. The warning indicator also appears on the Windows Security icon in the Windows Taskbar and in the Windows Notification Center. The user can dismiss the warning from within the Windows Security app.
+Beginning with Windows 11 22H2, **Windows Security** shows a warning if memory integrity is turned off. The warning indicator also appears on the Windows Security icon in the Windows Taskbar and in the Windows Notification Center. The user can dismiss the warning from within **Windows Security**.
 
 To proactively dismiss the memory integrity warning, you can set the **Hardware_HVCI_Off** (DWORD) registry value under `HKLM\SOFTWARE\Microsoft\Windows Security Health\State` to 0. After you change the registry value, you must restart the device for the change to take effect.
 
@@ -73,7 +65,7 @@ Enabling in Intune requires using the Code Integrity node in the [Virtualization
 
 4. Select **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled without UEFI lock**. Only select **Enabled with UEFI lock** if you want to prevent memory integrity from being disabled remotely or by policy update. Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity.
 
-   ![Enable memory integrity using Group Policy.](../images/enable-hvci-gp.png)
+   ![Enable memory integrity using Group Policy.](images/enable-hvci-gp.png)
 
 5. Select **Ok** to close the editor.
 
@@ -276,24 +268,24 @@ Value | Description
 
 #### SecurityServicesConfigured
 
-This field indicates whether Windows Defender Credential Guard or memory integrity has been configured.
+This field indicates whether Credential Guard or memory integrity has been configured.
 
 Value | Description
 -|-
 **0.** | No services are configured.
-**1.** | If present, Windows Defender Credential Guard is configured.
+**1.** | If present, Credential Guard is configured.
 **2.** | If present, memory integrity is configured.
 **3.** | If present, System Guard Secure Launch is configured.
 **4.** | If present, SMM Firmware Measurement is configured.
 
 #### SecurityServicesRunning
 
-This field indicates whether Windows Defender Credential Guard or memory integrity is running.
+This field indicates whether Credential Guard or memory integrity is running.
 
 Value | Description
 -|-
 **0.** | No services running.
-**1.** | If present, Windows Defender Credential Guard is running.
+**1.** | If present, Credential Guard is running.
 **2.** | If present, memory integrity is running.
 **3.** | If present, System Guard Secure Launch is running.
 **4.** | If present, SMM Firmware Measurement is running.
diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
similarity index 92%
rename from windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
rename to windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
index 74e332cb87..077e6473de 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -1,23 +1,16 @@
 ---
-title: How a Windows Defender System Guard helps protect Windows 10
-description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works.
-ms.reviewer: 
-manager: aaroncz
-ms.author: vinpa
-search.appverid: met150
-ms.prod: windows-client
+title: How a Windows Defender System Guard helps protect Windows
+description: Windows Defender System Guard reorganizes the existing Windows system integrity features under one roof. Learn how it works.
 ms.localizationpriority: medium
-author: vinaypamnani-msft
 ms.date: 03/01/2019
-ms.technology: itpro-security
 ms.topic: conceptual
 ---
 
-# Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10
+# Windows Defender System Guard: How a hardware-based root of trust helps protect Windows
 
 To protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.
 
-Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees:
+Windows Defender System Guard reorganizes the existing Windows system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees:
 
 - Protect and maintain the integrity of the system as it starts up
 - Validate that system integrity has truly been maintained through local and remote attestation
@@ -29,47 +22,46 @@ Windows Defender System Guard reorganizes the existing Windows 10 system integri
 With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system.
 This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege.
 
-With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) a hardware-based root of trust helps ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. 
-This hardware-based root of trust comes from the device's Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI). 
-This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM). 
+With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) a hardware-based root of trust helps ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader.
+This hardware-based root of trust comes from the device's Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI).
+This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM).
 
-As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. 
-Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a blocklist), or a list of known 'good' SRTM measurements (also known as an allowlist). 
+As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup.
+Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a blocklist), or a list of known 'good' SRTM measurements (also known as an allowlist).
 
 Each option has a drawback:
 
 - A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust.
-- A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow. 
+- A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow.
 Also, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy.
 
 ### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM)
 
-[Windows Defender System Guard Secure Launch](system-guard-secure-launch-and-smm-protection.md), first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM). 
-DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. 
+[Windows Defender System Guard Secure Launch](system-guard-secure-launch-and-smm-protection.md), first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM).
+DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path.
 This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state.
 
-
 ![System Guard Secure Launch.](images/system-guard-secure-launch.png)
 
-Secure Launch simplifies management of SRTM measurements because the launch code is now unrelated to a specific hardware configuration. This means the number of valid code measurements is small, and future updates can be deployed more widely and quickly. 
+Secure Launch simplifies management of SRTM measurements because the launch code is now unrelated to a specific hardware configuration. This means the number of valid code measurements is small, and future updates can be deployed more widely and quickly.
 
 ### System Management Mode (SMM) protection
 
-System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. 
-Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS. 
-SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor. 
+System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful.
+Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS.
+SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor.
 
 To defend against this, two techniques are used:
 
- - Paging protection to prevent inappropriate access to code and data
- - SMM hardware supervision and attestation
+- Paging protection to prevent inappropriate access to code and data
+- SMM hardware supervision and attestation
 
-Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that hasn't been assigned. 
+Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that hasn't been assigned.
 
-A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it doesn't access any part of the address space that it isn't supposed to. 
+A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it doesn't access any part of the address space that it isn't supposed to.
 
-SMM protection is built on top of the Secure Launch technology and requires it to function. 
-In the future, Windows 10 will also measure this SMI Handler's behavior and attest that no OS-owned memory has been tampered with. 
+SMM protection is built on top of the Secure Launch technology and requires it to function.
+In the future, Windows 10 will also measure this SMI Handler's behavior and attest that no OS-owned memory has been tampered with.
 
 ## Validating platform integrity after Windows is running (run time)
 
@@ -81,7 +73,7 @@ As Windows 10 boots, a series of integrity measurements are taken by Windows Def
 
 After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
 
-[!INCLUDE [windows-defender-system-guard](../../../../includes/licensing/windows-defender-system-guard.md)]
+[!INCLUDE [windows-defender-system-guard](../../../includes/licensing/windows-defender-system-guard.md)]
 
 ## System requirements for System Guard
 
diff --git a/windows/security/information-protection/images/device-details.png b/windows/security/hardware-security/images/device-details.png
similarity index 100%
rename from windows/security/information-protection/images/device-details.png
rename to windows/security/hardware-security/images/device-details.png
diff --git a/windows/security/threat-protection/images/enable-hvci-gp.png b/windows/security/hardware-security/images/enable-hvci-gp.png
similarity index 100%
rename from windows/security/threat-protection/images/enable-hvci-gp.png
rename to windows/security/hardware-security/images/enable-hvci-gp.png
diff --git a/windows/security/information-protection/images/kernel-dma-protection-security-center.png b/windows/security/hardware-security/images/kernel-dma-protection-security-center.png
similarity index 100%
rename from windows/security/information-protection/images/kernel-dma-protection-security-center.png
rename to windows/security/hardware-security/images/kernel-dma-protection-security-center.png
diff --git a/windows/security/information-protection/images/kernel-dma-protection.png b/windows/security/hardware-security/images/kernel-dma-protection.png
similarity index 100%
rename from windows/security/information-protection/images/kernel-dma-protection.png
rename to windows/security/hardware-security/images/kernel-dma-protection.png
diff --git a/windows/security/information-protection/images/pluton/pluton-firmware-load.png b/windows/security/hardware-security/images/pluton/pluton-firmware-load.png
similarity index 100%
rename from windows/security/information-protection/images/pluton/pluton-firmware-load.png
rename to windows/security/hardware-security/images/pluton/pluton-firmware-load.png
diff --git a/windows/security/information-protection/images/pluton/pluton-security-architecture.png b/windows/security/hardware-security/images/pluton/pluton-security-architecture.png
similarity index 100%
rename from windows/security/information-protection/images/pluton/pluton-security-architecture.png
rename to windows/security/hardware-security/images/pluton/pluton-security-architecture.png
diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-group-policy.png b/windows/security/hardware-security/images/secure-launch-group-policy.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-group-policy.png
rename to windows/security/hardware-security/images/secure-launch-group-policy.png
diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-msinfo.png b/windows/security/hardware-security/images/secure-launch-msinfo.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-msinfo.png
rename to windows/security/hardware-security/images/secure-launch-msinfo.png
diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-registry.png b/windows/security/hardware-security/images/secure-launch-registry.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-registry.png
rename to windows/security/hardware-security/images/secure-launch-registry.png
diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-security-app.png b/windows/security/hardware-security/images/secure-launch-security-app.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-system-guard/images/secure-launch-security-app.png
rename to windows/security/hardware-security/images/secure-launch-security-app.png
diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/system-guard-secure-launch.png b/windows/security/hardware-security/images/system-guard-secure-launch.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-system-guard/images/system-guard-secure-launch.png
rename to windows/security/hardware-security/images/system-guard-secure-launch.png
diff --git a/windows/security/threat-protection/device-guard/images/system-information-virtualization-based-security.png b/windows/security/hardware-security/images/system-information-virtualization-based-security.png
similarity index 100%
rename from windows/security/threat-protection/device-guard/images/system-information-virtualization-based-security.png
rename to windows/security/hardware-security/images/system-information-virtualization-based-security.png
diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/windows-defender-system-guard-boot-time-integrity.png b/windows/security/hardware-security/images/windows-defender-system-guard-boot-time-integrity.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-system-guard/images/windows-defender-system-guard-boot-time-integrity.png
rename to windows/security/hardware-security/images/windows-defender-system-guard-boot-time-integrity.png
diff --git a/windows/security/hardware-security/index.md b/windows/security/hardware-security/index.md
new file mode 100644
index 0000000000..a6314a6d44
--- /dev/null
+++ b/windows/security/hardware-security/index.md
@@ -0,0 +1,12 @@
+---
+title: Windows hardware security
+description: Learn more about hardware security features support in Windows.
+ms.date: 07/28/2023
+ms.topic: overview
+---
+
+# Windows hardware security
+
+Learn more about hardware security features support in Windows.
+
+[!INCLUDE [hardware](../includes/sections/hardware.md)]
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
similarity index 93%
rename from windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
rename to windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
index f0503ef3a9..f7fd8927c1 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt.md
@@ -1,18 +1,11 @@
 ---
 title: Kernel DMA Protection
 description: Learn how Kernel DMA Protection protects Windows devices against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.collection: 
+ms.collection:
   - highpri
   - tier1
 ms.topic: conceptual
-ms.date: 03/30/2023
-ms.technology: itpro-security
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
+ms.date: 07/31/2023
 ---
 
 # Kernel DMA Protection
@@ -56,9 +49,9 @@ Kernel DMA Protection isn't compatible with other BitLocker DMA attacks counterm
 
 Systems that support Kernel DMA Protection will enable the feature automatically, with no user or IT admin configuration required.
 
-You can use the Windows Security app to check if Kernel DMA Protection is enabled:
+You can use the Windows Security settings to check if Kernel DMA Protection is enabled:
 
-1. Open Windows Security app
+1. Open **Windows Security**.
 1. Select **Device security > Core isolation details > Memory access protection**
 
 :::image type="content" source="images/kernel-dma-protection-security-center.png" alt-text="Screenshot of Kernel DMA protection in Windows Security." lightbox="images/kernel-dma-protection-security-center.png" border="true":::
@@ -81,7 +74,7 @@ If the current state of **Kernel DMA Protection** is **OFF** and **Hyper-V - Vir
 
 If the state of **Kernel DMA Protection** remains Off, then the system doesn't support Kernel DMA Protection.
 
-For systems that don't support Kernel DMA Protection, refer to the [BitLocker countermeasures](bitlocker/bitlocker-countermeasures.md) or [Thunderbolt 3 and Security on Microsoft Windows Operating system][EXT-1] for other means of DMA protection.
+For systems that don't support Kernel DMA Protection, refer to the [BitLocker countermeasures](../operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md) or [Thunderbolt 3 and Security on Microsoft Windows Operating system][EXT-1] for other means of DMA protection.
 
 ## Frequently asked questions
 
@@ -129,4 +122,4 @@ The policy can be enabled by using:
 [LINK-2]: /windows/client-management/mdm/policy-csp-dmaguard#dmaguard-policies
 [LINK-3]: /windows-hardware/design/device-experiences/oem-kernel-dma-protection
 
-[EXT-1]: https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf
\ No newline at end of file
+[EXT-1]: https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf
diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
similarity index 92%
rename from windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
rename to windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
index d2d8321257..4a94896198 100644
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/hardware-security/pluton/microsoft-pluton-security-processor.md
@@ -1,17 +1,8 @@
 ---
 title: Microsoft Pluton security processor
 description: Learn more about Microsoft Pluton security processor
-ms.reviewer: 
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/15/2022
-appliesto: 
-  - ✅ <b>Windows 11, version 22H2</b>
-ms.technology: itpro-security
+ms.date: 07/31/2023
 ---
 
 # Microsoft Pluton security processor
@@ -46,7 +37,7 @@ When the system boots, Pluton hardware initialization is performed by loading th
 
 ![Diagram showing the Microsoft Pluton Firmware load flow](../images/pluton/pluton-firmware-load.png)
 
-[!INCLUDE [microsoft-pluton-security-processor](../../../../includes/licensing/microsoft-pluton-security-processor.md)]
+[!INCLUDE [microsoft-pluton](../../../../includes/licensing/microsoft-pluton.md)]
 
 ## Related topics
 
diff --git a/windows/security/information-protection/pluton/pluton-as-tpm.md b/windows/security/hardware-security/pluton/pluton-as-tpm.md
similarity index 85%
rename from windows/security/information-protection/pluton/pluton-as-tpm.md
rename to windows/security/hardware-security/pluton/pluton-as-tpm.md
index a51ef6db48..152bac55bc 100644
--- a/windows/security/information-protection/pluton/pluton-as-tpm.md
+++ b/windows/security/hardware-security/pluton/pluton-as-tpm.md
@@ -1,17 +1,8 @@
 ---
 title: Microsoft Pluton as Trusted Platform Module (TPM 2.0)
 description: Learn more about Microsoft Pluton security processor as Trusted Platform Module (TPM 2.0)
-ms.reviewer: 
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
-ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/15/2022
-appliesto: 
-  - ✅ <b>Windows 11, version 22H2</b>
-ms.technology: itpro-security
+ms.date: 07/31/2023
 ---
 
 # Microsoft Pluton as Trusted Platform Module
@@ -32,7 +23,7 @@ Pluton is integrated within the SoC subsystem, and provides a flexible, updatabl
 
 ## Enable Microsoft Pluton as TPM
 
-Devices with Ryzen 6000 and Qualcomm Snapdragon® 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
+Devices with Ryzen 6000 and Qualcomm Snapdragon&reg; 8cx Gen 3 series processors are Pluton Capable, however enabling and providing an option to enable Pluton is at the discretion of the device manufacturer. Pluton is supported on these devices and can be enabled from the Unified Extensible Firmware Interface (UEFI) setup options for the device.
 
 UEFI setup options differ from product to product, visit the product website and check for guidance to enable Pluton as TPM.
 
diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
similarity index 67%
rename from windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
rename to windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
index 2db72ad602..35ef8a1826 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
@@ -1,29 +1,14 @@
 ---
-title: System Guard Secure Launch and SMM protection 
+title: System Guard Secure Launch and SMM protection
 description: Explains how to configure System Guard Secure Launch and System Management Mode (SMM protection) to improve the startup security of Windows 10 devices.
-search.appverid: met150
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.date: 11/30/2021
-ms.reviewer: 
-manager: aaroncz
-ms.author: vinpa
-ms.technology: itpro-security
+ms.date: 07/31/2023
 ms.topic: conceptual
 ---
 
 # System Guard Secure Launch and SMM protection
 
-**Applies to:**
-
-- Windows 11
-- Windows 10
-
-This topic explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows) to improve the startup security of Windows 10 and Windows 11 devices. The information below is presented from a client perspective.
+This topic explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](how-hardware-based-root-of-trust-helps-protect-windows.md) to improve the startup security of Windows 10 and Windows 11 devices. The information below is presented from a client perspective.
 
 > [!NOTE]
 > System Guard Secure Launch feature requires a supported processor. For more information, see [System requirements for System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md#system-requirements-for-system-guard).
@@ -34,7 +19,7 @@ You can enable System Guard Secure Launch by using any of these options:
 
 - [Mobile Device Management (MDM)](#mobile-device-management)
 - [Group Policy](#group-policy)
-- [Windows Security app](#windows-security-app)
+- [Windows Security settings](#windows-security)
 - [Registry](#registry)
 
 ### Mobile Device Management
@@ -49,12 +34,12 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM)
 
     ![Secure Launch Configuration.](images/secure-launch-group-policy.png)
 
-### Windows Security app
+### Windows Security
 
 Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation** > **Firmware protection**.
 
-  ![Windows Security app.](images/secure-launch-security-app.png)
-  
+  ![Windows Security settings.](images/secure-launch-security-app.png)
+
 ### Registry
 
 1. Open Registry editor.
@@ -73,10 +58,10 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** >
 
 To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**.
 
-![Verifying Secure Launch is running in the Windows Security app.](images/secure-launch-msinfo.png)
+![Verifying Secure Launch is running in the Windows Security settings.](images/secure-launch-msinfo.png)
 
 > [!NOTE]
-> To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows), [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../../identity-protection/credential-guard/credential-guard-requirements.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
+> To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../identity-protection/credential-guard/index.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
 
 > [!NOTE]
 > For more information around AMD processors, see [Microsoft Security Blog: Force firmware code to be measured and attested by Secure Launch on Windows 10](https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10/).
diff --git a/windows/security/hardware-security/toc.yml b/windows/security/hardware-security/toc.yml
index 6cd5d10c39..1b95b86db3 100644
--- a/windows/security/hardware-security/toc.yml
+++ b/windows/security/hardware-security/toc.yml
@@ -1,54 +1,56 @@
 items:
   - name: Overview
-    href: ../hardware.md
+    href: index.md
   - name: Hardware root of trust
     items:
       - name: Windows Defender System Guard
-        href: ../threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+        href: how-hardware-based-root-of-trust-helps-protect-windows.md
       - name: Trusted Platform Module
-        href: ../information-protection/tpm/trusted-platform-module-top-node.md
+        href: tpm/trusted-platform-module-top-node.md
         items:
           - name: Trusted Platform Module overview
-            href: ../information-protection/tpm/trusted-platform-module-overview.md
+            href: tpm/trusted-platform-module-overview.md
           - name: TPM fundamentals
-            href: ../information-protection/tpm/tpm-fundamentals.md
+            href: tpm/tpm-fundamentals.md
           - name: How Windows uses the TPM
-            href: ../information-protection/tpm/how-windows-uses-the-tpm.md
+            href: tpm/how-windows-uses-the-tpm.md
           - name: Manage TPM commands
-            href: ../information-protection/tpm/manage-tpm-commands.md
-          - name: Manager TPM Lockout
-            href: ../information-protection/tpm/manage-tpm-lockout.md
+            href: tpm/manage-tpm-commands.md
+          - name: Manage TPM Lockout
+            href: tpm/manage-tpm-lockout.md
           - name: Change the TPM password
-            href: ../information-protection/tpm/change-the-tpm-owner-password.md
+            href: tpm/change-the-tpm-owner-password.md
           - name: TPM Group Policy settings
-            href: ../information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+            href: tpm/trusted-platform-module-services-group-policy-settings.md
           - name: Back up the TPM recovery information to AD DS
-            href: ../information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+            href: tpm/backup-tpm-recovery-information-to-ad-ds.md
           - name: View status, clear, or troubleshoot the TPM
-            href: ../information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+            href: tpm/initialize-and-configure-ownership-of-the-tpm.md
           - name: Understanding PCR banks on TPM 2.0 devices
-            href: ../information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+            href: tpm/switch-pcr-banks-on-tpm-2-0-devices.md
           - name: TPM recommendations
-            href: ../information-protection/tpm/tpm-recommendations.md
+            href: tpm/tpm-recommendations.md
       - name: Microsoft Pluton security processor
         items:
           - name: Microsoft Pluton overview
-            href: ../information-protection/pluton/microsoft-pluton-security-processor.md
+            href: pluton/microsoft-pluton-security-processor.md
           - name: Microsoft Pluton as TPM
-            href: ../information-protection/pluton/pluton-as-tpm.md
+            href: pluton/pluton-as-tpm.md
   - name: Silicon assisted security
     items:
-      - name: Virtualization-based security (VBS)
+      - name: Virtualization-based security (VBS) 🔗
         href: /windows-hardware/design/device-experiences/oem-vbs
       - name: Memory integrity (HVCI)
-        href: ../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+        href: enable-virtualization-based-protection-of-code-integrity.md
       - name: Memory integrity and VBS enablement 🔗
         href: /windows-hardware/design/device-experiences/oem-hvci-enablement
       - name: Hardware-enforced stack protection
         href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
       - name: Secured-core PC 🔗
         href: /windows-hardware/design/device-experiences/oem-highly-secure-11
+      - name: Secured-core PC configuration lock 🔗
+        href: /windows/client-management/config-lock
       - name: Kernel Direct Memory Access (DMA) protection
-        href: ../information-protection/kernel-dma-protection-for-thunderbolt.md
+        href: kernel-dma-protection-for-thunderbolt.md
       - name: System Guard Secure Launch
-        href: ../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
\ No newline at end of file
+        href: system-guard-secure-launch-and-smm-protection.md
diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
similarity index 59%
rename from windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
rename to windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 2779296ea9..e2b7facad8 100644
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/hardware-security/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -1,16 +1,8 @@
 ---
 title: Back up TPM recovery information to Active Directory
 description: Learn how to back up the Trusted Platform Module (TPM) recovery information to Active Directory.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Back up the TPM recovery information to AD DS
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
similarity index 81%
rename from windows/security/information-protection/tpm/change-the-tpm-owner-password.md
rename to windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
index 86b7b524ed..05ed6c63a9 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/hardware-security/tpm/change-the-tpm-owner-password.md
@@ -1,19 +1,8 @@
 ---
-title: Change the TPM owner password 
+title: Change the TPM owner password
 description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 04/26/2023
-ms.technology: itpro-security
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
 
 # Change the TPM owner password
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
similarity index 94%
rename from windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
rename to windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
index be0cadec4a..b150c5e788 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/hardware-security/tpm/how-windows-uses-the-tpm.md
@@ -1,16 +1,8 @@
 ---
 title: How Windows uses the TPM
 description: Learn how Windows uses the Trusted Platform Module (TPM) to enhance security.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # How Windows uses the Trusted Platform Module
@@ -27,11 +19,11 @@ TPMs are passive: they receive commands and return responses. To realize the ful
 
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
-OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone can't achieve. For example, software alone can't reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust—that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key *truly can't leave the TPM*.
+OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone can't achieve. For example, software alone can't reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust-that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key *truly can't leave the TPM*.
 
 The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs, whereas others don't.
 
-Certification programs for TPMs—and technology in general—continue to evolve as the speed of innovation increases. Although having a TPM is clearly better than not having a TPM, Microsoft's best advice is to determine your organization's security needs and research any regulatory requirements associated with procurement for your industry. The result is a balance between scenarios used, assurance level, cost, convenience, and availability.
+Certification programs for TPMs-and technology in general-continue to evolve as the speed of innovation increases. Although having a TPM is clearly better than not having a TPM, Microsoft's best advice is to determine your organization's security needs and research any regulatory requirements associated with procurement for your industry. The result is a balance between scenarios used, assurance level, cost, convenience, and availability.
 
 ## TPM in Windows
 
@@ -69,7 +61,7 @@ The adoption of new authentication technology requires that identity providers a
 
 Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1):
 
-- **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM.
+- **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM).
 
 - **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios.
 
@@ -82,7 +74,7 @@ For Windows Hello for Business, Microsoft can fill the role of the identity CA.
 
 BitLocker provides full-volume encryption to protect data at rest. The most common device configuration splits the hard drive into several volumes. The operating system and user data reside on one volume that holds confidential information, and other volumes hold public information such as boot components, system information and recovery tools. (These other volumes are used infrequently enough that they do not need to be visible to users.) Without more protections in place, if the volume containing the operating system and user data is not encrypted, someone can boot another operating system and easily bypass the intended operating system's enforcement of file permissions to read any user data.
 
-In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows logon prompt, the only path forward is for the user to log on with his or her credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however—for example, a different operating system is booted from a USB device—the operating system volume and user data can't be read and are not accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities:
+In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows logon prompt, the only path forward is for the user to log on with his or her credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however-for example, a different operating system is booted from a USB device-the operating system volume and user data can't be read and are not accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities:
 
 - **Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component's measurement is sent to the TPM before it runs, a component can't erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values.
 
diff --git a/windows/security/information-protection/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png b/windows/security/hardware-security/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png
similarity index 100%
rename from windows/security/information-protection/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png
rename to windows/security/hardware-security/tpm/images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png
diff --git a/windows/security/information-protection/tpm/images/tpm-capabilities.png b/windows/security/hardware-security/tpm/images/tpm-capabilities.png
similarity index 100%
rename from windows/security/information-protection/tpm/images/tpm-capabilities.png
rename to windows/security/hardware-security/tpm/images/tpm-capabilities.png
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
similarity index 95%
rename from windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
rename to windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
index 530666774a..e9374612fe 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/hardware-security/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -1,16 +1,8 @@
 ---
 title: Troubleshoot the TPM
 description: Learn how to view and troubleshoot the Trusted Platform Module (TPM).
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.collection:
 - highpri
 - tier1
diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/hardware-security/tpm/manage-tpm-commands.md
similarity index 81%
rename from windows/security/information-protection/tpm/manage-tpm-commands.md
rename to windows/security/hardware-security/tpm/manage-tpm-commands.md
index 1a2512a41f..52a9473f9b 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/hardware-security/tpm/manage-tpm-commands.md
@@ -1,19 +1,8 @@
 ---
-title: Manage TPM commands 
+title: Manage TPM commands
 description: This article for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 04/26/2023
-ms.technology: itpro-security
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
 
 # Manage TPM commands
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/hardware-security/tpm/manage-tpm-lockout.md
similarity index 88%
rename from windows/security/information-protection/tpm/manage-tpm-lockout.md
rename to windows/security/hardware-security/tpm/manage-tpm-lockout.md
index ba4962a98d..a281a8e40b 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/hardware-security/tpm/manage-tpm-lockout.md
@@ -1,20 +1,10 @@
 ---
-title: Manage TPM lockout 
+title: Manage TPM lockout
 description: This article for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 04/26/2023
-ms.technology: itpro-security
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
+
 # Manage TPM lockout
 
 This article for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
similarity index 93%
rename from windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
rename to windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index de49d856c6..01ddf58aa0 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/hardware-security/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -1,16 +1,8 @@
 ---
 title: UnderstandPCR banks on TPM 2.0 devices
 description: Learn about what happens when you switch PCR banks on TPM 2.0 devices.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # PCR banks on TPM 2.0 devices
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/hardware-security/tpm/tpm-fundamentals.md
similarity index 96%
rename from windows/security/information-protection/tpm/tpm-fundamentals.md
rename to windows/security/hardware-security/tpm/tpm-fundamentals.md
index efa0bfa418..4393c94d01 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/hardware-security/tpm/tpm-fundamentals.md
@@ -1,16 +1,8 @@
 ---
 title: Trusted Platform Module (TPM) fundamentals
 description: Learn about the components of the Trusted Platform Module and how they're used to mitigate dictionary attacks.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 03/09/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # TPM fundamentals
@@ -121,4 +113,4 @@ The Windows TPM-based smart card, which is a virtual smart card, can be configur
 - Physical smart cards can enforce lockout for only the physical smart card PIN, and they can reset the lockout after the correct PIN is entered.
   With a virtual smart card, the TPM's anti-hammering protection isn't reset after a successful authentication. The allowed number of authorization failures before the TPM enters lockout includes many factors
 - Hardware manufacturers and software developers can use the security features of the TPM to meet their requirements
-- The intent of selecting 32 failures as the lock-out threshold is to avoid users to lock the TPM (even when learning to type new passwords or if they frequently lock and unlock their computers). If users lock the TPM, they must wait 10 minutes or use other credentials to sign in, such as a user name and password
\ No newline at end of file
+- The intent of selecting 32 failures as the lock-out threshold is to avoid users to lock the TPM (even when learning to type new passwords or if they frequently lock and unlock their computers). If users lock the TPM, they must wait 10 minutes or use other credentials to sign in, such as a user name and password
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/hardware-security/tpm/tpm-recommendations.md
similarity index 93%
rename from windows/security/information-protection/tpm/tpm-recommendations.md
rename to windows/security/hardware-security/tpm/tpm-recommendations.md
index b90c535d06..a4d4b53a79 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/hardware-security/tpm/tpm-recommendations.md
@@ -1,19 +1,11 @@
 ---
-title: TPM recommendations 
+title: TPM recommendations
 description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.collection: 
-  - highpri
-  - tier1
+ms.collection:
+- highpri
+- tier1
 ---
 
 # TPM recommendations
@@ -30,7 +22,7 @@ TPMs are passive: they receive commands and return responses. To realize the ful
 
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards. These standards support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 
-OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. For example, software alone cannot reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust—that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM.
+OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. For example, software alone cannot reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust-that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM.
 
 The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs whereas others do not.
 
@@ -95,7 +87,7 @@ For end consumers, TPM is behind the scenes but is still relevant. TPM is used f
 
 - TPM is optional on IoT Core.
 
-### Windows Server 2016
+### Windows Server 2016
 
 - TPM is optional for Windows Server SKUs unless the SKU meets the other qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required.
 
@@ -106,7 +98,7 @@ The following table defines which Windows features require TPM support.
  Windows Features | TPM Required | Supports TPM 1.2  | Supports TPM 2.0  | Details  |
 -|-|-|-|-
  Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. TPM 2.0 is recommended since it supports newer cryptographic algorithms. TPM 1.2 only supports the SHA-1 algorithm which is being deprecated.  
- BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](../bitlocker/bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) including TPM 2.0 support
+ BitLocker | No | Yes | Yes | TPM 1.2 or 2.0 are supported but TPM 2.0 is recommended. [Automatic Device Encryption requires Modern Standby](../../operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) including TPM 2.0 support
  Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0.
  Windows Defender Application Control (Device Guard) | No | Yes | Yes
  Windows Defender System Guard (DRTM) | Yes | No | Yes | TPM 2.0 and UEFI firmware is required.
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md
similarity index 92%
rename from windows/security/information-protection/tpm/trusted-platform-module-overview.md
rename to windows/security/hardware-security/tpm/trusted-platform-module-overview.md
index d3a0a6e2b7..8d35f5065b 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/hardware-security/tpm/trusted-platform-module-overview.md
@@ -1,19 +1,11 @@
 ---
 title: Trusted Platform Module Technology Overview
 description: Learn about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/22/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.collection: 
-  - highpri
-  - tier1
+ms.collection:
+- highpri
+- tier1
 ---
 
 # Trusted Platform Module Technology Overview
@@ -50,7 +42,7 @@ Anti-malware software can use the boot measurements of the operating system star
 
 The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see [TPM Group Policy Settings](trusted-platform-module-services-group-policy-settings.md).
 
-[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm-20.md)]
+[!INCLUDE [trusted-platform-module-tpm-20](../../../../includes/licensing/trusted-platform-module-tpm.md)]
 
 ## New and changed functionality
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
similarity index 77%
rename from windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
rename to windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
index 60774172a4..d74612ae4a 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -1,21 +1,12 @@
 ---
-title: TPM Group Policy settings 
+title: TPM Group Policy settings
 description: This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
-ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
+ms.date: 07/31/2023
 ---
 
 # TPM Group Policy settings
 
-
 This topic describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 
 The Group Policy settings for TPM services are located at:
@@ -39,11 +30,11 @@ This policy setting configured which TPM authorization values are stored in the
 
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
--   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0.
+-   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. Full owner authorization in TPM 1.2 is similar to lockout authorization in TPM 2.0. Owner authorization has a different meaning for TPM 2.0.
 
--   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows prior to version 1703.
+-   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows prior to version 1703.
 
--   **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
+-   **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
 
 > [!NOTE]
 > If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid.
@@ -62,7 +53,6 @@ The following table shows the TPM owner authorization values in the registry.
 | 2          | Delegated |
 | 4          | Full      |
 
-
 If you enable this policy setting, the Windows operating system will store the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose.
 
 On Windows 10 prior to version 1607, if you disable or do not configure this policy setting, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is also disabled or not configured, the default setting is to store the full TPM authorization value in the local registry. If this policy is disabled or not configured, and the **Turn on TPM backup to Active Directory Domain Services** policy setting is enabled, only the administrative delegation and the user delegation blobs are stored in the local registry.
@@ -78,9 +68,9 @@ This setting helps administrators prevent the TPM hardware from entering a locko
 
 For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration:
 
--   [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold)   This value is the maximum number of authorization failures that each standard user can have before the user is not allowed to send commands that require authorization to the TPM.
+-   [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold)   This value is the maximum number of authorization failures that each standard user can have before the user is not allowed to send commands that require authorization to the TPM.
 
--   [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold)   This value is the maximum total number of authorization failures that all standard users can have before all standard users are not allowed to send commands that require authorization to the TPM.
+-   [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold)   This value is the maximum total number of authorization failures that all standard users can have before all standard users are not allowed to send commands that require authorization to the TPM.
 
 An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
@@ -112,32 +102,36 @@ If you do not configure this policy setting, a default value of 9 is used. A val
 
 ## Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
 
-Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. 
+Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below.
 
 > [!IMPORTANT]
-> Setting this policy will take effect only if:  
-> -   The TPM was originally prepared using a version of Windows after Windows 10 Version 1607
-> -   The system has a TPM 2.0. 
-> 
+> Setting this policy will take effect only if:
+>
+> - The TPM was originally prepared using a version of Windows after Windows 10 Version 1607
+> - The system has a TPM 2.0.
+
 > [!NOTE]
 > Enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only ways for the disabled setting of this policy to take effect on a system where it was once enabled are to either:
+>
 > -  Disable it from group policy
 > -  Clear the TPM on the system
 
-## TPM Group Policy settings in the Windows Security app
+## TPM Group Policy settings in Windows Security
 
-You can change what users see about TPM in the Windows Security app. The Group Policy settings for the TPM area in the Windows Security app are located at:
+You can change what users see about TPM in **Windows Security**. The Group Policy settings for the TPM area in **Windows Security** are located at:
 
-**Computer Configuration\\Administrative Templates\\Windows Components\\Windows Security\\Device security** 
+**Computer Configuration\\Administrative Templates\\Windows Components\\Windows Security\\Device security**
 
 ### Disable the Clear TPM button
-If you don't want users to be able to click the **Clear TPM** button in the Windows Security app, you can disable it with this Group Policy setting. Select **Enabled** to make the **Clear TPM** button unavailable for use.
+
+If you don't want users to be able to click the **Clear TPM** button in **Windows Security**, you can disable it with this Group Policy setting. Select **Enabled** to make the **Clear TPM** button unavailable for use.
 
 ### Hide the TPM Firmware Update recommendation
+
 If you don't want users to see the recommendation to update TPM firmware, you can disable it with this setting. Select **Enabled** to prevent users from seeing a recommendation to update their TPM firmware when a vulnerable firmware is detected.
 
 ## Related topics
 
-- [Trusted Platform Module](trusted-platform-module-top-node.md) 
+- [Trusted Platform Module](trusted-platform-module-top-node.md)
 - [TPM Cmdlets in Windows PowerShell](/powershell/module/trustedplatformmodule/?view=win10-ps&preserve-view=true)
-- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md)
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](../../operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md)
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/hardware-security/tpm/trusted-platform-module-top-node.md
similarity index 82%
rename from windows/security/information-protection/tpm/trusted-platform-module-top-node.md
rename to windows/security/hardware-security/tpm/trusted-platform-module-top-node.md
index 016df0eaf9..c19e762bdf 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+++ b/windows/security/hardware-security/tpm/trusted-platform-module-top-node.md
@@ -1,19 +1,11 @@
 ---
-title: Trusted Platform Module 
+title: Trusted Platform Module
 description: This topic for the IT professional provides links to information about the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/02/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
-ms.collection: 
-  - highpri
-  - tier1
+ms.collection:
+- highpri
+- tier1
 ---
 
 # Trusted Platform Module
diff --git a/windows/security/hardware.md b/windows/security/hardware.md
deleted file mode 100644
index 0baa5e3748..0000000000
--- a/windows/security/hardware.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Windows hardware security
-description: Get an overview of hardware security in Windows 11 and Windows 10
-ms.reviewer: 
-manager: aaroncz
-ms.author: vinpa
-author: vinaypamnani-msft
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Windows hardware security
-
-Modern threats require modern security with a strong alignment between hardware security and software security techniques to keep users, data, and devices protected. The operating system alone cannot protect from the wide range of tools and techniques cybercriminals use to compromise a computer deep inside its silicon. Once inside, intruders can be difficult to detect while engaging in multiple nefarious activities from stealing important data to capturing email addresses and other sensitive pieces of information.
-These new threats call for computing hardware that is secure down to the very core, including hardware chips and processors. Microsoft and our partners, including chip and device manufacturers, have worked together to integrate powerful security capabilities across software, firmware, and hardware. <br><br/>
-
-| Security Measures | Features & Capabilities |
-|:---|:---|
-| Trusted Platform Module (TPM) | A Trusted Platform Module (TPM) is designed to provide hardware-based security-related functions and help prevent unwanted tampering. TPMs provide security and privacy benefits for system hardware, platform owners, and users. <br> A TPM chip is a secure crypto-processor that helps with actions such as generating, storing, and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to make it tamper resistant and prevent malicious software from tampering with the security functions of the TPM. <br><br/> Learn more about the [Trusted Platform Module](information-protection/tpm/trusted-platform-module-top-node.md). |
-| Hardware-based root of trust with Windows Defender System Guard | To protect critical resources such as Windows authentication, single sign-on tokens, Windows Hello, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy.  <br> Windows Defender System Guard helps protect and maintain the integrity of the system as it starts up and validate that system integrity has truly been maintained through local and remote attestation. <br><br/> Learn more about [How a hardware-based root of trust helps protect Windows](threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) and [System Guard Secure Launch and SMM protection](threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md). |
-| Enable virtualization-based protection of code integrity | Hypervisor-protected Code Integrity (HVCI) is a  virtualization based security (VBS) feature available in Windows. In the Windows Device Security settings, HVCI is referred to as Memory Integrity. <br> HVCI and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows Kernel. VBS uses the Windows Hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. HVCI is a critical component that protects and hardens this virtual environment by running kernel mode code integrity within it and restricting kernel memory allocations that could be used to compromise the system. <br><br/> Learn more: [Enable virtualization-based protection of code integrity](threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md).
-| Kernel Direct Memory Access (DMA) Protection | PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with an experience identical to USB. Because PCI hot plug ports are external and easily accessible, PCs are susceptible to drive-by Direct Memory Access (DMA) attacks.  Memory access protection (also known as Kernel DMA Protection)  protects PCs against drive-by DMA attacks that use PCIe hot plug devices by limiting these external peripherals from being able to directly copy memory when the user has locked their PC. <br><br/> Learn more about [Kernel DMA Protection](information-protection/kernel-dma-protection-for-thunderbolt.md). |
-| Secured-core PCs | Microsoft is working closely with OEM partners and silicon vendors to build Secured-core PCs that feature deeply integrated hardware, firmware, and software to ensure enhanced security for devices, identities, and data. <br><br/> Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data. <br><br/> Learn more about [Secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).| 
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index b1ca0e2e0f..efbf40ef92 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -2,7 +2,7 @@
 ms.date: 11/22/2022
 title: Access Control Overview
 description: Description of the access controls in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
-ms.topic: article
+ms.topic: overview
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index a2c64c37a0..1b41b86816 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,11 +1,8 @@
 ---
-ms.date: 12/05/2022
+ms.date: 08/03/2023
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
-ms.topic: conceptual
-ms.collection: 
-  - highpri
-  - tier2
+ms.topic: concept-article
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
@@ -20,7 +17,7 @@ This article describes the default local user accounts for Windows operating sys
 
 ## About local user accounts
 
-Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users.
+Local user accounts are defined locally on a device, and can be assigned rights and permissions on the device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users.
 
 ## Default local user accounts
 
@@ -30,9 +27,7 @@ Default local user accounts are used to manage access to the local device's reso
 
 Default local user accounts are described in the following sections. Expand each section for more information.
 
-<br>
-<details>
-<summary><b>Administrator</b></summary>
+### Administrator
 
 The default local Administrator account is a user account for system administration. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation.
 
@@ -44,13 +39,13 @@ Windows setup disables the built-in Administrator account and creates another lo
 
 Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.  
 
-**Account group membership**
+#### Account group membership
 
 By default, the Administrator account is a member of the Administrators group. It's a best practice to limit the number of users in the Administrators group because members of the Administrators group have Full Control permissions on the device.
 
 The Administrator account can't be removed from the Administrators group.
 
-**Security considerations**
+#### Security considerations
 
 Because the Administrator account is known to exist on many versions of the Windows operating system, it's a best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to the server or client computer.
 
@@ -61,51 +56,42 @@ As a security best practice, use your local (non-Administrator) account to sign
 Group Policy can be used to control the use of the local Administrators group automatically. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)).
 
 > [!IMPORTANT]
-> 
-> - Blank passwords are not allowed.
 >
-> - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. 
+> - Blank passwords are not allowed
+> - Even when the Administrator account is disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it's disabled.
 
-</details>
-<br>
-<details>
-<summary><b>Guest</b></summary>
+### Guest
 
 The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account is disabled and has a blank password. Since the Guest account can provide anonymous access, it's considered a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is necessary.
 
-**Account group membership**
+#### Guest account group membership
 
-By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a device.
+By default, the Guest account is the only member of the default Guests group `SID S-1-5-32-546`, which lets a user sign in to a device.
 
-**Security considerations**
+#### Guest account security considerations
 
 When enabling the Guest account, only grant limited rights and permissions. For security reasons, the Guest account shouldn't be used over the network and made accessible to other computers.
 
 In addition, the guest user in the Guest account shouldn't be able to view the event logs. After the Guest account is enabled, it's a best practice to monitor the Guest account frequently to ensure that other users can't use services and other resources. This includes resources that were unintentionally left available by a previous user.
 
-</details>
-
-<br>
-<details>
-<summary><b>HelpAssistant</b></summary>
+### HelpAssistant
 
 The HelpAssistant account is a default local account that is enabled when a Remote Assistance session is run. This account is automatically disabled when no Remote Assistance requests are pending.
 
 HelpAssistant is the primary account that is used to establish a Remote Assistance session. The Remote Assistance session is used to connect to another computer running the Windows operating system, and it's initiated by invitation. For solicited remote assistance, a user sends an invitation from their computer, through e-mail or as a file, to a person who can provide assistance. After the user's invitation for a Remote Assistance session is accepted, the default HelpAssistant account is automatically created to give the person who provides assistance limited access to the computer. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service.
 
-**Security considerations**
+#### HelpAssistant account security considerations
 
 The SIDs that pertain to the default HelpAssistant account include:
 
-- SID: `S-1-5-<domain>-13`, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
-
-- SID: `S-1-5-<domain>-14`, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
+- SID: `S-1-5-<domain>-13`, display name *Terminal Server User*. This group includes all users who sign in to a server with Remote Desktop Services enabled.
+- SID: `S-1-5-<domain>-14`, display name *Remote Interactive Logon*. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
 
 For the Windows Server operating system, Remote Assistance is an optional component that isn't installed by default. You must install Remote Assistance before it can be used.
 
 For details about the HelpAssistant account attributes, see the following table.
 
-**HelpAssistant account attributes**
+#### HelpAssistant account attributes
 
 |Attribute|Value|
 |--- |--- |
@@ -118,15 +104,11 @@ For details about the HelpAssistant account attributes, see the following table.
 |Safe to move out of default container?|Can be moved out, but we don't recommend it.|
 |Safe to delegate management of this group to non-Service admins?|No|
 
-</details>
-
-<br>
-<details>
-<summary><b>DefaultAccount</b></summary>
+### DefaultAccount
 
 The DefaultAccount account, also known as the Default System Managed Account (DSMA), is a well-known user account type. DefaultAccount can be used to run processes that are either multi-user aware or user-agnostic.
 
-The DSMA is disabled by default on the desktop SKUs and on the Server operating systems with the desktop experience.
+The DSMA is disabled by default on the desktop editions and on the Server operating systems with the desktop experience.
 
 The DSMA has a well-known RID of `503`. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: `S-1-5-21-\<ComputerIdentifier>-503`.
 
@@ -135,19 +117,20 @@ The DSMA is a member of the well-known group **System Managed Accounts Group**,
 The DSMA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM).
 
 #### How Windows uses the DefaultAccount
-From a permission perspective, the DefaultAccount is a standard user account. 
-The DefaultAccount is needed to run multi-user-manifested-apps (MUMA apps). 
-MUMA apps run all the time and react to users signing in and signing out of the devices. 
-Unlike Windows Desktop where apps run in context of the user and get terminated when the user signs off, MUMA apps run by using the DSMA. 
 
-MUMA apps are functional in shared session SKUs such as Xbox. For example, Xbox shell is a MUMA app. 
-Today, Xbox automatically signs in as Guest account and all apps run in this context. 
-All the apps are multi-user-aware and respond to events fired by user manager. 
+From a permission perspective, the DefaultAccount is a standard user account.
+The DefaultAccount is needed to run multi-user-manifested-apps (MUMA apps).
+MUMA apps run all the time and react to users signing in and signing out of the devices.
+Unlike Windows Desktop where apps run in context of the user and get terminated when the user signs off, MUMA apps run by using the DSMA.
+
+MUMA apps are functional in shared session SKUs such as Xbox. For example, Xbox shell is a MUMA app.
+Today, Xbox automatically signs in as Guest account and all apps run in this context.
+All the apps are multi-user-aware and respond to events fired by user manager.
 The apps run as the Guest account.
 
-Similarly, Phone auto logs in as a *DefApps* account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. 
+Similarly, Phone auto logs in as a *DefApps* account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account.
 
-In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users. 
+In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users.
 For this purpose, the system creates DSMA.
 
 #### How the DefaultAccount gets created on domain controllers
@@ -158,35 +141,25 @@ If the domain was created with domain controllers running an earlier version of
 #### Recommendations for managing the Default Account (DSMA)
 
 Microsoft doesn't recommend changing the default configuration, where the account is disabled. There's no security risk with having the account in the disabled state. Changing the default configuration could hinder future scenarios that rely on this account.
-</details>
 
 ## Default local system accounts
 
-<br>
-<details>
-<summary><b>SYSTEM</b></summary>
+### SYSTEM
 
-
-The *SYSTEM* account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account's user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. 
+The *SYSTEM* account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account's user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups.
 
 On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account.
 
 > [!NOTE]
 > To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them.
 
-</details>
-<br>
-<details>
-<summary><b>NETWORK SERVICE </b></summary>
+### NETWORK SERVICE
 
-The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account).
-</details>
-<br>
-<details>
-<summary><b>LOCAL SERVICE</b></summary>
+The *NETWORK SERVICE* account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account).
 
-The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account).
-</details>
+### LOCAL SERVICE
+
+The *LOCAL SERVICE* account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account).
 
 ## How to manage local user accounts
 
@@ -203,17 +176,15 @@ You can also manage local users by using NET.EXE USER and manage local groups by
 
 ### Restrict and protect local accounts with administrative rights
 
-An administrator can use many approaches to prevent malicious users from using stolen credentials such as a stolen password or password hash, for a local account on one computer from being used to authenticate on another computer with administrative rights. This is also called "lateral movement".
+An administrator can use many approaches to prevent malicious users from using stolen credentials such as a stolen password or password hash, for a local account on one computer from being used to authenticate on another computer with administrative rights. This is also called *lateral movement*.
 
 The simplest approach is to sign in to your computer with a standard user account, instead of using the Administrator account for tasks. For example, use a standard account to browse the Internet, send email, or use a word processor. When you want to perform administrative tasks such as installing a new program or changing a setting that affects other users, you don't have to switch to an Administrator account. You can use User Account Control (UAC) to prompt you for permission or an administrator password before performing the task, as described in the next section.
 
 The other approaches that can be used to restrict and protect user accounts with administrative rights include:
 
-- Enforce local account restrictions for remote access.
-
-- Deny network logon to all local Administrator accounts.
-
-- Create unique passwords for local accounts with administrative rights.
+- Enforce local account restrictions for remote access
+- Deny network logon to all local Administrator accounts
+- Create unique passwords for local accounts with administrative rights
 
 Each of these approaches is described in the following sections.
 
@@ -224,7 +195,7 @@ Each of these approaches is described in the following sections.
 
 User Account Control (UAC) is a security feature that informs you when a program makes a change that requires administrative permissions. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change when UAC notifies you.
 
-UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the **Run as** command.
+UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the *Run as* command.
 
 In addition, UAC can require administrators to specifically approve applications that make system-wide changes before those applications are granted permission to run, even in the administrator's user session.
 
@@ -234,8 +205,6 @@ For more information about UAC, see [User Account Control](/windows/access-prote
 
 The following table shows the Group Policy and registry settings that are used to enforce local account restrictions for remote access.
 
-<!-- MicrosoftDocs/windows-itpro-docs/issues/7146 start line 254-->
-
 |No.|Setting|Detailed Description|
 |--- |--- |--- |
 ||Policy location|Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options|
@@ -251,7 +220,7 @@ The following table shows the Group Policy and registry settings that are used t
 
 > [!NOTE]
 > You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates. 
- 
+
 #### To enforce local account restrictions for remote access
 
 1. Start the **Group Policy Management** Console (GPMC)
@@ -286,6 +255,7 @@ The following table shows the Group Policy and registry settings that are used t
 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
 1. Create links to all other OUs that contain workstations
 1. Create links to all other OUs that contain servers
+
 ### Deny network logon to all local Administrator accounts
 
 Denying local accounts the ability to perform network logons can help prevent a local account password hash from being reused in a malicious attack. This procedure helps to prevent lateral movement by ensuring that stolen credentials for local accounts from a compromised operating system can't be used to compromise other computers that use the same credentials.
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
deleted file mode 100644
index 510e690593..0000000000
--- a/windows/security/identity-protection/configure-s-mime.md
+++ /dev/null
@@ -1,83 +0,0 @@
----
-title: Configure S/MIME for Windows
-description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
-ms.topic: article
-ms.date: 07/27/2017
----
-
-
-# Configure S/MIME for Windows
-
-S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
-
-## About message encryption
-
-Users can send encrypted message to people in their organization and people outside their organization if they have their encryption certificates. However, users using Windows Mail app can only read encrypted messages if the message is received on their Exchange account and they have corresponding decryption keys.
-
-Encrypted messages can be read only by recipients who have a certificate. If you try to send an encrypted message to recipients whose encryption certificate is not available, the app will prompt you to remove these recipients before sending the email.
-
-## About digital signatures
-
-A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Recipients can only verify the digital signature if they're using an email client that supports S/MIME.
-
-[!INCLUDE [email-encryption-smime](../../../includes/licensing/email-encryption-smime.md)]
-
-## Prerequisites
-
--   [S/MIME is enabled for Exchange accounts](/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption) (on-premises and Office 365). Users can't use S/MIME signing and encryption with a personal account such as Outlook.com.
--   Valid Personal Information Exchange (PFX) certificates are installed on the device.
-
-    -   [How to Create PFX Certificate Profiles in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/mt131410(v=technet.10))
-    -   [Enable access to company resources using certificate profiles with Microsoft Intune](/mem/intune/protect/certificates-configure)
-
-## Choose S/MIME settings
-
-On the device, perform the following steps: (add select certificate)
-
-1.  Open the Mail app.
-
-2.  Open **Settings** by tapping the gear icon on a PC, or the ellipsis (...) and then the gear icon on a phone.
-
-    :::image type="content" alt-text="settings icon in mail app." source="images/mailsettings.png":::
-
-3.  Tap **Email security**.
-
-    :::image type="content" alt-text="email security settings." source="images/emailsecurity.png":::
-
-4.  In **Select an account**, select the account for which you want to configure S/MIME options.
-
-5.  Make a certificate selection for digital signature and encryption.
-
-    -   Select **Automatically** to let the app choose the certificate.
-    -   Select **Manually** to specify the certificate yourself from the list of valid certificates on the device.
-6.  (Optional) Select **Always sign with S/MIME**, **Always encrypt with S/MIME**, or both, to automatically digitally sign or encrypt all outgoing messages.
-
-    > [!NOTE]
-    > The option to sign or encrypt can be changed for individual messages, unless EAS policies prevent it.
-     
-7.  Tap the back arrow.
-
-## Encrypt or sign individual messages
-
-1.  While composing a message, choose **Options** from the ribbon. On phone, **Options** can be accessed by tapping the ellipsis (...).
-
-2.  Use **Sign** and **Encrypt** icons to turn on digital signature and encryption for this message.
-
-    :::image type="content" alt-text="sign or encrypt message." source="images/signencrypt.png":::
-
-## Read signed or encrypted messages
-
-When you receive an encrypted message, the mail app will check whether there is a certificate available on your computer. If there is a certificate available, the message will be decrypted when you open it. If your certificate is stored on a smartcard, you will be prompted to insert the smartcard to read the message. Your smartcard may also require a PIN to access the certificate.
-
-## Install certificates from a received message
-
-When you receive a signed email, the app provides a feature to install corresponding encryption certificate on your device if the certificate is available. This certificate can then be used to send encrypted email to this person.
-
-1.  Open a signed email.
-
-2.  Tap or click the digital signature icon in the reading pane.
-
-3.  Tap **Install.**
-
-    :::image type="content" alt-text="message security information." source="images/installcert.png":::
- 
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 32967fd8b7..5a6e9fd2c9 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -1,64 +1,93 @@
 ---
-ms.date: 08/17/2017
+ms.date: 08/31/2023
 title: Additional mitigations
-description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
-ms.topic: article
+description: Learn how to improve the security of your domain environment with additional mitigations for Credential Guard and sample code.
+ms.topic: reference
 ---
 
 # Additional mitigations
 
-Windows Defender Credential Guard can provide mitigation against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Windows Defender Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, re-using previously stolen credentials prior to Windows Defender Credential Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigation also must be deployed to make the domain environment more robust.
+Credential Guard offers mitigations against attacks on derived credentials, preventing the use of stolen credentials elsewhere. However, devices can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, re-using stolen credentials prior to the enablement of Credential Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigation also must be deployed to make the domain environment more robust.
 
-## Restricting domain users to specific domain-joined devices
+## Additional security qualifications
 
-Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices that have Windows Defender Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Windows Defender Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
+All devices that meet baseline protections for hardware, firmware, and software can use Credential Guard.\
+Devices that meet more qualifications can provide added protections to further reduce the attack surface.
+
+The following table list qualifications for improved security. We recommend meeting the additional qualifications to strengthen the level of security that Credential Guard can provide.
+
+|Protection |Requirements|Security Benefits|
+|---|---|---|
+|**Secure Boot configuration and management**|- BIOS password or stronger authentication must be supported</br> - In the BIOS configuration, BIOS authentication must be set</br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, *Boot only from internal hard drive*) and boot device order, overriding `BOOTORDER` modification made by the operating system | - Prevent other operating systems from starting <br> -Prevent changes to the BIOS settings|
+|**Hardware Rooted Trust Platform Secure Boot**|- Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby</br> - Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](/windows-hardware/test/hlk/testref/hardware-security-testability-specification)|- Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware. </br> - HSTI provides security assurance for correctly secured silicon and platform|
+|**Firmware Update through Windows Update**|- Firmware must support field updates through Windows Update and UEFI encapsulation update|Helps ensure that firmware updates are fast, secure, and reliable.|
+|**Securing Boot Configuration and Management**|- Required BIOS capabilities: ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time </br> - Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should use ISV-provided certificates or OEM certificate for the specific UEFI software|- Enterprises can choose to allow proprietary EFI drivers/applications to run </br> - Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots|
+|**VBS enablement of No-Execute (NX) protection for UEFI runtime services**|- VBS enables NX protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet the following requirements: </br>&emsp; - Implement UEFI 2.6 `EFI_MEMORY_ATTRIBUTES_TABLE`. All UEFI runtime service memory (code and data) must be described by this table </br>&emsp; - PE sections must be page-aligned in memory (not required for in non-volatile storage). </br>&emsp; - The Memory Attributes Table needs to correctly mark code and data as `RO/NX` for configuration by the OS </br>&emsp; - All entries must include attributes `EFI_MEMORY_RO`, `EFI_MEMORY_XP`, or both. </br>&emsp; - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writable and non-executable </br> (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|- Vulnerabilities in UEFI runtime, if any, are blocked from compromising VBS (such as in functions like *UpdateCapsule* and *SetVariable*) </br> - Reduces the attack surface to VBS from system firmware.|
+|**Firmware support for SMM protection**|- The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an ACPI table that was created for use with Windows operating systems that support Windows virtualization-based features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)<br>- Reduces the attack surface to VBS from system firmware<br>- Blocks additional security attacks against SMM|
+
+> [!IMPORTANT]
+>
+> Regarding **VBS enablement of NX protection for UEFI runtime services**:
+>
+> - It only applies to UEFI runtime service memory, and not UEFI boot service memory
+> - The protection is applied by VBS on OS page tables
+> - Don't use sections that are both writable and executable
+> - Don't attempt to directly modify executable system memory
+> - Don't use dynamic code
+
+## Restrict domain users to specific domain-joined devices
+
+Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices that have Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
 
 ### Kerberos armoring
 
-Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. 
+Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks.
+
+To enable Kerberos armoring for restricting domain users to specific domain-joined devices:
 
-**To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
 - Users need to be in domains that are running Windows Server 2012 R2 or higher
 - All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
-- All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+- All the devices with Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
 
-### Protecting domain-joined device secrets
+### Protect domain-joined device secrets
 
-Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Windows Defender Credential Guard, the private key can be protected. Then authentication policies can require that users sign on to devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
+Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on to devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
 
 Domain-joined device certificate authentication has the following requirements:
+
 - Devices' accounts are in Windows Server 2012 domain functional level or higher.
 - All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
   - KDC EKU present
-  -    DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
+  - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
 - Windows devices have the CA issuing the domain controller certificates in the enterprise store.
 - A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
-#### Deploying domain-joined device certificates
+#### Deploy domain-joined device certificates
 
 To guarantee that certificates with the required issuance policy are only installed on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates.
 
 For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template.
 
-**Creating a new certificate template**
+**Create a new certificate template**
 
-1.  From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.**
-2.  Right-click **Workstation Authentication**, and then click **Duplicate Template**.
-3.  Right-click the new template, and then click **Properties**.
-4.  On the **Extensions** tab, click **Application Policies**, and then click **Edit**.
-5.  Click **Client Authentication**, and then click **Remove**.
-6.  Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values:
+1.  From the Certificate Manager console, right-click **Certificate Templates > Manage**
+1.  Right-click **Workstation Authentication > Duplicate Template**
+1.  Right-click the new template, and then select **Properties**
+1.  On the **Extensions** tab, select **Application Policies > Edit**
+1.  Select **Client Authentication**, and then select **Remove**
+1.  Add the ID-PKInit-KPClientAuth EKU. Select **Add > New**, and then specify the following values:
     -   Name: Kerberos Client Auth
     -   Object Identifier: 1.3.6.1.5.2.3.4
-7.  On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**.
-8.  Under **Issuance Policies**, click**High Assurance**.
-9.  On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box.
+1.  On the **Extensions** tab, select **Issuance Policies > Edit**
+1.  Under **Issuance Policies**, select **High Assurance**
+1.  On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box
 
-Then on the devices that are running Windows Defender Credential Guard, enroll the devices using the certificate you just created.
+Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created.
 
-**Enrolling devices in a certificate**
+**Enroll devices in a certificate**
 
 Run the following command:
+
 ```powershell
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
@@ -88,7 +117,7 @@ From a Windows PowerShell command prompt, run the following command:
 .\set-IssuancePolicyToGroupLink.ps1 -IssuancePolicyName:"<name of issuance policy>" -groupOU:"<Name of OU to create>" -groupName:"<name of Universal security group to create>"
 ```
 
-### Restricting user sign-on
+### Restrict user sign-on
 
 So we now have completed the following:
 
@@ -101,25 +130,25 @@ Authentication policies have the following requirements:
 
 **Creating an authentication policy restricting users to the specific universal security group**
 
-1. Open Active Directory Administrative Center.
-1. Click **Authentication**, click **New**, and then click **Authentication Policy**.
-1. In the **Display name** box, enter a name for this authentication policy.
-1. Under the **Accounts** heading, click **Add**.
-1. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**.
-1. Under the **User Sign On** heading, click the **Edit** button.
-1. Click **Add a condition**.
-1. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
-1. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
-1. Click **OK** to close the **Edit Access Control Conditions** box.
-1. Click **OK** to create the authentication policy.
-1. Close Active Directory Administrative Center.
+1. Open Active Directory Administrative Center
+1. Select **Authentication > New > Authentication Policy**
+1. In the **Display name** box, enter a name for this authentication policy
+1. Under the **Accounts** heading, select **Add**
+1. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then select **OK**
+1. Under the **User Sign On** heading, select the **Edit** button
+1. Select **Add a condition**
+1. In the **Edit Access Control Conditions** box, ensure that it reads **User > Group > Member of each > Value**, and then select **Add items**
+1. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then select **OK**
+1. Select **OK** to close the **Edit Access Control Conditions** box
+1. Select **OK** to create the authentication policy
+1. Select Active Directory Administrative Center
 
 > [!NOTE]
 > When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
 
-#### Discovering authentication failures due to authentication policies
+#### Discover authentication failures due to authentication policies
 
-To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
+To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then select **Enable Log**.
 
 To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn486813(v=ws.11)).
 
diff --git a/windows/security/identity-protection/credential-guard/configure.md b/windows/security/identity-protection/credential-guard/configure.md
new file mode 100644
index 0000000000..21c87bfeeb
--- /dev/null
+++ b/windows/security/identity-protection/credential-guard/configure.md
@@ -0,0 +1,413 @@
+---
+title: Configure Credential Guard 
+description: Learn how to configure Credential Guard using MDM, Group Policy, or the registry.
+ms.date: 08/31/2023
+ms.collection:
+  - highpri
+  - tier2
+ms.topic: how-to
+---
+
+# Configure Credential Guard
+
+This article describes how to configure Credential Guard using Microsoft Intune, Group Policy, or the registry.
+
+## Default enablement
+
+Starting in **Windows 11, version 22H2**, Credential Guard is turned on by default on devices that [meet the requirements](index.md#hardware-and-software-requirements). The default enablement is **without UEFI Lock**, which allows administrators to disable Credential Guard remotely, if needed.
+
+If Credential Guard or VBS are disabled *before* a device is updated to Windows 11, version 22H2 or later, default enablement doesn't overwrite the existing settings.
+
+While the default state of Credential Guard changed, system administrators can [enable](#enable-credential-guard) or [disable](#disable-credential-guard) it using one of the methods described in this article.
+
+> [!IMPORTANT]
+> For information about known issues related to default enablement, see [Credential Guard: known issues](considerations-known-issues.md#single-sign-on-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
+
+> [!NOTE]
+> Devices running Windows 11 Pro/Pro Edu 22H2 or later may have Virtualization-based Security (VBS) and/or Credential Guard automatically enabled if they meet the other requirements for default enablement, and have previously run Credential Guard. For example if Credential Guard was enabled on an Enterprise device that later downgraded to Pro.
+>
+> To determine whether the Pro device is in this state, check if the following registry key exists: `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\IsolatedCredentialsRootSecret`. In this scenario, if you wish to disable VBS and Credential Guard, follow the instructions to [disable Virtualization-based Security](#disable-virtualization-based-security). If you wish to disable Credential Guard only, without disabling VBS, use the procedures to [disable Credential Guard](#disable-credential-guard).
+
+## Enable Credential Guard
+
+Credential Guard should be enabled before a device is joined to a domain or before a domain user signs in for the first time. If Credential Guard is enabled after domain join, the user and device secrets may already be compromised.
+
+To enable Credential Guard, you can use:
+
+- Microsoft Intune/MDM
+- Group policy
+- Registry
+
+[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
+
+#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
+
+### Configure Credential Guard with Intune
+
+[!INCLUDE [intune-settings-catalog-1](../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| Device Guard | Credential Guard | Select one of the options:<br>&emsp;- **Enabled with UEFI lock**<br>&emsp;- **Enabled without lock** |
+
+>[!IMPORTANT]
+> If you want to be able to turn off Credential Guard remotely, choose the option **Enabled without lock**.
+
+[!INCLUDE [intune-settings-catalog-2](../../../../includes/configure/intune-settings-catalog-2.md)]
+
+> [!TIP]
+> You can also configure Credential Guard by using an *account protection* profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the [DeviceGuard Policy CSP][CSP-1].
+
+| Setting |
+|--------|
+| **Setting name**: Turn On Virtualization Based Security<br>**OMA-URI**: `./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity`<br>**Data type**: int<br>**Value**: `1`|
+| **Setting name**: Credential Guard Configuration<br>**OMA-URI**: `./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags`<br>**Data type**: int<br>**Value**:<br>&emsp;**Enabled with UEFI lock**: `1`<br>&emsp;**Enabled without lock**: `2`|
+
+Once the policy is applied, restart the device.
+
+#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
+
+### Configure Credential Guard with group policy
+
+[!INCLUDE [gpo-settings-1](../../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\System\Device Guard** |Turn On Virtualization Based Security | **Enabled** and select one of the options listed under the **Credential Guard Configuration** dropdown:<br>&emsp;- **Enabled with UEFI lock**<br>&emsp;- **Enabled without lock**|
+
+>[!IMPORTANT]
+> If you want to be able to turn off Credential Guard remotely, choose the option **Enabled without lock**.
+
+[!INCLUDE [gpo-settings-2](../../../../includes/configure/gpo-settings-2.md)]
+
+Once the policy is applied, restart the device.
+
+#### [:::image type="icon" source="../../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
+
+### Configure Credential Guard with registry settings
+
+To configure devices using the registry, use the following settings:
+
+| Setting |
+|--|
+| **Key path**: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard` <br>**Key name**: `EnableVirtualizationBasedSecurity`<br>**Type**: `REG_DWORD`<br>**Value**: `1` (to enable Virtualization Based Security)|
+| **Key path**: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard` <br>**Key name**: `RequirePlatformSecurityFeatures`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` (to use Secure Boot)<br>&emsp;`3` (to use Secure Boot and DMA protection) |
+| **Key path**: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa` <br>**Key name**: `LsaCfgFlags`<br>**Type**: `REG_DWORD`<br>**Value**:<br>&emsp;`1` (to enable Credential Guard with UEFI lock)<br>&emsp;`2` (to enable Credential Guard without lock)|
+
+Restart the device to apply the change.
+
+> [!TIP]
+> You can enable Credential Guard by setting the registry entries in the [*FirstLogonCommands*](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-firstlogoncommands) unattend setting.
+
+---
+
+### Verify if Credential Guard is enabled
+
+Checking Task Manager if `LsaIso.exe` is running isn't a recommended method for determining whether Credential Guard is running. Instead, use one of the following methods:
+
+- System Information
+- PowerShell
+- Event Viewer
+
+#### System Information
+
+You can use *System Information* to determine whether Credential Guard is running on a device.
+
+1. Select **Start**, type `msinfo32.exe`, and then select **System Information**
+1. Select **System Summary**
+1. Confirm that **Credential Guard** is shown next to **Virtualization-based Security Services Running**
+
+#### PowerShell
+
+You can use PowerShell to determine whether Credential Guard is running on a device. From an elevated PowerShell session, use the following command:
+
+```powershell
+(Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning
+```
+
+The command generates the following output:  
+
+- **0**: Credential Guard is disabled (not running)
+- **1**: Credential Guard is enabled (running)
+
+#### Event viewer
+
+Perform regular reviews of the devices that have Credential Guard enabled, using security audit policies or WMI queries.\
+Open the Event Viewer (`eventvwr.exe`) and go to `Windows Logs\System` and filter the event sources for *WinInit*:
+
+:::row:::
+  :::column span="1":::
+  **Event ID**
+  :::column-end:::
+  :::column span="3":::
+  **Description**
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  13 (Information)
+  :::column-end:::
+  :::column span="3":::
+  ```logging
+  Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
+  ```
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  `14` (Information)
+  :::column-end:::
+  :::column span="3":::
+  ```logging
+  Credential Guard (LsaIso.exe) configuration: [**0x0** | **0x1** | **0x2**], **0**
+  ```
+  - The first variable: **0x1** or **0x2** means that Credential Guard is configured to run. **0x0** means that it's not configured to run.
+  - The second variable: **0** means that it's configured to run in protect mode. **1** means that it's configured to run in test mode. This variable should always be **0**.
+    :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  `15` (Warning)
+  :::column-end:::
+  :::column span="3":::
+  ```logging
+  Credential Guard (LsaIso.exe) is configured but the secure kernel isn't running;
+  continuing without Credential Guard.
+  ```
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  `16` (Warning)
+  :::column-end:::
+  :::column span="3":::
+  ```logging
+  Credential Guard (LsaIso.exe) failed to launch: [error code]
+  ```
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  `17`
+  :::column-end:::
+  :::column span="3":::
+  ```logging
+  Error reading Credential Guard (LsaIso.exe) UEFI configuration: [error code]
+  ```
+  :::column-end:::
+:::row-end:::
+
+The following event indicates whether TPM is used for key protection. Path: `Applications and Services logs > Microsoft > Windows > Kernel-Boot`
+
+:::row:::
+  :::column span="1":::
+  **Event ID**
+  :::column-end:::
+  :::column span="3":::
+  **Description**
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  51 (Information)
+  :::column-end:::
+  :::column span="3":::
+  ```logging
+  VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.
+  ```
+  :::column-end:::
+:::row-end:::
+
+If you're running with a TPM, the TPM PCR mask value is something other than 0.
+
+## Disable Credential Guard
+
+There are different options to disable Credential Guard. The option you choose depends on how Credential Guard is configured:
+
+- Credential Guard running in a virtual machine can be [disabled by the host](#disable-credential-guard-for-a-virtual-machine)
+- If Credential Guard is enabled **with UEFI Lock**, follow the procedure described in [disable Credential Guard with UEFI Lock](#disable-credential-guard-with-uefi-lock)
+- If Credential Guard is enabled **without UEFI Lock**, or as part of the automatic enablement in the Windows 11, version 22H2 update, use one of the following options to disable it:
+  - Microsoft Intune/MDM
+  - Group policy
+  - Registry
+
+[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
+
+#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
+
+### Disable Credential Guard with Intune
+
+If Credential Guard is enabled via Intune and without UEFI Lock, disabling the same policy setting disables Credential Guard.
+
+[!INCLUDE [intune-settings-catalog-1](../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| Device Guard | Credential Guard | **Disabled** |
+
+[!INCLUDE [intune-settings-catalog-2](../../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the [DeviceGuard Policy CSP][CSP-1].
+
+| Setting |
+|--------|
+| **Setting name**: Credential Guard Configuration<br>**OMA-URI**: `./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags`<br>**Data type**: int<br>**Value**: `0`|
+
+Once the policy is applied, restart the device.
+
+#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
+
+### Disable  Credential Guard with group policy
+
+If Credential Guard is enabled via Group Policy and without UEFI Lock, disabling the same group policy setting disables Credential Guard.
+
+[!INCLUDE [gpo-settings-1](../../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\System\Device Guard** |Turn On Virtualization Based Security | **Disabled** |
+
+[!INCLUDE [gpo-settings-2](../../../../includes/configure/gpo-settings-2.md)]
+
+Once the policy is applied, restart the device.
+
+#### [:::image type="icon" source="../../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
+
+### Disable Credential Guard with registry settings
+
+If Credential Guard is enabled without UEFI Lock and without Group Policy, it's sufficient to edit the registry keys to disable it.
+
+| Setting |
+|-|
+| **Key path**: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa` <br>**Key name**: `LsaCfgFlags`<br>**Type**: `REG_DWORD`<br>**Value**: `0`|
+| **Key path**: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard` <br>**Key name**: `LsaCfgFlags`<br>**Type**: `REG_DWORD`<br>**Value**: `0`|
+
+> [!NOTE]
+> Deleting these registry settings may not disable Credential Guard. They must be set to a value of 0.
+
+Restart the device to apply the change.
+
+---
+
+For information on disabling Virtualization-based Security (VBS), see [disable Virtualization-based Security](#disable-virtualization-based-security).
+
+### Disable Credential Guard with UEFI lock
+
+If Credential Guard is enabled with UEFI lock, follow this procedure since the settings are persisted in EFI (firmware) variables.
+
+> [!NOTE]
+> This scenario requires physical presence at the machine to press a function key to accept the change.
+
+1. Follow the steps in [Disable Credential Guard](#disable-credential-guard)
+1. Delete the Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
+
+   ```cmd
+   mountvol X: /s
+   copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
+   bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
+   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
+   bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
+   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
+   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
+   mountvol X: /d
+   ```
+
+1. Restart the device. Before the OS boots, a prompt appears notifying that UEFI was modified, and asking for confirmation. The prompt must be confirmed for the changes to persist.
+
+### Disable Credential Guard for a virtual machine
+
+From the host, you can disable Credential Guard for a virtual machine with the following command:
+
+```powershell
+Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
+```
+
+## Disable Virtualization-based Security
+
+If you disable Virtualization-based Security (VBS), you'll automatically disable Credential Guard and other features that rely on VBS.
+
+> [!IMPORTANT]
+> Other security features beside Credential Guard rely on VBS. Disabling VBS may have unintended side effects.
+
+Use one of the following options to disable VBS:
+
+- Microsoft Intune/MDM
+- Group policy
+- Registry
+
+[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
+
+#### [:::image type="icon" source="../../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
+
+### Disable VBS with Intune
+
+If VBS is enabled via Intune and without UEFI Lock, disabling the same policy setting disables VBS.
+
+[!INCLUDE [intune-settings-catalog-1](../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| Device Guard | Enable Virtualization Based Security | **Disabled** |
+
+[!INCLUDE [intune-settings-catalog-2](../../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the [DeviceGuard Policy CSP][CSP-1].
+
+| Setting |
+|--------|
+| **Setting name**: Turn On Virtualization Based Security<br>**OMA-URI**: `./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity`<br>**Data type**: int<br>**Value**: `0`|
+
+Once the policy is applied, restart the device.
+
+#### [:::image type="icon" source="../../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
+
+### Disable  VBS with group policy
+
+Configure the policy used to enable VBS to **Disabled**.
+
+[!INCLUDE [gpo-settings-1](../../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\System\Device Guard\Turn on Virtualization Based Security** |Turn On Virtualization Based Security | **Disabled** |
+
+[!INCLUDE [gpo-settings-2](../../../../includes/configure/gpo-settings-2.md)]
+
+Once the policy is applied, restart the device
+
+#### [:::image type="icon" source="../../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
+
+### Disable VBS with registry settings
+
+Delete the following registry keys:
+
+| Setting |
+|--|
+| Key path: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard` <br>Key name: `EnableVirtualizationBasedSecurity` |
+| Key path: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard` <br>Key name: `RequirePlatformSecurityFeatures`|
+
+> [!IMPORTANT]
+> If you manually remove the registry settings, make sure to delete them all, otherwise the device might go into BitLocker recovery.
+
+Restart the device to apply the change.
+
+---
+
+If Credential Guard is enabled with UEFI Lock, the EFI variables stored in firmware must be cleared using the command `bcdedit.exe`. From an elevated command prompt, run the following commands:
+
+```cmd
+bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+bcdedit /set vsmlaunchtype off
+```
+
+## Next steps
+
+- Review the advice and sample code for making your environment more secure and robust with Credential Guard in the [Additional mitigations](additional-mitigations.md) article
+- Review [considerations and known issues when using Credential Guard](considerations-known-issues.md)
+
+<!--links-->
+
+[CSP-1]: /windows/client-management/mdm/policy-csp-deviceguard#enablevirtualizationbasedsecurity
+[INT-1]: /mem/intune/configuration/settings-catalog
diff --git a/windows/security/identity-protection/credential-guard/considerations-known-issues.md b/windows/security/identity-protection/credential-guard/considerations-known-issues.md
new file mode 100644
index 0000000000..26ee36124b
--- /dev/null
+++ b/windows/security/identity-protection/credential-guard/considerations-known-issues.md
@@ -0,0 +1,235 @@
+---
+ms.date: 08/31/2023
+title: Considerations and known issues when using Credential Guard
+description: Considerations, recommendations and known issues when using Credential Guard.
+ms.topic: troubleshooting
+---
+
+# Considerations and known issues when using Credential Guard
+
+It's recommended that in addition to deploying Credential Guard, organizations move away from passwords to other authentication methods, such as Windows Hello for Business, FIDO 2 security keys or smart cards.
+
+## Wi-fi and VPN considerations
+
+When you enable Credential Guard, you can no longer use NTLM classic authentication for single sign-on. You'll be forced to enter your credentials to use these protocols and can't save the credentials for future use.
+
+If you're using WiFi and VPN endpoints that are based on MS-CHAPv2, they're subject to similar attacks as for NTLMv1.
+
+For WiFi and VPN connections, it's recommended to move from MSCHAPv2-based connections (such as PEAP-MSCHAPv2 and EAP-MSCHAPv2), to certificate-based authentication (such as PEAP-TLS or EAP-TLS).
+
+## Kerberos considerations
+
+When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process.\
+Use constrained or resource-based Kerberos delegation instead.
+
+## Third party Security Support Providers considerations
+
+Some third party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard because it doesn't allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs aren't supported.\
+It's recommended that custom implementations of SSPs/APs are tested with Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API isn't supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs.
+
+For more information, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package).
+
+## Upgrade considerations
+
+As the depth and breadth of protections provided by Credential Guard are increased, new releases of Windows with Credential Guard running may affect scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities.
+
+Test scenarios required for operations in an organization before upgrading a device using Credential Guard.
+
+## Saved Windows credentials considerations
+
+*Credential Manager* allows you to store three types of credentials:
+
+- Windows credentials
+- Certificate-based credentials
+- Generic credentials
+
+Domain credentials that are stored in *Credential Manager* are protected with Credential Guard.
+
+Generic credentials, such as user names and passwords that you use to sign in websites, aren't protected since the applications require your clear-text password. If the application doesn't need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network.
+
+The following considerations apply to the Credential Guard protections for Credential Manager:
+
+- Windows credentials saved by the Remote Desktop client can't be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message *Logon attempt failed*
+- Applications that extract Windows credentials fail
+- When credentials are backed up from a PC that has Credential Guard enabled, the Windows credentials can't be restored. If you need to back up your credentials, you must do so before you enable Credential Guard
+
+## TPM clearing considerations
+
+Virtualization-based Security (VBS) uses the TPM to protect its key. When the TPM is cleared, the TPM protected key used to encrypt VBS secrets is lost.
+
+>[!WARNING]
+> Clearing the TPM results in loss of protected data for all features that use VBS to protect data.
+>
+> When a TPM is cleared, **all** features that use VBS to protect data can no longer decrypt their protected data.
+
+As a result, Credential Guard can no longer decrypt protected data. VBS creates a new TPM protected key for Credential Guard. Credential Guard uses the new key to protect new data. However, the previously protected data is lost forever.
+
+>[!NOTE]
+> Credential Guard obtains the key during initialization. The data loss will only impact persistent data and occur after the next system startup.
+
+### Windows credentials saved to Credential Manager
+
+Since Credential Manager can't decrypt saved Windows Credentials, they're deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard.
+
+### Domain-joined device's automatically provisioned public key
+
+Active Directory domain-joined devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
+
+Since Credential Guard can't decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless other policies are deployed, there shouldn't be a loss of functionality. If a device is configured to only use public key, then it can't authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
+
+Also if any access control checks including authentication policies require devices to have either the `KEY TRUST IDENTITY (S-1-18-4)` or `FRESH PUBLIC KEY IDENTITY (S-1-18-3)` well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
+
+### Breaking DPAPI on domain-joined devices
+
+On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery isn't possible.
+
+>[!IMPORTANT]
+> Best practice when clearing a TPM on a domain-joined device is to be on a network with connectivity to domain controllers. This ensures DPAPI functions and the user does not experience strange behavior.
+
+Auto VPN configuration is protected with user DPAPI. User may not be able to use VPN to connect to domain controllers since the VPN configurations are lost.
+If you must clear the TPM on a domain-joined device without connectivity to domain controllers, then you should consider the following.
+
+Domain user sign-in on a domain-joined device after clearing a TPM for as long as there's no connectivity to a domain controller:
+
+|Credential Type | Behavior
+|---|---|---|
+| Certificate (smart card or Windows Hello for Business) | All data protected with user DPAPI is unusable and user DPAPI doesn't work at all. |
+| Password | If the user signed in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected. |
+
+Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted.
+
+#### Impact of DPAPI failures on Windows Information Protection
+
+When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection.  The impact includes: Outlook is unable to start and work protected documents can't be opened. If DPAPI is working, then newly created work data is protected and can be accessed.
+
+**Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
+
+## Known issues
+
+Credential Guard blocks certain authentication capabilities. Applications that require such capabilities won't function when Credential Guard is enabled.
+
+This article describes known issues when Credential Guard is enabled.
+
+### Single sign-on for Network services breaks after upgrading to Windows 11, version 22H2  
+
+Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication are unable to use SSO to sign in and are forced to manually re-authenticate in every new Windows session when Credential Guard is running.  
+
+#### Affected devices
+
+Any device with Credential Guard enabled may encounter the issue. As part of the Windows 11, version 22H2 update, eligible devices that didn't disable Credential Guard, have it enabled by default. This affected all devices on Enterprise (E3 and E5) and Education licenses, as well as some Pro licenses, as long as they met the [minimum hardware requirements](index.md#hardware-and-software-requirements).
+  
+All Windows Pro devices that previously ran Credential Guard on an eligible license and later downgraded to Pro, and which still meet the [minimum hardware requirements](index.md#hardware-and-software-requirements), will receive default enablement.  
+
+> [!TIP]
+> To determine if a Windows Pro device receives default enablement when upgraded to **Windows 11, version 22H2**, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`.
+> If it's present, the device enables Credential Guard after the update.
+>
+> You can Credential Guard can be disabled after upgrade by following the [disablement instructions](configure.md#disable-credential-guard).
+
+#### Cause of the issue
+
+Applications and services are affected by the issue when they rely on insecure protocols that use password-based authentication. Such protocols are considered insecure because they can lead to password disclosure on the client or the server, and Credential Guard blocks them. Affected protocols include:
+
+- Kerberos unconstrained delegation (both SSO and supplied credentials are blocked)
+- Kerberos when PKINIT uses RSA encryption instead of Diffie-Hellman (both SSO and supplied credentials are blocked)
+- MS-CHAP (only SSO is blocked)
+- WDigest (only SSO is blocked)
+- NTLM v1 (only SSO is blocked)
+
+> [!NOTE]
+> Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can still be used by prompting the user to supply credentials.
+
+#### How to confirm the issue
+
+MS-CHAP and NTLMv1 are relevant to the SSO breakage after the Windows 11, version 22H2 update. To confirm if Credential Guard is blocking MS-CHAP or NTLMv1, open the Event Viewer (`eventvwr.exe`) and go to `Application and Services Logs\Microsoft\Windows\NTLM\Operational`. Check the following logs:
+
+:::row:::
+  :::column span="1":::
+  **Event ID (type)**
+  :::column-end:::
+  :::column span="3":::
+  **Description**
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  4013 (Warning)
+  :::column-end:::
+  :::column span="3":::
+    ```logging
+    <string
+      id="NTLMv1BlockedByCredGuard"
+      value="Attempt to use NTLMv1 failed.
+      Target server: %1%nSupplied user: %2%nSupplied domain: %3%nPID
+      of client process: %4%nName
+      of client process: %5%nLUID
+      of client process: %6%nUser identity
+      of client process: %7%nDomain name
+      of user identity of client process: %8%nMechanism OID: 9%n%n
+      This device doesn't support NTLMv1.
+    />
+    ```
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="1":::
+  4014 (Error)
+  :::column-end:::
+  :::column span="3":::
+    ```logging
+    <string
+      id="NTLMGetCredentialKeyBlockedByCredGuard"
+      value="Attempt to get credential key by call package blocked by Credential Guard.%n%n
+      Calling Process Name: %1%nService Host Tag: %2"
+    />
+    ```
+  :::column-end:::
+:::row-end:::
+
+#### How to fix the issue
+
+We recommend moving away from MSCHAPv2-based connections, such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication, like PEAP-TLS or EAP-TLS. Credential Guard doesn't block certificate-based authentication.  
+
+For a more immediate, but less secure fix, [disable Credential Guard](configure.md#disable-credential-guard). Credential Guard doesn't have per-protocol or per-application policies, and it can either be turned on or off. If you disable Credential Guard, you leave stored domain credentials vulnerable to theft.
+
+> [!TIP]
+> To prevent default enablement, configure your devices [to disable Credential Guard](configure.md#disable-credential-guard) before updating to Windows 11, version 22H2. If the setting is not configured (which is the default state) and if the device is eligible, the device automatically enable Credential Guard after the update.
+>
+> If Credential Guard is explicitly disabled, the device won't automatically enable Credential Guard after the update.  
+
+### Issues with third-party applications
+
+The following issue affects MSCHAPv2:
+
+- [Credential guard doesn't work with MSCHAPv2 configurations, of which Cisco ISE is a common enterprise implementation](https://quickview.cloudapps.cisco.com/quickview/bug/CSCul55352).
+
+The following issue affects the Java GSS API. See the following Oracle bug database article:
+
+- [JDK-8161921: Credential Guard doesn't allow sharing of TGT with Java](https://bugs.java.com/bugdatabase/view_bug?bug_id=8161921)
+
+When Credential Guard is enabled on Windows, the Java GSS API doesn't authenticate. Credential Guard blocks specific application authentication capabilities and doesn't provide the TGT session key to applications, regardless of registry key settings. For more information, see [Application requirements](index.md#application-requirements).
+
+The following issue affects McAfee Application and Change Control (MACC):
+
+- [KB88869 Windows machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Credential Guard is enabled](https://kcm.trellix.com/corporate/index?page=content&id=KB88869)
+
+The following issue affects Citrix applications:
+
+- Windows machines exhibit high CPU usage with Citrix applications installed when Credential Guard is enabled.
+
+> [!NOTE]
+> Products that connect to Virtualization Based Security (VBS) protected processes can cause Credential Guard-enabled devices to exhibit high CPU usage. For technical and troubleshooting information, see [KB4032786 High CPU usage in the LSAISO process on Windows](/troubleshoot/windows-client/performance/lsaiso-process-high-cpu-usage).
+>
+> For more technical information on LSAISO.exe, see [Isolated User Mode (IUM) Processes](/windows/win32/procthread/isolated-user-mode--ium--processes).
+
+#### Vendor support
+
+The following products and services don't support Credential Guard:
+
+- [Check Point Endpoint Security Client support for Microsoft Credential Guard and Hypervisor-Protected Code Integrity features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
+- [*VMware Workstation and Device/Credential Guard aren't compatible* error in VMware Workstation on Windows 10 host (2146361)](https://kb.vmware.com/s/article/2146361)
+- [ThinkPad support for Hypervisor-Protected Code Integrity and Credential Guard in Microsoft Windows](https://support.lenovo.com/in/en/solutions/ht503039)
+- [Windows devices with Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
+
+>[!IMPORTANT]
+>This list isn't comprehensive. Check whether your product vendor, product version, or computer system supports Credential Guard on systems that run a specific version of Windows. Specific computer system models may be incompatible with Credential Guard.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
deleted file mode 100644
index d48686101c..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ /dev/null
@@ -1,102 +0,0 @@
----
-ms.date: 01/06/2023
-title: Considerations when using Windows Defender Credential Guard
-description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard.
-ms.topic: article
----
-
-# Considerations when using Windows Defender Credential Guard
-
-It's recommended that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as Windows Hello for Business, FIDO 2 security keys or smart cards.
-
-## Wi-fi and VPN considerations
-
-When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for single sign-on. You'll be forced to enter your credentials to use these protocols and can't save the credentials for future use.\
-If you're using WiFi and VPN endpoints that are based on MS-CHAPv2, they're subject to similar attacks as for NTLMv1.
-
-For WiFi and VPN connections, it's recommended to move from MSCHAPv2-based connections (such as PEAP-MSCHAPv2 and EAP-MSCHAPv2), to certificate-based authentication (such as PEAP-TLS or EAP-TLS).
-
-## Kerberos considerations
-
-When you enable Windows Defender Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process.\
-Use constrained or resource-based Kerberos delegation instead.
-
-## Third party Security Support Providers considerations
-
-Some third party Security Support Providers (SSPs and APs) might not be compatible with Windows Defender Credential Guard because it doesn't allow third-party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs aren't supported.\
-It's recommended that custom implementations of SSPs/APs are tested with Windows Defender Credential Guard. SSPs and APs that depend on any undocumented or unsupported behaviors fail. For example, using the KerbQuerySupplementalCredentialsMessage API isn't supported. Replacing the NTLM or Kerberos SSPs with custom SSPs and APs.
-
-For more information, see [Restrictions around Registering and Installing a Security Package](/windows/win32/secauthn/restrictions-around-registering-and-installing-a-security-package).
-
-## Upgrade considerations
-
-As the depth and breadth of protections provided by Windows Defender Credential Guard are increased, new releases of Windows with Windows Defender Credential Guard running may affect scenarios that were working in the past. For example, Windows Defender Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities.
-
-Test scenarios required for operations in an organization before upgrading a device using Windows Defender Credential Guard.
-
-## Saved Windows credentials protected
-
-Domain credentials that are stored in *Credential Manager* are protected with Windows Defender Credential Guard. Credential Manager allows you to store three types of credentials:
-
-- Windows credentials
-- Certificate-based credentials
-- Generic credentials
-
-Generic credentials, such as user names and passwords that you use to sign in websites, aren't protected since the applications require your clear-text password. If the application doesn't need a copy of the password, they can save domain credentials as Windows credentials that are protected. Windows credentials are used to connect to other computers on a network.
-
-The following considerations apply to the Windows Defender Credential Guard protections for Credential Manager:
-
-- Windows credentials saved by the Remote Desktop client can't be sent to a remote host. Attempts to use saved Windows credentials fail, displaying the error message *Logon attempt failed.*
-- Applications that extract Windows credentials fail
-- When credentials are backed up from a PC that has Windows Defender Credential Guard enabled, the Windows credentials can't be restored. If you need to back up your credentials, you must do so before you enable Windows Defender Credential Guard. Otherwise, you can't restore those credentials
-
-## Clearing TPM considerations
-
-Virtualization-based Security (VBS) uses the TPM to protect its key. When the TPM is cleared, the TPM protected key used to encrypt VBS secrets is lost.
-
->[!WARNING]
-> Clearing the TPM results in loss of protected data for all features that use VBS to protect data.
->
-> When a TPM is cleared, **all** features that use VBS to protect data can no longer decrypt their protected data.
-
-As a result, Credential Guard can no longer decrypt protected data. VBS creates a new TPM protected key for Credential Guard. Credential Guard uses the new key to protect new data. However, the previously protected data is lost forever.
-
->[!NOTE]
-> Credential Guard obtains the key during initialization. The data loss will only impact persistent data and occur after the next system startup.
-
-### Windows credentials saved to Credential Manager
-
-Since Credential Manager can't decrypt saved Windows Credentials, they're deleted. Applications should prompt for credentials that were previously saved. If saved again, then Windows credentials are protected Credential Guard.
-
-### Domain-joined device's automatically provisioned public key
-
-Active Directory domain-joined devices automatically provision a bound public key, for more information about automatic public key provisioning, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
-
-Since Credential Guard can't decrypt the protected private key, Windows uses the domain-joined computer's password for authentication to the domain. Unless other policies are deployed, there shouldn't be a loss of functionality. If a device is configured to only use public key, then it can't authenticate with password until that policy is disabled. For more information on Configuring devices to only use public key, see [Domain-joined Device Public Key Authentication](/windows-server/security/kerberos/domain-joined-device-public-key-authentication).
-
-Also if any access control checks including authentication policies require devices to have either the KEY TRUST IDENTITY (S-1-18-4) or FRESH PUBLIC KEY IDENTITY (S-1-18-3) well-known SIDs, then those access checks fail. For more information about authentication policies, see [Authentication Policies and Authentication Policy Silos](/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos). For more information about well-known SIDs, see [[MS-DTYP] Section 2.4.2.4 Well-known SID Structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
-
-### Breaking DPAPI on domain-joined devices
-
-On domain-joined devices, DPAPI can recover user keys using a domain controller from the user's domain. If a domain-joined device has no connectivity to a domain controller, then recovery isn't possible.
-
->[!IMPORTANT]
-> Best practice when clearing a TPM on a domain-joined device is to be on a network with connectivity to domain controllers. This ensures DPAPI functions and the user does not experience strange behavior.
-
-Auto VPN configuration is protected with user DPAPI. User may not be able to use VPN to connect to domain controllers since the VPN configurations are lost.
-If you must clear the TPM on a domain-joined device without connectivity to domain controllers, then you should consider the following.
-
-Domain user sign-in on a domain-joined device after clearing a TPM for as long as there's no connectivity to a domain controller:
-
-|Credential Type | Behavior
-|---|---|---|
-| Certificate (smart card or Windows Hello for Business) | All data protected with user DPAPI is unusable and user DPAPI doesn't work at all. |
-| Password | If the user signed in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected. |
-
-Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted.
-
-#### Impact of DPAPI failures on Windows Information Protection
-
-When data protected with user DPAPI is unusable, then the user loses access to all work data protected by Windows Information Protection.  The impact includes: Outlook is unable to start and work protected documents can't be opened. If DPAPI is working, then newly created work data is protected and can be accessed.
-
-**Workaround:** Users can resolve the problem by connecting their device to the domain and rebooting or using their Encrypting File System Data Recovery Agent certificate. For more information about Encrypting File System Data Recovery Agent certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
\ No newline at end of file
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
deleted file mode 100644
index f6fafc39c0..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-ms.date: 08/17/2017
-title: How Windows Defender Credential Guard works
-description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
-ms.topic: conceptual
----
-
-# How Windows Defender Credential Guard works
-
-Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
-
-For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment.
-
-When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP can't use the signed-in credentials. Thus, single sign-on doesn't work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which aren't protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, aren't to be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
-
-When Windows Defender Credential Guard is enabled, Kerberos doesn't allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials.
-
-Here's a high-level overview on how the LSA is isolated by using Virtualization-based security:
-
-![Windows Defender Credential Guard overview.](images/credguard.png)  
-
-## See also
-
-**Related videos**
-
-[What is Virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
deleted file mode 100644
index f05c26620f..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ /dev/null
@@ -1,155 +0,0 @@
----
-ms.date: 11/28/2022
-title: Windows Defender Credential Guard - Known issues
-description: Windows Defender Credential Guard - Known issues in Windows Enterprise
-ms.topic: article
----
-# Windows Defender Credential Guard: Known issues
-
-Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. So applications that require such capabilities won't function when it's enabled. For more information, see [Application requirements](credential-guard-requirements.md#application-requirements).
-
-## Known Issue: Single Sign-On (SSO) for Network services breaks after upgrading to **Windows 11, version 22H2**  
-
-### Symptoms of the issue:  
-Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication will be unable to use SSO to log in and will be forced to manually re-authenticate in every new Windows session when Windows Defender Credential Guard is running.  
-
-### Affected devices:  
-Any device that enables Windows Defender Credential Guard may encounter this issue. As part of the Windows 11, version 22H2 update, eligible devices which had not previously explicitly disabled Windows Defender Credential Guard had it enabled by default. This affected all devices on Enterprise (E3 and E5) and Education licenses, as well as some Pro licenses*, as long as they met the [minimum hardware requirements](credential-guard-requirements.md#hardware-and-software-requirements). 
-  
-\* All Pro devices which previously ran Windows Defender Credential Guard on an eligible license and later downgraded to Pro, and which still meet the [minimum hardware requirements](credential-guard-requirements.md#hardware-and-software-requirements), will receive default enablement.  
-
-> [!TIP]
-> To determine if your Pro device will receive default enablement when upgraded to **Windows 11, version 22H2**, do the following **before** upgrading:  
-> Check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. If it is present, the device will have Windows Defender Credential Guard enabled after upgrading. Note that Windows Defender Credential Guard can be disabled after upgrade by following the [disablement instructions](credential-guard-manage.md#disable-windows-defender-credential-guard).
-
-### Why this is happening:  
-Applications and services are affected by this issue when they rely on insecure protocols that use password-based authentication. Windows Defender Credential Guard blocks the use of these insecure protocols by design. These protocols are considered insecure because they can lead to password disclosure on the client and the server, which is in direct contradiction to the goals of Windows Defender Credential Guard. Affected procols include:
-  - Kerberos unconstrained delegation (both SSO and supplied credentials are blocked)
-  - Kerberos when PKINIT uses RSA encryption instead of Diffie-Hellman (both SSO and supplied credentials are blocked)
-  - MS-CHAP (only SSO is blocked)
-  - WDigest (only SSO is blocked)
-  - NTLM v1 (only SSO is blocked)  
-  
-Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can still be used by prompting the user to supply credentials.  
-
-> [!NOTE]
-> MS-CHAP and NTLMv1 are particularly relevant to the observed SSO breakage after the Windows 11, version 22H2 update. To confirm whether Windows Defender Credential Guard is blocking either of these protocols, check the NTLM event logs in Event Viewer at `Application and Services Logs\Microsoft\Windows\NTLM\Operational` for the following warning and/or error:  
-  >  
-  > **Event ID 4013** (Warning)  
-  > ```
-  > <string  
-  >   id="NTLMv1BlockedByCredGuard"  
-  >   value="Attempt to use NTLMv1 failed.
-  >   Target server: %1%nSupplied user: %2%nSupplied domain: %3%nPID of client process: %4%nName of client process: %5%nLUID of client process: %6%nUser identity of client process: %7%nDomain name of user identity of client process: %8%nMechanism OID: %9%n%nThis device does not support NTLMv1. For more information, see https://go.microsoft.com/fwlink/?linkid=856826."  
-  > />  
-  >  ```
-  >  
-  > **Event ID 4014** (Error)  
-  > ```
-  > <string  
-  >    id="NTLMGetCredentialKeyBlockedByCredGuard"  
-  >    value="Attempt to get credential key by call package blocked by Credential Guard.%n%nCalling Process Name: %1%nService Host Tag: %2"  
-  > />  
-  > ```
-
-### Options to fix the issue:  
-
-Microsoft recommends that organizations move away from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. Windows Defender Credential Guard will not block certificate-based authentication.  
-
-For a more immediate but less secure fix, [disable Windows Defender Credential Guard](credential-guard-manage.md#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
-
-> [!TIP]
-> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage.md#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (which is the default state), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating. This process can also be done via Mobile Device Management (MDM) policy rather than Group Policy if the devices are currently being managed by MDM.  
-
-## Known issues involving third-party applications
-
-The following issue affects MSCHAPv2:
-
-- [Credential guard doesn't work with MSCHAPv2 configurations, of which Cisco ISE is a very popular enterprise implementation](https://quickview.cloudapps.cisco.com/quickview/bug/CSCul55352).
-
-The following issue affects the Java GSS API. See the following Oracle bug database article:
-
-- [JDK-8161921: Windows Defender Credential Guard doesn't allow sharing of TGT with Java](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8161921)
-
-When Windows Defender Credential Guard is enabled on Windows, the Java GSS API won't authenticate. This is expected behavior because Windows Defender Credential Guard blocks specific application authentication capabilities and won't provide the TGT session key to applications regardless of registry key settings. For more information, see [Application requirements](credential-guard-requirements.md#application-requirements).
-
-The following issue affects Cisco AnyConnect Secure Mobility Client:
-
-- [Blue screen on Windows computers running Hypervisor-Protected Code Integrity and Windows Defender Credential Guard with Cisco Anyconnect 4.3.04027](https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc66692)
-
-The following issue affects McAfee Application and Change Control (MACC):
-
-- [KB88869 Windows machines exhibit high CPU usage with McAfee Application and Change Control (MACC) installed when Windows Defender Credential Guard is enabled](https://kcm.trellix.com/corporate/index?page=content&id=KB88869) <sup>[Note 1](#bkmk_note1)</sup>
-
-The following issue affects Citrix applications:
-
-- Windows machines exhibit high CPU usage with Citrix applications installed when Windows Defender Credential Guard is enabled. <sup>[Note 1](#bkmk_note1)</sup>
-
-<a name="bkmk_note1"></a>
-
-> [!NOTE]
-> **Note 1**: Products that connect to Virtualization Based Security (VBS) protected processes can cause Windows Defender Credential Guard-enabled Windows 10, Windows 11, Windows Server 2016, or Windows Server 2019 machines to exhibit high CPU usage. For technical and troubleshooting information, see [KB4032786 High CPU usage in the LSAISO process on Windows](/troubleshoot/windows-client/performance/lsaiso-process-high-cpu-usage).
->
-> For more technical information on LSAISO.exe, see [Isolated User Mode (IUM) Processes](/windows/win32/procthread/isolated-user-mode--ium--processes).
-
-## Vendor support
-
-For more information on Citrix support for Secure Boot, see [Citrix Support for Secure Boot](https://www.citrix.com/blogs/2016/12/08/windows-server-2016-hyper-v-secure-boot-support-now-available-in-xenapp-7-12/)
-
-Windows Defender Credential Guard isn't supported by the following products, products versions, computer systems, or Windows 10 versions:
-
-- [Support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard on Windows with McAfee encryption products](https://kcm.trellix.com/corporate/index?page=content&id=KB86009KB86009)
-
-- [Check Point Endpoint Security Client support for Microsoft Windows Defender Credential Guard and Hypervisor-Protected Code Integrity features](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113912)
-
-- ["VMware Workstation and Device/Credential Guard are not compatible" error in VMware Workstation on Windows 10 host (2146361)](https://kb.vmware.com/s/article/2146361)
-
-- [ThinkPad support for Hypervisor-Protected Code Integrity and Windows Defender Credential Guard in Microsoft Windows](https://support.lenovo.com/in/en/solutions/ht503039)
-
-- [Windows devices with Windows Defender Credential Guard and Symantec Endpoint Protection 12.1](https://www.symantec.com/connect/forums/windows-10-device-guard-credentials-guard-and-sep-121)
-
-This list isn't comprehensive. Check whether your product vendor, product version, or computer system supports Windows Defender Credential Guard on systems that run Windows or specific versions of Windows. Specific computer system models may be incompatible with Windows Defender Credential Guard.
-
-Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
-  
-## Previous known issues that have been fixed
-  
-The following known issues have been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4):
-
-- Scheduled tasks with domain user-stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
-
-    ```console
-    Task Scheduler failed to log on '\Test'.
-    Failure occurred in 'LogonUserExEx'.
-    User Action: Ensure the credentials for the task are correctly specified.
-    Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect).
-    ```
-
-- When you enable NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. You also get a similar user name in a user logon failure event 4625 with error 0xC0000064 on the machine itself. For example:
-
-    ```console
-    Log Name: Microsoft-Windows-NTLM/Operational
-    Source: Microsoft-Windows-Security-Netlogon
-    Event ID: 8004
-    Task Category: Auditing NTLM
-    Level: Information
-    Description:
-    Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
-    Secure Channel name: <Secure Channel Name>
-    User name:
-    @@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA
-    Domain name: NULL
-    ```
-
-  - This event stems from a scheduled task running under local user context with the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4) or later and happens when Credential Guard is enabled.
-  - The username appears in an unusual format because local accounts aren't protected by Credential Guard. The task also fails to execute.
-  - As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account.
-
-The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
-
-- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows machines](https://support.microsoft.com/topic/april-11-2017-kb4015217-os-build-14393-1066-and-14393-1083-b5f79067-98bd-b4ec-8b81-5d858d7dc722)
-
-    This issue can potentially lead to unexpected account lockouts. For more information, see the following support articles:
-
-  - [KB4015219](https://support.microsoft.com/topic/april-11-2017-kb4015219-os-build-10586-873-68b8e379-aafa-ea6c-6b29-56d19785e657)
-  - [KB4015221](https://support.microsoft.com/topic/april-11-2017-kb4015221-os-build-10240-17354-743f52bc-a484-d23f-71f5-b9957cbae0e6)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
deleted file mode 100644
index 295926ae5f..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ /dev/null
@@ -1,304 +0,0 @@
----
-title: Manage Windows Defender Credential Guard 
-description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy or the registry.
-ms.date: 11/23/2022
-ms.collection:
-  - highpri
-  - tier2
-ms.topic: article
----
-
-# Manage Windows Defender Credential Guard
-
-## Default Enablement
-
-Starting in **Windows 11 Enterprise, version 22H2** and **Windows 11 Education, version 22H2**, compatible systems have Windows Defender Credential Guard turned on by default. This feature changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below.  
-  
-Known issues arising from default enablement are documented in [Windows Defender Credential Guard: Known issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
-
-### Requirements for automatic enablement
-
-Windows Defender Credential Guard will be enabled by default when a PC meets the following minimum requirements:
-
-|Component|Requirement|
-|---|---|
-|Operating System|**Windows 11 Enterprise, version 22H2** or **Windows 11 Education, version 22H2**|
-|Existing Windows Defender Credential Guard Requirements|Only devices that meet the [existing hardware and software requirements](credential-guard-requirements.md#hardware-and-software-requirements) to run Windows Defender Credential Guard will have it enabled by default.|
-|Virtualization-based Security (VBS) Requirements|VBS must be enabled in order to run Windows Defender Credential Guard. Starting with Windows 11 Enterprise 22H2 and Windows 11 Education 22H2, devices that meet the requirements to run Windows Defender Credential Guard as well as the [minimum requirements to enable VBS](/windows-hardware/design/device-experiences/oem-vbs) will have both Windows Defender Credential Guard and VBS enabled by default.
-
-> [!NOTE]
-> If Windows Defender Credential Guard or VBS has previously been explicitly disabled, default enablement will not overwrite this setting.
-
-> [!NOTE]
-> Devices running Windows 11 Pro 22H2 may have Virtualization-Based Security (VBS) and/or Windows Defender Credential Guard automaticaly enabled if they meet the other requirements for default enablement listed above and have previously run Windows Defender Credential Guard (for example if Windows Defender Credential Guard was running on an Enterprise device that later downgraded to Pro).
-> 
-> To determine whether the Pro device is in this state, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. In this scenario, if you wish to disable VBS and Windows Defender Credential Guard, follow the instructions for [disabling Virtualization-Based Security](#disabling-virtualization-based-security). If you wish to disable only Windows Defender Credential Guard without disabling Virtualization-Based Security, use the procedures for [disabling Windows Defender Credential Guard](#disable-windows-defender-credential-guard).
-
-## Enable Windows Defender Credential Guard
-
-Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy) or the [registry](#enable-windows-defender-credential-guard-by-using-the-registry). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.
-The same set of procedures used to enable Windows Defender Credential Guard on physical machines applies also to virtual machines.
-
-> [!NOTE]
-> Credential Guard and Device Guard are not supported when using Azure Gen 1 VMs. These options are available with Gen 2 VMs only.
-
-### Enable Windows Defender Credential Guard by using Group Policy
-
-You can use Group Policy to enable Windows Defender Credential Guard. When enabled, it will add and enable the virtualization-based security features for you if needed.
-
-1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.
-
-1. Select **Turn On Virtualization Based Security**, and then select the **Enabled** option.
-
-1. In the **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**.
-
-1. In the **Credential Guard Configuration** box, select **Enabled with UEFI lock**. If you want to be able to turn off Windows Defender Credential Guard remotely, choose **Enabled without lock**.
-
-1. In the **Secure Launch Configuration** box, choose **Not Configured**, **Enabled** or **Disabled**. For more information, see [System Guard Secure Launch and SMM protection](../../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md).
-
-   :::image type="content" source="images/credguard-gp.png" alt-text="Windows Defender Credential Guard Group Policy setting.":::
-
-1. Select **OK**, and then close the Group Policy Management Console.
-
-To enforce processing of the group policy, you can run `gpupdate /force`.
-
-### Enable Windows Defender Credential Guard by using Microsoft Intune
-
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices**.
-
-1. Select **Configuration Profiles**.
-
-1. Select  **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**.
-
-   1. Configuration settings: In the settings picker, select **Device Guard** as category and add the needed settings.
-
-> [!NOTE]
-> Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
-
-> [!TIP]
-> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
-
-### Enable Windows Defender Credential Guard by using the registry
-
-If you don't use Group Policy, you can enable Windows Defender Credential Guard by using the registry. Windows Defender Credential Guard uses virtualization-based security features that have to be enabled first on some operating systems.
-
-#### Add the virtualization-based security features
-
-Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security isn't necessary and this step can be skipped.
-
-If you're using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security.
-To enable, use the Control Panel or the Deployment Image Servicing and Management tool (DISM).
-
-> [!NOTE]
-> If you enable Windows Defender Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you.
-
-##### Add the virtualization-based security features by using Programs and Features
-
-1. Open the Programs and Features control panel.
-
-1. Select **Turn Windows feature on or off**.
-
-1. Go to **Hyper-V** > **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box.
-
-1. Select the **Isolated User Mode** check box at the top level of the feature selection.
-
-1. Select **OK**.
-
-##### Add the virtualization-based security features to an offline image by using DISM
-
-1. Open an elevated command prompt.
-
-1. Add the Hyper-V Hypervisor by running the following command:
-
-   ```cmd
-   dism /image:<WIM file name> /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all
-   ```
-
-1. Add the Isolated User Mode feature by running the following command:
-
-   ```cmd
-   dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode
-   ```
-
-   > [!NOTE]
-   > In Windows 10, version 1607 and later, the Isolated User Mode feature has been integrated into the core operating system. Running the command in step 3 above is therefore no longer required.
-
-> [!TIP]
-> You can also add these features to an online image by using either DISM or Configuration Manager.
-
-#### Enable virtualization-based security and Windows Defender Credential Guard
-
-1. Open Registry Editor.
-
-1. Enable virtualization-based security:
-
-   1. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard`.
-
-   1. Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it.
-
-   1. Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**.
-
-1. Enable Windows Defender Credential Guard:
-
-   1. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa`.
-
-   1. Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Windows Defender Credential Guard with UEFI lock, set it to 2 to enable Windows Defender Credential Guard without lock, and set it to 0 to disable it.
-
-1. Close Registry Editor.
-
-> [!NOTE]
-> You can also enable Windows Defender Credential Guard by setting the registry entries in the [FirstLogonCommands](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-firstlogoncommands) unattend setting.
-
-### Review Windows Defender Credential Guard performance
-
-#### Is Windows Defender Credential Guard running?
-
-You can view System Information to check that Windows Defender Credential Guard is running on a PC.
-
-1. Select **Start**, type **msinfo32.exe**, and then select **System Information**.
-
-1. Select **System Summary**.
-
-1. Confirm that **Credential Guard** is shown next to **Virtualization-based security Services Running**.
-
-   :::image type="content" source="images/credguard-msinfo32.png" alt-text="The 'Virtualization-based security Services Running' entry lists Credential Guard in System Information (msinfo32.exe).":::
-
-> [!NOTE]
-> For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
-
-- We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard won't help to secure a device or identity that has already been compromised. So, we recommend turning on Credential Guard as early as possible.
-
-- You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. You can use security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
-
-  - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
-
-  - **Event ID 14** Windows Defender Credential Guard (LsaIso.exe) configuration: \[**0x0** \| **0x1** \| **0x2**\], **0**
-
-    - The first variable: **0x1** or **0x2** means that Windows Defender Credential Guard is configured to run. **0x0** means that it's not configured to run.
-
-    - The second variable: **0** means that it's configured to run in protect mode. **1** means that it's configured to run in test mode. This variable should always be **0**.
-
-  - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel isn't running; continuing without Windows Defender Credential Guard.
-
-  - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]
-
-  - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]  
-
-- You can also verify that TPM is being used for key protection by checking **Event ID 51** in *Applications and Services logs > Microsoft > Windows > Kernel-Boot* event log. The full event text will read like this: `VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.` If you're running with a TPM, the TPM PCR mask value will be something other than 0.
-
-- You can use Windows PowerShell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated PowerShell window and run the following command:
-
-  ```powershell
-  (Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).SecurityServicesRunning
-  ```
-
-  This command generates the following output:  
-
-  - **0**: Windows Defender Credential Guard is disabled (not running)
-
-  - **1**: Windows Defender Credential Guard is enabled (running)
-
-    > [!NOTE]  
-    > Checking the task list or Task Manager to see if LSAISO.exe is running is not a recommended method for determining whether Windows Defender Credential Guard is running.
-
-## Disable Windows Defender Credential Guard
-
-Windows Defender Credential Guard can be disabled via several methods explained below, depending on how the feature was enabled. For devices that had Windows Defender Credential Guard automatically enabled in the 22H2 update and didn't have it enabled prior to the update, it's sufficient to [disable via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy).
-
-If Windows Defender Credential Guard was enabled with UEFI Lock, the procedure described in [Disabling Windows Defender Credential Guard with UEFI Lock](#disabling-windows-defender-credential-guard-with-uefi-lock) must be followed. The default enablement change in eligible 22H2 devices does **not** use a UEFI Lock.
-
-If Windows Defender Credential Guard was enabled via Group Policy without UEFI Lock, Windows Defender Credential Guard should be [disabled via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy).
-
-Otherwise, Windows Defender Credential Guard can be [disabled by changing registry keys](#disabling-windows-defender-credential-guard-using-registry-keys).
-
-Windows Defender Credential Guard running in a virtual machine can be [disabled by the host](#disable-windows-defender-credential-guard-for-a-virtual-machine).
-
-For information on disabling Virtualization-Based Security (VBS), see [Disabling Virtualization-Based Security](#disabling-virtualization-based-security).
-
-### Disabling Windows Defender Credential Guard using Group Policy
-
-If Windows Defender Credential Guard was enabled via Group Policy and without UEFI Lock, disabling the same Group Policy setting will disable Windows Defender Credential Guard.
-
-1. Disable the Group Policy setting that governs Windows Defender Credential Guard. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**. In the "Credential Guard Configuration" section, set the dropdown value to "Disabled":
-
-   :::image type="content" source="images/credguard-gp-disabled.png" alt-text="Windows Defender Credential Guard Group Policy set to Disabled.":::
-
-1. Restart the machine.
-
-### Disabling Windows Defender Credential Guard using Registry Keys
-
-If Windows Defender Credential Guard was enabled without UEFI Lock and without Group Policy, it's sufficient to edit the registry keys as described below to disable Windows Defender Credential Guard.
-
-1. Change the following registry settings to 0:
-
-   - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags`
-
-   - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags`
-
-     > [!NOTE]
-     > Deleting these registry settings may not disable Windows Defender Credential Guard. They must be set to a value of 0.
-
-1. Restart the machine.
-
-### Disabling Windows Defender Credential Guard with UEFI Lock
-
-If Windows Defender Credential Guard was enabled with UEFI Lock enabled, then the following procedure must be followed since the settings are persisted in EFI (firmware) variables. This scenario will require physical presence at the machine to press a function key to accept the change.
-
-1. If Group Policy was used to enable Windows Defender Credential Guard, disable the relevant Group Policy setting. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**. In the "Credential Guard Configuration" section, set the dropdown value to "Disabled".
-
-1. Change the following registry settings to 0:
-
-   - `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaCfgFlags`
-
-   - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\LsaCfgFlags`
-
-1. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands:
-
-   ```cmd
-   mountvol X: /s
-   copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
-   bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
-   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
-   bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
-   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
-   bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
-   mountvol X: /d
-   ```
-
-1. Restart the PC. Before the OS boots, a prompt will appear notifying that UEFI was modified, and asking for confirmation. This prompt must be confirmed for the changes to persist. This step requires physical access to the machine.
-
-### Disable Windows Defender Credential Guard for a virtual machine
-
-From the host, you can disable Windows Defender Credential Guard for a virtual machine:
-
-```powershell
-Set-VMSecurity -VMName <VMName> -VirtualizationBasedSecurityOptOut $true
-```
-
-## Disabling Virtualization-Based Security
-
-Instructions are given below for how to disable Virtualization-Based Security (VBS) entirely, rather than just Windows Defender Credential Guard. Disabling Virtualization-Based Security will automatically disable Windows Defender Credential Guard and other features that rely on VBS.
-
-> [!IMPORTANT]
-> Other security features in addition to Windows Defender Credential Guard rely on Virtualization-Based Security in order to run. Disabling Virtualization-Based Security may have unintended side effects.
-
-1. If Group Policy was used to enable Virtualization-Based Security, set the Group Policy setting that was used to enable it (**Computer Configuration** > **Administrative Templates** > **System** > **Device Guard** > **Turn on Virtualization Based Security**) to "Disabled".
-
-1. Delete the following registry settings:
-
-   - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\EnableVirtualizationBasedSecurity`
-
-   - `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\RequirePlatformSecurityFeatures`
-
-     > [!IMPORTANT]
-     > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
-
-1. If Windows Defender Credential Guard is running when disabling Virtualization-Based Security and either feature was enabled with UEFI Lock, the EFI (firmware) variables must be cleared using bcdedit. From an elevated command prompt, run the following bcdedit commands after turning off all Virtualization-Based Security Group Policy and registry settings as described in steps 1 and 2 above:
-
-     >
-     > ```cmd
-     > bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
-     > bcdedit /set vsmlaunchtype off
-     > ```
-
-1. Restart the PC.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
deleted file mode 100644
index 6719b3db77..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: Windows Defender Credential Guard protection limits 
-description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
-ms.date: 08/17/2017
-ms.topic: article
----
-# Windows Defender Credential Guard protection limits
-
-Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
-
-- Software that manages credentials outside of Windows feature protection
-- Local accounts and Microsoft Accounts
-- Windows Defender Credential Guard doesn't protect the Active Directory database running on Windows Server domain controllers. It also doesn't protect credential input pipelines, such as Windows Server running Remote Desktop Gateway. If you're using a Windows Server OS as a client PC, it will get the same protection as it would when running a Windows client OS.
-- Key loggers
-- Physical attacks
-- Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
-- Third-party security packages
-- Digest and CredSSP credentials
-  - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
-- Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well.- 
-- Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is.
-- When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it doesn't provide additional protection from privileged system attacks originating from the host.
-- Windows logon cached password verifiers (commonly called "cached credentials")
-don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These *cached logons*, or more specifically, *cached domain account information*, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available.
-
-## See also
-
-**Deep Dive into Windows Defender Credential Guard: Related videos**
-
-[Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection: Manage Credential Guard](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/manage-credential-guard?u=3322)
-> [!NOTE]
-> - Note: Requires [LinkedIn Learning subscription](https://www.linkedin.com/learning/subscription/products) to view the full video
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
deleted file mode 100644
index 2afb9f4a6a..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ /dev/null
@@ -1,138 +0,0 @@
----
-title: Windows Defender Credential Guard requirements
-description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
-ms.date: 12/27/2021
-ms.topic: article
----
-
-# Windows Defender Credential Guard requirements
-
-For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
-
-## Hardware and software requirements
-
-To provide basic protections against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Windows Defender Credential Guard uses:
-
-- Support for Virtualization-based security (required)
-- Secure boot (required)
-- Trusted Platform Module (TPM, preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware
-- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change)
-
-The Virtualization-based security requires:
-
-- 64-bit CPU
-- CPU virtualization extensions plus extended page tables
-- Windows hypervisor (does not require Hyper-V Windows Feature to be installed)
-
-### Windows Defender Credential Guard deployment in virtual machines
-
-Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. When Credential Guard is deployed on a VM, secrets are protected from attacks inside the VM. Credential Guard does not provide additional protection from privileged system attacks originating from the host.
-
-#### Requirements for running Windows Defender Credential Guard in Hyper-V virtual machines
-
-- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607.
-- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and be running at least Windows Server 2016 or Windows 10.
-  - TPM is not a requirement, but we recommend that you implement TPM.
-
-For information about other host platforms, see [Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms](https://blogs.technet.microsoft.com/windowsserver/2016/09/29/enabling-windows-server-2016-and-hyper-v-virtualization-based-security-features-on-other-platforms/).
-
-For information about Windows Defender Remote Credential Guard hardware and software requirements, see [Windows Defender Remote Credential Guard requirements](/windows/access-protection/remote-credential-guard#hardware-and-software-requirements).
-
-## Application requirements
-
-When Windows Defender Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatibility with the reduced functionality.
-
-> [!WARNING]
-> Enabling Windows Defender Credential Guard on domain controllers is not recommended at this time.
-> Windows Defender Credential Guard does not provide any added security to domain controllers, and can cause application compatibility issues on domain controllers.
-
-> [!NOTE]
-> Windows Defender Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Windows Defender Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts).
-
-Applications will break if they require:
-
-- Kerberos DES encryption support
-- Kerberos unconstrained delegation
-- Extracting the Kerberos TGT
-- NTLMv1
-
-Applications will prompt and expose credentials to risk if they require:
-
-- Digest authentication
-- Credential delegation
-- MS-CHAPv2
-
-Applications may cause performance issues when they attempt to hook the isolated Windows Defender Credential Guard process.
-
-Services or protocols that rely on Kerberos, such as file shares, remote desktop, or BranchCache, continue to work and are not affected by Windows Defender Credential Guard.
-
-[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)]
-
-## Security considerations
-
-All computers that meet baseline protections for hardware, firmware, and software can use Windows Defender Credential Guard.
-Computers that meet additional qualifications can provide additional protections to further reduce the attack surface.
-The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
-
-> [!NOTE]
-> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
->
-> If you are an OEM, see [PC OEM requirements for Windows Defender Credential Guard](/windows-hardware/design/device-experiences/oem-security-considerations).
-
-### Baseline protections
-
-|Baseline Protections|Description|Security benefits
-|---|---|---|
-|Hardware: **64-bit CPU**        |A 64-bit computer is required for the Windows hypervisor to provide VBS.|
-|Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**: </br> - These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system. </br></br> Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.|
-|Hardware: **Trusted Platform Module (TPM)**|**Requirement**: </br> - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](../../information-protection/tpm/tpm-recommendations.md)|A TPM provides protection for VBS encryption keys that are stored in the firmware. TPM helps protect against attacks involving a physically present user with BIOS access.|
-|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: </br> - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code, and can prevent boot kits and root kits from installing and persisting across reboots.|
-|Firmware: **Secure firmware update process**|**Requirements**: </br> - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.|
-|Software: Qualified **Windows operating system**|**Requirement**: </br> - At least Windows 10 Enterprise, Windows 10 Education, or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.|
-
-> [!IMPORTANT]
-> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Windows Defender Credential Guard can provide.
-
-### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4
-
-|Protections for Improved Security|Description|
-|---|---|
-|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**: </br> - VT-D or AMD Vi IOMMU </br> </br> **Security benefits**: </br> - An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](/windows-hardware/drivers/bringup/acpi-system-description-tables)|
-|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - BIOS password or stronger authentication must be supported. </br> - In the BIOS configuration, BIOS authentication must be set. </br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, "Boot only from internal hard drive") and boot device order, overriding BOOTORDER modification made by operating system. </br> - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
-|Firmware: **Secure MOR, revision 2 implementation**|**Requirement**: </br> - Secure MOR, revision 2 implementation|
-
-### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
-
-> [!IMPORTANT]
-> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections.
-
-|Protections for Improved Security|Description|Security Benefits|
-|---|---|---|
-|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**: </br> - Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby</br> - The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](/windows-hardware/test/hlk/testref/hardware-security-testability-specification).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware. </br> - HSTI provides additional security assurance for correctly secured silicon and platform.|
-|Firmware: **Firmware Update through Windows Update**|**Requirements**: </br> - Firmware must support field updates through Windows Update and UEFI encapsulation update.|Helps ensure that firmware updates are fast, secure, and reliable.|
-|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time. </br> - Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.|- Enterprises can choose to allow proprietary EFI drivers/applications to run. </br> - Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots.|
-
-### 2017 Additional security qualifications starting with Windows 10, version 1703
-
-The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications.
-
-|Protections for Improved Security|Description|Security Benefits
-|---|---|---|
-|Firmware: **VBS enablement of No-Execute (NX) protection for UEFI runtime services**|**Requirements**: </br> - VBS will enable NX protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements: </br> - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. </br> - PE sections must be page-aligned in memory (not required for in non-volatile storage). </br> - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: </br> - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both. </br> - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writable and non-executable. </br> (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) </br> - Reduces the attack surface to VBS from system firmware.|
-|Firmware: **Firmware support for SMM protection**|**Requirements**: </br> - The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an ACPI table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) </br> - Reduces the attack surface to VBS from system firmware. </br> - Blocks additional security attacks against SMM.|
-
-> [!IMPORTANT]
->
-> Regarding **VBS enablement of NX protection for UEFI runtime services**:
->
-> - This only applies to UEFI runtime service memory, and not UEFI boot service memory.
->
-> - This protection is applied by VBS on OS page tables.
->
->   Please also note the following:
->
->   - Do not use sections that are both writable and executable
->
->   - Do not attempt to directly modify executable system memory
->
->   - Do not use dynamic code
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
deleted file mode 100644
index 519ec863c8..0000000000
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-title: Protect derived domain credentials with Windows Defender Credential Guard 
-description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
-ms.date: 11/22/2022
-ms.topic: article
-ms.collection: 
-  - highpri
-  - tier2
----
-
-# Protect derived domain credentials with Windows Defender Credential Guard
-
-Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
-
-By enabling Windows Defender Credential Guard, the following features and solutions are provided:
-
-- **Hardware security** NTLM, Kerberos, and Credential Manager take advantage of platform security features, including Secure Boot and virtualization, to protect credentials.
-- **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system.
-- **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate other security strategies and architectures.
-
-> [!NOTE]
-> As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
-
-## Related topics
-
-- [Protecting network passwords with Windows Defender Credential Guard](https://www.microsoft.com/itshowcase/Article/Content/831/Protecting-network-passwords-with-Windows-10-Credential-Guard)
-- [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382)
-- [What's New in Kerberos Authentication for Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831747(v=ws.11))
-- [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378897(v=ws.10))
-- [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview)
-- [Mitigating Credential Theft using the Windows 10 Isolated User Mode](/shows/seth-juarez/mitigating-credential-theft-using-windows-10-isolated-user-mode)
-- [Isolated User Mode Processes and Features in Windows 10 with Logan Gabriel](/shows/seth-juarez/isolated-user-mode-processes-features-in-windows-10-logan-gabriel)
-- [More on Processes and Features in Windows 10 Isolated User Mode with Dave Probert](/shows/seth-juarez/more-on-processes-features-in-windows-10-isolated-user-mode-dave-probert)
-- [Isolated User Mode in Windows 10 with Dave Probert](/shows/seth-juarez/isolated-user-mode-in-windows-10-dave-probert)
-- [Windows 10 Virtual Secure Mode with David Hepkin](/shows/seth-juarez/windows-10-virtual-secure-mode-david-hepkin)
diff --git a/windows/security/identity-protection/credential-guard/how-it-works.md b/windows/security/identity-protection/credential-guard/how-it-works.md
new file mode 100644
index 0000000000..69eef9c3f9
--- /dev/null
+++ b/windows/security/identity-protection/credential-guard/how-it-works.md
@@ -0,0 +1,42 @@
+---
+ms.date: 08/31/2023
+title: How Credential Guard works
+description: Learn how Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
+ms.topic: conceptual
+---
+
+# How Credential Guard works
+
+Kerberos, NTLM, and Credential Manager isolate secrets by using Virtualization-based security (VBS). Previous versions of Windows stored secrets in its process memory, in the Local Security Authority (LSA) process `lsass.exe`. With Credential Guard enabled, the LSA process in the operating system talks to a component called the *isolated LSA process* that stores and protects those secrets, `LSAIso.exe`. Data stored by the isolated LSA process is protected using VBS and isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
+
+For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All the binaries are signed with a certificate that VBS trusts, and the signatures are validated before launching the file in the protected environment.
+
+Here's a high-level overview on how the LSA is isolated by using Virtualization-based security:
+
+:::image type="content" source="images/credguard.png" alt-text="Diagram of the Credential Guard architecture.":::
+
+## Credential Guard protection limits
+
+Some ways to store credentials aren't protected by Credential Guard, including:
+
+- Software that manages credentials outside of Windows feature protection
+- Local accounts and Microsoft Accounts
+- Credential Guard doesn't protect the Active Directory database running on Windows Server domain controllers. It also doesn't protect credential input pipelines, such as Windows Server running Remote Desktop Gateway. If you're using a Windows Server OS as a client PC, it will get the same protection as it would when running a Windows client OS
+- Key loggers
+- Physical attacks
+- Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization
+- Third-party security packages
+- When Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP can't use the signed-in credentials. Thus, single sign-on doesn't work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which aren't protected by Credential Guard with any of these protocols
+    > [!CAUTION]
+    > It's recommended that valuable credentials, such as the sign-in credentials, aren't used with NTLMv1, MS-CHAPv2, Digest, or CredSSP protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
+- Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well
+- Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is protected
+- When Credential Guard is enabled, Kerberos doesn't allow *unconstrained Kerberos delegation* or *DES encryption*, not only for signed-in credentials, but also prompted or saved credentials
+- When Credential Guard is enabled on a VM, it protects secrets from attacks inside the VM. However, it doesn't provide protection from privileged system attacks originating from the host
+- Windows logon cached password verifiers (commonly called *cached credentials*) don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These *cached logons*, or more specifically, *cached domain account information*, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available
+
+## Next steps
+
+- Learn [how to configure Credential Guard](configure.md)
+- Review the advice and sample code for making your environment more secure and robust with Credential Guard in the [Additional mitigations](additional-mitigations.md) article
+- Review [considerations and known issues when using Credential Guard](considerations-known-issues.md)
diff --git a/windows/security/identity-protection/credential-guard/images/credguard-gp-disabled.png b/windows/security/identity-protection/credential-guard/images/credguard-gp-disabled.png
deleted file mode 100644
index bfb042a49d..0000000000
Binary files a/windows/security/identity-protection/credential-guard/images/credguard-gp-disabled.png and /dev/null differ
diff --git a/windows/security/identity-protection/credential-guard/images/credguard-gp.png b/windows/security/identity-protection/credential-guard/images/credguard-gp.png
deleted file mode 100644
index ad34b6deb3..0000000000
Binary files a/windows/security/identity-protection/credential-guard/images/credguard-gp.png and /dev/null differ
diff --git a/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png b/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png
deleted file mode 100644
index c9737e3236..0000000000
Binary files a/windows/security/identity-protection/credential-guard/images/credguard-msinfo32.png and /dev/null differ
diff --git a/windows/security/identity-protection/credential-guard/index.md b/windows/security/identity-protection/credential-guard/index.md
new file mode 100644
index 0000000000..710f148343
--- /dev/null
+++ b/windows/security/identity-protection/credential-guard/index.md
@@ -0,0 +1,101 @@
+---
+title: Credential Guard overview
+description: Learn about Credential Guard and how it isolates secrets so that only privileged system software can access them.
+ms.date: 08/31/2023
+ms.topic: overview
+ms.collection: 
+  - highpri
+  - tier1
+---
+
+# Credential Guard overview
+
+Credential Guard prevents credential theft attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials.
+
+Credential Guard uses [Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks like *pass the hash* and *pass the ticket*.
+
+When enabled, Credential Guard provides the following benefits:
+
+- **Hardware security**: NTLM, Kerberos, and Credential Manager take advantage of platform security features, including Secure Boot and virtualization, to protect credentials
+- **Virtualization-based security**: NTLM, Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system
+- **Protection against advanced persistent threats**: when credentials are protected using VBS, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges can't extract secrets that are protected by VBS
+
+> [!NOTE]
+> While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques, and you should also incorporate other security strategies and architectures.
+
+> [!IMPORTANT]
+> Starting in Windows 11, version 22H2, VBS and Credential Guard are enabled by default on all devices that meet the system requirements.\
+> For information about known issues related to the default enablement of Credential Guard, see [Credential Guard: Known Issues](considerations-known-issues.md).
+
+## System requirements
+
+For Credential Guard to provide protection, the devices must meet certain hardware, firmware, and software requirements.
+
+Devices that meet more hardware and firmware qualifications than the minimum requirements, receive additional protections and are more hardened against certain threats.
+
+### Hardware and software requirements
+
+Credential Guard requires the features:
+
+- Virtualization-based security (VBS)
+  >[!NOTE]
+  > VBS has different requirements to enable it on different hardware platforms. For more information, see [Virtualization-based Security requirements](/windows-hardware/design/device-experiences/oem-vbs)
+- [Secure Boot](../../operating-system-security/system-security/secure-the-windows-10-boot-process.md#secure-boot)
+
+While not required, the following features are recommended to provide additional protections:
+
+- Trusted Platform Module (TPM), as it provides binding to hardware. TPM versions 1.2 and 2.0 are supported, either discrete or firmware
+- UEFI lock, as it prevents attackers from disabling Credential Guard with a registry key change
+
+For detailed information on protections for improved security that are associated with hardware and firmware options, see [additional security qualifications](additional-mitigations.md#additional-security-qualifications).
+
+#### Credential Guard in virtual machines
+
+Credential Guard can protect secrets in Hyper-V virtual machines, just as it would on a physical machine. When Credential Guard is enabled on a VM, secrets are protected from attacks *inside* the VM. Credential Guard doesn't provide protection from privileged system attacks originating from the host.
+
+The requirements to run Credential Guard in Hyper-V virtual machines are:
+
+- The Hyper-V host must have an IOMMU
+- The Hyper-V virtual machine must be generation 2
+
+> [!NOTE]
+> Credential Guard is not supported on Hyper-V or Azure generation 1 VMs. Credential Guard is available on generation 2 VMs only.
+
+[!INCLUDE [credential-guard](../../../../includes/licensing/credential-guard.md)]
+
+## Application requirements
+
+When Credential Guard is enabled, certain authentication capabilities are blocked. Applications that require such capabilities break. We refer to these requirements as *application requirements*.
+
+Applications should be tested prior to deployment to ensure compatibility with the reduced functionality.
+
+> [!WARNING]
+> Enabling Credential Guard on domain controllers isn't recommended.
+> Credential Guard doesn't provide any added security to domain controllers, and can cause application compatibility issues on domain controllers.
+
+> [!NOTE]
+> Credential Guard doesn't provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts).
+
+Applications break if they require:
+
+- Kerberos DES encryption support
+- Kerberos unconstrained delegation
+- Extracting the Kerberos TGT
+- NTLMv1
+
+Applications prompt and expose credentials to risk if they require:
+
+- Digest authentication
+- Credential delegation
+- MS-CHAPv2
+
+Applications may cause performance issues when they attempt to hook the isolated Credential Guard process `LSAIso.exe`.
+
+Services or protocols that rely on Kerberos, such as file shares or remote desktop, continue to work and aren't affected by Credential Guard.
+
+## Next steps
+
+- Learn [how Credential Guard works](how-it-works.md)
+- Learn [how to configure Credential Guard](configure.md)
+- Review the advice and sample code for making your environment more secure and robust with Credential Guard in the [Additional mitigations](additional-mitigations.md) article
+- Review [considerations and known issues when using Credential Guard](considerations-known-issues.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/credential-guard/toc.yml b/windows/security/identity-protection/credential-guard/toc.yml
index 3661af7b0e..a4b737a9ec 100644
--- a/windows/security/identity-protection/credential-guard/toc.yml
+++ b/windows/security/identity-protection/credential-guard/toc.yml
@@ -1,17 +1,11 @@
 items:
-- name: Protect derived domain credentials with Credential Guard
-  href: credential-guard.md
+- name: Overview
+  href: index.md
 - name: How Credential Guard works
-  href: credential-guard-how-it-works.md
-- name: Requirements
-  href: credential-guard-requirements.md
-- name: Manage Credential Guard
-  href: credential-guard-manage.md
-- name: Credential Guard protection limits
-  href: credential-guard-protection-limits.md
-- name: Considerations when using Credential Guard
-  href: credential-guard-considerations.md
+  href: how-it-works.md
+- name: Configure Credential Guard
+  href: configure.md
 - name: Additional mitigations
   href: additional-mitigations.md
-- name: Known issues
-  href: credential-guard-known-issues.md
\ No newline at end of file
+- name: Considerations and known issues
+  href: considerations-known-issues.md
\ No newline at end of file
diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md
index d4f8cceb8d..e384f47efe 100644
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@@ -1,24 +1,24 @@
 ---
-title: Enterprise Certificate Pinning
-description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name.
-ms.topic: conceptual
-ms.date: 07/27/2017
+title: Enterprise certificate pinning
+description: Enterprise certificate pinning is a Windows feature for remembering, or pinning, a root issuing certificate authority, or end-entity certificate to a domain name.
+ms.topic: concept-article
+ms.date: 05/24/2023
 ---
 
-# Enterprise Certificate Pinning
+# Enterprise certificate pinning overview
 
-Enterprise certificate pinning is a Windows feature for remembering, or pinning a root issuing certificate authority or end entity certificate to a given domain name. 
-Enterprise certificate pinning helps reduce man-in-the-middle attacks by enabling you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates.
+Enterprise certificate pinning is a Windows feature for remembering (pinning), a root issuing certificate authority, or end-entity certificate, to a domain name.\
+The feature helps to reduce man-in-the-middle attacks by protecting internal domain names from chaining to unwanted or fraudulently issued certificates.
 
 > [!NOTE]
 > External domain names, where the certificate issued to these domains is issued by a public certificate authority, are not ideal for enterprise certificate pinning.
 
-Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site's chain that authenticates servers matches a restricted set of certificates. 
-These restrictions are encapsulated in a Pin Rules Certificate Trust List (CTL) that is configured and deployed to Windows 10 computers. 
-Any site certificate that triggers a name mismatch causes Windows to write an event to the CAPI2 event log and prevents the user from navigating to the web site using Microsoft Edge or Internet Explorer.
+Windows Certificate APIs (*CertVerifyCertificateChainPolicy* and *WinVerifyTrust*) are updated to check if the site's chain that authenticates servers matches a restricted set of certificates.\
+The restrictions are encapsulated in a *Pin Rules Certificate Trust List (CTL)* that is configured and deployed to Windows devices.\
+Any site certificates that trigger a name mismatch causes Windows to write an event to the *CAPI2 event log*, and prevents the user from browsing the web site.
 
 > [!NOTE]
-> Enterprise Certificate Pinning feature triggering doesn't cause clients other than Microsoft Edge or Internet Explorer to block the connection.
+> Enterprise Certificate Pinning feature triggering doesn't cause clients other than Microsoft Edge to block the connection.
 
 ## Deployment
 
@@ -27,14 +27,14 @@ To deploy enterprise certificate pinning, you need to:
 - Create a well-formatted certificate pinning rule XML file
 - Create a pin rules certificate trust list file from the XML file
 - Apply the pin rules certificate trust list file to a reference administrative computer
-- Deploy the registry configuration on the reference computer using Group Policy Management Console (GPMC), which is included in the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520).
+- Deploy the registry configuration on the reference computer via group policy
 
-### Create a Pin Rules XML file  
+### Create a pin rules XML file  
 
-The XML-based pin rules file consists of a sequence of PinRule elements. 
+The XML-based pin rules file consists of a sequence of PinRule elements.
 Each PinRule element contains a sequence of one or more Site elements and a sequence of zero or more Certificate elements.
 
-```code
+```xml
 <PinRules ListIdentifier="PinRulesExample" Duration="P28D">
 
   <PinRule Name="AllCertificateAttributes" Error="None" Log="true">
@@ -58,28 +58,28 @@ Each PinRule element contains a sequence of one or more Site elements and a sequ
 </PinRules>
 ```
 
-#### PinRules Element
+#### PinRules element
 
-The PinRules element can have the following attributes. 
-For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml) or [Representing a Duration in XML](#representing-a-duration-in-xml). 
+The PinRules element can have the following attributes.
+For help with formatting Pin Rules, see [Represent a date in XML](#represent-a-date-in-xml) or [Represent a duration in XML](#represent-a-duration-in-xml). 
 
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-|  **Duration** or **NextUpdate** | Specifies when the Pin Rules will expire. Either is required. **NextUpdate** takes precedence if both are specified. <br>  **Duration**, represented as an XML TimeSpan data type, doesn't allow years and months. You represent the **NextUpdate** attribute as an XML DateTime data type in UTC.  | **Required?** Yes. At least one is required. |
+|  **Duration** or **NextUpdate** | Specifies when the Pin Rules expires. Either is required. **NextUpdate** takes precedence if both are specified. <br>  **Duration**, represented as an XML TimeSpan data type, doesn't allow years and months. You represent the **NextUpdate** attribute as an XML DateTime data type in UTC.  | **Required?** Yes. At least one is required. |
 | **LogDuration** or **LogEndDate** | Configures auditing only to extend beyond the expiration of enforcing the Pin Rules. <br>  **LogEndDate**, represented as an XML DateTime data type in UTC, takes precedence if both are specified. <br>  You represent **LogDuration** as an XML TimeSpan data type, which doesn't allow years and months. <br>  If `none of the attributes are specified, auditing expiration uses **Duration** or **NextUpdate** attributes. | No. | 
 | **ListIdentifier** | Provides a friendly name for the list of pin rules. Windows doesn't use this attribute for certificate pinning enforcement; however, it's included when the pin rules are converted to a certificate trust list (CTL). | No. |
 
-#### PinRule Element    
+#### PinRule element
 
-The **PinRule** element can have the following attributes. 
+The **PinRule** element can have the following attributes.
 
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-| **Name**  | Uniquely identifies the **PinRule**. Windows uses this attribute to identify the element for a parsing error or for verbose output. The attribute isn't included in the generated certificate trust list (CTL). | Yes.|
-| **Error** | Describes the action Windows performs when it encounters a PIN mismatch. You can choose from the following string values: <br>- **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site. <br>- **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate doesn't match the name of the site. This typically results in prompting the user before accessing the site. <br>- **None** - The default value.  No error is returned. You can use this setting to audit the pin rules without introducing any user friction. | No. |
+| **Name**  | Uniquely identifies the **PinRule**. Windows uses the attribute to identify the element for a parsing error or for verbose output. The attribute isn't included in the generated certificate trust list (CTL). | Yes.|
+| **Error** | Describes the action Windows performs when it encounters a PIN mismatch. You can choose from the following string values: <br>- **Revoked** - Windows reports the certificate protecting the site as if it was revoked. This typically prevents the user from accessing the site. <br>- **InvalidName** - Windows reports the certificate protecting the site as if the name on the certificate doesn't match the name of the site. This typically results in prompting the user before accessing the site. <br>- **None** - The default value.  No error is returned. You can use the setting to audit the pin rules without introducing any user friction. | No. |
 | **Log** | A Boolean value represents a string that equals **true** or **false**. By default, logging is enabled (**true**). | No. |
 
-#### Certificate element 
+#### Certificate element
 
 The **Certificate** element can have the following attributes.
 
@@ -88,7 +88,7 @@ The **Certificate** element can have the following attributes.
 | **File**  | Path to a file containing one or more certificates.  Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br>- sst <br> These files can also be Base64 formatted.  All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory, or Base64 must be present). |
 | **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory, or Base64 must be present). | 
 | **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br> - sst <br> This allows the certificates to be included in the XML file without a file directory dependency. <br> Note: <br> You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule.  | Yes (File, Directory, or Base64 must be present). |
-| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. <br>If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element's certificates.<br> If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and excludes the certificate(s) from the Pin Rule in the generated CTL.<br> For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
+| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. <br>If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element's certificates.<br> If the current time is past the **EndDate**, when creating the certificate trust list (CTL) the parser outputs a warning message and excludes the certificate(s) from the Pin Rule in the generated CTL.<br> For help with formatting Pin Rules, see [Represent a date in XML](#represent-a-date-in-xml).| No.|
 
 #### Site element
 
@@ -96,15 +96,15 @@ The **Site** element can have the following attributes.
 
 | Attribute | Description | Required |
 |-----------|-------------|----------|
-| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows: <br>- If the DNS name has a leading "*", it's removed. <br>- Non-ASCII DNS name is converted to ASCII Puny Code. <br>- Upper case ASCII characters are converted to lower case. <br>If the normalized name has a leading ".", then wildcard left-hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
+| **Domain** | Contains the DNS name to be matched for this pin rule. When you create the certificate trust list, the parser normalizes the input name string value as follows: <br>- If the DNS name has a leading "*", it's removed. <br>- Non-ASCII DNS name is converted to ASCII Puny Code. <br>- Upper case ASCII characters are converted to lower case. <br>If the normalized name has a leading ".", then wildcard left-hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
 | **AllSubdomains** | By default, wildcard left-hand label matching is restricted to a single left-hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.<br>For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.|
 
-### Create a Pin Rules Certificate Trust List
+### Create a pin rules certificate trust list
 
-The command line utility, **Certutil.exe**, includes the **generatePinRulesCTL** argument to parse the XML file and generate the encoded certificate trust list (CTL) that you add to your reference Windows 10 version 1703 computer and subsequently deploy. 
-The usage syntax is:
+The *Certutil.exe* command includes the *generatePinRulesCTL* argument. The argument parses the XML file and generates the encoded certificate trust list (CTL) that you add to your reference Windows device and then deploy.
+The syntax is:
 
-```code
+```cmd
 CertUtil [Options] -generatePinRulesCTL XMLFile CTLFile [SSTFile]
   Generate Pin Rules CTL
     XMLFile -- input XML file to be parsed.
@@ -118,40 +118,42 @@ Options:
   -v                -- Verbose operation
 ```
 
-The same certificate(s) can occur in multiple **PinRule** elements. 
-The same domain can occur in multiple **PinRule** elements. 
-Certutil coalesces these in the resultant pin rules certificate trust list. 
+- The same certificate(s) can occur in multiple **PinRule** elements
+- The same domain can occur in multiple **PinRule** elements
+- Certutil coalesces these in the resultant pin rules certificate trust list
+- Certutil.exe doesn't strictly enforce the XML schema definition
 
-Certutil.exe doesn't strictly enforce the XML schema definition. 
-It does perform the following to enable other tools to add/consume their own specific elements and attributes:
+Certutil performs the following to enable other tools to add/consume their own specific elements and attributes:
 
-- Skips elements before and after the **PinRules** element.
-- Skips any element not matching **Certificate** or **Site** within the **PinRules** element.
-- Skips any attributes not matching the above names for each element type.
+- Skips elements before and after the **PinRules** element
+- Skips any element not matching **Certificate** or **Site** within the **PinRules** element
+- Skips any attributes not matching the above names for each element type
 
-Use the **certutil** command with the **generatePinRulesCTL** argument along with your XML file that contains your certificate pinning rules. 
+Use the *certutil* command with the *generatePinRulesCTL* argument along with your XML file that contains your certificate pinning rules.
 Lastly, provide the name of an output file that will include your certificate pinning rules in the form of a certificate trust list.
 
-```code
+```cmd
 certutil -generatePinRulesCTL certPinRules.xml pinrules.stl
 ```
 
-### Applying Certificate Pinning Rules to a Reference Computer
+### Apply certificate pinning rules to a reference computer
 
 Now that your certificate pinning rules are in the certificate trust list format, you need to apply the settings to a reference computer as a prerequisite to deploying the setting to your enterprise. 
 To simplify the deployment configuration, it's best to apply your certificate pinning rules to a computer that has the Group Policy Management Console (GPMC) included in the Remote Server Administration Tools (RSAT). 
 
-Use **certutil.exe** to apply your certificate pinning rules to your reference computer using the **setreg** argument. 
-The **setreg** argument takes a secondary argument that determines the location of where certutil writes the certificate pining rules. 
-This secondary argument is **chain\PinRules**. 
-The last argument you provide is the name of file that contains your certificate pinning rules in certificate trust list format (.stl). 
-You'll pass the name of the file as the last argument; however, you need to prefix the file name with the '@' symbol as shown in the following example. 
-You need to perform this command from an elevated command prompt.
+Use *certutil.exe* to apply your certificate pinning rules to your reference computer using the *setreg* argument.\
+The *setreg* argument takes a secondary argument that determines the location of where certutil writes the certificate pining rules.\
+The secondary argument is *chain\PinRules*.\
+The last argument you provide is the name of file that contains your certificate pinning rules in certificate trust list format (`.stl`).\
+You pass the name of the file as the last argument. You must prefix the file name with the `@` symbol as in the following example:
 
-```code
+```cmd
 Certutil -setreg chain\PinRules @pinrules.stl 
 ```
 
+> [!NOTE]
+> You must execute the command from an elevated command prompt.
+
 Certutil writes the binary information to the following registration location:
 
 | Name | Value |
@@ -163,39 +165,39 @@ Certutil writes the binary information to the following registration location:
 
 ![Registry binary information.](images/enterprise-pinning-registry-binary-information.png)
 
-### Deploying Enterprise Pin Rule Settings using Group Policy
+### Deploy enterprise pin rule settings using group policy
 
-You've successfully created a certificate pinning rules XML file. 
-From the XML file you've created a certificate pinning trust list file, and you've applied the contents of that file to your reference computer from which you can run the Group Policy Management Console. 
-Now you need to configure a Group Policy object to include the applied certificate pin rule settings and deploy it to your environment.
+From the XML file, you've created a certificate pinning trust list file. Then, you've applied the content of the file to your reference device from which you can run the Group Policy Management Console.
+
+The next step consists of configuring a group policy object that includes the applied certificate pin rule settings, and deploy it in your environment.
 
 Sign-in to the reference computer using domain administrator equivalent credentials.
 
-1.  Start the **Group Policy Management Console** (gpmc.msc)
-2.  In the navigation pane, expand the forest node and then expand the domain node.
-3.  Expand the node that contains your Active Directory's domain name
-4.  Select the **Group Policy objects** node.  Right-click the **Group Policy objects** node and click **New**.
-5.  In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and click **OK**.
-6.  In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and click **Edit**.
-7.  In the **Group Policy Management Editor**, in the navigation pane, expand the **Preferences** node under **Computer Configuration**. Expand **Windows Settings**.
-8.  Right-click the **Registry** node and click **New**.
-9.  In the **New Registry Properties** dialog box, select **Update** from the **Action** list.  Select **HKEY_LOCAL_MACHINE** from the **Hive** list.
-10. For the **Key Path**, click **…** to launch the **Registry Item Browser**.  Navigate to the following registry key and select the **PinRules** registry value name:
+1. Start the **Group Policy Management Console** (gpmc.msc)
+1. In the navigation pane, expand the forest node and then expand the domain node
+1. Expand the node that contains your Active Directory's domain name
+1. Select the **Group Policy objects** node.  Right-click the **Group Policy objects** node and select **New**
+1. In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and select **OK**
+1. In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and select **Edit**
+1. In the **Group Policy Management Editor**, in the navigation pane, expand the **Preferences** node under **Computer Configuration**. Expand **Windows Settings**
+1. Right-click the **Registry** node and select **New**
+1. In the **New Registry Properties** dialog box, select **Update** from the **Action** list.  Select **HKEY_LOCAL_MACHINE** from the **Hive** list
+1. For the **Key Path**, select **…** to launch the **Registry Item Browser**.  Navigate to the following registry key and select the **PinRules** registry value name:
 
-    HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config  
+  `HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config`
 
-    Click **Select** to close the **Registry Item Browser**.
+  Select **Select** to close the **Registry Item Browser**
 
-11. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal).  Click **OK** to save your settings and close the dialog box.
+1. The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal).  Select **OK** to save your settings and close the dialog box
 
-    ![PinRules Properties.](images/enterprise-certificate-pinning-pinrules-properties.png)
+  ![PinRules Properties.](images/enterprise-certificate-pinning-pinrules-properties.png)
 
-12. Close the **Group Policy Management Editor** to save your settings.
-13. Link the **Enterprise Certificate Pinning Rules** Group Policy object to apply to computers that run Windows 10, version 1703 in your enterprise. When these domain-joined computers apply Group Policy, the registry information configured in the Group Policy object is applied to the computer.
+1. Close the **Group Policy Management Editor** to save your settings
+1. Link the **Enterprise Certificate Pinning Rules** GPO to the OU containing the devices that you want to configure
 
-## Additional Pin Rules Logging
+## Additional pin rules logging
 
-To assist in constructing certificate pinning rules, you can configure the **PinRulesLogDir** setting under the certificate chain configuration registry key to include a parent directory to log pin rules.
+To help constructing certificate pinning rules, you can configure the **PinRulesLogDir** setting under the certificate chain configuration registry key to include a parent directory to log pin rules.
 
 | Name | Value |
 |------|-------|
@@ -204,12 +206,12 @@ To assist in constructing certificate pinning rules, you can configure the **Pin
 | Value | The Parent directory where Windows should write the additional pin rule logs |
 | Data type | REG_SZ |
 
-### Permission for the Pin Rule Log Folder
+### Permission for the pin rule log folder
 
-The folder in which Windows writes the additional pin rule logs must have permissions so that all users and applications have full access. 
-You can run the following commands from an elevated command prompt to achieve the proper permissions. 
+The folder in which Windows writes the additional pin rule logs must have permissions so that all users and applications have full access.
+You can run the following commands from an elevated command prompt to achieve the proper permissions.
 
-```code
+```cmd
 set PinRulesLogDir=c:\PinRulesLog
 mkdir %PinRulesLogDir%
 icacls %PinRulesLogDir% /grant *S-1-15-2-1:(OI)(CI)(F)
@@ -218,64 +220,61 @@ icacls %PinRulesLogDir% /grant *S-1-5-12:(OI)(CI)(F)
 icacls %PinRulesLogDir% /inheritance:e /setintegritylevel (OI)(CI)L
 ```
 
-Whenever an application verifies a TLS/SSL certificate chain that contains a server name matching a DNS name in the server certificate, Windows writes a .p7b file consisting of all the certificates in the server's chain to one of three child folders:
+When an application verifies a TLS/SSL certificate chain that contains a server name matching a DNS name in the server certificate, Windows writes a .p7b file consisting of all the certificates in the server's chain to one of three child folders:
 
-- AdminPinRules
-    Matched a site in the enterprise certificate pinning rules.
-- AutoUpdatePinRules
-    Matched a site in the certificate pinning rules managed by Microsoft.
-- NoPinRules
-    Didn't match any site in the certificate pin rules.
+- `AdminPinRules`: Matched a site in the enterprise certificate pinning rules
+- `AutoUpdatePinRules`: Matched a site in the certificate pinning rules managed by Microsoft
+- `NoPinRules`: Didn't match any site in the certificate pin rules
 
-The output file name consists of the leading eight ASCII hex digits of the root's SHA1 thumbprint followed by the server name. 
+The output file name consists of the leading eight ASCII hex digits of the root's SHA1 thumbprint followed by the server name.
 For example:
 
 - `D4DE20D0_xsi.outlook.com.p7b`
 - `DE28F4A4_www.yammer.com.p7b`
 
-If there's either an enterprise certificate pin rule or a Microsoft certificate pin rule mismatch, then Windows writes the .p7b file to the **MismatchPinRules** child folder. 
+If there's either an enterprise certificate pin rule or a Microsoft certificate pin rule mismatch, then Windows writes the .p7b file to the **MismatchPinRules** child folder.
 If the pin rules have expired, then Windows writes the .p7b to the **ExpiredPinRules** child folder. 
 
-## Representing a Date in XML
+## Represent a date in XML
 
-Many attributes within the pin rules xml file are dates.  
-These dates must be properly formatted and represented in UTC.  
-You can use Windows PowerShell to format these dates.  
-You can then copy and paste the output of the cmdlet into the XML file. 
+Many attributes within the pin rules xml file are dates.\
+These dates must be properly formatted and represented in UTC.\
+You can use Windows PowerShell to format these dates.\
+You can then copy and paste the output of the cmdlet into the XML file.
 
 ![Representing a date.](images/enterprise-certificate-pinning-representing-a-date.png)
 
 For simplicity, you can truncate decimal point (.) and the numbers after it. 
 However, be certain to append the uppercase "Z" to the end of the XML date string.
 
-```code
+```cmd
 2015-05-11T07:00:00.2655691Z
 2015-05-11T07:00:00Z
 ```
 
-## Converting an XML Date
+## Convert an XML date
 
 You can also use Windows PowerShell to validate and convert an XML date into a human readable date to validate it's the correct date.
 
 ![Converting an XML date.](images/enterprise-certificate-pinning-converting-an-xml-date.png)
 
-## Representing a Duration in XML
+## Represent a duration in XML
 
-Some elements may be configured to use a duration rather than a date. 
-You must represent the duration as an XML timespan data type. 
+Some elements may be configured to use a duration rather than a date.
+You must represent the duration as an XML timespan data type.
 You can use Windows PowerShell to properly format and validate durations (timespans) and copy and paste them into your XML file.
 
 ![Representing a duration.](images/enterprise-certificate-pinning-representing-a-duration.png)
 
-## Converting an XML Duration
+## Convert an XML duration
 
 You can convert an XML formatted timespan into a timespan variable that you can read. 
 
 ![Converting an XML duration.](images/enterprise-certificate-pinning-converting-a-duration.png)
 
-## Certificate Trust List XML Schema Definition (XSD)
+## Certificate trust list XML schema definition (XSD)
 
-```code
+```xml
 <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
   <xs:element name="PinRules">
     <xs:complexType>
@@ -329,12 +328,3 @@ You can convert an XML formatted timespan into a timespan variable that you can
   </xs:element>
 </xs:schema>
 ```
-
-
-
-
-
-
-
-
-
diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index 8838fb1b97..64d320047f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -2,7 +2,8 @@
 title: Windows Hello for Business cloud-only deployment
 description: Learn how to configure Windows Hello for Business in a cloud-only deployment scenario.
 ms.date: 06/23/2021
-ms.topic: article
+ms.topic: how-to
+ms.custom: has-azure-ad-ps-ref
 ---
 # Cloud-only deployment
 
@@ -10,7 +11,7 @@ ms.topic: article
 
 ## Introduction
 
-When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed.
+When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, there's no additional configuration needed.
 
 You may wish to disable the automatic Windows Hello for Business enrollment prompts if you aren't ready to use it in your environment. Instructions on how to disable Windows Hello for Business enrollment in a cloud only environment are included below.
 
@@ -27,7 +28,7 @@ Also note that it's possible for federated domains to enable the *Supports MFA*
 
 Check and view this setting with the following MSOnline PowerShell command:
 
-`Get-MsolDomainFederationSettings –DomainName <your federated domain name>`
+`Get-MsolDomainFederationSettings -DomainName <your federated domain name>`
 
 To disable this setting, run the following command. This change impacts ALL Azure AD MFA scenarios for this federated domain.
 
@@ -62,7 +63,7 @@ If you don't use Intune in your organization, then you can disable Windows Hello
 
 Intune uses the following registry keys: **`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\<Tenant-ID>\Device\Policies`**
 
-To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account:
+To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account:
 
 ```msgraph-interactive
 GET https://graph.microsoft.com/v1.0/organization?$select=id
diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index 9e89894af8..4d372f8c66 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -2,7 +2,7 @@
 title: Windows Hello biometrics in the enterprise 
 description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
 ms.date: 01/12/2021
-ms.topic: article
+ms.topic: conceptual
 ---
 
 # Windows Hello biometrics in the enterprise
@@ -72,11 +72,11 @@ To allow facial recognition, you must have devices with integrated special infra
 - Effective, real world FRR with Anti-spoofing or liveness detection: &lt;10%
 
 > [!NOTE]
->Windows Hello face authentication does not currently support wearing a mask during enrollment or authentication. Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock your device. The product group is aware of this behavior and is investigating this topic further. Please remove a mask if you are wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn’t allow you to remove a mask temporarily, please consider unenrolling from face authentication and only using PIN or fingerprint.
+>Windows Hello face authentication does not currently support wearing a mask during enrollment or authentication. Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock your device. The product group is aware of this behavior and is investigating this topic further. Please remove a mask if you are wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn't allow you to remove a mask temporarily, please consider unenrolling from face authentication and only using PIN or fingerprint.
 
 ### Iris recognition sensor requirements
 
-To use Iris authentication, you’ll need a [HoloLens 2 device](/hololens/). All HoloLens 2 editions are equipped with the same sensors. Iris is implemented the same way as other Windows Hello technologies and achieves biometrics security FAR of 1/100K.
+To use Iris authentication, you'll need a [HoloLens 2 device](/hololens/). All HoloLens 2 editions are equipped with the same sensors. Iris is implemented the same way as other Windows Hello technologies and achieves biometrics security FAR of 1/100K.
 
 ## Related topics
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 744816323d..dbdfe3cab6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -1,7 +1,7 @@
 ---
 title: Prepare and deploy Active Directory Federation Services in an on-premises certificate trust model
 description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business on-premises certificate trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index b3059ee0c0..8a414df385 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -4,7 +4,7 @@ description: Configure Windows Hello for Business Policy settings for Windows He
 ms.collection: 
 - highpri
 - tier1
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 ms.topic: tutorial
 ---
 # Configure Windows Hello for Business group policy settings - on-premises certificate Trust
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index 455d4055a2..220079357a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -1,7 +1,7 @@
 ---
 title: Validate Active Directory prerequisites in an on-premises certificate trust
 description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a certificate trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index c7b67abec3..83576f884f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -1,7 +1,7 @@
 ---
 title: Validate and Deploy MFA for Windows Hello for Business with certificate trust
 description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises certificate trust model.
-ms.date: 12/13/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index 6174ed348a..e98fede731 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -1,7 +1,7 @@
 ---
 title: Configure and validate the Public Key Infrastructure in an on-premises certificate trust model
 description: Configure and validate the Public Key Infrastructure the Public Key Infrastructure when deploying Windows Hello for Business in a certificate trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index 70a5ee4feb..04edf25531 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business deployment guide for the on-premises certificate trust model
 description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 9646f16b66..aef79952c9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -2,7 +2,7 @@
 title: Windows Hello for Business Deployment Overview
 description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment.
 ms.date: 02/15/2022
-ms.topic: article
+ms.topic: overview
 ---
 # Windows Hello for Business Deployment Overview
 
@@ -42,7 +42,7 @@ The trust model determines how you want users to authenticate to the on-premises
 - The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
 
 > [!Note]
-> RDP does not support authentication with Windows Hello for Business Key Trust or cloud Kerberos trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business Key Trust and cloud Kerberos trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md).
+> RDP does not support authentication with Windows Hello for Business Key Trust or cloud Kerberos trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business Key Trust and cloud Kerberos trust can be used with [Remote Credential Guard](../remote-credential-guard.md).
 
 Following are the various deployment guides and models included in this topic:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index 655c8961da..7882589fd0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -1,30 +1,30 @@
 ---
-title: Windows Hello for Business Deployment Known Issues
-description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues
-ms.date: 05/03/2021
-ms.topic: article
+title: Windows Hello for Business known deployment issues
+description: This article is a troubleshooting guide for known Windows Hello for Business deployment issues.
+ms.date: 06/02/2023
+ms.topic: troubleshooting
 ---
-# Windows Hello for Business Known Deployment Issues
+# Windows Hello for Business known deployment issues
 
-The content of this article is to help troubleshoot and workaround known deployment issues for Windows Hello for Business. Each issue below will describe the applicable deployment type Windows versions.
+The content of this article is to help troubleshoot known deployment issues for Windows Hello for Business.
 
-## PIN Reset on Azure AD Join Devices Fails with "We can't open that page right now" error
+## PIN reset on Azure AD join devices fails with *We can't open that page right now* error
 
-PIN reset on Azure AD-joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will show a page with the error message "We can't open that page right now".
+PIN reset on Azure AD-joined devices uses a flow called *web sign-in* to authenticate the user above lock. Web sign in only allows navigation to specific domains. If web sign-in attempts to navigate to a domain that isn't allowed, it displays a page with the error message *We can't open that page right now*.
 
-### Identifying Azure AD joined PIN Reset Allowed Domains Issue
+### Identify PIN Reset allowed domains issue
 
-The user can launch the PIN reset flow from above lock using the "I forgot my PIN" link in the PIN credential provider. Selecting this link will launch a full screen UI for the PIN experience on Azure AD Join devices. Typically, this UI will display an Azure authentication server page where the user will authenticate using Azure AD credentials and complete multifactor authentication.
+The user can launch the PIN reset flow from the lock screen using the *I forgot my PIN* link in the PIN credential provider. Selecting the link launches a full screen UI for the PIN experience on Azure AD Join devices. Typically, the UI displays an Azure authentication page, where the user authenticates using Azure AD credentials and completes MFA.
 
-In federated environments authentication may be configured to route to AD FS or a third-party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it will fail and display the "We can't open that page right now" error if the domain for the server page is not included in an allow list.
+In federated environments, authentication may be configured to route to AD FS or a third-party identity provider. If the PIN reset flow is launched and attempts to navigate to a federated identity provider server page, it fails and displays the *We can't open that page right now* error, if the domain for the server page isn't included in an allowlist.
 
-If you are a customer of Azure US Government cloud, PIN reset will also attempt to navigate to a domain that is not included in the default allowlist. This results in "We can't open that page right now".
+If you're a customer of *Azure US Government* cloud, PIN reset also attempts to navigate to a domain that isn't included in the default allowlist. The result is the message *We can't open that page right now*.
 
-### Resolving Azure AD joined PIN Reset Allowed Domains Issue
+### Resolve PIN Reset allowed domains issue
 
-To resolve this error, a list of allowed domains for PIN reset can be configured using the [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy. For information on how to configure this policy, see [PIN Reset - Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices](hello-feature-pin-reset.md#configure-web-sign-in-allowed-urls-for-third-party-identity-providers-on-azure-ad-joined-devices).
+To resolve the error, you can configure a list of allowed domains for PIN reset using the [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy. For information on how to configure the policy, see [Configure allowed URLs for federated identity providers on Azure AD joined devices](hello-feature-pin-reset.md#configure-allowed-urls-for-federated-identity-providers-on-azure-ad-joined-devices).
 
-## Hybrid Key Trust Logon Broken Due to User Public Key Deletion
+## Hybrid key trust sign in broken due to user public key deletion
 
 Applies to:
 
@@ -34,37 +34,36 @@ Applies to:
 
 In Hybrid key trust deployments with domain controllers running certain builds of Windows Server 2016 and Windows Server 2019, the user's Windows Hello for Business key is deleted after they sign-in. Subsequent sign-ins will fail until the user's key is synced during the next Azure AD Connect delta sync cycle.
 
-### Identifying User Public Key Deletion Issue
+### Identify user public key deletion issue
 
-After the user provisions a Windows Hello for Business credential in a hybrid key trust environment, the key must sync from Azure AD to AD during an Azure AD Connect sync cycle. The user's public key will be written to the msDS-KeyCredentialLink attribute of the user object.
+After the user provisions a Windows Hello for Business credential in a hybrid key trust environment, the key must sync from Azure AD to AD during an Azure AD Connect sync cycle. The user's public key is written to the `msDS-KeyCredentialLink` attribute of the user object.
 
-Before the user's Windows Hello for Business key is synced, sign-in's with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."* After the sync is successful, the user should be able to log in and unlock with their PIN or enrolled biometrics.
+Before the user's Windows Hello for Business key syncs, sign-ins with Windows Hello for Business fail with the error message *That option is temporarily unavailable. For now, please use a different method to sign in.* After the key syncs successfully, the user can sign in and unlock with their PIN or enrolled biometrics.
 
-In environments impacted with this issue, after the first sign-in with Windows Hello for Business after provisioning is completed, the next sign-in attempt will fail. In environments where domain controllers are running a mix of builds, only some may be impacted by this issue and subsequent logon attempts may be sent different domain controllers. This may result in the sign-in failures appearing to be intermittent.
+In environments with the issue, after the first sign-in with Windows Hello for Business and provisioning is complete, the next sign-in attempt fails. In environments where domain controllers are running a mix of builds, some users may be impacted by the issue, and subsequent sign in attempts may be sent to different domain controllers. The result is intermittent sign-in failures.
 
-After the initial logon attempt, the user's Windows Hello for Business public key is being deleted from the msDS-KeyCredentialLink attribute. This can be verified by querying a user's msDS-KeyCredentialLink attribute before and after sign-in. The msDS-KeyCredentialLink can be queried in AD using [Get-ADUser](/powershell/module/activedirectory/get-aduser) and specifying *msds-keycredentiallink* for the *-Properties* parameter.
+After the initial sign-in attempt, the user's Windows Hello for Business public key is deleted from the `msDS-KeyCredentialLink attribute`. You can verify the deletion by querying a user's `msDS-KeyCredentialLink` attribute before and after sign-in. You can query the `msDS-KeyCredentialLink` in AD using [Get-ADUser](/powershell/module/activedirectory/get-aduser) and specifying `msds-keycredentiallink` for the `-Properties` parameter.
 
-### Resolving User Public Key Deletion Issue
+### Resolve user public key deletion issue
 
-To resolve this behavior, upgrade Windows Server 2016 and 2019 domain controllers to with the latest patches. For Windows Server 2016, this behavior is fixed in build 14393.4104 ([KB4593226](https://support.microsoft.com/help/4593226)) and later. For Windows Server 2019, this behavior is fixed in build 17763.1637 ([KB4592440](https://support.microsoft.com/help/4592440)).
+To resolve the issue, update Windows Server 2016 and 2019 domain controllers with the latest patches. For Windows Server 2016, the behavior is fixed in build *14393.4104* ([KB4593226](https://support.microsoft.com/help/4593226)) and later. For Windows Server 2019, the behavior is fixed in build *17763.1637* ([KB4592440](https://support.microsoft.com/help/4592440)).
 
-## Azure AD Joined Device Access to On-Premises Resources Using Key Trust and Third-Party Certificate Authority (CA)
+## Azure AD joined device access to on-premises resources using key trust and third-party Certificate Authority (CA)
 
 Applies to:
 
 - Azure AD joined key trust deployments
 - Third-party certificate authority (CA) issuing domain controller certificates
 
-Windows Hello for Business uses smart card based authentication for many operations. Smart card has special guidelines when using a third-party CA for certificate issuance, some of which apply to the domain controllers. Not all Windows Hello for Business deployment types require these configurations. Accessing on-premises resources from an Azure AD Joined device does require special configuration when using a third-party CA to issue domain controller certificates.
+Windows Hello for Business uses smart-card based authentication for many operations. This type of authentication has special guidelines when using a third-party CA for certificate issuance, some of which apply to the domain controllers. Not all Windows Hello for Business deployment types require these configurations. Accessing on-premises resources from an Azure AD Joined device does require special configuration when using a third-party CA to issue domain controller certificates.
 
-For more information, read [Guidelines for enabling smart card logon with third-party certification authorities](
-/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities).
+For more information, read [Guidelines for enabling smart card sign in with third-party certification authorities](/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities).
 
-### Identifying On-premises Resource Access Issues with Third-Party CAs
+### Identify on-premises resource access issues with third party CAs
 
-This issue can be identified using network traces or Kerberos logging from the client. In the network trace, the client will fail to place a TGS_REQ request when a user attempts to access a resource. On the client, this can be observed in the Kerberos operation event log under **Application and Services/Microsoft/Windows/Security-Kerberos/Operational**. These logs are default disabled. The failure event for this case will include the following information:
+The issue can be identified using network traces or Kerberos logging from the client. In the network trace, the client fails to place a `TGS_REQ` request when a user attempts to access a resource. On the client, it can be observed in the Kerberos operation event log under `Application and Services/Microsoft/Windows/Security-Kerberos/Operational`. The logs are disabled by default. The failure event for this case includes the following information:
 
-```console
+```Console
 Log Name:      Microsoft-Windows-Kerberos/Operational
 Source:        Microsoft-Windows-Security-Kerberos
 Event ID:      107
@@ -80,18 +79,18 @@ Expected Domain Name: ad.contoso.com
 Error Code: 0xC000006D
 ```
 
-### Resolving On-premises Resource Access Issue with Third-Party CAs
+### Resolve on-premises resource access issue with third party CAs
 
-To resolve this issue, domain controller certificates need to be updated so the certificate subject contains directory path of the server object (distinguished name).
-Example Subject: CN=DC1 OU=Domain Controller, DC=ad, DC=contoso, DC=com
+To resolve the issue, domain controller certificates must be updated so that the certificate subject contains the directory path of the server object (distinguished name).
+Example Subject: `CN=DC1,OU=Domain Controllers,DC=ad,DC=contoso,DC=com`
 
 Alternatively, you can set the subject alternative name (SAN) of the domain controller certificate to contain the server object's fully qualified domain name and the NETBIOS name of the domain.
 Example Subject Alternative Name:
-dns=dc1.ad.contoso.com
-dns=ad.contoso.com
-dns=ad
+  > `dns=dc1.ad.contoso.com`\
+  > `dns=ad.contoso.com`\
+  > `dns=ad`
 
-## Key Trust Authentication Broken for Windows Server 2019
+## Key trust authentication broken for Windows Server 2019
 
 Applies to:
 
@@ -99,21 +98,21 @@ Applies to:
 - Hybrid key trust deployments
 - On-premises key trust deployments
 
-Domain controllers running early versions of Windows Server 2019 have an issue that prevents key trust authentication from working properly. Networks traces report KDC_ERR_CLIENT_NAME_MISMATCH.
+Domain controllers running early versions of Windows Server 2019 have an issue that prevents key trust authentication from working properly. Networks traces report *KDC_ERR_CLIENT_NAME_MISMATCH*.
 
-### Identifying Server 2019 Key Trust Authentication Issue
+### Identify Windows Server 2019 key trust authentication issue
 
-On the client, authentication with Windows Hello for Business will fail with the error message, *"That option is temporarily unavailable. For now, please use a different method to sign in."*
+On the client, authentication with Windows Hello for Business fails with the error message, *That option is temporarily unavailable. For now, please use a different method to sign in.*
 
-This error is usually presented on hybrid Azure AD-joined devices in key trust deployments after Windows Hello for Business has been provisioned but before a user's key has synced from Azure AD to AD. If a user's key has been synced from Azure AD and the msDS-keycredentiallink attribute on the user object in AD has been populated for NGC, then it is possible that this error case is occurring.
+The error is presented on hybrid Azure AD-joined devices in key trust deployments after Windows Hello for Business is provisioned, but before a user's key is synced from Azure AD to AD. If a user's key isn't synced from Azure AD and the `msDS-keycredentiallink` attribute on the user object in AD is populated for NGC, then it's possible that the error occurs.
 
-The other indicator of this failure case can be identified using network traces. If network traces are captured for a key trust sign-in event, the traces will show kerberos failing with the error KDC_ERR_CLIENT_NAME_MISMATCH.
+Another indicator of the failure can be identified using network traces. If you capture network traces for a key trust sign-in event, the traces show Kerberos failing with the error *KDC_ERR_CLIENT_NAME_MISMATCH*.
 
-### Resolving Server 2019 Key Trust Authentication Issue
+### Resolve Server 2019 key trust authentication issue
 
-This issue was fixed in Windows Server 2019, build 17763.316 ([KB4487044](https://support.microsoft.com/help/4487044/windows-10-update-kb4487044)). Upgrade all Windows Server 2019 domain controllers to Windows Server 2019, build 17763.316 or newer to resolve this behavior.
+The issue is resolved in Windows Server 2019, build *17763.316* ([KB4487044](https://support.microsoft.com/help/4487044/windows-10-update-kb4487044)). Upgrade all Windows Server 2019 domain controllers to the build *17763.316* or newer to resolve the issue.
 
-## Certificate Trust Provisioning with AD FS Broken on Windows Server 2019
+## Certificate trust provisioning with AD FS broken on windows server 2019
 
 Applies to:
 
@@ -121,13 +120,13 @@ Applies to:
 - Hybrid certificate trust deployments
 - On-premises certificate trust deployments
 
-AD FS running on Windows Server 2019 fails to complete device authentication properly due to an invalid check of incoming scopes in the request. Device authentication to AD FS is a requirement for Windows Hello for Business to enroll a certificate using AD FS. The client will block Windows Hello for Business provisioning until this authentication is successful.
+AD FS running on Windows Server 2019 fails to complete device authentication due to an invalid check of incoming scopes in the request. Device authentication to AD FS is a requirement for Windows Hello for Business to enroll a certificate using AD FS. The client blocks Windows Hello for Business provisioning until the authentication is successful.
 
-### Identifying Certificate Trust with AD FS 2019 Enrollment Issue
+### Identify certificate trust with AD FS 2019 enrollment issue
 
-The provisioning experience for Windows Hello for Business will launch if a set of prerequisite checks done by the client are successful. The result of the provisioningAdmin checks is available in event logs under Microsoft-Windows-User Device Registration. If provisioning is blocked because device authentication has not successfully occurred, there will be an event ID 362 in the logs that states that *User has successfully authenticated to the enterprise STS: No*.
+The provisioning experience for Windows Hello for Business launches if the prerequisite checks are successful. The result of the provisioningAdmin checks is available in event logs under **Microsoft-Windows-User Device Registration**. If provisioning is blocked because device authentication doesn't succeed, event ID *362* is logged stating *User has successfully authenticated to the enterprise STS: No*.
 
-```console
+```Console
 Log Name:      Microsoft-Windows-User Device Registration/Admin
 Source:        Microsoft-Windows-User Device Registration
 Date:          <Date and time>
@@ -153,11 +152,11 @@ Certificate enrollment method: enrollment authority
 See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
 ```
 
-If a device has recently been joined to a domain, then there may be a delay before the device authentication occurs. If the failing state of this prerequisite check persists, then it can indicate an issue with the AD FS configuration.
+If a device recently joined a domain, there may be a delay before the device authentication occurs. If the failing state of this prerequisite check persists, then it can indicate an issue with the AD FS configuration.
 
-If this AD FS scope issue is present, event logs on the AD FS server will indicate an authentication failure from the client. This error will be logged in event logs under AD FS/Admin as event ID 1021 and the event will specify that the client is forbidden access to resource `http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope` with scope 'ugs':
+If the AD FS scope issue is present, event logs on the AD FS server indicate an authentication failure from the client. The error is logged in event logs under **AD FS/Admin** as event ID *1021* and the event specifies that the client is forbidden access to resource `http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope` with scope `ugs`:
 
-```console
+```Console
 Log Name:      AD FS/Admin
 Source:        AD FS
 Date:          <Date and time>
@@ -176,26 +175,20 @@ Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthUnauthorizedClientE
        at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateCore()
 ```
 
-### Resolving Certificate Trust with AD FS 2019 Enrollment Issue
+### Resolve certificate trust with AD FS 2019 enrollment issue
 
-This issue is fixed in Windows Server, version 1903 and later. For Windows Server 2019, this issue can be remediated by adding the ugs scope manually.
+This issue is fixed in Windows Server, version 1903 and later. For Windows Server 2019, the issue can be remediated by adding the ugs scope manually.
 
 1. Launch AD FS management console. Browse to **Services > Scope Descriptions**.
-
-2. Right click **Scope Descriptions** and select **Add Scope Description**.
-
-3. Under name type **ugs** and click **Apply > OK**.
-
-4. Launch PowerShell as an administrator.
-
-5. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b":
+1. Right select **Scope Descriptions** and select **Add Scope Description**.
+1. Under name type *ugs*, and select **Apply > OK**.
+1. Launch PowerShell as an administrator.
+1. Get the ObjectIdentifier of the application permission with the ClientRoleIdentifier parameter equal to "38aa3b87-a06d-4817-b275-7a316988d93b":
 
    ```powershell
    (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
    ```
 
-6. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
-
-7. Restart the AD FS service.
-
-8. On the client: Restart the client. User should be prompted to provision Windows Hello for Business.
+1. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
+1. Restart the AD FS service.
+1. On the client: Restart the client. The user should be prompted to provision Windows Hello for Business.
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index 0b255e1d93..65be112a27 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -2,10 +2,9 @@
 title: Deploy certificates for remote desktop sign-in
 description: Learn how to deploy certificates to cloud Kerberos trust and key trust users, to enable remote desktop sign-in with supplied credentials.
 ms.collection: 
-  - ContentEngagementFY23
   - tier1
-ms.topic: article
-ms.date: 03/15/2023
+ms.topic: how-to
+ms.date: 07/25/2023
 ---
 
 # Deploy certificates for remote desktop (RDP) sign-in
@@ -88,8 +87,11 @@ Follow these steps to create a certificate template:
 
 ## Deploy certificates via Intune
 
-> [!NOTE]
+> [!CAUTION]
 > This process is applicable to both *Azure AD joined* and *hybrid Azure AD joined* devices that are managed via Intune.
+>
+> If you deploy certificates via Intune and configure Windows Hello for Business via group policy, the devices will fail to obtain a certificate, logging the error code `0x82ab0011` in the `DeviceManagement-Enterprise-Diagnostic-Provider` log.\
+> To avoid the error, configure Windows Hello for Business via Intune instead of group policy.
 
 Deploying a certificate to Azure AD joined or hybrid Azure AD joined devices may be achieved using the Simple Certificate Enrollment Protocol (SCEP) or PKCS (PFX) via Intune. For guidance deploying the required infrastructure, refer to:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 08924b2594..ca9a3ac20d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -8,7 +8,7 @@ metadata:
     - highpri
     - tier1
   ms.topic: faq
-  ms.date: 03/09/2023
+  ms.date: 08/03/2023
 
 title: Common questions about Windows Hello for Business
 summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business.
@@ -124,6 +124,15 @@ sections:
       - question: What is Event ID 300?
         answer: |
           This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request. This is a normal condition and no further action is required.
+      - question: What happens when an unauthorized user gains possession of a device enrolled in Windows Hello for Business?
+        answer: |
+          The unauthorized user won't be able to utilize any biometric options and will have the only option to enter a PIN.
+
+          If the user attempts to unlock the device by entering random PINs, after three unsuccessful attempts the credential provider will display the following message: **You've entered an incorrect PIN several times. To try again, enter A1B2C3 below**.
+          Upon entering the challenge phrase *A1B2C3*, the user will be granted one more opportunity to enter the PIN. If unsuccessful, the provider will be disabled, leaving the user with the only option to reboot the device. Following the reboot, the aforementioned pattern repeats.
+          
+          If unsuccessful attempts continue, the device will enter a lockout state, lasting for 1 minute after the first reboot, 2 minutes after the fourth reboot, and 10 minutes after the fifth reboot. The duration of each lockout increases accordingly. This behavior is a result of the TPM 2.0 anti-hammering feature.
+          For more information about the TPM anti-hammering feature, see [TPM 2.0 anti-hammering](/windows/security/information-protection/tpm/tpm-fundamentals#tpm-20-anti-hammering).
 
   - name: Design and planning
     questions:
@@ -165,7 +174,7 @@ sections:
         answer: |
           A user will be prompted to set up a Windows Hello for Business key on an Azure AD registered devices  if the feature is enabled by policy. If the user has an existing Windows Hello container, the Windows Hello for Business key will be enrolled in that container and will be protected using existing gestures.
 
-          If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
+          If a user has signed into their Azure AD registered device with Windows Hello, their Windows Hello for Business key will be used to authenticate the user's work identity when they try to use Azure AD resources. The Windows Hello for Business key meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. 
 
           It's possible to Azure AD register a domain joined device. If the domain joined device has a convenience PIN, sign in with the convenience PIN will no longer work. This configuration isn't supported by Windows Hello for Business. 
 
@@ -176,12 +185,12 @@ sections:
       - question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients?
         answer: |
           No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD isn't available for it via Azure AD Connect. Hence, Windows Hello for Business doesn't work with Azure AD DS.
-      - question: Is Windows Hello for Business considered multi-factor authentication?
+      - question: Is Windows Hello for Business considered multifactor authentication?
         answer: |
           Windows Hello for Business is two-factor authentication based on the observed authentication factors of: *something you have*, *something you know*, and *something that's part of you*. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
 
           > [!NOTE]
-          > The Windows Hello for Business key meets Azure AD multi-factor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
+          > The Windows Hello for Business key meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
       - question: Which is a better or more secure for of authentication, key or certificate?
         answer: |
           Both types of authentication provide the same security; one is not more secure than the other.
@@ -216,7 +225,7 @@ sections:
           Windows Hello for Business credentials need access to device state, which is not available in private browser mode or incognito mode. Hence it can't be used in private browser or Incognito mode.
       - question: Can I use both a PIN and biometrics to unlock my device?
         answer: |
-          You can use *multi-factor unlock* to require users to provide an extra factor to unlock their device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. To learn more, see [Multifactor Unlock](feature-multifactor-unlock.md).
+          You can use *multifactor unlock* to require users to provide an extra factor to unlock their device. Authentication remains two-factor, but another factor is required before Windows allows the user to reach the desktop. To learn more, see [Multifactor Unlock](feature-multifactor-unlock.md).
 
   - name: Cloud Kerberos trust
     questions:
@@ -248,4 +257,4 @@ sections:
           In a hybrid deployment, a user's public key must sync from Azure AD to AD before it can be used to authenticate against a domain controller. This sync is handled by Azure AD Connect and will occur during a normal sync cycle.
       - question: Can I use Windows Hello for Business key trust and RDP?
         answer: |
-          Remote Desktop Protocol (RDP) doesn't currently support using key-based authentication and self-signed certificates as supplied credentials. However, you can deploy certificates in the key trust model to enable RDP. For more information, see [Deploying certificates to key trust users to enable RDP](hello-deployment-rdp-certs.md). In addition, Windows Hello for Business key trust can be also used with RDP with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) without deploying certificates.
+          Remote Desktop Protocol (RDP) doesn't currently support using key-based authentication and self-signed certificates as supplied credentials. However, you can deploy certificates in the key trust model to enable RDP. For more information, see [Deploying certificates to key trust users to enable RDP](hello-deployment-rdp-certs.md). In addition, Windows Hello for Business key trust can be also used with RDP with [Remote Credential Guard](../remote-credential-guard.md) without deploying certificates.
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
index 2f6540362a..bfc4c9736e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
@@ -1,20 +1,17 @@
 ---
 title: Dual Enrollment
-description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment.
-ms.date: 09/09/2019
-ms.topic: article
+description: Learn how to configure Windows Hello for Business dual enrollment and how to configure Active Directory to support Domain Administrator enrollment.
+ms.date: 07/05/2023
+ms.topic: conceptual
 ---
 
 # Dual Enrollment
 
 **Requirements**
 
-* Hybrid and On-premises Windows Hello for Business deployments
-* Enterprise joined or Hybrid Azure joined devices
-* Certificate trust
-
-> [!NOTE]
-> This feature was previously known as **Privileged Credential** but was renamed to **Dual Enrollment** to prevent any confusion with the **Privileged Access Workstation** feature.
+- Hybrid and On-premises Windows Hello for Business deployments
+- Enterprise joined or Hybrid Azure joined devices
+- Certificate trust
 
 > [!IMPORTANT]
 > Dual enrollment does not replace or provide the same security as Privileged Access Workstations feature.  Microsoft encourages enterprises to use the Privileged Access Workstations for their privileged credential users.  Enterprises can consider Windows Hello for Business dual enrollment in situations where the Privileged Access feature cannot be used.  Read [Privileged Access Workstations](/windows-server/identity/securing-privileged-access/privileged-access-workstations) for more information.
@@ -65,14 +62,3 @@ You configure Windows 10 or Windows 11 to support dual enrollment using the comp
 5. Restart computers targeted by this Group Policy object.
 
 The computer is ready for dual enrollment.  Sign in as the privileged user first and enroll for Windows Hello for Business. Once completed, sign out and sign in as the non-privileged user and enroll for Windows Hello for Business.  You can now use your privileged credential to perform privileged tasks without using your password and without needing to switch users.
-
-## Related topics
-
-* [Windows Hello for Business](hello-identity-verification.md)
-* [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-* [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-* [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-* [Windows Hello and password changes](hello-and-password-changes.md)
-* [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
-* [Event ID 300 - Windows Hello successfully created](/windows/security/identity-protection/hello-for-business/hello-faq)
-* [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 916a8890bf..ab35e717f2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -1,176 +1,138 @@
 ---
-title: Pin Reset
-description: Learn how Microsoft PIN reset services enable you to help users recover who have forgotten their PIN.
+title: PIN reset
+description: Learn how Microsoft PIN reset service enables your users to recover a forgotten Windows Hello for Business PIN.
 ms.collection: 
   - highpri
   - tier1
-ms.date: 03/10/2023
+ms.date: 08/15/2023
 ms.topic: how-to
 ---
 
 # PIN reset
 
-Windows Hello for Business provides the capability for users to reset forgotten PINs using the *I forgot my PIN* link from the Sign-in options page in *Settings* or from the Windows lock screen. Users are required to authenticate and complete multi-factor authentication to reset their PIN.
+This article describes how *Microsoft PIN reset service* enables your users to recover a forgotten Windows Hello for Business PIN.
 
-There are two forms of PIN reset:
+## Overview
 
-- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new login key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration.
-- **Non-destructive PIN reset**: with this option, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For non-destructive PIN reset, you must deploy the **Microsoft PIN Reset Service** and configure your clients' policy to enable the **PIN Recovery** feature.
-## Using PIN reset
+Windows Hello for Business provides the capability for users to reset forgotten PINs. There are two forms of PIN reset:
 
-There are two forms of PIN reset called destructive and non-destructive. Destructive PIN reset is the default and doesn't require configuration. During a destructive PIN reset, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned. For non-destructive PIN reset, you must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.
+- *Destructive PIN reset*: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new sign in key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration
+- *Non-destructive PIN reset*: with this option, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For non-destructive PIN reset, you must deploy the *Microsoft PIN reset service* and configure your clients' policy to enable the *PIN recovery* feature
 
-Destructive and non-destructive PIN reset use the same steps for initiating a PIN reset. If users have forgotten their PINs, but have an alternate sign-in method, they can navigate to Sign-in options in *Settings* and initiate a PIN reset from the PIN options. If users don't have an alternate way to sign into their devices, PIN reset can also be initiated from the Windows lock screen in the PIN credential provider.
-
->[!IMPORTANT]
->For hybrid Azure AD-joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN.
-
-### Reset PIN from Settings
-
-1. Sign-in to Windows 10 using an alternate credential.
-1. Open **Settings**, select **Accounts** > **Sign-in options**.
-1. Select **PIN (Windows Hello)** > **I forgot my PIN** and follow the instructions.
-
-### Reset PIN above the Lock Screen
-
-For Azure AD-joined devices:
-
-1. If the PIN credential provider isn't selected, expand the **Sign-in options** link, and select the PIN pad icon.
-1. Select **I forgot my PIN** from the PIN credential provider.
-1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (like Password, PIN, Security key).
-1. Follow the instructions provided by the provisioning process.
-1. When finished, unlock your desktop using your newly created PIN.
-
-For Hybrid Azure AD-joined devices:
-
-1. If the PIN credential provider isn't selected, expand the **Sign-in options** link, and select the PIN pad icon.
-1. Select **I forgot my PIN** from the PIN credential provider.
-1. Enter your password and press enter.
-1. Follow the instructions provided by the provisioning process.
-1. When finished, unlock your desktop using your newly created PIN.
-
-> [!NOTE]
-> Key trust on hybrid Azure AD-joined devices does not support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work.
-
-You may find that PIN reset from settings only works post login. Also, the lock screen PIN reset function won't work if you have any matching limitation of self-service password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen - General ](/azure/active-directory/authentication/howto-sspr-windows#general-limitations).
-
-## Non-Destructive PIN reset
+## How non-destructive PIN reset works
 
 **Requirements:**
 
-- Azure Active Directory
-- Windows Enterprise and Pro editions. There's no licensing requirement for this feature.
-- Hybrid Windows Hello for Business deployment
-- Azure AD registered, Azure AD joined, and Hybrid Azure AD joined
+- Hybrid or cloud-only Windows Hello for Business deployments
+- Windows Enterprise, Education and Pro editions. There's no licensing requirement for this feature
 
+When non-destructive PIN reset is enabled on a client, a *256-bit AES* key is generated locally. The key is added to a user's Windows Hello for Business container and keys as the *PIN reset protector*. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication and multi-factor authentication to Azure AD, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it's then cleared from memory.
 
-When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally. The key is added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication and multi-factor authentication to Azure AD, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it's then cleared from memory.
+Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the Microsoft PIN reset service, which enables users to reset their forgotten PIN without requiring re-enrollment.
 
-Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the **Microsoft PIN Reset Service** which enables users to reset their forgotten PIN without requiring re-enrollment.
+The following table compares destructive and non-destructive PIN reset:
 
->[!IMPORTANT]
-> The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809 and later, and Windows 11. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and later, Windows 11.
-> The Microsoft PIN Reset service is not currently available in Azure Government.
-
-### Summary
-
-|Category|Destructive PIN Reset|Non-Destructive PIN Reset|
+|Category|Destructive PIN reset|Non-Destructive PIN reset|
 |--- |--- |--- |
-|**Functionality**|The user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned.|You must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. For more information on how to deploy the Microsoft PIN reset service and client policy, see [Connect Azure Active Directory with the PIN reset service](#connect-azure-active-directory-with-the-pin-reset-service). During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.|
-|**Windows editions and versions**| Windows Enterprise and Pro editions.|
+|**Functionality**|The user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new sign in key and PIN are provisioned.|You must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.|
 |**Azure Active Directory Joined**|Cert Trust, Key Trust, and cloud Kerberos trust|Cert Trust, Key Trust, and cloud Kerberos trust|
-|**Hybrid Azure Active Directory Joined**|Cert Trust and cloud Kerberos trust for both settings and above the lock support destructive PIN reset. Key Trust doesn't support this from above the lock screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. It does support from the settings page and the users must have a corporate network connectivity to the DC. |Cert Trust, Key Trust, and cloud Kerberos trust for both settings and above the lock support non-destructive PIN reset. No network connection is required for the DC.|
-|**On Premises**|If ADFS is being used for on premises deployments, users must have a corporate network connectivity to federation services. |The PIN reset service relies on Azure Active Directory identities, so it's only available for Hybrid Azure Active Directory Joined and Azure Active Directory Joined devices.|
-|**Additional Configuration required**|Supported by default and doesn't require configuration|Deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature On-board the Microsoft PIN reset service to respective Azure Active Directory tenant Configure Windows devices to use PIN reset using Group *Policy\MDM*.|
+|**Hybrid Azure Active Directory Joined**|Cert Trust and cloud Kerberos trust for both settings and above the lock support destructive PIN reset. Key Trust doesn't support this option from above the lock screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. It does support from the settings page and the users must have a corporate network connectivity to the DC. |Cert Trust, Key Trust, and cloud Kerberos trust for both settings and above the lock support non-destructive PIN reset. No network connection is required for the DC.|
+|**On Premises**|If AD FS is used for on premises deployments, users must have a corporate network connectivity to federation services. |The PIN reset service relies on Azure Active Directory identities, so it's only available for hybrid Azure AD joined and Azure AD Joined devices.|
+|**Additional configuration required**|Supported by default and doesn't require configuration|Deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature.|
 |**MSA/Enterprise**|MSA and Enterprise|Enterprise only.|
 
-### Onboarding the Microsoft PIN reset service to your Intune tenant
+## Enable the Microsoft PIN Reset Service in your Azure AD tenant
 
-> The **Microsoft PIN Reset Service** is not currently available in Azure Government.
+Before you can use non-destructive PIN reset, you must register two applications in your Azure Active Directory tenant:
 
-### Enable the Microsoft PIN Reset Service in your Azure AD tenant
+- Microsoft Pin Reset Service Production
+- Microsoft Pin Reset Client Production
 
-Before you can remotely reset PINs, you must register two applications in your Azure Active Directory tenant:
+To register the applications, follow these steps:
 
-- PIN Reset Service
-- PIN Reset Client
+:::row:::
+  :::column span="3":::
+  1. Go to the [Microsoft PIN Reset Service Production website][APP-1], and sign in using a *Global Administrator* account you use to manage your Azure Active Directory tenant. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to give consent to the application to access your organization
+  :::column-end:::
+  :::column span="1":::
+    :::image type="content" alt-text="Screenshot showing the PIN reset service permissions page." source="images/pinreset/pin-reset-service-prompt.png" lightbox="images/pinreset/pin-reset-service-prompt.png" border="true":::
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="3":::
+  2. Go to the [Microsoft PIN Reset Client Production website][APP-2], and sign in using a *Global Administrator* account you use to manage your Azure Active Directory tenant. Review the permissions requested by the *Microsoft Pin Reset Client Production* application, and select **Next**.
+  :::column-end:::
+  :::column span="1":::
+    :::image type="content" alt-text="Screenshot showing the PIN reset client permissions page." source="images/pinreset/pin-reset-client-prompt.png" lightbox="images/pinreset/pin-reset-client-prompt.png" border="true":::
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="3":::
+  3. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to confirm consent to both applications to access your organization.
+  >[!NOTE]
+  >After accepance, the redirect page will show a blank page. This is a known behavior.
+  :::column-end:::
+  :::column span="1":::
+    :::image type="content" alt-text="Screenshot showing the PIN reset service permissions final page." source="images/pinreset/pin-reset-service-prompt-2.png" lightbox="images/pinreset/pin-reset-service-prompt-2.png" border="true":::
+  :::column-end:::
+:::row-end:::
 
-#### Connect Azure Active Directory with the PIN Reset Service
+### Confirm that the two PIN Reset service principals are registered in your tenant
 
-1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
-1. After you've logged in, select **Accept** to give consent to the **PIN Reset Service** to access your organization.
-   ![PIN reset service application in Azure.](images/pinreset/pin-reset-service-prompt.png)
-
-#### Connect Azure Active Directory with the PIN Reset Client
-
-1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
-1. After you've logged in, select **Accept** to give consent for the **PIN Reset Client** to access your organization.
-   ![PIN reset client application in Azure.](images/pinreset/pin-reset-client-prompt.png)
-
-#### Confirm that the two PIN Reset service principals are registered in your tenant
-
-1. Sign in to the [Microsoft Entra Manager admin center](https://entra.microsoft.com).
-1. Select **Azure Active Directory** > **Applications** > **Enterprise applications**.
-1. Search by application name "Microsoft PIN" and both **Microsoft Pin Reset Service Production** and **Microsoft Pin Reset Client Production** will show up in the list.
+1. Sign in to the [Microsoft Entra Manager admin center](https://entra.microsoft.com)
+1. Select **Azure Active Directory > Applications > Enterprise applications**
+1. Search by application name "Microsoft PIN" and verify that both **Microsoft Pin Reset Service Production** and **Microsoft Pin Reset Client Production** are in the list
    :::image type="content" alt-text="PIN reset service permissions page." source="images/pinreset/pin-reset-applications.png" lightbox="images/pinreset/pin-reset-applications-expanded.png":::
 
-### Enable PIN Recovery on your devices
+## Enable PIN recovery on the clients
 
-Before you can remotely reset PINs, your devices must be configured to enable PIN Recovery. Follow the instructions below to configure your devices using either Microsoft Intune, Group Policy Objects (GPO), or Configuration Service Providers (CSP).
+To enable PIN recovery on the clients, you can use:
+
+- Microsoft Intune/MDM
+- Group policy
+
+The following instructions provide details how to configure your devices. Select the option that best suits your needs.
 
 #### [:::image type="icon" source="../../images/icons/intune.svg"::: **Intune**](#tab/intune)
 
-You can configure Windows devices to use the **Microsoft PIN Reset Service** using Microsoft Intune.
+[!INCLUDE [intune-settings-catalog-1](../../../../includes/configure/intune-settings-catalog-1.md)]
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** > **Configuration profiles** > **Create profile**.
-1. Enter the following properties:
-    - **Platform**: Select **Windows 10 and later**.
-    - **Profile type**: Select **Settings catalog**.
-1. Select **Create**.
-1. In **Basics**, enter the following properties:
-    - **Name**: Enter a descriptive name for the profile.
-    - **Description**: Enter a description for the profile. This setting is optional, but recommended.
-1. Select **Next**.
-1. In **Configuration settings**, select **Add settings**.
-1. In the settings picker, select **Windows Hello For Business** > **Enable Pin Recovery**.
-1. Configure **Enable Pin Recovery** to **true**.
-1. Select **Next**.
-1. In **Scope tags**, assign any applicable tags (optional).
-1. Select **Next**.
-1. In **Assignments**, select the security groups that will receive the policy.
-1. Select **Next**.
-1. In **Review + create**, review your settings and select **Create**.
+| Category | Setting name | Value |
+|--|--|--|
+| **Windows Hello For Business** | Enable Pin Recovery | True |
+
+[!INCLUDE [intune-settings-catalog-2](../../../../includes/configure/intune-settings-catalog-2.md)]
 
 >[!NOTE]
 > You can also configure PIN recovery from the **Endpoint security** blade:
-> 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-> 1. Select **Endpoint security** > **Account protection** > **Create Policy**.
+>
+> 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
+> 1. Select **Endpoint security > Account protection > Create Policy**
 
-#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
+Alternatively, you can configure devices using a [custom policy][INT-1] with the [PassportForWork CSP][CSP-1].
 
-You can configure Windows devices to use the **Microsoft PIN Reset Service** using a Group Policy Object (GPO).
-
-1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory.
-1. Edit the Group Policy object from Step 1.
-1. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**.
-1. Close the Group Policy Management Editor to save the Group Policy object.
-
-#### [:::image type="icon" source="../../images/icons/windows-os.svg"::: **CSP**](#tab/CSP)
-
-You can configure Windows devices to use the **Microsoft PIN Reset Service** using the [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp).
-
-- OMA-URI: `./Vendor/MSFT/Policy/PassportForWork/`*TenantId*`/Policies/EnablePinRecovery`
-- Data type: **Boolean**
-- Value: **True**
+| OMA-URI |Data type| Value|
+|-|-|-|
+| `./Vendor/MSFT/Policy/PassportForWork/`*TenantId*`/Policies/EnablePinRecovery`| Boolean | True |
 
 >[!NOTE]
-> You must replace `TenantId` with the identifier of your Azure Active Directory tenant. To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account::
+> You must replace `TenantId` with the identifier of your Azure Active Directory tenant. To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account::
 
 ```msgraph-interactive
 GET https://graph.microsoft.com/v1.0/organization?$select=id
 ```
 
+#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
+
+[!INCLUDE [gpo-settings-1](../../../../includes/configure/gpo-settings-1.md)]
+[!INCLUDE [gpo-settings-1](../../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+|**Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**| Use PIN Recovery | Enabled |
+
+[!INCLUDE [gpo-settings-2](../../../../includes/configure/gpo-settings-2.md)]
+
 ---
 
 #### Confirm that PIN Recovery policy is enforced on the devices
@@ -179,7 +141,7 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
 
 **Sample User state Output for Destructive PIN Reset**
 
-```console
+```cmd
 +----------------------------------------------------------------------+
 | User State                                                           |
 +----------------------------------------------------------------------+
@@ -198,7 +160,7 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
 
 **Sample User state Output for Non-Destructive PIN Reset**
 
-```console
+```cmd
 +----------------------------------------------------------------------+
 | User State                                                           |
 +----------------------------------------------------------------------+
@@ -215,49 +177,72 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
 +----------------------------------------------------------------------+
 ```
 
-## Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices
+## Configure allowed URLs for federated identity providers on Azure AD joined devices
 
-**Applies to:**
+**Applies to:** Azure AD joined devices
 
-- Azure AD joined devices
+PIN reset on Azure AD-joined devices uses a flow called *web sign-in* to authenticate users in the lock screen. Web sign-in only allows navigation to specific domains. If web sign-in attempts to navigate to a domain that isn't allowed, it displays a page with the error message: *"We can't open that page right now"*.\
+If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, then you must configure your devices with a policy to allow a list of domains that can be reached during PIN reset flows. When set, it ensures that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
 
-The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that can be reached during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, then this policy should be set. When set, it ensures that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
+[!INCLUDE [intune-settings-catalog-1](../../../../includes/configure/intune-settings-catalog-1.md)]
 
-### Configure Web Sign-in Allowed URLs using Microsoft Intune
+| Category | Setting name | Value |
+|--|--|--|
+| **Authentication** | Configure Web Sign In Allowed Urls | Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com**|
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-1. Select **Devices** > **Configuration profiles** > **Create profile**
-1. Enter the following properties:
-    - **Platform**: Select **Windows 10 and later**
-    - **Profile type**: Select **Templates**
-    - In the list of templates that is loaded, select **Custom** > **Create**
-1. In **Basics**, enter the following properties:
-    - **Name**: Enter a descriptive name for the profile
-    - **Description**: Enter a description for the profile. This setting is optional, but recommended
-1. Select **Next**
-1. In **Configuration settings**, select **Add** and enter the following settings:
-    - Name: **Web Sign In Allowed URLs**
-    - Description: **(Optional) List of domains that are allowed during PIN reset flows**
-    - OMA-URI: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`
-    - Data type: **String**
-    - Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com**
-    :::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy." source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist-expanded.png":::
-1. Select **Save** > **Next**
-1. In **Assignments**, select the security groups that will receive the policy
-1. Select **Next**
-1. In **Applicability Rules**, select **Next**
-1. In **Review + create**, review your settings and select **Create**
+[!INCLUDE [intune-settings-catalog-2](../../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-1] with the [Policy CSP][CSP-2].
+
+| Setting |
+|--------|
+| <li> OMA-URI: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls` </li><li>Data type: String </li><li>Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com**</li>|
 
 > [!NOTE]
-> For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now." The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.
+> For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, *"We can't open that page right now"*. The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.
 
-## Related articles
+## Use PIN reset
 
-- [Windows Hello for Business](hello-identity-verification.md)
-- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-- [Windows Hello and password changes](hello-and-password-changes.md)
-- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
-- [Event ID 300 - Windows Hello successfully created](/windows/security/identity-protection/hello-for-business/hello-faq)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
+Destructive and non-destructive PIN reset scenarios use the same steps for initiating a PIN reset. If users have forgotten their PINs, but have an alternate sign-in method, they can navigate to Sign-in options in *Settings* and initiate a PIN reset from the PIN options. If users don't have an alternate way to sign into their devices, PIN reset can also be initiated from the Windows lock screen with the *PIN credential provider*. Users must authenticate and complete multi-factor authentication to reset their PIN. After PIN reset is complete, users can sign in using their new PIN.
+
+>[!IMPORTANT]
+>For hybrid Azure AD-joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN.
+
+### Reset PIN from Settings
+
+1. Sign-in to Windows 10 using an alternate credential
+1. Open **Settings > Accounts > Sign-in options**
+1. Select **PIN (Windows Hello) > I forgot my PIN** and follow the instructions
+
+### Reset PIN from the lock screen
+
+For Azure AD-joined devices:
+
+1. If the PIN credential provider isn't selected, expand the **Sign-in options** link, and select the PIN pad icon
+1. Select **I forgot my PIN** from the PIN credential provider
+1. Select an authentication option from the list of presented options. This list is based on the different authentication methods enabled in your tenant (like Password, PIN, Security key)
+1. Follow the instructions provided by the provisioning process
+1. When finished, unlock your desktop using your newly created PIN
+
+:::image type="content" alt-text="Animation showing the PIN reset experience from the lock screen." source="images/pinreset/pin-reset.gif" border="false":::
+
+For Hybrid Azure AD-joined devices:
+
+1. If the PIN credential provider isn't selected, expand the **Sign-in options** link, and select the PIN pad icon
+1. Select **I forgot my PIN** from the PIN credential provider
+1. Enter your password and press enter
+1. Follow the instructions provided by the provisioning process
+1. When finished, unlock your desktop using your newly created PIN
+
+> [!NOTE]
+> Key trust on hybrid Azure AD-joined devices doesn't support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work.
+
+You may find that PIN reset from Settings only works post sign in. Also, the lock screen PIN reset function doesn't work if you have any matching limitation of self-service password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen](/azure/active-directory/authentication/howto-sspr-windows#general-limitations).
+
+<!--links-->
+
+[CSP-1]: /windows/client-management/mdm/passportforwork-csp
+[CSP-2]: /windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls
+[INT-1]: /mem/intune/configuration/settings-catalog
+[APP-1]: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent
+[APP-2]: https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 45fc8c784f..58e5c14636 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -1,19 +1,20 @@
 ---
 title: Remote Desktop
 description: Learn how Windows Hello for Business supports using biometrics with remote desktop
-ms.date: 02/24/2021
-ms.topic: article
+ms.date: 09/01/2023
+ms.topic: conceptual
 ms.collection:
-  - tier1
+- tier1
 ---
 
 # Remote Desktop
 
 **Requirements**
+
 - Hybrid and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 
-Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) to establish a remote desktop protocol connection.
+Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Remote Credential Guard](../remote-credential-guard.md) to establish a remote desktop protocol connection.
 
 Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release.
 
@@ -24,37 +25,25 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
 - Hybrid and On-premises Windows Hello for Business deployments
 - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
 - Biometric enrollments
-- Windows 10, version 1809 or later
 
-Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture.  Windows 10, version 1809 or later introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture.  The feature is on by default, so your users can take advantage of it as soon as they upgrade to Windows 10, version 1809.
+The ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric is on by default.
 
 ### How does it work
 
-Windows generates and stores cryptographic keys using a software component called a key storage provider (KSP).  Software-based keys are created and stored using the Microsoft Software Key Storage Provider.  Smart card keys are created and stored using the Microsoft Smart Card Key Storage Provider.  Keys created and protected by Windows Hello for Business are created and stored using the Microsoft Passport Key Storage Provider.
+Windows generates and stores cryptographic keys using a software component called a key storage provider (KSP). Software-based keys are created and stored using the Microsoft Software Key Storage Provider. Smart card keys are created and stored using the Microsoft Smart Card Key Storage Provider. Keys created and protected by Windows Hello for Business are created and stored using the Microsoft Passport Key Storage Provider.
 
-A certificate on a smart card starts with creating an asymmetric key pair using the Microsoft Smart Card KSP.  Windows requests a certificate based on the key pair from your enterprises issuing certificate authority, which returns a certificate that is stored in the user's Personal certificate store.  The private key remains on the smart card and the public key is stored with the certificate.  Metadata on the certificate (and the key) store the key storage provider used to create the key (remember the certificate contains the public key).
+A certificate on a smart card starts with creating an asymmetric key pair using the Microsoft Smart Card KSP. Windows requests a certificate based on the key pair from your enterprises issuing certificate authority, which returns a certificate that is stored in the user's Personal certificate store. The private key remains on the smart card and the public key is stored with the certificate. Metadata on the certificate (and the key) stores the key storage provider used to create the key (remember the certificate contains the public key).
 
-This same concept applies to Windows Hello for Business. Except, the keys are created using the Microsoft Passport KSP and the user's private key remains protected by the device's security module (TPM) and the user's gesture (PIN/biometric).  The certificate APIs hide this complexity.  When an application uses a certificate, the certificate APIs locate the keys using the saved key storage provider.  The key storage providers directs the certificate APIs on which provider they use to find the private key associated with the certificate.  This is how Windows knows you have a smart card certificate without the smart card inserted (and prompts you to insert the smart card).
+The same concept applies to Windows Hello for Business, except that the keys are created using the Microsoft Passport KSP. The user's private key remains protected by the device's security module (TPM) and the user's gesture (PIN/biometric). The certificate APIs hide the complexity. When an application uses a certificate, the certificate APIs locate the keys using the saved key storage provider. The key storage providers direct the certificate APIs on which provider they use to find the private key associated with the certificate. This is how Windows knows you have a smart card certificate without the smart card inserted (and prompts you to insert the smart card).
 
-Windows Hello for Business emulates a smart card for application compatibility.  Versions of Windows 10 prior to version 1809, would redirect private key access for Windows Hello for Business certificate to use its emulated smart card using the Microsoft Smart Card KSP, which would enable the user to provide their PIN.  Windows 10, version 1809 or later no longer redirects private key access for Windows Hello for Business certificates to the Microsoft Smart Card KSP-- it continues using the Microsoft Passport KSP. The Microsoft Passport KSP enabled Windows to prompt the user for their biometric gesture or PIN.
+Windows Hello for Business emulates a smart card for application compatibility, and the Microsoft Passport KSP prompts the user for their biometric gesture or PIN.
 
 ### Compatibility
 
-Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates.  You can relax knowing a Group Policy setting and a [MDM URI](/windows/client-management/mdm/passportforwork-csp) exist to help you revert to the previous behavior for those users who need it.
+Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates. You can relax knowing a Group Policy setting and a [MDM URI](/windows/client-management/mdm/passportforwork-csp) exist to help you revert to the previous behavior for those users who need it.
 
 > [!div class="mx-imgBorder"]
 > ![WHFB Certificate GP Setting.](images/rdpbio/rdpbiopolicysetting.png)
 
 > [!IMPORTANT]
-> The remote desktop with biometric feature does not work with [Dual Enrollment](hello-feature-dual-enrollment.md) feature or scenarios where the user provides alternative credentials.  Microsoft continues to investigate supporting the feature.
-
-## Related topics
-
-- [Windows Hello for Business](hello-identity-verification.md)
-- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-- [Windows Hello and password changes](hello-and-password-changes.md)
-- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
-- [Event ID 300 - Windows Hello successfully created](/windows/security/identity-protection/hello-for-business/hello-faq)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
+> The remote desktop with biometric feature does not work with [Dual Enrollment](hello-feature-dual-enrollment.md) feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature.
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 219e82d35c..ee7ba7e558 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -2,7 +2,7 @@
 title: How Windows Hello for Business works - Provisioning
 description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments.
 ms.date: 2/15/2022
-ms.topic: article
+ms.topic: overview
 ---
 # Windows Hello for Business Provisioning
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index 76368b1c12..8c6856a2da 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -2,7 +2,7 @@
 title: How Windows Hello for Business works - technology and terms
 description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works.
 ms.date: 10/08/2018
-ms.topic: article
+ms.topic: glossary
 ---
 
 # Technology and terms
@@ -94,8 +94,8 @@ In Windows 10 and Windows 11, cloud experience host is an application used while
 
 ### Related to cloud experience host
 
-- [Windows Hello for Business](./hello-identity-verification.md)
-- [Managed Windows Hello in organization](./hello-manage-in-organization.md)
+- [Windows Hello for Business](hello-identity-verification.md)
+- [Managed Windows Hello in organization](hello-manage-in-organization.md)
 
 ### More information on cloud experience host
 
@@ -359,7 +359,7 @@ A TPM implements controls that meet the specification described by the Trusted C
 - The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
 - The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
 
-Windows 10 and Windows 11 use the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows](../../information-protection/tpm/tpm-recommendations.md).
+Windows 10 and Windows 11 use the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows](../../hardware-security/tpm/tpm-recommendations.md).
 
 Windows recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 and Windows 11 support only TPM 2.0.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 93bfd6d56a..a39e31f06f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -2,7 +2,7 @@
 title: How Windows Hello for Business works
 description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services.
 ms.date: 05/05/2018
-ms.topic: article
+ms.topic: overview
 ---
 # How Windows Hello for Business works in Windows Devices
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 9a5646c257..b512d1a236 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -2,7 +2,7 @@
 title: Configure single sign-on (SSO) for Azure AD joined devices
 description: Learn how to configure single sign-on to on-premises resources for Azure AD-joined devices, using Windows Hello for Business.
 ms.date: 12/30/2022
-ms.topic: article
+ms.topic: how-to
 ---
 # Configure single sign-on for Azure AD joined devices
 
@@ -203,7 +203,7 @@ With the CA properly configured with a valid HTTP-based CRL distribution point,
 1. Repeat this procedure on all your domain controllers
 
 > [!NOTE]
-> You can configure domain controllers to automatically enroll and renew their certificates. Automatic certificate enrollment helps prevent authentication outages due to expired certificates. Refer to the [Windows Hello Deployment Guides](./hello-deployment-guide.md) to learn how to deploy automatic certificate enrollment for domain controllers.
+> You can configure domain controllers to automatically enroll and renew their certificates. Automatic certificate enrollment helps prevent authentication outages due to expired certificates. Refer to the [Windows Hello Deployment Guides](hello-deployment-guide.md) to learn how to deploy automatic certificate enrollment for domain controllers.
 
 > [!IMPORTANT]
 > If you are not using automatic certificate enrollment, create a calendar reminder to alert you two months before the certificate expiration date. Send the reminder to multiple people in the organization to ensure more than one or two people know when these certificates expire.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
index 9cd071eac6..4765ae8d4e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
@@ -101,7 +101,7 @@ To configure the cloud Kerberos trust policy:
     > [!IMPORTANT]
     > *Tenant ID* in the OMA-URI must be replaced with the tenant ID for your Azure AD tenant. See [How to find your Azure AD tenant ID][AZ-3] for instructions on looking up your tenant ID.
 
-    :::image type="content" alt-text ="Intune custom-device configuration policy creation" source="./images/hello-cloud-trust-intune.png" lightbox="./images/hello-cloud-trust-intune-large.png":::
+    :::image type="content" alt-text ="Intune custom-device configuration policy creation" source="images/hello-cloud-trust-intune.png" lightbox="images/hello-cloud-trust-intune-large.png":::
 
 1. Assign the policy to a security group that contains as members the devices or users that you want to configure.
 
@@ -147,7 +147,7 @@ The Windows Hello for Business provisioning process begins immediately after a u
 You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs** > **Microsoft** > **Windows**.\
 This information is also available using the `dsregcmd /status` command from a console. For more information, see [dsregcmd][AZ-4].
 
-:::image type="content" alt-text="Cloud Kerberos trust prerequisite check in the user device registration log" source="./images/cloud-trust-prereq-check.png" lightbox="./images/cloud-trust-prereq-check.png":::
+:::image type="content" alt-text="Cloud Kerberos trust prerequisite check in the user device registration log" source="images/cloud-trust-prereq-check.png" lightbox="images/cloud-trust-prereq-check.png":::
 
 The cloud Kerberos trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Azure AD Kerberos is set up for the user's domain and tenant. If Azure AD Kerberos is set up, the user will receive a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud Kerberos trust isn't being enforced by policy or if the device is Azure AD joined.
 
@@ -174,7 +174,7 @@ If you deployed Windows Hello for Business using the key trust model, and want t
 
 1. [Set up Azure AD Kerberos in your hybrid environment](#deploy-azure-ad-kerberos).
 1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy).
-1. For hybrid Azure AD joined devices, sign out and sign in to the device using Windows Hello for Business.
+1. For Azure AD joined devices, sign out and sign in to the device using Windows Hello for Business.
 
 > [!NOTE]
 > For hybrid Azure AD joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.
@@ -202,7 +202,7 @@ For a list of frequently asked questions about Windows Hello for Business cloud
 <!--Links-->
 
 [AZ-2]: /azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azure-ad-kerberos-powershell-module
-[AZ-3]: /azure/active-directory/fundamentals/active-directory-how-to-find-tenant
+[AZ-3]: /azure/active-directory/fundamentals/how-to-find-tenant
 [AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
 
 [MEM-1]: /mem/intune/protect/identity-protection-windows-settings
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index 47edfbacd4..23b6c288e5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -32,12 +32,13 @@ Windows Hello for Business cloud Kerberos trust uses *Azure AD Kerberos*, which
 Cloud Kerberos trust uses Azure AD Kerberos, which doesn't require a PKI to request TGTs.\
 With Azure AD Kerberos, Azure AD can issue TGTs for one or more AD domains. Windows can request a TGT from Azure AD when authenticating with Windows Hello for Business, and use the returned TGT for sign-in or to access AD-based resources. The on-premises domain controllers are still responsible for Kerberos service tickets and authorization.
 
-When Azure AD Kerberos is enabled in an Active Directory domain, an *Azure AD Kerberos server object* is created in the domain. This object:
+When Azure AD Kerberos is enabled in an Active Directory domain, an *AzureADKerberos* computer object is created in the domain. This object:
 
 - Appears as a Read Only Domain Controller (RODC) object, but isn't associated with any physical servers
-- Is only used by Azure AD to generate TGTs for the Active Directory domain.
+- Is only used by Azure AD to generate TGTs for the Active Directory domain
+
   > [!NOTE]
-  > The same rules and restrictions used for RODCs apply to the Azure AD Kerberos Server object. For example, users that are direct or indirect members of the built-in security group *Denied RODC Password Replication Group* won't be able to use cloud Kerberos trust.
+  > Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of priviliged built-in security groups won't be able to use cloud Kerberos trust.
 
 :::image type="content" source="images/azuread-kerberos-object.png" alt-text="Active Directory Users and Computers console, showing the computer object representing the Azure AD Kerberos server ":::
 
@@ -67,9 +68,9 @@ The following scenarios aren't supported using Windows Hello for Business cloud
 - Signing in with cloud Kerberos trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity
 
 > [!NOTE]
-> The default security policy for AD does not grant permission to sign high privilege accounts on to on-premises resources with cloud Kerberos trust or FIDO2 security keys.
+> The default *Password Replication Policy* configured on the AzureADKerberos computer object doesn't allow to sign high privilege accounts on to on-premises resources with cloud Kerberos trust or FIDO2 security keys.
 >
-> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object `CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>`.
+> Due to possible attack vectors from Azure AD to Active Directory, it **isn't recommended** to unblock these accounts by relaxing the Password Replication Policy of the computer object `CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>`.
 
 ## Next steps
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md
index 31e4fb9ee2..7c2d96a0d1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md
@@ -72,7 +72,7 @@ It's suggested to create a security group (for example, *Windows Hello for Busin
 The Windows Hello for Business Group Policy object delivers the correct Group Policy settings to the user, which enables them to enroll and use Windows Hello for Business to authenticate to Azure and Active Directory
 
 > [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](./hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
+> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
 
 ### Enable Windows Hello for Business group policy setting
 
@@ -162,4 +162,4 @@ The following process occurs after a user signs in, to enroll in Windows Hello f
 [MEM-3]: /mem/intune/configuration/custom-settings-configure
 [MEM-4]: /windows/client-management/mdm/passportforwork-csp
 [MEM-5]: /mem/intune/protect/endpoint-security-account-protection-policy
-[MEM-6]: /mem/intune/protect/identity-protection-configure
\ No newline at end of file
+[MEM-6]: /mem/intune/protect/identity-protection-configure
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 9c4a5f6165..510a0584ba 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -1,10 +1,9 @@
 ---
-ms.date: 12/13/2022
+ms.date: 07/05/2023
 title: Windows Hello for Business Deployment Prerequisite Overview
 description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
-ms.topic: article
+ms.topic: overview
 ms.collection:
-- highpri
 - tier1
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
@@ -29,16 +28,16 @@ This article lists the infrastructure requirements for the different deployment
 
 The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process.
 
-| Requirement | cloud Kerberos trust<br/>Group Policy or Modern managed | Key trust<br/>Group Policy or Modern managed | Certificate Trust<br/>Mixed managed | Certificate Trust<br/>Modern managed | 
+| Requirement | Cloud Kerberos trust<br/>Group Policy or Modern managed | Key trust<br/>Group Policy or Modern managed | Certificate Trust<br/>Mixed managed | Certificate Trust<br/>Modern managed | 
 | --- | --- | --- | --- | --- |
 | **Windows Version** | Any supported Windows client versions| Any supported Windows client versions | Any supported Windows client versions |
 | **Schema Version** | No specific Schema requirement | Windows Server 2016 or later schema | Windows Server 2016 or later schema | Windows Server 2016 or later schema |
 | **Domain and Forest Functional Level** | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
 | **Domain Controller Version** | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions  |
-| **Certificate Authority**| N/A |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
-| **AD FS Version** | N/A | N/A | Any supported Windows Server versions | Any supported Windows Server versions |
+| **Certificate Authority**| Not required |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
+| **AD FS Version** | Not required | Not required | Any supported Windows Server versions | Any supported Windows Server versions |
 | **MFA Requirement** | Azure MFA, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or<br/>AD FS w/Azure MFA adapter, or<br/>AD FS w/Azure MFA Server adapter, or<br/>AD FS w/3rd Party MFA Adapter |
-| **Azure AD Connect** | N/A | Required | Required | Required |
+| **Azure AD Connect** | Not required | Required | Required | Required |
 | **Azure AD License** | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
 
 ## On-premises Deployments
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index be437d043f..cf93d23831 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 title: Prepare and deploy Active Directory Federation Services in an on-premises key trust
 description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business key trust model.
 appliesto: 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 3fd25ec607..ed52f1c594 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 title: Configure Windows Hello for Business Policy settings in an on-premises key trust
 description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
 appliesto: 
@@ -20,7 +20,7 @@ If you configure the Group Policy for computers, all users that sign-in to those
 
 The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
 
-If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business .
+If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business.
 
 ## Create the GPO
 
@@ -105,4 +105,4 @@ Before you continue with the deployment, validate your deployment progress by re
 
 ## Add users to the Windows Hello for Business Users group
 
-Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the Windows Hello for Business Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the *Windows Hello for Business Users* group. Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
\ No newline at end of file
+Users must receive the Windows Hello for Business group policy settings and have the proper permission to enroll for the Windows Hello for Business Authentication certificate. You can provide users with these settings and permissions by adding the group used synchronize users to the *Windows Hello for Business Users* group. Users and groups that are not members of this group will not attempt to enroll for Windows Hello for Business.
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 19fe709d3f..2537513f37 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -1,7 +1,7 @@
 ---
 title: Validate Active Directory prerequisites in an on-premises key trust
 description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a key trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 4d089851ff..61aece97e7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -1,7 +1,7 @@
 ---
 title: Validate and Deploy MFA for Windows Hello for Business with key trust
 description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises key trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index e2f7510aac..ab932d9a99 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -1,7 +1,7 @@
 ---
 title: Configure and validate the Public Key Infrastructure in an on-premises key trust model
 description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a key trust model.
-ms.date: 12/12/2022
+ms.date: 09/07/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 576ffdb0a4..2efe441a67 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -5,7 +5,7 @@ ms.collection:
   - highpri
   - tier1
 ms.date: 2/15/2022
-ms.topic: article
+ms.topic: how-to
 ---
 
 # Manage Windows Hello for Business in your organization
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index b941c37a84..8375e0ebd3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -2,7 +2,7 @@
 title: Planning a Windows Hello for Business Deployment
 description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
 ms.date: 09/16/2020
-ms.topic: article
+ms.topic: overview
 ---
 # Planning a Windows Hello for Business Deployment
 
@@ -81,14 +81,14 @@ It's fundamentally important to understand which deployment model to use for a s
 A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trust types: key trust and certificate trust.
 
 > [!NOTE]
-> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](./hello-hybrid-cloud-kerberos-trust.md).
+> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](hello-hybrid-cloud-kerberos-trust.md).
 
 The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
 The certificate trust type issues authentication certificates to end users.  Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience.  Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 or later Active Directory schema](/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust#directories)).  Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
 
 > [!NOTE]
-> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md).
+> RDP does not support authentication with Windows Hello for Business key trust deployments as a supplied credential. RDP is only supported with certificate trust deployments as a supplied credential at this time. Windows Hello for Business key trust can be used with [Remote Credential Guard](../remote-credential-guard.md).
 
 #### Device registration
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
index fc9083049d..96c1df3462 100644
--- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
@@ -2,7 +2,7 @@
 title: Prepare people to use Windows Hello 
 description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
 ms.date: 08/19/2018
-ms.topic: article
+ms.topic: end-user-help
 ---
 # Prepare people to use Windows Hello
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md
index 0963b04163..24b362c125 100644
--- a/windows/security/identity-protection/hello-for-business/hello-videos.md
+++ b/windows/security/identity-protection/hello-for-business/hello-videos.md
@@ -1,8 +1,8 @@
 ---
 title: Windows Hello for Business Videos
 description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
-ms.date: 03/09/2023
-ms.topic: article
+ms.date: 09/07/2023
+ms.topic: get-started
 ---
 # Windows Hello for Business Videos
 ## Overview of Windows Hello for Business and Features
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index 9c3cd5a067..f137de379f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -29,7 +29,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
 Even though local passwords are local to the device, they're less secure than a PIN, as described in the next section.
 
 >[!NOTE]
->For details on how Hello uses asymmetric key pairs for authentication, see [Windows Hello for Business](hello-overview.md#benefits-of-windows-hello).
+>For details on how Hello uses asymmetric key pairs for authentication, see [Windows Hello for Business](index.md#benefits-of-windows-hello).
 
 ## PIN is backed by hardware
 
@@ -66,6 +66,6 @@ To configure account lockout threshold, follow these steps:
 
 ## Why do you need a PIN to use biometrics?
 
-Windows Hello enables biometric sign-in for Windows: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can't use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.
+Windows Hello enables biometric sign-in for Windows: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN after the biometric setup. The PIN enables you to sign in when you can't use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.
 
 If you only had a biometric sign-in configured and, for any reason, were unable to use that method to sign in, you would have to sign in using your account and password, which doesn't provide you with the same level of protection as Hello.
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist-expanded.png b/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist-expanded.png
deleted file mode 100644
index df2fc5634a..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist-expanded.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png b/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png
deleted file mode 100644
index 35eee9bc5e..0000000000
Binary files a/windows/security/identity-protection/hello-for-business/images/pinreset/allowlist.png and /dev/null differ
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-prompt.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-prompt.png
index 2bfb558bbf..d5c3416a67 100644
Binary files a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-prompt.png and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-client-prompt.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt-2.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt-2.png
new file mode 100644
index 0000000000..86d43fcb2c
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt-2.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt.png b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt.png
index 39f21df392..755c1b66e0 100644
Binary files a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt.png and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset-service-prompt.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset.gif b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset.gif
new file mode 100644
index 0000000000..2ef07cd63c
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/pinreset/pin-reset.gif differ
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md b/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md
index d7cd002e30..7cc1a49b9a 100644
--- a/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md
@@ -3,4 +3,4 @@ ms.date: 12/08/2022
 ms.topic: include
 ---
 
-[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md "Devices that are domain joined do not have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices")
\ No newline at end of file
+[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/index.md
similarity index 98%
rename from windows/security/identity-protection/hello-for-business/hello-overview.md
rename to windows/security/identity-protection/hello-for-business/index.md
index 84acf6b19c..e0d3b1306e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/index.md
@@ -4,7 +4,7 @@ description: Learn how Windows Hello for Business replaces passwords with strong
 ms.collection: 
   - highpri
   - tier1
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 04/24/2023
 ---
 # Windows Hello for Business Overview
@@ -91,7 +91,7 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md).
 
 Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello for Business. Enterprises that don't use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello. This functionality still uses certificates on the domain controllers as a root of trust. Starting with Windows 10 version 21H2, there's a feature called cloud Kerberos trust for hybrid deployments, which uses Azure AD as the root of trust. cloud Kerberos trust uses key-based credentials for Windows Hello but doesn't require certificates on the domain controller.
 
-Windows Hello for Business with a key, including cloud Kerberos trust, doesn't support supplied credentials for RDP. RDP doesn't support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business with a key credential can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md).
+Windows Hello for Business with a key, including cloud Kerberos trust, doesn't support supplied credentials for RDP. RDP doesn't support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business with a key credential can be used with [Remote Credential Guard](../remote-credential-guard.md).
 
 ## Learn more
 
diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
deleted file mode 100644
index e888c0e2f7..0000000000
--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ /dev/null
@@ -1,110 +0,0 @@
-### YamlMime:Landing
-
-title: Windows Hello for Business documentation
-summary: Learn how to manage and deploy Windows Hello for Business.
-
-metadata:
-  title: Windows Hello for Business documentation
-  description: Learn how to manage and deploy Windows Hello for Business.
-  ms.topic: landing-page
-  ms.date: 03/09/2023  
-  ms.collection:
-    - highpri
-    - tier1
-
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
-
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card
-  - title: About Windows Hello For Business
-    linkLists:
-      - linkListType: overview
-        links:
-          - text: Windows Hello for Business Overview
-            url: hello-overview.md
-      - linkListType: concept
-        links:
-          - text: Passwordless Strategy
-            url: passwordless-strategy.md
-          - text: Why a PIN is better than a password
-            url: hello-why-pin-is-better-than-password.md
-          - text: Windows Hello biometrics in the enterprise
-            url: hello-biometrics-in-enterprise.md
-          - text: How Windows Hello for Business works
-            url: hello-how-it-works.md
-      - linkListType: learn
-        links: 
-          - text: Technical Deep Dive - Device Registration
-            url: hello-how-it-works-device-registration.md 
-          - text: Technical Deep Dive - Provisioning
-            url: hello-how-it-works-provisioning.md
-          - text: Technical Deep Dive - Authentication
-            url: hello-how-it-works-authentication.md
-          - text: Technology and Terminology
-            url: hello-how-it-works-technology.md
-          - text: Frequently Asked Questions (FAQ)
-            url: hello-faq.yml
-
-  # Card
-  - title: Configure and manage Windows Hello for Business
-    linkLists:
-      - linkListType: concept
-        links:
-          - text: Windows Hello for Business Deployment Overview
-            url: hello-deployment-guide.md
-          - text: Planning a Windows Hello for Business Deployment
-            url: hello-planning-guide.md
-          - text: Deployment Prerequisite Overview
-            url: hello-identity-verification.md
-      - linkListType: how-to-guide
-        links:
-          - text: Hybrid Cloud Kerberos Trust Deployment
-            url: hello-hybrid-cloud-kerberos-trust.md
-          - text: Hybrid Azure AD Joined Key Trust Deployment
-            url: hello-hybrid-key-trust.md
-          - text: Hybrid Azure AD Joined Certificate Trust Deployment
-            url: hello-hybrid-cert-trust.md
-          - text: On-premises SSO for Azure AD Joined Devices
-            url: hello-hybrid-aadj-sso.md
-          - text: On-premises Key Trust Deployment
-            url: hello-deployment-key-trust.md
-          - text: On-premises Certificate Trust Deployment
-            url: hello-deployment-cert-trust.md
-      - linkListType: learn
-        links:
-          - text: Manage Windows Hello for Business in your organization
-            url: hello-manage-in-organization.md
-          - text: Windows Hello and password changes
-            url: hello-and-password-changes.md
-          - text: Prepare people to use Windows Hello
-            url: hello-prepare-people-to-use.md
-
-  # Card
-  - title: Windows Hello for Business Features
-    linkLists:
-      - linkListType: how-to-guide
-        links:
-          - text: Conditional Access 
-            url: hello-feature-conditional-access.md
-          - text: PIN Reset
-            url: hello-feature-pin-reset.md
-          - text: Dual Enrollment
-            url: hello-feature-dual-enrollment.md
-          - text: Dynamic Lock
-            url: hello-feature-dynamic-lock.md
-          - text: Multi-factor Unlock
-            url: feature-multifactor-unlock.md
-          - text: Remote Desktop
-            url: hello-feature-remote-desktop.md
-
-  # Card
-  - title: Windows Hello for Business Troubleshooting
-    linkLists:
-      - linkListType: how-to-guide
-        links:
-          - text: Known Deployment Issues
-            url: hello-deployment-issues.md
-          - text: Errors During PIN Creation
-            url: hello-errors-during-pin-creation.md
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index 3ad9597e77..690c5f984c 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -317,7 +317,7 @@ The following image shows the SCRIL setting for a user in Active Directory Admin
 > 1. Enable the setting.
 > 1. Save changes again.
 >
-> When you upgrade the domain to Windows Server 2016 domain forest functional level or later, the domain controller automatically does this action for you.
+> When you upgrade the domain functional level to Windows Server 2016 or later, the domain controller automatically does this action for you.
 
 The following image shows the SCRIL setting for a user in Active Directory Administrative Center on Windows Server 2016:
 
@@ -337,6 +337,3 @@ In this configuration, passwords for SCRIL-configured users expire based on Acti
 > [!NOTE]
 > Some components within Windows 10, such as Data Protection APIs and NTLM authentication, still need artifacts of a user possessing a password. This configuration provides interoperability by reducing the usage surface while Microsoft continues to close the gaps to remove the password completely.
 
-## The road ahead
-
-The information presented here is just the beginning. We'll update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a password-less future, we would love to hear from you. Your feedback is important. Send us an email at [pwdlessQA@microsoft.com](mailto:pwdlessQA@microsoft.com?subject=Passwordless%20Feedback).
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index 77c3a38b65..ad2fc7674a 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -1,10 +1,9 @@
-- name: Windows Hello for Business documentation
-  href: index.yml
+items:
+- name: Overview
+  href: index.md
 - name: Concepts
   expanded: true
   items:
-  - name: Windows Hello for Business overview
-    href: hello-overview.md
   - name: Passwordless strategy
     href: passwordless-strategy.md
   - name: Why a PIN is better than a password
@@ -111,9 +110,9 @@
     href: hello-and-password-changes.md
 - name: Windows Hello for Business features
   items:
-  - name: PIN Reset
+  - name: PIN reset
     href: hello-feature-pin-reset.md
-  - name: Dual Enrollment
+  - name: Dual enrollment
     href: hello-feature-dual-enrollment.md  
   - name: Dynamic Lock
     href: hello-feature-dynamic-lock.md
diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
index f2aa96a5ea..1eb2da9944 100644
--- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md
+++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
@@ -1,8 +1,8 @@
 ---
 title: WebAuthn APIs
 description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps.
-ms.date: 03/09/2023
-ms.topic: article
+ms.date: 07/27/2023
+ms.topic: how-to
 ---
 # WebAuthn APIs for passwordless authentication on Windows
 <!--MAXADO-6021798-->
@@ -14,7 +14,7 @@ Starting in **Windows 11, version 22H2**, WebAuthn APIs support ECC algorithms.
 
 ## What does this mean?
 
-By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.yml) or [FIDO2 Security Keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to implement passwordless multi-factor authentication for their applications on Windows devices.
+By using WebAuthn APIs, developer partners and the developer community can use [Windows Hello](./index.md) or [FIDO2 Security Keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to implement passwordless multi-factor authentication for their applications on Windows devices.
 
 Users of these apps or sites can use any browser that supports WebAuthn APIs for passwordless authentication. Users will have a familiar and consistent experience on Windows, no matter which browser they use.
 
diff --git a/windows/security/identity-protection/images/emailsecurity.png b/windows/security/identity-protection/images/emailsecurity.png
deleted file mode 100644
index 4181fc4f45..0000000000
Binary files a/windows/security/identity-protection/images/emailsecurity.png and /dev/null differ
diff --git a/windows/security/identity-protection/images/mailsettings.png b/windows/security/identity-protection/images/mailsettings.png
deleted file mode 100644
index 02423ab89c..0000000000
Binary files a/windows/security/identity-protection/images/mailsettings.png and /dev/null differ
diff --git a/windows/security/identity-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png b/windows/security/identity-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png
deleted file mode 100644
index f7767ac5f0..0000000000
Binary files a/windows/security/identity-protection/images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png and /dev/null differ
diff --git a/windows/security/identity-protection/images/remote-credential-guard-gp.png b/windows/security/identity-protection/images/remote-credential-guard-gp.png
deleted file mode 100644
index f7db3ee411..0000000000
Binary files a/windows/security/identity-protection/images/remote-credential-guard-gp.png and /dev/null differ
diff --git a/windows/security/identity-protection/images/remote-credential-guard.gif b/windows/security/identity-protection/images/remote-credential-guard.gif
new file mode 100644
index 0000000000..effe8a4bc2
Binary files /dev/null and b/windows/security/identity-protection/images/remote-credential-guard.gif differ
diff --git a/windows/security/identity-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png b/windows/security/identity-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png
deleted file mode 100644
index 56021d820e..0000000000
Binary files a/windows/security/identity-protection/images/windows-defender-remote-credential-guard-with-remote-admin-mode.png and /dev/null differ
diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index c16e630bed..c624632fcc 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -1,27 +1,14 @@
 ---
-title: Identity and access management
-description: Learn more about identity and access protection technologies in Windows.
-ms.topic: article
-ms.date: 02/05/2018
+title: Windows identity protection
+description: Learn more about identity protection technologies in Windows.
+ms.topic: overview
+ms.date: 07/27/2023
 ---
 
-# Identity and access management
+# Windows identity protection
 
-Learn more about identity and access management technologies in Windows.
+Learn more about identity protection technologies in Windows.
 
 [!INCLUDE [virtual-smart-card-deprecation-notice](../includes/virtual-smart-card-deprecation-notice.md)]
 
-| Section | Description |
-|-|-|
-| [Local Administrator Password Solution](/defender-for-identity/cas-isp-laps) | Local Administrator Password Solution (LAPS) provides management of local account passwords of domain-joined computers. Passwords are stored in Azure Active Directory (Azure AD) and protected by an access control list (ACL), so only eligible users can read them or request a reset. 
-| [Technical support policy for lost or forgotten passwords](password-support-policy.md)| Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so. |
-| [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
-| [Configure S/MIME for Windows 10](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
-| [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) | Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard helps prevent these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. |
-| [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
-| [User Account Control](user-account-control/user-account-control-overview.md)| Provides information about User Account Control (UAC), which helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. UAC can help block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.|
-| [Virtual Smart Cards](virtual-smart-cards/virtual-smart-card-overview.md) | Provides information about deploying and managing virtual smart cards, which are functionally similar to physical smart cards and appear in Windows as smart cards that are always-inserted. Virtual smart cards use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. |
-| [VPN technical guide](vpn/vpn-guide.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
-| [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) | Provides a collection of references topics about smart cards, which are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account. |
-| [Windows Hello for Business](hello-for-business/index.yml) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on client devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
-| [Windows 10 Credential Theft Mitigation Guide Abstract](windows-credential-theft-mitigation-guide-abstract.md) | Learn more about credential theft mitigation in Windows 10. |
+[!INCLUDE [identity](../includes/sections/identity.md)]
diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md
deleted file mode 100644
index 46e3507908..0000000000
--- a/windows/security/identity-protection/password-support-policy.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Technical support policy for lost or forgotten passwords
-description: Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so.
-ms.topic: article
-ms.date: 11/20/2019
----
-
-# Technical support policy for lost or forgotten passwords
-
-Microsoft takes security seriously. This is for your protection. Microsoft accounts, the Windows operating system, and other Microsoft products include passwords to help secure your information. This article provides some options that you can use to reset or recover your password if you forget it. If these options don't work, Microsoft support engineers can't help you retrieve or circumvent a lost or forgotten password.
-
-If you lose or forget a password, you can use the links in this article to find published support information that will help you reset the password.
-
-## How to reset a password for a domain account
-
-If you lose or forget the password for a domain account, contact your IT administrator or Helpdesk. For more information, see [Change or reset your Windows password](https://support.microsoft.com/help/4490115).
-
-## How to reset a password for a Microsoft account
-
-If you lose or forget the password for your Microsoft Account, use the [Recover your account](https://account.live.com/ResetPassword.aspx) wizard.
-
-This wizard requests your security proofs. If you've forgotten your security proofs, or no longer have access to them, select **I no longer have these anymore**. After you select this option, fill out a form for the Microsoft Account team. Provide as much information as you can on this form. The Microsoft Account team reviews the information that you provide to determine whether you're the account holder. This decision is final. Microsoft doesn't influence the team's choice of action.
-
-## How to reset a password for a local account on a Windows device
-
-Local accounts on a device include the device's Administrator account.
-
-### Windows 10
-
-If you lose or forget the password for a local account on a device that runs Windows 10, see [Reset your Windows 10 local account password](https://support.microsoft.com/help/4028457).
-
-### Windows 8.1 or Windows 7
-
-If you lose or forget the password for a local account on a device that runs Windows 8.1 or Windows 7, see [Change or reset your Windows password](https://support.microsoft.com/help/4490115). In that article, you can select your operating system version from the **Select Product Version** menu.
-
-## How to reset a hardware BIOS password
-
-If you lose or forget the password for the hardware BIOS of a device, contact the device manufacturer for help and support. If you do contact the manufacturer online, make sure that you visit the manufacturer website and not the website of some third party.
-
-## How to reset a password for an individual file
-
-Some applications let you password-protect individual files. If you lose or forget such a password, you can rely on that application only to reset or recover it. Microsoft support engineers can't help you reset, retrieve, or circumvent such passwords.
-
-## Using third-party password tools
-
-Some third-party companies claim to be able to circumvent passwords that have been applied to files and features that Microsoft programs use. For legal reasons, we can't recommend or endorse any one of these companies. If you want help to circumvent or reset a password, you can locate and contact a third party for this help. However, you use such third-party products and services at your own risk.
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 41748c9408..7351dd93ae 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -1,11 +1,11 @@
 ---
-title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard 
-description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device.
+title: Remote Credential Guard 
+description: Learn how Remote Credential Guard helps to secure Remote Desktop credentials by never sending them to the target device.
 ms.collection: 
 - highpri
-- tier2
-ms.topic: article
-ms.date: 01/12/2018
+- tier1
+ms.topic: how-to
+ms.date: 09/06/2023
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
@@ -13,96 +13,112 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
 ---
-# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
 
-Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.
+# Remote Credential Guard
 
-Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device.
+## Overview
+
+Remote Credential Guard helps protecting credentials over a Remote Desktop (RDP) connection by redirecting Kerberos requests back to the device that's requesting the connection. If the target device is compromised, the credentials aren't exposed because both credential and credential derivatives are never passed over the network to the target device. Remote Credential Guard also provides single sign-on experiences for Remote Desktop sessions.
+
+This article describes how to configure and use Remote Credential Guard.
 
 > [!IMPORTANT]
 > For information on Remote Desktop connection scenarios involving helpdesk support, see [Remote Desktop connections and helpdesk support scenarios](#remote-desktop-connections-and-helpdesk-support-scenarios) in this article.
 
-## Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options
+## Compare Remote Credential Guard with other connection options
 
-The following diagram helps you to understand how a standard Remote Desktop session to a server without Windows Defender Remote Credential Guard works:
+Using a Remote Desktop session without Remote Credential Guard has the following security implications:
 
-![RDP connection to a server without Windows Defender Remote Credential Guard.png.](images/rdp-to-a-server-without-windows-defender-remote-credential-guard.png)
+- Credentials are sent to and stored on the remote host
+- Credentials aren't protected from attackers on the remote host
+- Attacker can use credentials after disconnection
 
-The following diagram helps you to understand how Windows Defender Remote Credential Guard works, what it helps to protect against, and compares it with the [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) option:
+The security benefits of Remote Credential Guard include:
 
-![Windows Defender Remote Credential Guard.](images/windows-defender-remote-credential-guard-with-remote-admin-mode.png)
+- Credentials aren't sent to the remote host
+- During the remote session you can connect to other systems using SSO
+- An attacker can act on behalf of the user only when the session is ongoing
 
-As illustrated, Windows Defender Remote Credential Guard blocks NTLM (allowing only Kerberos), prevents Pass-the-Hash (PtH) attacks, and also prevents use of credentials after disconnection.
+The security benefits of [Restricted Admin mode][TECH-1] include:
+
+- Credentials aren't sent to the remote host
+- The Remote Desktop session connects to other resources as the remote host's identity
+- An attacker can't act on behalf of the user and any attack is local to the server
 
 Use the following table to compare different Remote Desktop connection security options:
 
-| Feature | Remote Desktop | Windows Defender Remote Credential Guard | Restricted Admin mode |
+| Feature | Remote Desktop | Remote Credential Guard | Restricted Admin mode |
 |--|--|--|--|
-| **Protection benefits** | Credentials on the server are not protected from Pass-the-Hash attacks. | User credentials remain on the client. An attacker can act on behalf of the user *only* when the session is ongoing | User logs on to the server as local administrator, so an attacker cannot act on behalf of the "domain user". Any attack is local to the server |
-| **Version support** | The remote computer can run any Windows operating system | Both the client and the remote computer must be running **at least Windows 10, version 1607, or Windows Server 2016**. | The remote computer must be running **at least patched Windows 7 or patched Windows Server 2008 R2**. <br /><br />For more information about patches (software updates) related to Restricted Admin mode, see [Microsoft Security Advisory 2871997](/security-updates/SecurityAdvisories/2016/2871997). |
-| **Helps prevent**   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;   &nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;&nbsp; N/A &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | <ul><li> Pass-the-Hash</li> <li>Use of a credential after disconnection </li></ul> | <ul><li> Pass-the-Hash</li> <li>Use of domain identity during connection </li></ul> |
-| **Credentials supported from the remote desktop client device** | <ul><li><b>Signed on</b> credentials <li> <b>Supplied</b> credentials<li> <b>Saved</b> credentials </ul> | <ul><li> <b>Signed on</b> credentials only | <ul><li><b>Signed on</b> credentials<li><b>Supplied</b> credentials<li><b>Saved</b> credentials</ul> |
-| **Access** | **Users allowed**, that is, members of Remote Desktop Users group of remote host. | **Users allowed**, that is, members of Remote Desktop Users of remote host. | **Administrators only**, that is, only members of Administrators group of remote host. |
-| **Network identity** | Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as signed-in user**. | Remote Desktop session **connects to other resources as remote host's identity**. |
-| **Multi-hop** | From the remote desktop, **you can connect through Remote Desktop to another computer** | From the remote desktop, you **can connect through Remote Desktop to another computer**. | Not allowed for user as the session is running as a local host account |
-| **Supported authentication** | Any negotiable protocol. | Kerberos only. | Any negotiable protocol |
-
-For further technical information, see [Remote Desktop Protocol](/windows/win32/termserv/remote-desktop-protocol)
-and [How Kerberos works](/previous-versions/windows/it-pro/windows-2000-server/cc961963(v=technet.10)).
-
-## Remote Desktop connections and helpdesk support scenarios
-
-For helpdesk support scenarios in which personnel require administrative access to provide remote assistance to computer users via Remote Desktop sessions, Microsoft recommends that Windows Defender Remote Credential Guard should not be used in that context. This is because if an RDP session is initiated to a compromised client that an attacker already controls, the attacker could use that open channel to create sessions on the user's behalf (without compromising credentials) to access any of the user's resources for a limited time (a few hours) after the session disconnects.
-
-Therefore, we recommend instead that you use the Restricted Admin mode option. For helpdesk support scenarios, RDP connections should only be initiated using the /RestrictedAdmin switch. This helps ensure that credentials and other user resources are not exposed to compromised remote hosts. For more information, see [Mitigating Pass-the-Hash and Other Credential Theft v2](https://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf).
-
-To further harden security, we also recommend that you implement Local Administrator Password Solution (LAPS), a Group Policy client-side extension (CSE) introduced in Windows 8.1 that automates local administrator password management. LAPS mitigates the risk of lateral escalation and other cyberattacks  facilitated when customers use the same administrative local account and password combination on all their computers. You can download and install LAPS [here](https://www.microsoft.com/download/details.aspx?id=46899).
-
-For further information on LAPS, see [Microsoft Security Advisory 3062591](https://technet.microsoft.com/library/security/3062591.aspx).
-
-[!INCLUDE [windows-defender-remote-credential-guard](../../../includes/licensing/windows-defender-remote-credential-guard.md)]
+| Single sign-on (SSO) to other systems as signed in user | ✅ | ✅ | ❌ |
+| Multi-hop RDP | ✅ | ✅ | ❌ |
+| Prevent use of user's identity during connection | ❌ | ❌ | ✅ |
+| Prevent use of credentials after disconnection | ❌ | ✅ | ✅ |
+| Prevent Pass-the-Hash (PtH) | ❌ | ✅ | ✅ |
+| Supported authentication | Any negotiable protocol | Kerberos only | Any negotiable protocol |
+| Credentials supported from the remote desktop client device | - Signed on credentials<br>- Supplied credentials<br>- Saved credentials | - Signed on credentials<br>- Supplied credentials<br> | - Signed on credentials<br>- Supplied credentials<br>- Saved credentials |
+| RDP access granted with | Membership of **Remote Desktop Users** group on remote host | Membership of **Remote Desktop Users** group on remote host | Membership of **Administrators** group on remote host |
 
 ## Remote Credential Guard requirements
 
-To use Windows Defender Remote Credential Guard, the Remote Desktop client and remote host must meet the following requirements:
+To use Remote Credential Guard, the remote host and the client must meet the following requirements.
 
-The Remote Desktop client device:
+The remote host:
 
-- Must be running at least Windows 10, version 1703 to be able to supply credentials, which is sent to the remote device. This allows users to run as different users without having to send credentials to the remote machine
-- Must be running at least Windows 10, version 1607 or Windows Server 2016 to use the user's signed-in credentials. This requires the user's account be able to sign in to both the client device and the remote host
-- Must be running the Remote Desktop Classic Windows application. The Remote Desktop Universal Windows Platform application doesn't support Windows Defender Remote Credential Guard
-- Must use Kerberos authentication to connect to the remote host. If the client cannot connect to a domain controller, then RDP attempts to fall back to NTLM. Windows Defender Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk
+- Must allow the user to access via Remote Desktop connections
+- Must allow delegation of nonexportable credentials to the client device
 
-The Remote Desktop remote host:
+The client device:
 
-- Must be running at least Windows 10, version 1607 or Windows Server 2016.
-- Must allow Restricted Admin connections.
-- Must allow the client's domain user to access Remote Desktop connections.
-- Must allow delegation of non-exportable credentials.
+- Must be running the Remote Desktop Windows application. The Remote Desktop Universal Windows Platform (UWP) application doesn't support Remote Credential Guard
+- Must use Kerberos authentication to connect to the remote host. If the client can't connect to a domain controller, then RDP attempts to fall back to NTLM. Remote Credential Guard does not allow NTLM fallback because this would expose credentials to risk
 
-There are no hardware requirements for Windows Defender Remote Credential Guard.
+[!INCLUDE [remote-credential-guard](../../../includes/licensing/remote-credential-guard.md)]
 
-> [!NOTE]
-> Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain.
->
-> GPO [Remote host allows delegation of non-exportable credentials](/windows/client-management/mdm/policy-csp-credentialsdelegation) should be enabled for delegation of non-exportable credentials.
+## Enable delegation of nonexportable credentials on the remote hosts
 
-- For Windows Defender Remote Credential Guard to be supported, the user must authenticate to the remote host using Kerberos authentication.
-- The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
-- The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Windows Defender Remote Credential Guard.
+This policy is required on the remote hosts to support Remote Credential Guard and Restricted Admin mode. It allows the remote host to delegate nonexportable credentials to the client device.\
+If you disable or don't configure this setting, Restricted Admin and Remote Credential Guard mode aren't supported. User will always need to pass their credentials to the host, exposing users to the risk of credential theft from attackers on the remote host.
 
-## Enable Windows Defender Remote Credential Guard
+To enable delegation of nonexportable credentials on the remote hosts, you can use:
 
-You must enable Restricted Admin or Windows Defender Remote Credential Guard on the remote host by using the Registry.
+- Microsoft Intune/MDM
+- Group policy
+- Registry
 
-1. Open Registry Editor on the remote host
-1. Enable Restricted Admin and Windows Defender Remote Credential Guard:
+[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
 
-  - Go to `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa`
-  - Add a new DWORD value named **DisableRestrictedAdmin**
-  - To turn on Restricted Admin and Windows Defender Remote Credential Guard, set the value of this registry setting to 0
+#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
 
-1. Close Registry Editor
+[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| **Administrative Templates > System > Credentials Delegation** | Remote host allows delegation of nonexportable credentials | Enabled |
+
+[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-3] with the [Policy CSP][CSP-1].
+
+| Setting |
+|--------|
+| - **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials`<br>- **Data type:** string<br>- **Value:** `<enabled/>`|
+
+#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
+
+[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\System\Credentials Delegation** | Remote host allows delegation of nonexportable credentials | Enabled |
+
+[!INCLUDE [gpo-settings-2](../../../includes/configure/gpo-settings-2.md)]
+#### [:::image type="icon" source="../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
+
+To configure devices using the registry, use the following settings:
+
+| Setting |
+|-|
+| - **Key path:** `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa` <br>- **Key name:** `DisableRestrictedAdmin`<br>- **Type:** `REG_DWORD`<br>- **Value:** `0`|
 
 You can add this by running the following command from an elevated command prompt:
 
@@ -110,44 +126,103 @@ You can add this by running the following command from an elevated command promp
 reg.exe add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD
 ```
 
-## Using Windows Defender Remote Credential Guard
+---
 
-Beginning with Windows 10 version 1703, you can enable Windows Defender Remote Credential Guard on the client device either by using Group Policy or by using a parameter with the Remote Desktop Connection.
+## Configure delegation of credentials on the clients
 
-### Turn on Windows Defender Remote Credential Guard by using Group Policy
+To enable Remote Credential Guard on the clients, you can configure a policy that prevents the delegation of credentials to the remote hosts.
 
-1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**
-1. Double-click **Restrict delegation of credentials to remote servers**
-    ![Windows Defender Remote Credential Guard Group Policy.](images/remote-credential-guard-gp.png)
-1. Under **Use the following restricted mode**:
-  - If you want to require either [Restricted Admin mode](https://social.technet.microsoft.com/wiki/contents/articles/32905.remote-desktop-services-enable-restricted-admin-mode.aspx) or Windows Defender Remote Credential Guard, choose **Restrict Credential Delegation**. In this configuration, Windows Defender Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Windows Defender Remote Credential Guard cannot be used
+> [!TIP]
+> If you don't want to configure your clients to enforce Remote Credential Guard, you can use the following command to use Remote Credential Guard for a specific RDP session:
+> ```cmd
+> mstsc.exe /remoteGuard
+> ```
 
-     > [!NOTE]
-     > Neither Windows Defender Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
-     > When **Restrict Credential Delegation** is enabled, the /restrictedAdmin switch will be ignored. Windows will enforce the policy configuration instead and will use Windows Defender Remote Credential Guard.
+The policy can have different values, depending on the level of security you want to enforce:
 
-  - If you want to require Windows Defender Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [requirements](#remote-credential-guard-requirements) listed earlier in this topic.
-  - If you  want to require Restricted Admin mode, choose **Require Restricted Admin**. For information about Restricted Admin mode, see the table in  [Comparing Windows Defender Remote Credential Guard with other Remote Desktop connection options](#comparing-windows-defender-remote-credential-guard-with-other-remote-desktop-connection-options), earlier in this topic.
-
-1. Click **OK**
-1. Close the Group Policy Management Console
-1. From a command prompt, run **gpupdate.exe /force** to ensure that the Group Policy object is applied
-
-### Use Windows Defender Remote Credential Guard with a parameter to Remote Desktop Connection
-
-If you don't use Group Policy in your organization, or if not all your remote hosts support Remote Credential Guard, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Windows Defender Remote Credential Guard for that connection.
-
-```cmd
-mstsc.exe /remoteGuard
-```
+- **Disabled**: *Restricted Admin* and *Remote Credential Guard* mode aren't enforced and the Remote Desktop Client can delegate credentials to remote devices
+- **Require Restricted Admin**: the Remote Desktop Client must use Restricted Admin to connect to remote hosts
+- **Require Remote Credential Guard**: Remote Desktop Client must use Remote Credential Guard to connect to remote hosts
+- **Restrict credential delegation**: Remote Desktop Client must use Restricted Admin or Remote Credential Guard to connect to remote hosts. In this configuration, Remote Credential Guard is preferred, but it uses Restricted Admin mode (if supported) when Remote Credential Guard can't be used
 
 > [!NOTE]
-> The user must be authorized to connect to the remote server using Remote Desktop Protocol, for example by being a member of the Remote Desktop Users local group on the remote computer.
+> When *Restrict Credential Delegation* is enabled, the `/restrictedAdmin` switch will be ignored. Windows enforces the policy configuration instead and uses Remote Credential Guard.
 
-## Considerations when using Windows Defender Remote Credential Guard
+To configure your clients, you can use:
 
-- Windows Defender Remote Credential Guard does not support compound authentication. For example, if you're trying to access a file server from a remote host that requires a device claim, access will be denied
-- Windows Defender Remote Credential Guard can be used only when connecting to a device that is joined to a Windows Server Active Directory domain, including AD domain-joined servers that run as Azure virtual machines (VMs). Windows Defender Remote Credential Guard cannot be used when connecting to remote devices joined to Azure Active Directory
-- Remote Desktop Credential Guard only works with the RDP protocol
+- Microsoft Intune/MDM
+- Group policy
+
+[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
+
+#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/MDM**](#tab/intune)
+
+[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+| **Administrative Templates > System > Credentials Delegation** | Restrict delegation of credentials to remote servers | Select **Enabled** and in the dropdown, select one of the options:<br>- **Restrict Credential Delegation**<br>- **Require Remote Credential Guard**|
+
+[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
+
+Alternatively, you can configure devices using a [custom policy][INT-3] with the [Policy CSP][CSP-2].
+
+| Setting |
+|--|
+|- **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/ADMX_CredSsp/RestrictedRemoteAdministration`<br>- **Data type:** string<br>- **Value:** `<enabled/><data id=\"RestrictedRemoteAdministrationDrop\" value=\"2\"/>`<br><br>Possible values for `RestrictedRemoteAdministrationDrop` are:<br>- `0`: Disabled<br>- `1`: Require Restricted Admin<br>- `2`: Require Remote Credential Guard<br>- `3`: Restrict credential delegation |
+
+#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **Group policy**](#tab/gpo)
+
+[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
+
+| Group policy path | Group policy setting | Value |
+| - | - | - |
+| **Computer Configuration\Administrative Templates\System\Credentials Delegation** | Restrict delegation of credentials to remote servers| **Enabled** and in the dropdown, select one of the options:<br>- **Restrict Credential Delegation**<br>- **Require Remote Credential Guard**|
+
+[!INCLUDE [gpo-settings-2](../../../includes/configure/gpo-settings-2.md)]
+
+#### [:::image type="icon" source="../images/icons/windows-os.svg" border="false"::: **Registry**](#tab/reg)
+
+Not documented.
+
+---
+
+## Use Remote Credential Guard
+
+Once a client receives the policy, you can connect to the remote host using Remote Credential Guard by opening the Remote Desktop Client (`mstsc.exe`). The user is automatically authenticated to the remote host:
+
+:::image type="content" source="images/remote-credential-guard.gif" alt-text="Animation showing a client connecting to a remote server using Remote Credential Guard with SSO.":::
+
+> [!NOTE]
+> The user must be authorized to connect to the remote server using the Remote Desktop protocol, for example by being a member of the Remote Desktop Users local group on the remote host.
+
+## Remote Desktop connections and helpdesk support scenarios
+
+For helpdesk support scenarios in which personnel require administrative access via Remote Desktop sessions, it isn't recommended the use of Remote Credential Guard. If an RDP session is initiated to an already compromised client, the attacker could use that open channel to create sessions on the user's behalf. The attacker can access any of the user's resources for a limited time after the session disconnects.
+
+We recommend using Restricted Admin mode option instead. For helpdesk support scenarios, RDP connections should only be initiated using the `/RestrictedAdmin` switch. This helps to ensure that credentials and other user resources aren't exposed to compromised remote hosts. For more information, see [Mitigating Pass-the-Hash and Other Credential Theft v2][PTH-1].
+
+To further harden security, we also recommend that you implement Windows Local Administrator Password Solution (LAPS), which automates local administrator password management. LAPS mitigates the risk of lateral escalation and other cyberattacks  facilitated when customers use the same administrative local account and password combination on all their computers.
+
+For more information about LAPS, see [What is Windows LAPS][LEARN-1].
+
+## Additional considerations
+
+Here are some additional considerations for Remote Credential Guard:
+
+- Remote Credential Guard doesn't support compound authentication. For example, if you're trying to access a file server from a remote host that requires a device claim, access will be denied
+- Remote Credential Guard can be used only when connecting to a device that is joined to an Active Directory domain. It can't be used when connecting to remote devices joined to Azure Active Directory (Azure AD)
+- Remote Credential Guard can be used from an Azure AD joined client to connect to an Active Directory joined remote host, as long as the client can authenticate using Kerberos
+- Remote Credential Guard only works with the RDP protocol
 - No credentials are sent to the target device, but the target device still acquires Kerberos Service Tickets on its own
 - The server and client must authenticate using Kerberos
+- Remote Credential Guard is only supported for direct connections to the target machines and not for the ones via Remote Desktop Connection Broker and Remote Desktop Gateway
+
+<!--links-->
+
+[CSP-1]: /windows/client-management/mdm/policy-csp-credentialsdelegation
+[CSP-2]: /windows/client-management/mdm/policy-csp-admx-credssp
+[INT-3]: /mem/intune/configuration/settings-catalog
+[LEARN-1]: /windows-server/identity/laps/laps-overview
+[TECH-1]: https://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx
+[PTH-1]: https://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf
diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
index 5443446244..35ace33d60 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
@@ -2,7 +2,7 @@
 ms.date: 09/24/2021
 title: Smart Card and Remote Desktop Services 
 description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
-ms.topic: article
+ms.topic: conceptual
 ms.reviewer: ardenw
 ---
 # Smart Card and Remote Desktop Services
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index d305de2eae..f66eedf547 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -2,7 +2,7 @@
 title: Smart Card Architecture 
 description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: reference-architecture
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index f44786fcb1..62737034ae 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -2,7 +2,7 @@
 title: Certificate Propagation Service 
 description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 08/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index ac153d8216..9931e52d1f 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -2,7 +2,7 @@
 title: Certificate Requirements and Enumeration 
 description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 09/24/2021
 ---
 
@@ -175,7 +175,7 @@ The smart card certificate has specific format requirements when it is used with
 
 |            **Component**             |                                                                **Requirements for Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows 10, and Windows 11**                                                                 |                                                                                                **Requirements for Windows XP**                                                                                                 |
 |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|   CRL distribution point location    |                                                                                               Not required                                                                                               |             The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=`<https://server1.contoso.com/CertEnroll/caname.crl>`             |
+|   CRL distribution point location    |                                                                                               Not required                                                                                               |             The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=`<http://server1.contoso.com/CertEnroll/caname.crl>`             |
 |              Key usage               |                                                                                            Digital signature                                                                                             |                                                                                                       Digital signature                                                                                                        |
 |          Basic constraints           |                                                                                               Not required                                                                                               |                                                                              \[Subject Type=End Entity, Path Length Constraint=None\] (Optional)                                                                               |
 |       extended key usage (EKU)       | The smart card sign-in object identifier is not required.<br><br>**Note**&nbsp;&nbsp;If an EKU is present, it must contain the smart card sign-in EKU. Certificates with no EKU can be used for sign-in. |      -   Client Authentication (1.3.6.1.5.5.7.3.2)<br>The client authentication object identifier is required only if a certificate is used for SSL authentication.<br><br>- Smart Card Sign-in (1.3.6.1.4.1.311.20.2.2)       |
@@ -310,4 +310,4 @@ For more information about this option for the command-line tool, see [-SCRoots]
 
 ## See also
 
-[How Smart Card Sign-in Works in Windows](smart-card-how-smart-card-sign-in-works-in-windows.md)
\ No newline at end of file
+[How Smart Card Sign-in Works in Windows](smart-card-how-smart-card-sign-in-works-in-windows.md)
diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index afd45f5a5f..8193759010 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -5,7 +5,7 @@ ms.reviewer: ardenw
 ms.collection: 
   - highpri
   - tier2
-ms.topic: article
+ms.topic: troubleshooting
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index 2d80036a23..87a6861bb1 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -1,24 +1,19 @@
 ---
-title: Smart Card Events 
-description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
-ms.reviewer: ardenw
-ms.topic: article
-ms.date: 09/24/2021
+title: Smart card events 
+description: Learn about smart card deployment and development events.
+ms.topic: troubleshooting
+ms.date: 06/02/2023
 ---
 
-# Smart Card Events
+# Smart card events
 
-This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
+This article describes the events related to smart card deployment and development.
 
-A number of events can be used to monitor smart card activities on a computer, including installation, use, and errors. The following sections describe the events and information that can be used to manage smart cards in an organization.
+Many events can be used to monitor smart card activities on a device, including installation, use, and errors. The next sections describe the events and information that you can use to manage smart cards in an organization.
 
-- [Smart card reader name](#smart-card-reader-name)
-- [Smart card warning events](#smart-card-warning-events)
-- [Smart card error events](#smart-card-error-events)
-- [Smart card Plug and Play events](#smart-card-plug-and-play-events)
 ## Smart card reader name
 
-The Smart Card resource manager doesn't use the device name from Device Manager to describe a smart card reader. Instead, the name is constructed from three device attributes that are queried directly from the smart card reader driver.
+The Smart Card Resource Manager doesn't use the device name from *Device Manager* to describe a smart card reader. Instead, the name is constructed from three device attributes that are queried directly from the smart card reader driver.
 
 The following three attributes are used to construct the smart card reader name:
 
@@ -26,72 +21,73 @@ The following three attributes are used to construct the smart card reader name:
 - Interface device type
 - Device unit
 
-The smart card reader device name is constructed in the form &lt;*VendorName*&gt; &lt;*Type*&gt; &lt;*DeviceUnit*&gt;. For example 'Contoso Smart Card Reader 0' is constructed from the following information:
+The smart card reader device name is constructed in the form `<VendorName><Type><DeviceUnit>`. For example *Contoso Smart Card Reader 0* is constructed from the following information:
 
-- Vendor name: Contoso
-- Interface device type: Smart Card Reader
-- Device unit: 0
+- Vendor name: *Contoso*
+- Interface device type: *Smart Card Reader*
+- Device unit: *0*
 
 ## Smart card warning events
 
-> **Note**&nbsp;&nbsp;IOCTL in the following table refers to input and output control.
+> [!NOTE]
+> *IOCTL* in the following table refers to input and output control.
 
 | **Event ID** | **Warning Message**                 | **Description**                  |
 |--------------|---------|--------------------------------------------------------------------------------------------|
-| 620          | Smart Card Resource Manager was unable to cancel IOCTL %3 for reader '%2': %1. The reader may no longer be responding. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs if the resource manager attempts to cancel a command to the smart card reader when the smart card service is shutting down or after a smart card is removed from the smart card reader and the command could not be canceled. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.<br><br>%1 = Windows error code<br>%2 = Smart card reader name<br>%3 = IOCTL being canceled<br>%4 = First 4 bytes of the command that was sent to the smart card |
+| 620          | Smart Card Resource Manager was unable to cancel IOCTL %3 for reader '%2': %1. The reader may no longer be responding. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs if the Resource Manager attempts to cancel a command to the smart card reader when the smart card service is shutting down or after a smart card is removed from the smart card reader and the command couldn't be canceled. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.<br><br>%1 = Windows error code<br>%2 = Smart card reader name<br>%3 = IOCTL being canceled<br>%4 = First 4 bytes of the command that was sent to the smart card |
 | 619          | Smart Card Reader '%2' hasn't responded to IOCTL %3 in %1 seconds. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4              | This occurs when a reader hasn't responded to an IOCTL after an unusually long period of time. Currently, this error is sent after a reader doesn't respond for 150 seconds. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.<br><br>%1 = Number of seconds the IOCTL has been waiting<br>%2 = Smart card reader name<br>%3 = IOCTL sent<br>%4 = First 4 bytes of the command that was sent to the smart card         |
 
 ## Smart card error events
 
 | **Event ID** | **Error Message**  | **Description**          |
 |--------------|--------------------------------------------|-------------------------------------------------------------------------------|
-| 202          | Failed to initialize Server Application                  | An error occurred, and the service cannot initialize properly. Restarting the computer may resolve the issue.           |
-| 203          | Server Control has no memory for reader reference object.                   | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
-| 204          | Server Control failed to create shutdown event: %1       | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 202          | Failed to initialize Server Application                  | An error occurred, and the service can't initialize properly. Restarting the computer may resolve the issue.           |
+| 203          | Server Control has no memory for reader reference object.                   | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
+| 204          | Server Control failed to create shutdown event: %1       | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
 | 205          | Reader object has duplicate name: %1  | There are two smart card readers that have the same name. Remove the smart card reader that is causing this error message.<br>%1 = Name of the smart card reader that is duplicated               |
-| 206          | Failed to create global reader change event.             | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
-| 401          | Reader shutdown exception from eject smart card command  | A smart card reader could not eject a smart card while the smart card reader was shutting down.      |
-| 406          | Reader object cannot Identify Device  | A smart card reader did not properly respond to a request for information about the device, which is required for constructing the smart card reader name. The smart card reader will not be recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.       |
-| 502          | Initialization of Service Status Critical Section failed | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
-| 504          | Resource Manager cannot create shutdown event flag:  %1  | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 506          | Smart Card Resource Manager failed to register service:  %1                 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 206          | Failed to create global reader change event.             | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
+| 401          | Reader shutdown exception from eject smart card command  | A smart card reader couldn't eject a smart card while the smart card reader was shutting down.      |
+| 406          | Reader object can't Identify Device  | A smart card reader didn't properly respond to a request for information about the device, which is required for constructing the smart card reader name. The smart card reader won't be recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.       |
+| 502          | Initialization of Service Status Critical Section failed | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
+| 504          | Resource Manager can't create shutdown event flag: %1  | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 506          | Smart Card Resource Manager failed to register service: %1                 | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
 | 506          | Smart Card Resource Manager received unexpected exception from PnP event %1 | An attempt to add a Plug and Play reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name             |
-| 507          | No memory available for Service Status Critical Section  | There is not enough system memory available. This prevents the service from managing the status. Restarting the computer may resolve the issue.               |
+| 507          | No memory available for Service Status Critical Section  | There isn't enough system memory available. This prevents the service from managing the status. Restarting the computer may resolve the issue.               |
 | 508          | Smart Card Resource Manager received unexpected exception from PnP event %1 | An attempt to add a Plug and Play reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name             |
 | 509          | Smart Card Resource Manager received unexpected exception from PnP event %1 | An attempt to add a Plug and Play reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name             |
 | 510          | Smart Card Resource Manager received NULL handle from PnP event %1          | An attempt to add a Plug and Play smart card reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name  |
 | 511          | Smart Card Resource Manager received unexpected exception from PnP event %1 | An attempt to add a Plug and Play reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name             |
 | 512          | Smart Card Resource Manager received NULL handle from PnP event %1          | An attempt to add a Plug and Play smart card reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name  |
 | 513          | Smart Card Resource Manager received unexpected exception from PnP event %1 | An attempt to add a Plug and Play reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name             |
-| 514          | Smart Card Resource Manager failed to add reader %2: %1  | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code<br>%2 = Smart card reader name                  |
-| 515          | Smart Card Resource Manager failed to declare state:  %1 | This is an internal unrecoverable error that indicates a failure in the smart card service. The smart card service may not operate properly. Restarting the service or computer may resolve this issue.<br>%1 = Windows error code      |
-| 516          | Smart Card Resource Manager Failed to declare shutdown:  %1                 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The smart card service may not be able to stop. Restarting the computer may resolve this issue.<br>%1 = Windows error code                 |
-| 517          | Smart Card Resource Manager received unexpected exception attempting to add reader %1          | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Smart card reader name         |
+| 514          | Smart Card Resource Manager failed to add reader %2: %1  | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code<br>%2 = Smart card reader name                  |
+| 515          | Smart Card Resource Manager failed to declare state: %1 | Internal, unrecoverable error that indicates a failure in the smart card service. The smart card service may not operate properly. Restarting the service or computer may resolve this issue.<br>%1 = Windows error code      |
+| 516          | Smart Card Resource Manager Failed to declare shutdown: %1                 | Internal, unrecoverable error that indicates a failure in the smart card service. The smart card service may not be able to stop. Restarting the computer may resolve this issue.<br>%1 = Windows error code                 |
+| 517          | Smart Card Resource Manager received unexpected exception attempting to add reader %1          | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Smart card reader name         |
 | 521          | Smart Card Resource Manager received NULL handle from PnP event %1          | An attempt to add a Plug and Play smart card reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name  |
 | 523          | Smart Card Resource Manager received NULL handle from PnP event %1          | An attempt to add a Plug and Play smart card reader failed. The device may already be in use or may be defective. To resolve this error message, try to add the device again or restart the computer.<br>%1 = The affected handle name  |
-| 602          | WDM Reader driver initialization cannot open reader device:  %1             | The service cannot open a communication channel with the smart card reader. You cannot use the smart card reader until the issue is resolved.<br>%1 = Windows error code       |
-| 603          | WDM Reader driver initialization has no memory available to control device %1                  | There is not enough system memory available. This prevents the service from managing the smart card reader that was added. Restarting the computer may resolve the issue.<br>%1 = Name of affected reader            |
-| 604          | Server control cannot set reader removal event:  %1      | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 605          | Reader object failed to create overlapped event:  %1     | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 606          | Reader object failed to create removal event:  %1        | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 607          | Reader object failed to start monitor thread:  %1        | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 608          | Reader monitor failed to create power down timer: %1     | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 609          | Reader monitor failed to create overlapped event:  %1    | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
-| 610          | Smart Card Reader '%2' rejected IOCTL %3: %1  If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card <br> These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios. You might also see this error if your eSIM is recognized as a smartcard controller.|
-| 611          | Smart Card Reader initialization failed                  | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve this issue.   |
-| 612          | Reader insertion monitor error retry threshold reached:  %1                 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code          |
-| 615          | Reader removal monitor error retry threshold reached:  %1                   | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code          |
-| 616          | Reader monitor '%2' received uncaught error code:  %1    | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code<br>%2 = Reader name       |
-| 617          | Reader monitor '%1' exception -- exiting thread          | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Smart card reader name                   |
-| 618          | Smart Card Resource Manager encountered an unrecoverable internal error.    | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
-| 621          | Server Control failed to access start event: %1          | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code      <br>These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios.       |
-| 622          | Server Control failed to access stop event: %1           | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 602          | WDM Reader driver initialization can't open reader device: %1             | The service can't open a communication channel with the smart card reader. You can't use the smart card reader until the issue is resolved.<br>%1 = Windows error code       |
+| 603          | WDM Reader driver initialization has no memory available to control device %1                  | There isn't enough system memory available. This prevents the service from managing the smart card reader that was added. Restarting the computer may resolve the issue.<br>%1 = Name of affected reader            |
+| 604          | Server control can't set reader removal event: %1      | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 605          | Reader object failed to create overlapped event: %1     | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 606          | Reader object failed to create removal event: %1        | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 607          | Reader object failed to start monitor thread: %1        | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 608          | Reader monitor failed to create power down timer: %1     | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 609          | Reader monitor failed to create overlapped event: %1    | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
+| 610          | Smart Card Reader '%2' rejected IOCTL %3: %1 If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader can't successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.<br>%1 = Windows error code<br>%2 = Name of the smart card reader<br>%3 = IOCTL that was sent<br>%4 = First 4 bytes of the command sent to the smart card <br> These events are caused by legacy functionality in the smart card stack. It can be ignored if there's no noticeable failure in the smart card usage scenarios. You might also see this error if your eSIM is recognized as a smartcard controller.|
+| 611          | Smart Card Reader initialization failed                  | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve this issue.   |
+| 612          | Reader insertion monitor error retry threshold reached: %1                 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it isn't recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code          |
+| 615          | Reader removal monitor error retry threshold reached: %1                   | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it isn't recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code          |
+| 616          | Reader monitor '%2' received uncaught error code: %1    | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it isn't recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Windows error code<br>%2 = Reader name       |
+| 617          | Reader monitor '%1' exception -- exiting thread          | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it isn't recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.<br>%1 = Smart card reader name                   |
+| 618          | Smart Card Resource Manager encountered an unrecoverable internal error.    | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.    |
+| 621          | Server Control failed to access start event: %1          | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code      <br>These events are caused by legacy functionality in the smart card stack. It can be ignored if there's no noticeable failure in the smart card usage scenarios.       |
+| 622          | Server Control failed to access stop event: %1           | Internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.<br>%1 = Windows error code             |
 
 ## Smart card Plug and Play events
 
 | **Event ID** | **Event type** | **Event Message**              | **Description**         |
 |--------------|----------------|-----------------------------------------------------------------------------------------|----------------|
-| 1000         | Error          | Could not get device ID for smart card in reader %1. The return code is %2.             | Smart card Plug and Play could not obtain the device ID for the smart card. This information is required to determine the correct driver. The smart card may be defective.<br>%1 = Smart card reader name<br>%2 = Windows error code |
+| 1000         | Error          | Couldn't get device ID for smart card in reader %1. The return code is %2.             | Smart card Plug and Play couldn't obtain the device ID for the smart card. This information is required to determine the correct driver. The smart card may be defective.<br>%1 = Smart card reader name<br>%2 = Windows error code |
 | 1001         | Information    | Software successfully installed for smart card in reader %1. The smart card name is %2. | Smart card Plug and Play successfully installed a minidriver for the inserted card.<br>%1 = Smart card reader name<br>%2 = Name of new smart card device |
 
 ## See also
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index e2ef4a9160..f3f0e7de99 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -2,7 +2,7 @@
 title: Smart Card Group Policy and Registry Settings 
 description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: reference
 ms.date: 11/02/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index 5d498cb152..5ad7eb1205 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -2,7 +2,7 @@
 title: How Smart Card Sign-in Works in Windows
 description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: overview
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index 8250828ff6..4b9fd9a3fd 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -2,7 +2,7 @@
 title: Smart Card Removal Policy Service 
 description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index e3a98718be..2604d84270 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -2,7 +2,7 @@
 title: Smart Cards for Windows Service 
 description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: concept-article
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index 4de4acbfc6..f18465fff3 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -2,7 +2,7 @@
 title: Smart Card Tools and Settings 
 description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: conceptual
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index 07d20ddf30..a7e5247fcc 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -2,7 +2,7 @@
 title: Smart Card Technical Reference 
 description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
 ms.reviewer: ardenw
-ms.topic: article
+ms.topic: reference
 ms.date: 09/24/2021
 ---
 
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index c90f5b2316..2b006e3ca0 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -1,12 +1,10 @@
 items:
   - name: Overview
-    href: ../identity.md
-  - name: Windows credential theft mitigation guide
-    href: windows-credential-theft-mitigation-guide-abstract.md
+    href: index.md
   - name: Passwordless sign-in
     items:
     - name: Windows Hello for Business 🔗
-      href: hello-for-business/index.yml
+      href: hello-for-business/index.md
     - name: Windows presence sensing
       href: https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb
     - name: Windows Hello for Business Enhanced Security Sign-in (ESS) 🔗
@@ -24,26 +22,22 @@ items:
       href: enterprise-certificate-pinning.md
   - name: Advanced credential protection
     items:
-    - name: Account Lockout Policy 🔗
-      href: ../threat-protection/security-policy-settings/account-lockout-policy.md
-    - name: Technical support policy for lost or forgotten passwords
-      href: password-support-policy.md
     - name: Windows LAPS (Local Administrator Password Solution) 🔗
       displayName: LAPS
       href: /windows-server/identity/laps/laps-overview
-    - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
-      href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+    - name: Account Lockout Policy 🔗
+      href: ../threat-protection/security-policy-settings/account-lockout-policy.md
+    - name: Enhanced phishing protection with SmartScreen
+      href: ../operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
       displayName: EPP
     - name: Access Control
-      items:
-      - name: Overview
-        href: access-control/access-control.md
-        displayName: ACL
-      - name: Local Accounts
-        href: access-control/local-accounts.md
-    - name: Security policy settings 🔗
-      href: ../threat-protection/security-policy-settings/security-policy-settings.md
-    - name: Windows Defender Credential Guard
+      href: access-control/access-control.md
+      displayName: ACL/SACL
+    - name: Credential Guard
       href: credential-guard/toc.yml
-  - name: Windows Defender Remote Credential Guard
-    href: remote-credential-guard.md
\ No newline at end of file
+    - name: Remote Credential Guard
+      href: remote-credential-guard.md
+  - name: LSA Protection 🔗
+    href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
+  - name: Local Accounts
+    href: access-control/local-accounts.md
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
deleted file mode 100644
index 97c4196886..0000000000
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ /dev/null
@@ -1,179 +0,0 @@
----
-title: How User Account Control works 
-description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
-ms.collection: 
-  - highpri
-  - tier2
-ms.topic: article
-ms.date: 09/23/2021
----
-
-# How User Account Control works
-
-User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
-
-## UAC process and interactions
-
-Each app that requires the administrator access token must prompt for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same integrity level. Windows protects processes by marking their integrity levels. Integrity levels are measurements of trust. A "high" integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a "low" integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Apps with lower integrity levels cannot modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provide valid administrator credentials.
-
-To better understand how this process happens, let's look at the Windows logon process.
-
-### Logon process
-
-The following shows how the logon process for an administrator differs from the logon process for a standard user.
-
-![uac windows logon process.](images/uacwindowslogonprocess.gif)
-
-By default, standard users and administrators access resources and run apps in the security context of standard users. When a user logs on to a computer, the system creates an access token for that user. The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges.
-
-When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. The standard user access token is used to start apps that do not perform administrative tasks (standard user apps). The standard user access token is then used to display the desktop (explorer.exe). Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all apps run as a standard user unless a user provides consent or credentials to approve an app to use a full administrative access token.
-
-A user that is a member of the Administrators group can log on, browse the Web, and read e-mail while using a standard user access token. When the administrator needs to perform a task that requires the administrator access token, Windows automatically prompts the user for approval. This prompt is called an elevation prompt, and its behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
-
-### The UAC User Experience
-
-When UAC is enabled, the user experience for standard users is different from that of administrators in Admin Approval Mode. The recommended and more secure method of running Windows, is to make your primary user account a standard user account. Running as a standard user helps to maximize security for a managed environment. With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account. The default, built-in UAC elevation component for standard users is the credential prompt.
-
-The alternative to running as a standard user is to run as an administrator in Admin Approval Mode. With the built-in UAC elevation component, members of the local Administrators group can easily perform an administrative task by providing approval. The default, built-in UAC elevation component for an administrator account in Admin Approval Mode is called the consent prompt.
-
-**The consent and credential prompts**
-
-With UAC enabled, Windows prompts for consent or prompts for credentials of a valid local administrator account before starting a program or task that requires a full administrator access token. This prompt ensures that no malicious software can be silently installed.
-
-**The consent prompt**
-
-The consent prompt is presented when a user attempts to perform a task that requires a user's administrative access token. The following is an example of the UAC consent prompt.
-
-:::image type="content" source="images/uacconsentprompt.png" alt-text="UAC consent prompt.":::
-
-**The credential prompt**
-
-The credential prompt is presented when a standard user attempts to perform a task that requires a user's administrative access token. Administrators can also be required to provide their credentials by setting the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting value to **Prompt for credentials**.
-
-The following is an example of the UAC credential prompt.
-
-:::image type="content" source="images/uaccredentialprompt.png" alt-text="UAC credential prompt.":::
-
-**UAC elevation prompts**
-
-The UAC elevation prompts are color-coded to be app-specific, enabling for immediate identification of an application's potential security risk. When an app attempts to run with an administrator's full access token, Windows first analyzes the executable file to determine its publisher. Apps are first separated into three categories based on the file's publisher: Windows 10 or Windows 11, publisher verified (signed), and publisher not verified (unsigned). The following diagram illustrates how Windows determines which color elevation prompt to present to the user.
-
-The elevation prompt color-coding is as follows:
-
-- Red background with a red shield icon: The app is blocked by Group Policy or is from a publisher that is blocked.
-- Blue background with a blue and gold shield icon: The application is a Windows 10 and Windows 11 administrative app, such as a Control Panel item.
-- Blue background with a blue shield icon: The application is signed by using Authenticode and is trusted by the local computer.
-- Yellow background with a yellow shield icon: The application is unsigned or signed but is not yet trusted by the local computer.
-
-**Shield icon**
-
-Some Control Panel items, such as **Date and Time Properties**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screenshot of the **Date and Time Properties** Control Panel item.
-
-:::image type="content" source="images/uacshieldicon.png" alt-text="UAC Shield Icon in Date and Time Properties":::
-
-The shield icon on the **Change date and time** button indicates that the process requires a full administrator access token and will display a UAC elevation prompt.
-
-**Securing the elevation prompt**
-
-The elevation process is further secured by directing the prompt to the secure desktop. The consent and credential prompts are displayed on the secure desktop by default in Windows 10 and Windows 11. Only Windows processes can access the secure desktop. For higher levels of security, we recommend keeping the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting enabled.
-
-When an executable file requests elevation, the interactive desktop, also called the user desktop, is switched to the secure desktop. The secure desktop dims the user desktop and displays an elevation prompt that must be responded to before continuing. When the user clicks **Yes** or **No**, the desktop switches back to the user desktop.
-
-Malware can present an imitation of the secure desktop, but when the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting is set to **Prompt for consent**, the malware does not gain elevation if the user clicks **Yes** on the imitation. If the policy setting is set to **Prompt for credentials**, malware imitating the credential prompt may be able to gather the credentials from the user. However, the malware does not gain elevated privilege and the system has other protections that mitigate malware from taking control of the user interface even with a harvested password.
-
-While malware could present an imitation of the secure desktop, this issue cannot occur unless a user previously installed the malware on the PC. Because processes requiring an administrator access token cannot silently install when UAC is enabled, the user must explicitly provide consent by clicking **Yes** or by providing administrator credentials. The specific behavior of the UAC elevation prompt is dependent upon Group Policy.
-
-## UAC Architecture
-
-The following diagram details the UAC architecture.
-
-![uac architecture.](images/uacarchitecture.gif)
-
-To better understand each component, review the table below:
-
-### User
-
-|Component|Description|
-|--- |--- |
-|<p>User performs operation requiring privilege|<p>If the operation changes the file system or registry, Virtualization is called. All other operations call ShellExecute.|
-|<p>ShellExecute|<p>ShellExecute calls CreateProcess. ShellExecute looks for the ERROR_ELEVATION_REQUIRED error from CreateProcess. If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.|
-|<p>CreateProcess|<p>If the application requires elevation, CreateProcess rejects the call with ERROR_ELEVATION_REQUIRED.|
-
-### System
-
-|Component|Description|
-|--- |--- |
-|<p>Application Information service|<p>A system service that helps start apps that require one or more elevated privileges or user rights to run, such as local administrative tasks, and apps that require higher integrity levels. The Application Information service helps start such apps by creating a new process for the application with an administrative user's full access token when elevation is required and (depending on Group Policy) consent is given by the user to do so.|
-|<p>Elevating an ActiveX install|<p>If ActiveX is not installed, the system checks the UAC slider level. If ActiveX is installed, the **User Account Control: Switch to the secure desktop when prompting for elevation** Group Policy setting is checked.|
-|<p>Check UAC slider level|<p>UAC has a slider to select from four levels of notification.<ul><li><p>**Always notify** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Notify you when you make changes to Windows settings.</li><li>Freeze other tasks until you respond.</li></ul><p>Recommended if you often install new software or visit unfamiliar websites.<br></li><li><p>**Notify me only when programs try to make changes to my computer** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Freeze other tasks until you respond.</li></ul><p>Recommended if you do not often install apps or visit unfamiliar websites.<br></li><li><p>**Notify me only when programs try to make changes to my computer (do not dim my desktop)** will:<ul><li>Notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Not freeze other tasks until you respond.</li></ul><p>Not recommended. Choose this only if it takes a long time to dim the desktop on your computer.<br></li><li><p>**Never notify (Disable UAC prompts)** will:<ul><li>Not notify you when programs try to install software or make changes to your computer.</li><li>Not notify you when you make changes to Windows settings.</li><li>Not freeze other tasks until you respond.</li></ul><p>Not recommended due to security concerns.|
-|<p>Secure desktop enabled|<p>The **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is checked: <ul><li><p>If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.</li><li><p>If the secure desktop is not enabled, all elevation requests go to the interactive user&#39;s desktop, and the per-user settings for administrators and standard users are used.|
-|<p>CreateProcess|<p>CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the app requires elevation. The file is then inspected to determine its requested execution level, which is stored in the application manifest for the file. CreateProcess fails if the requested execution level specified in the manifest does not match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.|
-|<p>AppCompat|<p>The AppCompat database stores information in the application compatibility fix entries for an application.|
-|<p>Fusion|<p>The Fusion database stores information from application manifests that describe the applications. The manifest schema is updated to add a new requested execution level field.|
-|<p>Installer detection|<p>Installer detection detects setup files, which helps prevent installations from being run without the user&#39;s knowledge and consent.|
-
-### Kernel
-
-|Component|Description|
-|--- |--- |
-|<p>Virtualization|<p>Virtualization technology ensures that non-compliant apps do not silently fail to run or fail in a way that the cause cannot be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.|
-|<p>File system and registry|<p>The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.|
- 
-The slider will never turn UAC completely off. If you set it to **Never notify**, it will:
-
-- Keep the UAC service running.
-- Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
-- Automatically deny all elevation requests for standard users.
-
-> [!IMPORTANT]
-> In order to fully disable UAC you must disable the policy **User Account Control: Run all administrators in Admin Approval Mode**.
-
-> [!WARNING]
-> Some Universal Windows Platform apps may not work when UAC is disabled.
- 
-### Virtualization
-
-Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you do not need to replace the majority of apps when UAC is turned on.
-
-Windows 10 and Windows 11 include file and registry virtualization technology for apps that are not UAC-compliant and that require an administrator's access token to run correctly. When an administrative app that is not UAC-compliant attempts to write to a protected folder, such as Program Files, UAC gives the app its own virtualized view of the resource it is attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant app.
-
-Most app tasks operate properly by using virtualization features. Although virtualization allows a majority of applications to run, it is a short-term fix and not a long-term solution. App developers should modify their apps to be compliant as soon as possible, rather than relying on file, folder, and registry virtualization.
-
-Virtualization is not an option in the following scenarios:
-
-- Virtualization does not apply to apps that are elevated and run with a full administrative access token.
-
-- Virtualization supports only 32-bit apps. Non-elevated 64-bit apps simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit apps are required to be compatible with UAC and to write data into the correct locations.
-
-- Virtualization is disabled if the app includes an app manifest with a requested execution level attribute.
-
-### Request execution levels
-
-An app manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an app should bind to at run time. The app manifest includes entries for UAC app compatibility purposes. Administrative apps that include an entry in the app manifest prompt the user for permission to access the user's access token. Although they lack an entry in the app manifest, most administrative app can run without modification by using app compatibility fixes. App compatibility fixes are database entries that enable applications that are not UAC-compliant to work properly.
-
-All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, then marking the app with a requested execution level of "require administrator" ensures that the system identifies this program as an administrative app and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.
-
-### Installer detection technology
-
-Installation programs are apps designed to deploy software. Most installation programs write to system directories and registry keys. These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users do not have sufficient access to install programs. Windows 10 and Windows 11 heuristically detect installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows 10 and Windows 11 also heuristically detect updates and programs that uninstall applications. One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.
-
-Installer detection only applies to:
-
-- 32-bit executable files.
-- Applications without a requested execution level attribute.
-- Interactive processes running as a standard user with UAC enabled.
-
-Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:
-
-- The file name includes keywords such as "install," "setup," or "update."
-- Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
-- Keywords in the side-by-side manifest are embedded in the executable file.
-- Keywords in specific StringTable entries are linked in the executable file.
-- Key attributes in the resource script data are linked in the executable file.
-- There are targeted sequences of bytes within the executable file.
-
-> [!NOTE]
-> The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
-
-> [!NOTE]
-> The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. For more info, see [User Account Control security policy settings](user-account-control-security-policy-settings.md).
diff --git a/windows/security/identity-protection/user-account-control/images/uacconsentprompt.png b/windows/security/identity-protection/user-account-control/images/uacconsentprompt.png
deleted file mode 100644
index 1a84a4cfd7..0000000000
Binary files a/windows/security/identity-protection/user-account-control/images/uacconsentprompt.png and /dev/null differ
diff --git a/windows/security/identity-protection/user-account-control/images/uaccredentialprompt.png b/windows/security/identity-protection/user-account-control/images/uaccredentialprompt.png
deleted file mode 100644
index df0077b91b..0000000000
Binary files a/windows/security/identity-protection/user-account-control/images/uaccredentialprompt.png and /dev/null differ
diff --git a/windows/security/identity-protection/user-account-control/images/uacshieldicon.png b/windows/security/identity-protection/user-account-control/images/uacshieldicon.png
deleted file mode 100644
index 5c9e4de2f7..0000000000
Binary files a/windows/security/identity-protection/user-account-control/images/uacshieldicon.png and /dev/null differ
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
deleted file mode 100644
index acd299f115..0000000000
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ /dev/null
@@ -1,191 +0,0 @@
----
-title: User Account Control Group Policy and registry key settings 
-description: Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC.
-ms.collection: 
-  - highpri
-  - tier2
-ms.topic: article
-ms.date: 04/19/2017
----
-
-# User Account Control Group Policy and registry key settings
-## Group Policy settings
-There are 10 Group Policy settings that can be configured for User Account Control (UAC). The table lists the default for each of the policy settings, and the following sections explain the different UAC policy settings and provide recommendations. These policy settings are located in **Security Settings\\Local Policies\\Security Options** in the Local Security Policy snap-in. For more information about each of the Group Policy settings, see the Group Policy description. For information about the registry key settings, see [Registry key settings](#registry-key-settings).
-
-
-| Group Policy setting | Registry key | Default |
-| - | - | - | - |
-| [User Account Control: Admin Approval Mode for the built-in Administrator account](#user-account-control-admin-approval-mode-for-the-built-in-administrator-account) | FilterAdministratorToken | Disabled |
-| [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](#user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop) | EnableUIADesktopToggle | Disabled |
-| [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](#user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode) | ConsentPromptBehaviorAdmin | Prompt for consent for non-Windows binaries |
-| [User Account Control: Behavior of the elevation prompt for standard users](#user-account-control-behavior-of-the-elevation-prompt-for-standard-users) | ConsentPromptBehaviorUser | Prompt for credentials |
-| [User Account Control: Detect application installations and prompt for elevation](#user-account-control-detect-application-installations-and-prompt-for-elevation) | EnableInstallerDetection | Enabled (default for home)<br />Disabled (default for enterprise) |
-| [User Account Control: Only elevate executables that are signed and validated](#user-account-control-only-elevate-executables-that-are-signed-and-validated) | ValidateAdminCodeSignatures | Disabled |
-| [User Account Control: Only elevate UIAccess applications that are installed in secure locations](#user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations) | EnableSecureUIAPaths | Enabled |
-| [User Account Control: Run all administrators in Admin Approval Mode](#user-account-control-run-all-administrators-in-admin-approval-mode) | EnableLUA | Enabled |
-| [User Account Control: Switch to the secure desktop when prompting for elevation](#user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation) | PromptOnSecureDesktop | Enabled |
-| [User Account Control: Virtualize file and registry write failures to per-user locations](#user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations) | EnableVirtualization | Enabled |
-
-### User Account Control: Admin Approval Mode for the built-in Administrator account
-
-The **User Account Control: Admin Approval Mode for the built-in Administrator account** policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
-
-The options are:
-
--   **Enabled.** The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
--   **Disabled.** (Default) The built-in Administrator account runs all applications with full administrative privilege.
-
-
-### User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
-
-The **User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop** policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
-
-The options are:
-
--   **Enabled.** UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
--   **Disabled.** (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting.
-
-UIA programs are designed to interact with Windows and application programs on behalf of a user. This policy setting allows UIA programs to bypass the secure desktop to increase usability in certain cases; however, allowing elevation requests to appear on the interactive desktop instead of the secure desktop can increase your security risk.
-
-UIA programs must be digitally signed because they must be able to respond to prompts regarding security issues, such as the UAC elevation prompt. By default, UIA programs are run only from the following protected paths:
-
--   ...\\Program Files, including subfolders
--   ...\\Program Files (x86), including subfolders for 64-bit versions of Windows
--   ...\\Windows\\System32
-
-The **User Account Control: Only elevate UIAccess applications that are installed in secure locations** policy setting disables the requirement to be run from a protected path.
-
-While this policy setting applies to any UIA program, it is primarily used in certain remote assistance scenarios, including the Windows Remote Assistance program in Windows 7.
-
-If a user requests remote assistance from an administrator and the remote assistance session is established, any elevation prompts appear on the interactive user's secure desktop and the administrator's remote session is paused. To avoid pausing the remote administrator's session during elevation requests, the user may select the **Allow IT Expert to respond to User Account Control prompts** check box when setting up the remote assistance session. However, selecting this check box requires that the interactive user respond to an elevation prompt on the secure desktop. If the interactive user is a standard user, the user does not have the required credentials to allow elevation.
-
-If you enable this policy setting, requests for elevation are automatically sent to the interactive desktop (not the secure desktop) and also appear on the remote administrator's view of the desktop during a remote assistance session. This allows the remote administrator to provide the appropriate credentials for elevation.
-
-This policy setting does not change the behavior of the UAC elevation prompt for administrators.
-
-If you plan to enable this policy setting, you should also review the effect of the **User Account Control: Behavior of the elevation prompt for standard users** policy setting. If it is configured as **Automatically deny elevation requests**, elevation requests are not presented to the user.
-
-
-### User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
-
-The **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting controls the behavior of the elevation prompt for administrators.
-
-The options are:
-
--   **Elevate without prompting.** Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials.
-
-    **Note** Use this option only in the most constrained environments.
-
--   **Prompt for credentials on the secure desktop.** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
--   **Prompt for consent on the secure desktop.** When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either **Permit** or **Deny**. If the user selects **Permit**, the operation continues with the user's highest available privilege.
--   **Prompt for credentials.** When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Prompt for consent.** When an operation requires elevation of privilege, the user is prompted to select either **Permit** or **Deny**. If the user selects **Permit**, the operation continues with the user's highest available privilege.
--   **Prompt for consent for non-Windows binaries.** (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either **Permit** or **Deny**. If the user selects **Permit**, the operation continues with the user's highest available privilege.
-
-
-### User Account Control: Behavior of the elevation prompt for standard users
-
-The **User Account Control: Behavior of the elevation prompt for standard users** policy setting controls the behavior of the elevation prompt for standard users.
-
-The options are:
-
--   **Automatically deny elevation requests.** When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
--   **Prompt for credentials on the secure desktop.** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Prompt for credentials.** (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-### User Account Control: Detect application installations and prompt for elevation
-
-The **User Account Control: Detect application installations and prompt for elevation** policy setting controls the behavior of application installation detection for the computer.
-
-The options are:
-
--   **Enabled.** (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Disabled.** (Default for enterprise) Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.
-
-### User Account Control: Only elevate executables that are signed and validated
-
-The **User Account Control: Only elevate executables that are signed and validated** policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
-
-The options are:
-
--   **Enabled.** Enforces the PKI certification path validation for a given executable file before it is permitted to run.
--   **Disabled.** (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.
-
-### User Account Control: Only elevate UIAccess applications that are installed in secure locations
-
-The **User Account Control: Only elevate UIAccess applications that are installed in secure locations** policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:
-
--   ...\\Program Files, including subfolders
--   ...\\Windows\\system32
--   ...\\Program Files (x86), including subfolders for 64-bit versions of Windows
-
-**Note** Windows enforces a PKI signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.
-
-The options are:
-
--   **Enabled.** (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.
--   **Disabled.** An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.
-
-### User Account Control: Run all administrators in Admin Approval Mode
-
-The **User Account Control: Run all administrators Admin Approval Mode** policy setting controls the behavior of all UAC policy settings for the computer. If you change this policy setting, you must restart your computer.
-
-The options are:
-
--   **Enabled.** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the **Administrators** group to run in Admin Approval Mode.
--   **Disabled.** Admin Approval Mode and all related UAC policy settings are disabled.
-
-**Note** If this policy setting is disabled, the Windows Security app notifies you that the overall security of the operating system has been reduced.
-
-### User Account Control: Switch to the secure desktop when prompting for elevation
-
-The **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
-
-The options are:
-
--   **Enabled.** (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
--   **Disabled.** All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
-
-When this policy setting is enabled, it overrides the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting. The following table describes the behavior of the elevation prompt for each of the administrator policy settings when the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is enabled or disabled.
-
-| Administrator policy setting | Enabled | Disabled |
-| - | - | - |
-| **Prompt for credentials on the secure desktop** | The prompt appears on the secure desktop. | The prompt appears on the secure desktop. |
-| **Prompt for consent on the secure desktop** | The prompt appears on the secure desktop. | The prompt appears on the secure desktop. |
-| **Prompt for credentials** | The prompt appears on the secure desktop. | The prompt appears on the interactive user's desktop. |
-| **Prompt for consent** | The prompt appears on the secure desktop. | The prompt appears on the interactive user's desktop. |
-| **Prompt for consent for non-Windows binaries** | The prompt appears on the secure desktop. | The prompt appears on the interactive user's desktop. |
-
-When this policy setting is enabled, it overrides the **User Account Control: Behavior of the elevation prompt for standard users** policy setting. The following table describes the behavior of the elevation prompt for each of the standard user policy settings when the **User Account Control: Switch to the secure desktop when prompting for elevation** policy setting is enabled or disabled.
-
-| Standard policy setting | Enabled | Disabled |
-| - | - | - |
-| **Automatically deny elevation requests** | No prompt. The request is automatically denied. | No prompt. The request is automatically denied. |
-| **Prompt for credentials on the secure desktop** | The prompt appears on the secure desktop. | The prompt appears on the secure desktop. |
-| **Prompt for credentials** | The prompt appears on the secure desktop. | The prompt appears on the interactive user's desktop. |
-
-### User Account Control: Virtualize file and registry write failures to per-user locations
-
-The **User Account Control: Virtualize file and registry write failures to per-user locations** policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software.
-
-The options are:
-
--   **Enabled.** (Default) Application write failures are redirected at run time to defined user locations for both the file system and registry.
--   **Disabled.** Applications that write data to protected locations fail.
-
-## Registry key settings
-
-The registry keys are found in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System**. For information about each of the registry keys, see the associated Group Policy description.
-
-| Registry key | Group Policy setting | Registry setting |
-| - | - | - |
-| FilterAdministratorToken | [User Account Control: Admin Approval Mode for the built-in Administrator account](#user-account-control-admin-approval-mode-for-the-built-in-administrator-account) | 0 (Default) = Disabled<br />1 = Enabled |
-| EnableUIADesktopToggle | [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](#user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop) | 0 (Default) = Disabled<br />1 = Enabled |
-| ConsentPromptBehaviorAdmin | [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](#user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode) | 0 = Elevate without prompting<br />1 = Prompt for credentials on the secure desktop<br />2 = Prompt for consent on the secure desktop<br />3 = Prompt for credentials<br />4 = Prompt for consent<br />5 (Default) = Prompt for consent for non-Windows binaries<br /> |
-| ConsentPromptBehaviorUser | [User Account Control: Behavior of the elevation prompt for standard users](#user-account-control-behavior-of-the-elevation-prompt-for-standard-users) | 0 = Automatically deny elevation requests<br />1 = Prompt for credentials on the secure desktop<br />3 (Default) = Prompt for credentials |
-| EnableInstallerDetection | [User Account Control: Detect application installations and prompt for elevation](#user-account-control-detect-application-installations-and-prompt-for-elevation) | 1 = Enabled (default for home)<br />0 = Disabled (default for enterprise) |
-| ValidateAdminCodeSignatures | [User Account Control: Only elevate executables that are signed and validated](#user-account-control-only-elevate-executables-that-are-signed-and-validated) | 0 (Default) = Disabled<br/>1 = Enabled |
-| EnableSecureUIAPaths | [User Account Control: Only elevate UIAccess applications that are installed in secure locations](#user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations) | 0 = Disabled<br />1 (Default) = Enabled |
-| EnableLUA | [User Account Control: Run all administrators in Admin Approval Mode](#user-account-control-run-all-administrators-in-admin-approval-mode) | 0 = Disabled<br />1 (Default) = Enabled |
-| PromptOnSecureDesktop | [User Account Control: Switch to the secure desktop when prompting for elevation](#user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation) | 0 = Disabled<br />1 (Default) = Enabled |
-| EnableVirtualization | [User Account Control: Virtualize file and registry write failures to per-user locations](#user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations) | 0 = Disabled<br />1 (Default) = Enabled |
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
deleted file mode 100644
index b3db8ed5ef..0000000000
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: User Account Control overview
-description: Learn about User Account Control (UAC) and how it helps preventing malware from damaging a device and helps organizations deploy a better-managed desktop.
-ms.collection: 
-  - highpri
-  - tier2
-ms.topic: conceptual
-ms.date: 05/18/2023
----
-
-# User Account Control overview
-
-User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
-
-UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
-
-Other apps, especially those that were not specifically designed with security settings in mind, often require additional permissions to run successfully. These types of apps are referred to as legacy apps. Additionally, actions such as installing new software and making configuration changes to the Windows Firewall, require more permissions than what is available to a standard user account.
-
-When an app needs to run with more than standard user rights, UAC allows users to run apps with their administrator token (with administrative groups and privileges) instead of their default, standard user access token. Users continue to operate in the standard user security context, while enabling certain apps to run with elevated privileges, if needed.
-
-[!INCLUDE [user-account-control-uac](../../../../includes/licensing/user-account-control-uac.md)]
-
-## Practical applications
-
-Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
-
-## Next steps
-
-Learn more about UAC and how to configure it for your organization.
-
-| Topic | Description |
-| - | - |
-| [How User Account Control works](how-user-account-control-works.md) | User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware. |
-| [User Account Control security policy settings](user-account-control-security-policy-settings.md) | You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. |
-| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC. |
- 
\ No newline at end of file
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
deleted file mode 100644
index c2f4f1019a..0000000000
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: User Account Control security policy settings 
-description: You can use security policies to configure how User Account Control works in your organization.
-ms.topic: article
-ms.date: 09/24/2021
----
-
-# User Account Control security policy settings
-
-You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
-
-## User Account Control: Admin Approval Mode for the Built-in Administrator account
-
-This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.
-
--   **Enabled** The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation.
--   **Disabled** (Default) The built-in Administrator account runs all applications with full administrative privilege.
-
-## User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop
-
-This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
-
--   **Enabled** UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
--   **Disabled** (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
-
-## User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
-
-This policy setting controls the behavior of the elevation prompt for administrators.
-
--   **Elevate without prompting** Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials.
-
-    >**Note:**  Use this option only in the most constrained environments.
-     
--   **Prompt for credentials on the secure desktop** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a privileged user name and password. If the user enters valid credentials, the operation continues with the user's highest available privilege.
--   **Prompt for consent on the secure desktop** When an operation requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
--   **Prompt for credentials** When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Prompt for consent** When an operation requires elevation of privilege, the user is prompted to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
--   **Prompt for consent for non-Windows binaries** (Default) When an operation for a non-Microsoft application requires elevation of privilege, the user is prompted on the secure desktop to select either Permit or Deny. If the user selects Permit, the operation continues with the user's highest available privilege.
-
-## User Account Control: Behavior of the elevation prompt for standard users
-
-This policy setting controls the behavior of the elevation prompt for standard users.
-
--   **Prompt for credentials** (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Automatically deny elevation requests** When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls.
--   **Prompt for credentials on the secure desktop** When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
-
-## User Account Control: Detect application installations and prompt for elevation
-
-This policy setting controls the behavior of application installation detection for the computer.
-
--   **Enabled** (Default) When an app installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Disabled** App installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies, such as Group Policy or Microsoft Intune should disable this policy setting. In this case, installer detection is unnecessary.
-
-## User Account Control: Only elevate executable files that are signed and validated
-
-This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
-
--   **Enabled** Enforces the certificate certification path validation for a given executable file before it's permitted to run.
--   **Disabled** (Default) Doesn't enforce the certificate certification path validation before a given executable file is permitted to run.
-
-## User Account Control: Only elevate UIAccess applications that are installed in secure locations
-
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following folders: 
-
-- …\\Program Files\\, including subfolders
-- …\\Windows\\system32\\ 
-- …\\Program Files (x86)\\, including subfolders for 64-bit versions of Windows
-
->**Note:**  Windows enforces a digital signature check on any interactive app that requests to run with a UIAccess integrity level regardless of the state of this security setting.
- 
--   **Enabled** (Default) If an app resides in a secure location in the file system, it runs only with UIAccess integrity.
--   **Disabled** An app runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
-
-## User Account Control: Turn on Admin Approval Mode
-
-This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
-
--   **Enabled** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately. They'll allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
--   **Disabled** Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Windows Security app notifies you that the overall security of the operating system has been reduced.
-
-## User Account Control: Switch to the secure desktop when prompting for elevation
-
-This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.
-
--   **Enabled** (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
--   **Disabled** All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
-
-## User Account Control: Virtualize file and registry write failures to per-user locations
-
-This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software.
-
--   **Enabled** (Default) App write failures are redirected at run time to defined user locations for both the file system and registry.
--   **Disabled** Apps that write data to protected locations fail.
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
deleted file mode 100644
index 5cbde2e21f..0000000000
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: Windows Credential Theft Mitigation Guide Abstract
-description: Provides a summary of the Windows credential theft mitigation guide.
-ms.topic: conceptual
-ms.date: 03/31/2023
----
-
-# Windows Credential Theft Mitigation Guide Abstract
-
-This topic provides a summary of the Windows credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
-This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
-
-- Identify high-value assets
-- Protect against known and unknown threats
-- Detect pass-the-hash and related attacks
-- Respond to suspicious activity
-- Recover from a breach
-
-![Security stages.](images/security-stages.png)
-
-## Attacks that steal credentials
-
-Learn about the different types of attacks that are used to steal credentials, and the factors that can place your organization at risk.
-The types of attacks that are covered include:
-
-- Pass the hash
-- Kerberos pass the ticket
-- Kerberos golden ticket and silver ticket
-- Key loggers
-- Shoulder surfing
-
-## Credential protection strategies
-
-This part of the guide helps you consider the mindset of the attacker, with prescriptive guidance about how to prioritize high-value accounts and computers.
-You'll learn how to architect a defense against credential theft:
-
-- Establish a containment model for account privileges
-- Harden and restrict administrative hosts
-- Ensure that security configurations and best practices are implemented
-
-## Technical countermeasures for credential theft
-
-Objectives and expected outcomes are covered for each of these countermeasures:
-
-- Use Windows 10 with Credential Guard
-- Restrict and protect high-privilege domain accounts
-- Restrict and protect local accounts with administrative privileges
-- Restrict inbound network traffic
-
-Many other countermeasures are also covered, such as using Microsoft Passport and Windows Hello, or multifactor authentication.
-
-## Detecting credential attacks
-
-This sections covers how to detect the use of stolen credentials and how to collect computer events to help you detect credential theft.
-
-## Responding to suspicious activity
-
-Learn Microsoft's recommendations for responding to incidents, including how to recover control of compromised accounts, how to investigate attacks, and how to recover from a breach.
diff --git a/windows/security/identity.md b/windows/security/identity.md
deleted file mode 100644
index c773cf7055..0000000000
--- a/windows/security/identity.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Windows identity and user security
-description: Get an overview of identity security in Windows 11 and Windows 10
-ms.reviewer: 
-manager: aaroncz
-ms.author: paoloma
-author: paolomatarazzo
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Windows identity and privacy
- 
-Malicious actors launch millions of password attacks every day. Weak passwords, password spraying, and phishing are the entry point for many attacks. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure.  Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations.
-
-| Security capabilities | Description |
-|:---|:---|
-| Securing user identity with Windows Hello  |  Windows Hello and Windows Hello for Business replace password-based authentication with a stronger authentication model to sign into your device using a passcode (PIN) or other biometric based authentication. This PIN or biometric based authentication is only valid on the device that you registered it for and cannot be used on another deviceLearn more: [Windows Hello for Business](identity-protection\hello-for-business\hello-overview.md) |
-| Windows Defender Credential Guard and Remote Credential Guard | Windows Defender Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges. Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. Learn more: [Protect derived domain credentials with Windows Defender Credential Guard](identity-protection/credential-guard/credential-guard-how-it-works.md) and [Protect Remote Desktop credentials with Windows Defender Remote Credential Guard](identity-protection/remote-credential-guard.md)|
-| FIDO Alliance | Fast Identity Online (FIDO) defined protocols are becoming the open standard for providing strong authentication that helps prevent phishing and are user-friendly and privacy-respecting. Windows 11 supports the use of device sign-in with FIDO 2 security keys, and with Microsoft Edge or other modern browsers, supports the use of secure FIDO-backed credentials to keep user accounts protected. Learn more about the [FIDO Alliance](https://fidoalliance.org/). |
-| Microsoft Authenticator | The Microsoft Authenticator app is a perfect companion to help keep secure with Windows 11. It allows easy, secure sign-ins for all your online accounts using multi-factor authentication, passwordless phone sign-in, or password autofill. You also have additional account management options for your Microsoft personal, work, or school accounts. Microsoft Authenticator can be used to set up multi-factor authentication for your users. Learn more: [Enable passwordless sign-in with the Microsoft Authenticator app](/azure/active-directory/authentication/howto-authentication-passwordless-phone).  |
-| Smart Cards | Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks in Windows, such as authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Learn more about [Smart Cards](identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md).|
-| Access Control | Access control is the process of authorizing users, groups, and computers to access objects and assets on a network or computer. Computers can control the use of system and network resources through the interrelated mechanisms of authentication and authorization. Learn more: [Access Control](identity-protection/access-control/access-control.md).|
diff --git a/windows/security/images/icons/certificate.svg b/windows/security/images/icons/certificate.svg
new file mode 100644
index 0000000000..3bd8b81da3
--- /dev/null
+++ b/windows/security/images/icons/certificate.svg
@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M4.75 3C3.23122 3 2 4.23122 2 5.75V10.9995C2.91223 9.78534 4.3644 9 6 9C8.76142 9 11 11.2386 11 14C11 15.1258 10.6279 16.1647 10 17.0005V18H19.25C20.7688 18 22 16.7688 22 15.25V5.75C22 4.23122 20.7688 3 19.25 3H4.75ZM6.75 7H17.25C17.6642 7 18 7.33579 18 7.75C18 8.16421 17.6642 8.5 17.25 8.5H6.75C6.33579 8.5 6 8.16421 6 7.75C6 7.33579 6.33579 7 6.75 7ZM12 12.75C12 12.3358 12.3358 12 12.75 12H17.25C17.6642 12 18 12.3358 18 12.75C18 13.1642 17.6642 13.5 17.25 13.5H12.75C12.3358 13.5 12 13.1642 12 12.75ZM5.99967 10C3.79017 10 1.99902 11.7911 1.99902 14.0006C1.99902 16.2101 3.79017 18.0013 5.99967 18.0013C8.20916 18.0013 10.0003 16.2101 10.0003 14.0006C10.0003 11.7911 8.20916 10 5.99967 10ZM9.00076 18.001C8.16487 18.6291 7.12573 19.0013 5.99967 19.0013C4.8745 19.0013 3.83612 18.6297 3.00058 18.0025L3.0001 21.2487C3.0001 21.8195 3.6046 22.1681 4.09019 21.9176L4.17966 21.8635L6.00002 20.5912L7.81967 21.8635C8.28757 22.1904 8.91959 21.8946 8.99232 21.353L8.99923 21.2487L9.00076 18.001Z" fill="#0078D4" />
+</svg>
\ No newline at end of file
diff --git a/windows/security/images/icons/license.svg b/windows/security/images/icons/license.svg
new file mode 100644
index 0000000000..96ffa5b4eb
--- /dev/null
+++ b/windows/security/images/icons/license.svg
@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M2 3.75C2 2.7835 2.7835 2 3.75 2H9.25C10.2165 2 11 2.7835 11 3.75V10H14V11.5C14 12.8807 12.8807 14 11.5 14H4.5C3.11929 14 2 12.8807 2 11.5V3.75ZM11 13H11.5C12.3284 13 13 12.3284 13 11.5V11H11V13ZM4.5 5.5C4.5 5.77614 4.72386 6 5 6H8C8.27614 6 8.5 5.77614 8.5 5.5C8.5 5.22386 8.27614 5 8 5H5C4.72386 5 4.5 5.22386 4.5 5.5ZM5 7.5C4.72386 7.5 4.5 7.72386 4.5 8C4.5 8.27614 4.72386 8.5 5 8.5H8C8.27614 8.5 8.5 8.27614 8.5 8C8.5 7.72386 8.27614 7.5 8 7.5H5ZM4.5 10.5C4.5 10.7761 4.72386 11 5 11H6.5C6.77614 11 7 10.7761 7 10.5C7 10.2239 6.77614 10 6.5 10H5C4.72386 10 4.5 10.2239 4.5 10.5Z"  fill="#0078D4"  />
+</svg>
\ No newline at end of file
diff --git a/windows/security/includes/sections/application.md b/windows/security/includes/sections/application.md
new file mode 100644
index 0000000000..34f9e6a785
--- /dev/null
+++ b/windows/security/includes/sections/application.md
@@ -0,0 +1,28 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Application and driver control
+
+| Feature name | Description |
+|:---|:---|
+| **[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Smart App Control prevents users from running malicious applications on Windows devices by blocking untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections, by adding another layer of security that is woven directly into the core of the OS at the process level. Using AI, our new Smart App Control only allows processes to run that are predicted to be safe based on existing and new intelligence processed daily. Smart App Control builds on top of the same cloud-based AI used in Windows Defender Application Control (WDAC) to predict the safety of an application, so people can be confident they're using safe and reliable applications on their new Windows 11 devices, or Windows 11 devices that have been reset. |
+| **[AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)** |  |
+| **[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)** | Your organization is only as secure as the applications that run on your devices. With application control, apps must earn trust to run, in contrast to an application trust model where all code is assumed trustworthy. By helping prevent unwanted or malicious code from running, application control is an important part of an effective security strategy. Many organizations cite application control as one of the most effective means for addressing the threat of executable file-based malware.<br><br>Windows 10 and above include Windows Defender Application Control (WDAC) and AppLocker. WDAC is the next generation app control solution for Windows and provides powerful control over what runs in your environment. Customers who were using AppLocker on previous versions of Windows can continue to use the feature as they consider whether to switch to WDAC for the stronger protection. |
+| **[User Account Control (UAC)](/windows/security/application-security/application-control/user-account-control/)** | User Account Control (UAC) helps prevent malware from damaging a device. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevents inadvertent changes to system settings. Enabling UAC helps to prevent malware from altering device settings and potentially gaining access to networks and sensitive data. UAC can also block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings. |
+| **[Microsoft vulnerable driver blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)** | The Windows kernel is the most privileged software and is therefore a compelling target for malware authors. Since Windows has strict requirements for code running in the kernel, cybercriminals commonly exploit vulnerabilities in kernel drivers to get access. Microsoft works with the ecosystem partners to constantly identify and respond to potentially vulnerable kernel drivers.<br><br>Prior to Windows 11, version 22H2, the operating system enforced a block policy when HVCI is enabled to prevent vulnerable versions of drivers from running. Starting in Windows 11, version 22H2, the block policy is enabled by default for all new Windows devices, and users can opt-in to enforce the policy from the Windows Security app. |
+
+## Application isolation
+
+| Feature name | Description |
+|:---|:---|
+| **[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)** | Standalone mode allows Windows users to use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, user must manually start Microsoft Edge in Application Guard from Edge menu for browsing untrusted sites. |
+| **[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard)** | Microsoft Defender Application Guard protects users' desktop while they browse the Internet using Microsoft Edge browser. Application Guard in enterprise mode automatically redirects untrusted website navigation in an anonymous and isolated Hyper-V based container, which is separate from the host operating system. With Enterprise mode, you can define your corporate boundaries by explicitly adding trusted domains and can customizing the Application Guard experience to meet and enforce your organization needs on Windows devices. |
+| **Microsoft Defender Application Guard (MDAG) public APIs** | Enable applications using them to be isolated Hyper-V based container, which is separate from the host operating system. |
+| **[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)** | Application Guard protects Office files including Word, PowerPoint, and Excel. Application icons have a small shield if Application Guard has been enabled and they are under protection. |
+| **[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)** | The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. |
+| **[App containers](/virtualization/windowscontainers/about/)** | Universal Windows Platform (UWP) applications run in Windows containers known as app containers. Processes that run in app containers operate with low integrity level, meaning they have limited access to resources they don't own. Because the default integrity level of most resources is medium integrity level, the UWP app can access only a subset of the filesystem, registry, and other resources. The app container also enforces restrictions on network connectivity; for example, access to a local host isn't allowed. As a result, malware or infected apps have limited footprint for escape. |
+| **[Windows Sandbox](/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview)** | Windows Sandbox provides a lightweight desktop environment to safely run untrusted Win32 applications in isolation, using the same hardware-based Hyper-V virtualization technology to isolate apps without fear of lasting impact to your PC. |
diff --git a/windows/security/includes/sections/cloud-services.md b/windows/security/includes/sections/cloud-services.md
new file mode 100644
index 0000000000..07fc5b88b5
--- /dev/null
+++ b/windows/security/includes/sections/cloud-services.md
@@ -0,0 +1,18 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Protect your work information
+
+| Feature name | Description |
+|:---|:---|
+| **[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)** | Microsoft Azure Active Directory is a comprehensive cloud-based identity management solution that helps enable secure access to applications, networks, and other resources and guard against threats. |
+| **[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)** | Windows 11 supports modern device management so that IT pros can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With MDM solutions, IT can manage Windows 11 using industry-standard protocols. To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate MDM client. <br><br>Windows 11 can be configured with Microsoft's MDM security baseline backed by ADMX policies, which functions like the Microsoft GP-based security baseline. The security baseline enables IT administrators to easily address security concerns and compliance needs for modern cloud-managed devices. |
+| **[Remote wipe](/windows/client-management/mdm/remotewipe-csp)** | When a device is lost or stolen, IT administrators may want to remotely wipe data stored on the device. A helpdesk agent may also want to reset devices to fix issues encountered by remote workers. <br><br>With the Remote Wipe configuration service provider (CSP), an MDM solution can remotely initiate any of the following operations on a Windows device: reset the device and remove user accounts and data, reset the device and clean the drive, reset the device but persist user accounts and data. |
+| **[Modern device management through (MDM)](/windows/client-management/mdm-overview)** | Windows 11 supports modern device management through mobile device management (MDM) protocols.<br><br>IT pros can manage company security policies and business applications without compromising user privacy on corporate or employee-owned devices. With MDM solutions, IT can manage Windows 11 using industry-standard protocols.<br><br>To simplify setup for users, management features are built directly into Windows, eliminating the need for a separate MDM client.  |
+| **[Universal Print](/universal-print/)** | Unlike traditional print solutions that rely on Windows print servers, Universal Print is a Microsoft hosted cloud subscription service that supports a zero-trust security model by enabling network isolation of printers, including the Universal Print connector software, from the rest of the organization's resources. |
+| **[Windows Autopatch](/windows/deployment/windows-autopatch/)** | With the Autopatch service, IT teams can delegate management of updates to Windows 10/11, Microsoft Edge, and Microsoft 365 apps to Microsoft. Under the hood, Autopatch takes over configuration of the policies and deployment service of Windows Update for Business. What the customer gets are endpoints that are up to date, thanks to dynamically generated rings for progressive deployment that will pause and/or roll back updates (where possible) when issues arise. <br><br>The goal is to provide peace of mind to IT pros, encourage rapid adoption of updates, and to reduce bandwidth required to deploy them successfully, thereby closing gaps in protection that may have been open to exploitation by malicious actors.  |
+| **[Windows Autopilot](/windows/deployment/windows-autopilot)** | Windows Autopilot simplifies the way devices get deployed, reset, and repurposed, with an experience that is zero touch for IT. |
diff --git a/windows/security/includes/sections/hardware.md b/windows/security/includes/sections/hardware.md
new file mode 100644
index 0000000000..11a4f97b60
--- /dev/null
+++ b/windows/security/includes/sections/hardware.md
@@ -0,0 +1,30 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Hardware root-of-trust
+
+| Feature name | Description |
+|:---|:---|
+| **[Windows Defender System Guard](/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows)** | In Secured-core PCs, Windows Defender System Guard Secure Launch protects bootup with a technology known as the Dynamic Root of Trust for Measurement (DRTM). With DRTM, the system initially follows the normal UEFI Secure Boot process. However, before launching, the system enters a hardware-controlled trusted state that forces the CPU(s) down a hardware-secured code path. If a malware rootkit/bootkit has bypassed UEFI Secure Boot and resides in memory, DRTM will prevent it from accessing secrets and critical code protected by the virtualization-based security environment. Firmware Attack Surface Reduction technology can be used instead of DRTM on supporting devices such as Microsoft Surface. |
+| **[Trusted Platform Module (TPM)](/windows/security/hardware-security/tpm/trusted-platform-module-overview)** | TPMs provide security and privacy benefits for system hardware, platform owners, and users. Windows Hello, BitLocker, Windows Defender System Guard, and other Windows features rely on the TPM for capabilities such as key generation, secure storage, encryption, boot integrity measurements, and attestation. The 2.0 version of the specification includes support for newer algorithms, which can improve driver signing and key generation performance.<br><br>Starting with Windows 10, Microsoft's hardware certification requires all new Windows PCs to include TPM 2.0 built in and enabled by default. With Windows 11, both new and upgraded devices must have TPM 2.0. |
+| **[Microsoft Pluton](/windows/security/hardware-security/pluton/microsoft-pluton-security-processor)** | Microsoft Pluton security processors are designed by Microsoft in partnership with silicon partners. Pluton enhances the protection of Windows devices with a hardware root-of-trust that provides additional protection for cryptographic keys and other secrets. Pluton is designed to reduce the attack surface as it integrates the security chip directly into the processor. It can be used with a discreet TPM 2.0, or as a standalone security processor. When root of trust is located on a separate, discrete chip on the motherboard, the communication path between the root-of-trust and the CPU can be vulnerable to physical attack. Pluton supports the TPM 2.0 industry standard, allowing customers to immediately benefit from the enhanced security in Windows features that rely on TPMs including BitLocker, Windows Hello, and Windows Defender System Guard.<br><br>In addition to providing root-of trust, Pluton also supports other security functionality beyond what is possible with the TPM 2.0 specification, and this extensibility allows for additional Pluton firmware and OS features to be delivered over time via Windows Update. Pluton-enabled Windows 11 devices are available and the selection of options with Pluton is growing. |
+
+## Silicon assisted security
+
+| Feature name | Description |
+|:---|:---|
+| **[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)** | In addition to a modern hardware root-of-trust, there are numerous other capabilities in the latest chips that harden the operating system against threats, such as by protecting the boot process, safeguarding the integrity of memory, isolating security sensitive compute logic, and more. Two examples include Virtualization-based security (VBS) and Hypervisor-protected code integrity (HVCI). Virtualization-based security (VBS), also known as core isolation, is a critical building block in a secure system. VBS uses hardware virtualization features to host a secure kernel separated from the operating system. This means that even if the operating system is compromised, the secure kernel remains protected.<br><br>Starting with Windows 10, all new devices are required to ship with firmware support for VBS and HCVI enabled by default in the BIOS. Customers can then enable the OS support in Windows.<br>With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites. |
+| **[Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)** | Hypervisor-protected code integrity (HVCI), also called memory integrity, uses VBS to run Kernel Mode Code Integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel. This helps to prevent attacks that attempt to modify kernel mode code, such as drivers. The KMCI role is to check that all kernel code is properly signed and hasn't been tampered with before it is allowed to run. HVCI helps to ensure that only validated code can be executed in kernel-mode.<br><br>Starting with Windows 10, all new devices are required to ship with firmware support for VBS and HCVI enabled by default in the BIOS. Customers can then enable the OS support in Windows.<br>With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites. |
+| **[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)** | Hardware-enforced stack protection integrates software and hardware for a modern defense against cyberthreats such as memory corruption and zero-day exploits. Based on Control-flow Enforcement Technology (CET) from Intel and AMD Shadow Stacks, hardware-enforced stack protection is designed to protect against exploit techniques that try to hijack return addresses on the stack. |
+| **[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)** | Kernel DMA Protection protects against external peripherals from gaining unauthorized access to memory. Physical threats such as drive-by Direct Memory Access (DMA) attacks typically happen quickly while the system owner isn't present. PCIe hot plug devices such as Thunderbolt, USB4, and CFexpress allow users to attach new classes of external peripherals, including graphics cards or other PCI devices, to their PCs with the plug-and-play ease of USB. Because PCI hot plug ports are external and easily accessible, devices are susceptible to drive-by DMA attacks. |
+
+## Secured-core PC
+
+| Feature name | Description |
+|:---|:---|
+| **[Secured-core PC firmware protection](/windows-hardware/design/device-experiences/oem-highly-secure-11)** | Microsoft has worked with OEM partners to offer a special category of devices called Secured-core PCs. The devices ship with additional security measures enabled at the firmware layer, or device core, that underpins Windows. Secured-core PCs help prevent malware attacks and minimize firmware vulnerabilities by launching into a clean and trusted state at startup with a hardware-enforced root of trust. Virtualization-based security comes enabled by default. And with built-in hypervisor protected code integrity (HVCI) shielding system memory, Secured-core PCs ensure that all executables are signed by known and approved authorities only. Secured-core PCs also protect against physical threats such as drive-by Direct Memory Access (DMA) attacks. |
+| **[Secured-core configuration lock](/windows/client-management/config-lock)** | Secured-core configuration lock is a Secured-core PC (SCPC) feature that prevents users from making unwanted changes to security settings. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired SCPC state in seconds.  |
diff --git a/windows/security/includes/sections/identity.md b/windows/security/includes/sections/identity.md
new file mode 100644
index 0000000000..191dfb47cb
--- /dev/null
+++ b/windows/security/includes/sections/identity.md
@@ -0,0 +1,28 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Passwordless sign in
+
+| Feature name | Description |
+|:---|:---|
+| **[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)** | Windows 11 devices can protect user identities by removing the need to use passwords from day one. It's easy to get started with the method that's right for your organization. A password may only need to be used once during the provisioning process, after which people use a PIN, face, or fingerprint to unlock credentials and sign into the device.<br><br>Windows Hello for Business replaces the username and password by combining a security key or certificate with a PIN or biometrics data, and then mapping the credentials to a user account during setup. There are multiple ways to deploy Windows Hello for Business, depending on your organization's needs. Organizations that rely on certificates typically use on-premises public key infrastructure (PKI) to support authentication through Certificate Trust. Organizations using key trust deployment require root-of-trust provided by certificates on domain controllers. |
+| **[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)** | Windows presence sensing provides another layer of data security protection for hybrid workers. Windows 11 devices can intelligently adapt to your presence to help you stay secure and productive, whether you're working at home, the office, or a public environment. Windows presence sensing combines presence detection sensors with Windows Hello facial recognition to automatically lock your device when you leave, and then unlock your device and sign you in using Windows Hello facial recognition when you return. Requires OEM supporting hardware. |
+| **[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)** | Windows Hello biometrics also supports enhanced sign-in security, which uses specialized hardware and software components to raise the security bar even higher for biometric sign in. <br><br>Enhanced sign-in security biometrics uses VBS and the TPM to isolate user authentication processes and data and secure the pathway by which the information is communicated. These specialized components protect against a class of attacks that include biometric sample injection, replay, tampering, and more. <br><br>For example, fingerprint readers must implement Secure Device Connection Protocol, which uses key negotiation and a Microsoft-issued certificate to protect and securely store user authentication data. For facial recognition, components such as the Secure Devices (SDEV) table and process isolation with trustlets help prevent additional class of attacks. |
+| **[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)** | Fast Identity Online (FIDO) defined CTAP and WebAuthN specifications are becoming the open standard for providing strong authentication that is non-phishable, user-friendly, and privacy-respecting with implementations from major platform providers and relying parties. FIDO standards and certifications are becoming recognized as the leading standard for creating secure authentication solutions across enterprises, governments, and consumer markets. <br><br>Windows 11 can use external FIDO2 security keys for authentication alongside or in addition to Windows Hello which is also a FIDO2 certified passwordless solution. Windows 11 can be used as a FIDO authenticator for many popular identity management services. |
+| **[Federated sign-in](/education/windows/federated-sign-in)** | Windows 11 Education editions support federated sign-in with third-party identity providers. Federated sign-in enables secure sign in through methods like QR codes or pictures. |
+| **[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)** | Organizations also have the option of using smart cards, an authentication method that pre-dates biometric sign in. Smart cards are tamper-resistant, portable storage devices that can enhance Windows security when authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Smart cards can only be used to sign into domain accounts, not local accounts. When a password is used to sign into a domain account, Windows uses the Kerberos version 5 (v5) protocol for authentication. If you use a smart card, the operating system uses Kerberos v5 authentication with X.509 v3 certificates. |
+
+## Advanced credential protection
+
+| Feature name | Description |
+|:---|:---|
+| **[Windows LAPS](/windows-server/identity/laps/laps-overview)** | Windows Local Administrator Password Solution (Windows LAPS) is a Windows feature that automatically manages and backs up the password of a local administrator account on your Azure Active Directory-joined or Windows Server Active Directory-joined devices. You also can use Windows LAPS to automatically manage and back up the Directory Services Restore Mode (DSRM) account password on your Windows Server Active Directory domain controllers. An authorized administrator can retrieve the DSRM password and use it. |
+| **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | Account Lockout Policy settings control the response threshold for failed logon attempts and the actions to be taken after the threshold is reached. |
+| **[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)** | Users who are still using passwords can benefit from powerful credential protection. Microsoft Defender SmartScreen includes enhanced phishing protection to automatically detect when a user enters their Microsoft password into any app or website. Windows then identifies if the app or site is securely authenticating to Microsoft and warns if the credentials are at risk. Since users are alerted at the moment of potential credential theft, they can take preemptive action before their password is used against them or their organization. |
+| **[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.<br><br>Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. |
+| **[Credential Guard](/windows/security/identity-protection/credential-guard)** | Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. <br><br>By protecting the LSA process with Virtualization-based security, Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. |
+| **[Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)** | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that is requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. <br><br>Administrator credentials are highly privileged and must be protected. When you use Remote Credential Guard to connect during Remote Desktop sessions, your credential and credential derivatives are never passed over the network to the target device. If the target device is compromised, your credentials aren't exposed. |
diff --git a/windows/security/includes/sections/operating-system-security.md b/windows/security/includes/sections/operating-system-security.md
new file mode 100644
index 0000000000..3a748fac25
--- /dev/null
+++ b/windows/security/includes/sections/operating-system-security.md
@@ -0,0 +1,53 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## System security
+
+| Feature name | Description |
+|:---|:---|
+| **[Secure Boot and Trusted Boot](/windows/security/trusted-boot)** | Secure Boot and Trusted Boot help to prevent malware and corrupted components from loading when a device starts. <br><br>Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure the system boots up safely and securely. |
+| **[Measured boot](/windows/compatibility/measured-boot)** | Measured Boot measures all important code and configuration settings during the boot of Windows. This includes: the firmware, boot manager, hypervisor, kernel, secure kernel and operating system. Measured Boot stores the measurements in the TPM on the machine, and makes them available in a log that can be tested remotely to verify the boot state of the client.<br><br>The Measured Boot feature provides antimalware software with a trusted (resistant to spoofing and tampering) log of all boot components that started before it. The antimalware software can use the log to determine whether components that ran before it are trustworthy, or if they are infected with malware. The antimalware software on the local machine can send the log to a remote server for evaluation. The remote server may initiate remediation actions, either by interacting with software on the client, or through out-of-band mechanisms, as appropriate. |
+| **[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)** | The Windows device health attestation process supports a zero-trust paradigm that shifts the focus from static, network-based perimeters, to users, assets, and resources. The attestation process confirms the device, firmware, and boot process are in a good state and have not been tampered with before they can access corporate resources. The determinations are made with data stored in the TPM, which provides a secure root of trust. The information is sent to an attestation service, such as Azure Attestation, to verify the device is in a trusted state. Then, an MDM tool like Microsoft Intune reviews device health and connects this information with Azure Active Directory for conditional access. |
+| **[Windows security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)** | Microsoft provides a robust set of security settings policies that IT administrators can use to protect Windows devices and other resources in their organization. |
+
+## Virus and threat protection
+
+| Feature name | Description |
+|:---|:---|
+| **[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)** | Microsoft Defender Antivirus is a protection solution included in all versions of Windows. From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help keep your device safe and protect it from threats. Microsoft Defender Antivirus includes real-time, behavior-based, and heuristic antivirus protection.<br><br>The combination of always-on content scanning, file and process behavior monitoring, and other heuristics effectively prevents security threats. Microsoft Defender Antivirus continually scans for malware and threats and also detects and blocks potentially unwanted applications (PUA) which are applications that are deemed to negatively impact your device but are not considered malware. |
+| **[Local Security Authority (LSA) Protection](/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)** | Windows has several critical processes to verify a user's identity. Verification processes include Local Security Authority (LSA), which is responsible for authenticating users and verifying Windows logins. LSA handles tokens and credentials such as passwords that are used for single sign-on to a Microsoft account and Azure services. To help protect these credentials, additional LSA protection only allows loading of trusted, signed code and provides significant protection against Credential theft.<br><br>LSA protection is enabled by default on new, enterprise joined Windows 11 devices with added support for non-UEFI lock and policy management controls via MDM and group policy. |
+| **[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)** | Attack surface reduction (ASR) rules help to prevent software behaviors that are often abused to compromise your device or network. By reducing the number of attack surfaces, you can reduce the overall vulnerability of your organization.<br><br>Administrators can configure specific ASR rules to help block certain behaviors, such as launching executable files and scripts that attempt to download or run files, running obfuscated or otherwise suspicious scripts, performing behaviors that apps don't usually initiate during normal day-to-day work. |
+| **[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)** | Tamper protection is a capability in Microsoft Defender for Endpoint that helps protect certain security settings, such as virus and threat protection, from being disabled or changed. During some kinds of cyber attacks, bad actors try to disable security features on devices. Disabling security features provides bad actors with easier access to your data, the ability to install malware, and the ability to exploit your data, identity, and devices. Tamper protection helps guard against these types of activities. |
+| **[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)** | You can protect your valuable information in specific folders by managing app access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Commonly used folders, such as those used for documents, pictures, downloads, are typically included in the list of controlled folders. Controlled folder access works with a list of trusted apps. Apps that are included in the list of trusted software work as expected. Apps that are not included in the trusted list are prevented from making any changes to files inside protected folders. <br><br>Controlled folder access helps to protect user's valuable data from malicious apps and threats, such as ransomware.  |
+| **[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)** | Exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. You can enable exploit protection on an individual device, and then use MDM or group policy to distribute the configuration file to multiple devices. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors. |
+| **[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)** | Microsoft Defender SmartScreen protects against phishing, malware websites and applications, and the downloading of potentially malicious files. For enhanced phishing protection, SmartScreen also alerts people when they are entering their credentials into a potentially risky location. IT can customize which notifications appear via MDM or group policy. The protection runs in audit mode by default, giving IT admins full control to make decisions around policy creation and enforcement. |
+| **[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)** | Microsoft Defender for Endpoint is an enterprise endpoint detection and response solution that helps security teams to detect, investigate, and respond to advanced threats. Organizations can use the rich event data and attack insights Defender for Endpoint provides to investigate incidents. Defender for Endpoint brings together the following elements to provide a more complete picture of security incidents: endpoint behavioral sensors, cloud security analytics, threat intelligence and rich response capabilities. |
+
+## Network security
+
+| Feature name | Description |
+|:---|:---|
+| **[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)** | Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a network. TLS 1.3 is the latest version of the protocol and is enabled by default in Windows 11. This version eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the TLS handshake as possible. The handshake is more performant with one fewer round trip per connection on average, and supports only five strong cipher suites which provide perfect forward secrecy and less operational risk. |
+| **Bluetooth pairing and connection protection** | The number of Bluetooth devices connected to Windows continues to increase. Windows supports all standard Bluetooth pairing protocols, including classic and LE Secure connections, secure simple pairing, and classic and LE legacy pairing. Windows also implements host based LE privacy. Windows updates help users stay current with OS and driver security features in accordance with the Bluetooth Special Interest Group (SIG), Standard Vulnerability Reports, as well as issues beyond those required by the Bluetooth core industry standards. Microsoft strongly recommends that users ensure their firmware and/ or software of their Bluetooth accessories are kept up to date. |
+| **[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)** | Wi-Fi Protected Access (WPA) is a security certification programs designed to secure wireless networks. WPA3 is the latest version of the certification and provides a more secure and reliable connection method as compared to WPA2 and older security protocols. Windows supports three WPA3 modes: WPA3 personal with the Hash-to-Element (H2E) protocol, WPA3 Enterprise, and WPA3 Enterprise 192-bit Suite B.<br><br>Windows 11 also supports WFA defined WPA3 Enterprise that includes enhanced Server Cert validation and TLS 1.3 for authentication using EAP-TLS Authentication. |
+| **Opportunistic Wireless Encryption (OWE)** | Opportunistic Wireless Encryption (OWE) is a technology that allows wireless devices to establish encrypted connections to public Wi-Fi hotspots.  |
+| **[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)** | Windows Firewall with Advanced Securityprovides host-based, two-way network traffic filtering, blocking unauthorized traffic flowing into or out of the local device based on the types of networks to which the device is connected. Windows Firewall reduces the attack surface of a device with rules to restrict or allow traffic by many properties such as IP addresses, ports, or program paths. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.<br><br>With its integration with Internet Protocol Security (IPsec), Windows Firewall provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data. Windows Firewall is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API). |
+| **[Virtual private network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)** | The Windows VPN client platform includes built in VPN protocols, configuration support, a common VPN user interface, and programming support for custom VPN protocols. VPN apps are available in the Microsoft Store for both enterprise and consumer VPNs, including apps for the most popular enterprise VPN gateways.<br><br>In Windows 11, the most commonly used VPN controls are integrated right into the Quick Actions pane. From the Quick Actions pane, users can see the status of their VPN, start and stop the VPN tunnels, and access the Settings app for more controls.  |
+| **[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)** | With Always On VPN, you can create a dedicated VPN profile for the device. Unlike User Tunnel, which only connects after a user logs on to the device, Device Tunnel allows the VPN to establish connectivity before a user sign-in. Both Device Tunnel and User Tunnel operate independently with their VPN profiles, can be connected at the same time, and can use different authentication methods and other VPN configuration settings as appropriate. |
+| **[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)** | DirectAccess allows connectivity for remote users to organization network resources without the need for traditional Virtual Private Network (VPN) connections.<br><br>With DirectAccess connections, remote devices are always connected to the organization and there's no need for remote users to start and stop connections. |
+| **[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)** | SMB Encryption provides end-to-end encryption of SMB data and protects data from eavesdropping occurrences on internal networks. In Windows 11, the SMB protocol has significant security updates, including AES-256 bits encryption, accelerated SMB signing, Remote Directory Memory Access (RDMA) network encryption, and SMB over QUIC for untrusted networks. Windows 11 introduces AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 encryption. Windows administrators can mandate the use of more advanced security or continue to use the more compatible, and still-safe, AES-128 encryption. |
+| **[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)** | SMB Direct (SMB over remote direct memory access) is a storage protocol that enables direct memory-to-memory data transfers between device and storage, with minimal CPU usage, while using standard RDMA-capable network adapters.<br><br>SMB Direct supports encryption, and now you can operate with the same safety as traditional TCP and the performance of RDMA. Previously, enabling SMB encryption disabled direct data placement, making RDMA as slow as TCP. Now data is encrypted before placement, leading to relatively minor performance degradation while adding AES-128 and AES-256 protected packet privacy. |
+
+## Encryption and data protection
+
+| Feature name | Description |
+|:---|:---|
+| **[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)** | The BitLocker CSP allows an MDM solution, like Microsoft Intune, to manage the BitLocker encryption features on Windows devices. This includes OS volumes, fixed drives and removeable storage, and recovery key management into Azure AD.  |
+| **[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)** | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker uses AES algorithm in XTS or CBC mode of operation with 128-bit or 256-bit key length to encrypt data on the volume. Cloud storage on Microsoft OneDrive or Azure can be used to save recovery key content. BitLocker can be managed by any MDM solution such as Microsoft Intune, using a configuration service provider (CSP).<br><br>BitLocker provides encryption for the OS, fixed data, and removable data drives leveraging technologies like hardware security test interface (HSTI), Modern Standby, UEFI Secure Boot and TPM. |
+| **[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)** | Encrypted hard drives are a class of hard drives that are self-encrypted at the hardware level and allow for full disk hardware encryption while being transparent to the device user. These drives combine the security and management benefits provided by BitLocker Drive Encryption with the power of self-encrypting drives.<br><br>By offloading the cryptographic operations to hardware, encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because encrypted hard drives encrypt data quickly, BitLocker deployment can be expanded across enterprise devices with little to no impact on productivity. |
+| **[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)** | Personal data encryption (PDE) works with BitLocker and Windows Hello for Business to further protect user documents and other files, including when the device is turned on and locked. Files are encrypted automatically and seamlessly to give users more security without interrupting their workflow. <br><br>Windows Hello for Business is used to protect the container which houses the encryption keys used by PDE. When the user signs in, the container gets authenticated to release the keys in the container to decrypt user content.  |
+| **[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)** | Email encryption enables users to encrypt outgoing email messages and attachments, so only intended recipients with a digital ID (certificate) can read them. Users can digitally sign a message, which verifies the identity of the sender and confirms the message has not been tampered with. The encrypted messages can be sent by a user to other users within their organization or external contacts if they have proper encryption certificates. |
diff --git a/windows/security/includes/sections/security-foundations.md b/windows/security/includes/sections/security-foundations.md
new file mode 100644
index 0000000000..61eb75d6e8
--- /dev/null
+++ b/windows/security/includes/sections/security-foundations.md
@@ -0,0 +1,29 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/02/2023
+ms.topic: include
+---
+
+## Offensive research
+
+| Feature name | Description |
+|:---|:---|
+| **[Microsoft Security Development Lifecycle (SDL)](/windows/security/security-foundations/msft-security-dev-lifecycle)** | The Microsoft Security Development Lifecycle (SDL) introduces security best practices, tools, and processes throughout all phases of engineering and development. |
+| **[OneFuzz service](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)** | A range of tools and techniques - such as threat modeling, static analysis, fuzz testing, and code quality checks - enable continued security value to be embedded into Windows by every engineer on the team from day one. Through the SDL practices, Microsoft engineers are continuously provided with actionable and up-to-date methods to improve development workflows and overall product security before the code has been released.  |
+| **[Microsoft Windows Insider Preview bounty program](https://www.microsoft.com/msrc/bounty-windows-insider-preview)** | As part of our secure development process, the Microsoft Windows Insider Preview bounty program invites eligible researchers across the globe to find and submit vulnerabilities that reproduce in the latest Windows Insider Preview (WIP) Dev Channel. The goal of the Windows Insider Preview bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of customers using the latest version of Windows.<br><br>Through this collaboration with researchers across the globe, our teams identify critical vulnerabilities that were not previously found during development and quickly fix the issues before releasing the final Windows.  |
+
+## Certification
+
+| Feature name | Description |
+|:---|:---|
+| **[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)** | Common Criteria (CC) is an international standard currently maintained by national governments who participate in the Common Criteria Recognition Arrangement. CC defines a common taxonomy for security functional requirements, security assurance requirements, and an evaluation methodology used to ensure products undergoing evaluation satisfy the functional and assurance requirements. Microsoft ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles and completes Common Criteria certifications of Microsoft Windows products. |
+| **[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)** | The Federal Information Processing Standard (FIPS) Publication 140 is a U.S. government standard that defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140 standard, having validated cryptographic modules against FIPS 140-2 since it was first established in 2001. Multiple Microsoft products, including Windows 11, Windows 10, Windows Server, and many cloud services, use these cryptographic modules. |
+
+## Secure supply chain
+
+| Feature name | Description |
+|:---|:---|
+| **Software Bill of Materials (SBOM)** | SBOMs are leveraged to provide the transparency and provenance of the content as it moves through various stages of the Windows supply chain. This enables trust between each supply chain segment, ensures that tampering has not taken place during ingestion and along the way, and provides a provable chain of custody for the product that we ship to customers. |
+| **[Azure Code Signing](/windows/security/application-security/application-control/windows-defender-application-control/deployment/use-code-signing-for-better-control-and-protection)** | Windows Defender Application Control (WDAC) enables customers to define policies for controlling what is allowed to run on their devices. WDAC policies can be remotely applied to devices using an MDM solution like Microsoft Intune. <br><br>To simplify WDAC enablement, organizations can take advantage of Azure Code Signing, a secure and fully managed service for signing WDAC policies and apps. <br><br>Azure Code Signing minimizes the complexity of code signing with a turnkey service backed by a Microsoft managed certificate authority, eliminating the need to procure and self-manage any signing certificates. The service is managed just as any other Azure resource and integrates easily with the leading development and CI/CD toolsets.  |
+| **[Windows application software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)** | Developers have an opportunity to design highly secure applications that benefit from the latest Windows safeguards. The Windows App SDK provides a unified set of APIs and tools for developing secure desktop apps for Windows. To help create apps that are up-to-date and protected, the SDK follows the same security standards, protocols, and compliance as the core Windows operating system. |
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 535f5f269a..963c96d66e 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -1,12 +1,11 @@
-### YamlMime:Landing
+### YamlMime:Hub
 
-title: Windows security
-summary: Built with Zero Trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.
+title: Windows client security documentation
+summary: Learn how to secure Windows clients for your organization.
+brand: windows
 
 metadata:
-  title: Windows security
-  description: Learn about Windows security technologies and how to use them to protect your data and devices.
-  ms.topic: landing-page
+  ms.topic: hub-page
   ms.prod: windows-client
   ms.technology: itpro-security
   ms.collection:
@@ -14,158 +13,157 @@ metadata:
     - tier1
   author: paolomatarazzo
   ms.author: paoloma
-  ms.date: 12/19/2022
+  manager: aaroncz
+  ms.date: 08/11/2023
 
-# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+highlightedContent:
+  items:
+  - title: Get started with Windows security
+    itemType: get-started
+    url: introduction.md
+  - title: Windows 11, version 22H2
+    itemType: whats-new
+    url: /windows/whats-new/whats-new-windows-11-version-22H2
+  - title: Advance your security posture with Microsoft Intune from chip to cloud
+    itemType: learn
+    url: https://learn.microsoft.com/training/modules/m365-advance-organization-security-posture/
+  - title: Security features licensing and edition requirements
+    itemType: overview
+    url: /windows/security/licensing-and-edition-requirements
 
-landingContent:
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Zero Trust and Windows
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: zero-trust-windows-device-health.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Hardware security
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: hardware.md
-      - linkListType: concept
-        links:
-        - text: Trusted Platform Module
-          url: information-protection/tpm/trusted-platform-module-top-node.md
-        - text: Windows Defender System Guard firmware protection
-          url: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
-        - text: System Guard Secure Launch and SMM protection enablement
-          url: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
-        - text: Virtualization-based protection of code integrity
-          url: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-        - text: Kernel DMA Protection
-          url: information-protection/kernel-dma-protection-for-thunderbolt.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Operating system security
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: operating-system.md
-      - linkListType: concept
-        links:
-        - text: System security
-          url: trusted-boot.md
-        - text: Encryption and data protection
-          url: encryption-data-protection.md
-        - text: Windows security baselines
-          url: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-        - text: Virtual private network guide
-          url: identity-protection/vpn/vpn-guide.md
-        - text: Windows Defender Firewall
-          url: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-        - text: Virus & threat protection
-          url: threat-protection/index.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Application security
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: apps.md
-      - linkListType: concept
-        links:
-        - text: Application Control and virtualization-based protection
-          url: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-        - text: Application Control
-          url: threat-protection/windows-defender-application-control/windows-defender-application-control.md
-        - text: Application Guard
-          url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
-        - text: Windows Sandbox
-          url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md
-        - text: Microsoft Defender SmartScreen
-          url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-        - text: S/MIME for Windows
-          url: identity-protection/configure-s-mime.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: User security and secured identity
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: identity.md
-      - linkListType: concept
-        links:
-        - text: Windows Hello for Business
-          url: identity-protection/hello-for-business/hello-overview.md
-        - text: Windows Credential Theft Mitigation
-          url: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
-        - text: Protect domain credentials
-          url: identity-protection/credential-guard/credential-guard.md
-        - text: Windows Defender Credential Guard
-          url: identity-protection/credential-guard/credential-guard.md
-        - text: Lost or forgotten passwords
-          url: identity-protection/password-support-policy.md
-        - text: Access control
-          url: identity-protection/access-control/access-control.md
-        - text: Smart cards
-          url: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Cloud services
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: cloud.md
-      - linkListType: concept
-        links:
-        - text: Mobile device management
-          url: /windows/client-management/mdm/
-        - text: Azure Active Directory
-          url: https://www.microsoft.com/security/business/identity-access-management/azure-active-directory
-        - text: Your Microsoft Account
-          url: identity-protection/access-control/microsoft-accounts.md
-        - text: OneDrive
-          url: /onedrive/onedrive
-        - text: Family safety
-          url: threat-protection/windows-defender-security-center/wdsc-family-options.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Security foundations
-    linkLists:
-      - linkListType: overview
-        links:
-        - text: Overview
-          url: security-foundations.md
-      - linkListType: reference
-        links:
-          - text: Microsoft Security Development Lifecycle
-            url: threat-protection/msft-security-dev-lifecycle.md
-          - text: Microsoft Bug Bounty
-            url: /microsoft-365/security/intelligence/microsoft-bug-bounty-program
-          - text: Common Criteria Certifications
-            url: threat-protection/windows-platform-common-criteria.md
-          - text: Federal Information Processing Standard (FIPS) 140 Validation
-            url: threat-protection/fips-140-validation.md
-# Cards and links should be based on top customer tasks or top subjects
-# Start card title with a verb
-  # Card (optional)
-  - title: Privacy controls
-    linkLists:
-      - linkListType: reference
-        links:
-        - text: Windows and Privacy Compliance
-          url: /windows/privacy/windows-10-and-privacy-compliance
+
+productDirectory:
+  title: Get started
+  items:
+
+    - title: Hardware security
+      imageSrc: /media/common/i_usb.svg
+      links:
+        - url: /windows/security/hardware-security/tpm/trusted-platform-module-overview
+          text: Trusted Platform Module
+        - url: /windows/security/hardware-security/pluton/microsoft-pluton-security-processor
+          text: Microsoft Pluton
+        - url: /windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows
+          text: Windows Defender System Guard
+        - url: /windows-hardware/design/device-experiences/oem-vbs
+          text: Virtualization-based security (VBS)
+        - url: /windows-hardware/design/device-experiences/oem-highly-secure-11
+          text: Secured-core PC
+        - url: /windows/security/hardware-security
+          text: Learn more about hardware security >
+
+    - title: OS security
+      imageSrc: /media/common/i_threat-protection.svg
+      links:
+        - url: /windows/security/operating-system-security
+          text: Trusted boot
+        - url: /windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center
+          text: Windows security settings
+        - url: 	/windows/security/operating-system-security/data-protection/bitlocker/
+          text: BitLocker
+        - url: /windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
+          text: Windows security baselines
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/
+          text: MMicrosoft Defender SmartScreen
+        - url: /windows/security/operating-system-security
+          text: Learn more about OS security >
+
+    - title: Identity protection
+      imageSrc: /media/common/i_identity-protection.svg
+      links:
+        - url: /windows/security/identity-protection/hello-for-business
+          text: Windows Hello for Business
+        - url: /windows/security/identity-protection/credential-guard
+          text: Credential Guard
+        - url: /windows-server/identity/laps/laps-overview
+          text: Windows LAPS (Local Administrator Password Solution)
+        - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
+          text: Enhanced phishing protection with SmartScreen
+        - url: /education/windows/federated-sign-in
+          text: Federated sign-in (EDU)
+        - url: /windows/security/identity-protection
+          text: Learn more about identity protection >
+
+    - title: Application security
+      imageSrc: /media/common/i_queries.svg
+      links:
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/
+          text: Windows Defender Application Control (WDAC)
+        - url: /windows/security/application-security/application-control/user-account-control
+          text: User Account Control (UAC)
+        - url: /windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules
+          text: Microsoft vulnerable driver blocklist
+        - url: /windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview
+          text: Microsoft Defender Application Guard (MDAG)
+        - url: /windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview
+          text: Windows Sandbox
+        - url: /windows/security/application-security
+          text: Learn more about application security >
+
+    - title: Security foundations
+      imageSrc: /media/common/i_build.svg
+      links:
+        - url: /windows/security/security-foundations/certification/fips-140-validation
+          text: FIPS 140-2 validation
+        - url: /windows/security/security-foundations/certification/windows-platform-common-criteria
+          text: Common Criteria Certifications
+        - url: /windows/security/security-foundations/msft-security-dev-lifecycle
+          text: Microsoft Security Development Lifecycle (SDL)
+        - url: https://www.microsoft.com/msrc/bounty-windows-insider-preview
+          text: Microsoft Windows Insider Preview bounty program
+        - url: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
+          text: OneFuzz service
+        - url: /windows/security/security-foundations
+          text: Learn more about security foundations >
+
+    - title: Cloud security
+      imageSrc: /media/common/i_cloud-security.svg
+      links:
+        - url: /mem/intune/protect/security-baselines
+          text: Security baselines with Intune
+        - url: /windows/deployment/windows-autopatch
+          text: Windows Autopatch
+        - url: /windows/deployment/windows-autopilot
+          text: Windows Autopilot
+        - url: /universal-print
+          text: Universal Print
+        - url: /windows/client-management/mdm/remotewipe-csp
+          text: Remote wipe
+        - url: /windows/security/cloud-security
+          text: Learn more about cloud security >
+
+additionalContent:
+  sections:
+    - title: More Windows resources
+      items:
+
+        - title: Windows Server
+          links:
+            - text: Windows Server documentation
+              url: /windows-server
+            - text: What's new in Windows Server 2022?
+              url: /windows-server/get-started/whats-new-in-windows-server-2022
+            - text: Windows Server blog
+              url: https://cloudblogs.microsoft.com/windowsserver/
+
+        - title: Windows product site and blogs
+          links:
+            - text: Find out how Windows enables your business to do more
+              url: https://www.microsoft.com/microsoft-365/windows
+            - text: Windows blogs
+              url: https://blogs.windows.com/
+            - text: Windows IT Pro blog
+              url: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog
+            - text: Microsoft Intune blog
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune-blog/bg-p/MicrosoftEndpointManagerBlog
+            - text: "Windows help & learning: end-user documentation"
+              url: https://support.microsoft.com/windows
+
+        - title: Participate in the community
+          links:
+            - text: Windows community
+              url: https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10
+            - text: Microsoft Intune community
+              url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+            - text: Microsoft Support community
+              url: https://answers.microsoft.com/windows/forum
\ No newline at end of file
diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml
deleted file mode 100644
index daa9cba013..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.yml
+++ /dev/null
@@ -1,80 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker and Active Directory Domain Services (AD DS) FAQ (Windows 10)
-  description: Learn more about how BitLocker and Active Directory Domain Services (AD DS) can work together to keep devices secure. 
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.collection:
-    - highpri
-    - tier1
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker and Active Directory Domain Services (AD DS) FAQ
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: |
-          What type of information is stored in AD DS?
-        answer: |
-          Stored information | Description
-          -------------------|------------
-          Hash of the TPM owner password | Beginning with Windows 10, the password hash isn't stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
-          BitLocker recovery password | The recovery password allows unlocking of and access to the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
-          BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, `Repair-bde`. 
-          
-      - question: |
-          What if BitLocker is enabled on a computer before the computer has joined the domain?
-        answer: |
-          If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information won't be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, the Group Policy settings **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** can be chosen to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in the organization is backed up to AD DS.
-          
-          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
-          
-          The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information. However, BitLocker doesn't automatically manage this process. The `manage-bde.exe` command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the `$env:SystemDrive` to AD DS, the following command script can be used from an elevated command prompt:
-          
-          ```powershell
-          $BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive
-          $RecoveryProtector = $BitLocker.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
-          
-          Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
-          BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
-          ```
-          
-          > [!IMPORTANT]
-          > Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
-           
-      - question: |
-          Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
-        answer: |
-          Yes, an event log entry that indicates the success or failure of an Active Directory backup is recorded on the client computer. However, even if an event log entry says "Success," the information could have been subsequently removed from AD DS, or BitLocker could have been reconfigured in such a way that the Active Directory information can no longer unlock the drive (such as by removing the recovery password key protector). In addition, it's also possible that the log entry could be spoofed.
-          
-          Ultimately, determining whether a legitimate backup exists in AD DS requires querying AD DS with domain administrator credentials by using the BitLocker password viewer tool.
-          
-      - question: |
-          If I change the BitLocker recovery password on my computer and store the new password in AD DS, will AD DS overwrite the old password?
-        answer: |
-          No. By design, BitLocker recovery password entries don't get deleted from AD DS. Therefore, multiple passwords might be seen for each drive. To identify the latest password, check the date on the object.
-
-      - question: |
-          What happens if the backup initially fails? Will BitLocker retry it?
-        answer: |
-          If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker doesn't try again to back up the recovery information to AD DS.
-          
-          When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, and **Choose how BitLocker-protected removable data drives can be recovered** policy settings, users can't enable BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker can't be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
-          
-          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
-          
-          When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker won't automatically retry the backup if it fails. Instead, administrators can create a backup script, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain-) to capture the information after connectivity is restored.
-          
-          
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
deleted file mode 100644
index dbea4c718a..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
+++ /dev/null
@@ -1,89 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker deployment and administration FAQ (Windows 10)
-  description: Browse frequently asked questions about BitLocker deployment and administration, such as, "Can BitLocker deployment be automated in an enterprise environment?"
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker frequently asked questions (FAQ)
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: Can BitLocker deployment be automated in an enterprise environment?
-        answer: |
-          Yes, the deployment and configuration of both BitLocker and the TPM can be automated using either WMI or Windows PowerShell scripts. Which method is chosen to implement the automation depends on the environment. `Manage-bde.exe` can also be used to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](/windows/win32/secprov/bitlocker-drive-encryption-provider). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps).
-          
-      - question: Can BitLocker encrypt more than just the operating system drive?
-        answer: Yes.
-
-      - question: Is there a noticeable performance impact when BitLocker is enabled on a computer?
-        answer: Typically, there's a small performance overhead, often in single-digit percentages, which is relative to the throughput of the storage operations on which it needs to operate.
-
-      - question: How long will initial encryption take when BitLocker is turned on?
-        answer: |
-          Although BitLocker encryption occurs in the background while a user continues to work with the system remaining usable, encryption times vary depending on the type of drive that is being encrypted, the size of the drive, and the speed of the drive. If encrypting large drives, encryption may want to be scheduled during times when the drive isn't being used.
-          
-          When BitLocker is enabled, BitLocker can also be set to encrypt the entire drive or just the used space on the drive. On a new hard drive, encrypting just the used spaced can be considerably faster than encrypting the entire drive. When this encryption option is selected, BitLocker automatically encrypts data as it is saved, ensuring that no data is stored unencrypted.
-          
-      - question: What happens if the computer is turned off during encryption or decryption?
-        answer: If the computer is turned off or goes into hibernation, the BitLocker encryption and decryption process will resume where it stopped the next time Windows starts. BitLocker resuming encryption or decryption is true even if the power is suddenly unavailable.
-
-      - question: Does BitLocker encrypt and decrypt the entire drive all at once when reading and writing data?
-        answer: No, BitLocker doesn't encrypt and decrypt the entire drive when reading and writing data. The encrypted sectors in the BitLocker-protected drive are decrypted only as they're requested from system read operations. Blocks that are written to the drive are encrypted before the system writes them to the physical disk. No unencrypted data is ever stored on a BitLocker-protected drive.
-
-      - question: How can I prevent users on a network from storing data on an unencrypted drive?
-        answer: |
-          Group Policy settings can be configured to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
-          When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that aren't protected by BitLocker as read-only.
-          
-      - question: What is Used Disk Space Only encryption?
-        answer: |
-          BitLocker in Windows 10 lets users choose to encrypt just their data. Although it's not the most secure way to encrypt a drive, this option can reduce encryption time by more than 99 percent, depending on how much data that needs to be encrypted. For more information, see [Used Disk Space Only encryption](bitlocker-device-encryption-overview-windows-10.md#used-disk-space-only-encryption).
-          
-      - question: What system changes would cause the integrity check on my operating system drive to fail?
-        answer: |
-          The following types of system changes can cause an integrity check failure and prevent the TPM from releasing the BitLocker key to decrypt the protected operating system drive:
-          
-          - Moving the BitLocker-protected drive into a new computer.
-          - Installing a new motherboard with a new TPM.
-          - Turning off, disabling, or clearing the TPM.
-          - Changing any boot configuration settings.
-          - Changing the BIOS, UEFI firmware, master boot record, boot sector, boot manager, option ROM, or other early boot components or boot configuration data.
-          
-      - question: What causes BitLocker to start into recovery mode when attempting to start the operating system drive?
-        answer: |
-          Because BitLocker is designed to protect computers from numerous attacks, there are numerous reasons why BitLocker could start in recovery mode. 
-          For example: 
-          
-          - Changing the BIOS boot order to boot another drive in advance of the hard drive.
-          - Adding or removing hardware, such as inserting a new card in the computer.
-          - Removing, inserting, or completely depleting the charge on a smart battery on a portable computer.
-          
-          In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. 
-          The TPM isn't involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed.
-          
-      - question: What can prevent BitLocker from binding to PCR 7?
-        answer: BitLocker can be prevented from binding to PCR 7 if a non-Windows OS booted prior to Windows, or if Secure Boot isn't available to the device, either because it has been disabled or the hardware doesn't support it.
-
-      - question: Can I swap hard disks on the same computer if BitLocker is enabled on the operating system drive?
-        answer: Yes, multiple hard disks can be swapped on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and the operating system drive. If a backup operating system or data drive needs to be prepared in case of a disk failure, make sure that they were matched with the correct TPM. Different hard drives can also be configured for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts.
-
-      - question: Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?
-        answer: Yes, if the drive is a data drive, it can be unlocked from the **BitLocker Drive Encryption** Control Panel item by using a password or smart card. If the data drive was configured for automatic unlock only, it will need to be unlocked by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or it can be unlocked by using the recovery key.
-
-      - question: Why is **Turn BitLocker on** not available when I right-click a drive?
-        answer: Some drives can't be encrypted with BitLocker. Reasons a drive can't be encrypted include insufficient disk size, an incompatible file system, if the drive is a dynamic disk, or a drive is designated as the system partition. By default, the system drive (or system partition) is hidden from display. However, if it isn't created as a hidden drive when the operating system was installed due to a custom installation process, that drive might be displayed but can't be encrypted.
-
-      - question: What type of disk configurations are supported by BitLocker?
-        answer: Any number of internal, fixed data drives can be protected with BitLocker. On some versions ATA and SATA-based, direct-attached storage devices are also supported.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
deleted file mode 100644
index 99d7101e23..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: BitLocker deployment comparison 
-description: This article shows the BitLocker deployment comparison chart.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
----
-
-# BitLocker deployment comparison
-
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-This article depicts the BitLocker deployment comparison chart.
-
-## BitLocker deployment comparison chart
-
-| Requirements |Microsoft Intune  |Microsoft Configuration Manager  |Microsoft BitLocker Administration and Monitoring (MBAM) |
-|---------|---------|---------|---------|
-|*Minimum client operating system version*     |Windows 11 and Windows 10    | Windows 11, Windows 10, and Windows 8.1  | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11      |
-|*Supported Windows SKUs*    |    Enterprise, Pro, Education     |    Enterprise, Pro, Education     |     Enterprise    |
-|*Minimum Windows version*    |1909   |    None     |    None     |
-|*Supported domain-joined status*    |     Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined    |   Active Directory-joined, hybrid Azure AD joined      |     Active Directory-joined    |
-|*Permissions required to manage policies*     |    Endpoint security manager or custom     |   Full administrator or custom      |     Domain Admin or Delegated GPO access    |
-|*Cloud or on premises*      |     Cloud    |  On premises     |    On premises     |
-|Server components required?      |         |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Additional agent required?*     |     No (device enrollment only)    |   Configuration Manager client      |     MBAM client    |
-|*Administrative plane*     | Microsoft Intune admin center        |    Configuration Manager console     |    Group Policy Management Console and MBAM sites     |
-|*Administrative portal installation required*     |         |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |
-|*Compliance reporting capabilities*     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Force encryption*     |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::   |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::   | :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Encryption for storage cards (mobile)*      |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |         |
-|*Allow recovery password*      |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |
-|*Manage startup authentication*     |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |     :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |     :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |
-|*Select cipher strength and algorithms for fixed drives*      |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     | :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |
-|*Select cipher strength and algorithms for removable drives*     |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Select cipher strength and algorithms for operating environment drives*     |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |
-|*Standard recovery password storage location*     |     Azure AD or Active Directory    |     Configuration Manager site database    |    MBAM database     |
-|*Store recovery password for operating system and fixed drives to Azure AD or Active Directory*     |    Yes (Active Directory and Azure AD)     | Yes (Active Directory only)      |   Yes (Active Directory only)      |
-|*Customize preboot message and recovery link*     | :::image type="content" source="images/yes-icon.png" alt-text="supported.":::         | :::image type="content" source="images/yes-icon.png" alt-text="supported.":::        |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |
-|*Allow/deny key file creation*     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::      |
-|*Deny Write permission to unprotected drives*     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Can be administered outside company network*     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |         |
-|*Support for organization unique IDs*     |         |      :::image type="content" source="images/yes-icon.png" alt-text="supported.":::   |     :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |
-|*Self-service recovery*      |    Yes (through Azure AD or Company Portal app)     |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |
-|*Recovery password rotation for fixed and operating environment drives*     |   Yes (Windows 10, version 1909 and later)     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Wait to complete encryption until recovery information is backed up to Azure AD*      |     :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |       |        |
-|*Wait to complete encryption until recovery information is backed up to Active Directory*      |         |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     |
-|*Allow or deny Data Recovery Agent*     |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Unlock a volume using certificate with custom object identifier*     |         |   :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |     :::image type="content" source="images/yes-icon.png" alt-text="supported.":::    |
-|*Prevent memory overwrite on restart*    |         |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |  :::image type="content" source="images/yes-icon.png" alt-text="supported.":::       |
-|*Configure custom Trusted Platform Module Platform Configuration Register profiles*     |         |       | :::image type="content" source="images/yes-icon.png" alt-text="supported.":::        |
-|*Manage auto-unlock functionality*     |         |    :::image type="content" source="images/yes-icon.png" alt-text="supported.":::     | :::image type="content" source="images/yes-icon.png" alt-text="supported.":::        |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
deleted file mode 100644
index 4f7256eadb..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker FAQ (Windows 10)
-  description: Find the answers you need by exploring this brief hub page listing FAQ pages for various aspects of BitLocker.
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.collection:
-    - highpri
-    - tier1
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker frequently asked questions (FAQ) resources
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-  This article links to frequently asked questions about BitLocker. BitLocker is a data protection feature that encrypts drives on computers to help prevent data theft or exposure. BitLocker-protected computers can also delete data more securely when they're decommissioned because it's much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive.
-  
-  - [Overview and requirements](bitlocker-overview-and-requirements-faq.yml)
-  - [Upgrading](bitlocker-upgrading-faq.yml)
-  - [Deployment and administration](bitlocker-deployment-and-administration-faq.yml)
-  - [Key management](bitlocker-key-management-faq.yml)
-  - [BitLocker To Go](bitlocker-to-go-faq.yml)
-  - [Active Directory Domain Services (AD DS)](bitlocker-and-adds-faq.yml)
-  - [Security](bitlocker-security-faq.yml)
-  - [BitLocker Network Unlock](bitlocker-network-unlock-faq.yml)
-  - [Using BitLocker with other programs and general questions](bitlocker-using-with-other-programs-faq.yml)
-  
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: |
-          More information
-        answer: |
-          - [Prepare your organization for BitLocker: Planning and Policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
-          - [BitLocker Group Policy settings](bitlocker-group-policy-settings.md)
-          - [BCD settings and BitLocker](bcd-settings-and-bitlocker.md)
-          - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
-          - [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
-          - [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)
-          - [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md)
-          - [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps&preserve-view=true)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml
deleted file mode 100644
index ad23cc6714..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.yml
+++ /dev/null
@@ -1,119 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker Key Management FAQ (Windows 10)
-  description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker Key Management FAQ
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: How can I authenticate or unlock my removable data drive?
-        answer: |
-          Removable data drives can be unlocked using a password or a smart card. An SID protector can also be configured to unlock a drive by using user domain credentials. After encryption has started, the drive can also be automatically unlocked on a specific computer for a specific user account. System administrators can configure which options are available for users including password complexity and minimum length requirements. To unlock by using a SID protector, use `manage-bde.exe`:
-          
-          ```cmd
-          Manage-bde.exe -protectors -add e: -sid <i>domain\username</i></code>
-          ```
-          
-      - question: What is the difference between a recovery password, recovery key, PIN, enhanced PIN, and startup key?
-        answer: |
-          For tables that list and describe elements such as a recovery password, recovery key, and PIN, see [BitLocker key protectors](prepare-your-organization-for-bitlocker-planning-and-policies.md#bitlocker-key-protectors) and [BitLocker authentication methods](prepare-your-organization-for-bitlocker-planning-and-policies.md#bitlocker-authentication-methods). 
-          
-      - question: How can the recovery password and recovery key be stored?
-        answer: |
-          The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to a Microsoft Account, or printed.
-          
-          For removable data drives, the recovery password and recovery key can be saved to a folder, saved to a Microsoft Account, or printed. By default, a recovery key for a removable drive can't be stored on a removable drive.
-          
-          A domain administrator can also configure Group Policy to automatically generate recovery passwords and store them in Active Directory Domain Services (AD DS) for any BitLocker-protected drive.
-          
-      - question: Is it possible to add an additional method of authentication without decrypting the drive if I only have the TPM authentication method enabled?
-        answer: |
-          The `Manage-bde.exe` command-line tool can be used to replace TPM-only authentication mode with a multifactor authentication mode. For example, if BitLocker is enabled with TPM authentication only and PIN authentication needs to be added, use the following commands from an elevated command prompt, replacing *4-20 digit numeric PIN* with the desired numeric PIN:
-          
-          ```cmd
-          manage-bde.exe -protectors -delete %systemdrive% -type tpm
-         
-          manage-bde.exe -protectors -add %systemdrive% -tpmandpin <4-20 digit numeric PIN>
-          ```
-          
-          
-      - question: When should an additional method of authentication be considered?
-        answer: |
-          New hardware that meets [Windows Hardware Compatibility Program](/windows-hardware/design/compatibility/) requirements make a PIN less critical as a mitigation, and having a TPM-only protector is likely sufficient when combined with policies like device lockout. For example, Surface Pro and Surface Book don't have external DMA ports to attack. 
-          For older hardware, where a PIN may be needed, it's recommended to enable [enhanced PINs](bitlocker-group-policy-settings.md#allow-enhanced-pins-for-startup) that allow non-numeric characters such as letters and punctuation marks, and to set the PIN length based on the risk tolerance and the hardware anti-hammering capabilities available to the TPMs on the computers. 
-          
-      - question: If I lose my recovery information, will the BitLocker-protected data be unrecoverable?
-        answer: |
-          BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive.
-          
-          > [!IMPORTANT]
-          > Store the recovery information in AD DS, along with in a Microsoft Account, or another safe location.
-           
-      - question: Can the USB flash drive that is used as the startup key also be used to store the recovery key?
-        answer: While using a USB flash drive as both the startup key and for storage of the recovery key is technically possible, it isn't a best practice to use one USB flash drive to store both keys. If the USB flash drive that contains the startup key is lost or stolen, the recovery key will also be lost. In addition, inserting this key would cause the computer to automatically boot from the recovery key even if TPM-measured files have changed, which circumvents the TPM's system integrity check.
-
-      - question: Can I save the startup key on multiple USB flash drives?
-        answer: Yes, computer's startup key can be saved on multiple USB flash drives. Right-clicking a BitLocker-protected drive and selecting **Manage BitLocker** will provide the options to save the recovery keys on additional USB flash drives as needed.
-
-      - question: Can I save multiple (different) startup keys on the same USB flash drive?
-        answer: Yes, BitLocker startup keys for different  computers can be saved on the same USB flash drive.
-
-      - question: Can I generate multiple (different) startup keys for the same computer?
-        answer: Generating different startup keys for the same computer can be done through scripting. However, for computers that have a TPM, creating different startup keys prevents BitLocker from using the TPM's system integrity check.
-
-      - question: Can I generate multiple PIN combinations?
-        answer: Generating multiple PIN combinations can't be done.
-
-      - question: What encryption keys are used in BitLocker? How do they work together?
-        answer: Raw data is encrypted with the full volume encryption key, which is then encrypted with the volume master key. The volume master key is in turn encrypted by one of several possible methods depending on the authentication (that is, key protectors or TPM) and recovery scenarios.
-
-      - question: Where are the encryption keys stored?
-        answer: |
-          The full volume encryption key is encrypted by the volume master key and stored in the encrypted drive. The volume master key is encrypted by the appropriate key protector and stored in the encrypted drive. If BitLocker has been suspended, the clear key that is used to encrypt the volume master key is also stored in the encrypted drive, along with the encrypted volume master key.
-          
-          This storage process ensures that the volume master key is never stored unencrypted and is protected unless BitLocker is disabled. The keys are also saved to two additional locations on the drive for redundancy. The keys can be read and processed by the boot manager.
-          
-      - question: Why do I have to use the function keys to enter the PIN or the 48-character recovery password?
-        answer: |
-          The F1 through F10 keys are universally mapped scan codes available in the pre-boot environment on all computers and in all languages. The numeric keys 0 through 9 aren't usable in the pre-boot environment on all keyboards.
-          
-          When using an enhanced PIN, users should run the optional system check during the BitLocker setup process to ensure that the PIN can be entered correctly in the pre-boot environment.
-          
-      - question: How does BitLocker help prevent an attacker from discovering the PIN that unlocks my operating system drive?
-        answer: |
-          It's possible that a personal identification number (PIN) can be discovered by an attacker performing a brute force attack. A brute force attack occurs when an attacker uses an automated tool to try different PIN combinations until the correct one is discovered. For BitLocker-protected computers, this type of attack, also known as a dictionary attack, requires that the attacker has physical access to the computer.
-          
-          The TPM has the built-in ability to detect and react to these types of attacks. Because different manufacturers' TPMs may support different PIN and attack mitigations, contact the TPM's manufacturer to determine how the computer's TPM mitigates PIN brute force attacks.
-          After the TPM's manufacturer has been determined, contact the manufacturer to gather the TPM's vendor-specific information. Most manufacturers use the PIN authentication failure count to exponentially increase lockout time to the PIN interface. However, each manufacturer has different policies regarding when and how the failure counter is decreased or reset.
-          
-      - question: How can I determine the manufacturer of my TPM?
-        answer: The TPM manufacturer can be determined in **Windows Defender Security Center** > **Device Security** > **Security processor details**.
-
-      - question: How can I evaluate a TPM's dictionary attack mitigation mechanism?
-        answer: |
-          The following questions can assist when asking a TPM manufacturer about the design of a dictionary attack mitigation mechanism:
-          
-          - How many failed authorization attempts can occur before lockout?
-          - What is the algorithm for determining the duration of a lockout based on the number of failed attempts and any other relevant parameters?
-          - What actions can cause the failure count and lockout duration to be decreased or reset?
-          
-      - question: Can PIN length and complexity be managed with Group Policy?
-        answer: |
-          Yes and No. The minimum personal identification number (PIN) length can be configured by using the **Configure minimum PIN length for startup** Group Policy setting and allow the use of alphanumeric PINs by enabling the **Allow enhanced PINs for startup** Group Policy setting. However, PIN complexity can't be required via Group Policy.
-          
-          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
deleted file mode 100644
index 9683743787..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker Network Unlock FAQ (Windows 10)
-  description: Familiarize yourself with BitLocker Network Unlock. Learn how it can make desktop and server management easier within domain environments.
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.reviewer: 
-  ms.custom: bitlocker
-title: BitLocker Network Unlock FAQ
-summary: |
-  **Applies to:**
-  - Windows 10
-  - Windows 11
-  - Windows Server 2016 and above
-
-sections:
-  - name: Ignored
-    questions:
-      - question: |
-          BitLocker Network Unlock FAQ
-        answer: |  
-          BitLocker Network Unlock enables easier management for BitLocker-enabled desktops and servers that use the TPM+PIN protection method in a domain environment. When a computer that is connected to a wired corporate network is rebooted, Network Unlock allows the PIN entry prompt to be bypassed. It automatically unlocks BitLocker-protected operating system volumes by using a trusted key that is provided by the Windows Deployment Services server as its secondary authentication method.
-          
-          To use Network Unlock, a PIN must be configured for the computer. When the computer isn't connected to the network, a PIN will need to be provided to unlock it.
-          
-          BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before it can be used.
-          
-          Network Unlock uses two protectors - the TPM protector and the protector provided by the network or by the PIN. Automatic unlock uses a single protector - the one stored in the TPM. If the computer is joined to a network without the key protector, it will prompt to enter a PIN. If the PIN isn't available, the recovery key will need to be used to unlock the computer if it can't be connected to the network.
-          
-          For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
deleted file mode 100644
index 3243fdb178..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
+++ /dev/null
@@ -1,78 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker overview and requirements FAQ (Windows 10)
-  description: This article for IT professionals answers frequently asked questions concerning the requirements to use BitLocker.
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.collection:
-    - highpri
-    - tier1
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker Overview and Requirements FAQ
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: How does BitLocker work?
-        answer: |
-          **How BitLocker works with operating system drives**
-          
-          BitLocker Can be used to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data.
-          
-          **How BitLocker works with fixed and removable data drives**
-          
-          BitLocker can be used to encrypt the entire contents of a data drive. Group Policy can be used to require BitLocker be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with various unlock methods for data drives, and a data drive supports multiple unlock methods.
-          
-      - question: Does BitLocker support multifactor authentication?
-        answer: Yes, BitLocker supports multifactor authentication for operating system drives. If BitLocker is enabled on a computer that has a TPM version 1.2 or later, additional forms of authentication can be used with the TPM protection.
-
-      - question: What are the BitLocker hardware and software requirements?
-        answer: |
-          For requirements, see [System requirements](bitlocker-overview.md#system-requirements).
-          
-          > [!NOTE]
-          > Dynamic disks aren't supported by BitLocker. Dynamic data volumes won't be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it's a Dynamic disk, if it's a dynamic disk it can't be protected by BitLocker.
-           
-      - question: Why are two partitions required? Why does the system drive have to be so large?
-        answer: Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive.
-
-      - question: Which Trusted Platform Modules (TPMs) does BitLocker support?
-        answer: |
-          BitLocker supports TPM version 1.2 or higher. BitLocker support for TPM 2.0 requires Unified Extensible Firmware Interface (UEFI) for the device. 
-          
-          > [!NOTE]
-          > TPM 2.0 isn't supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security, enable the Secure Boot feature.
-          > 
-          > Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode that will prepare the OS and the disk to support UEFI.
-          
-      - question: How can I tell if a computer has a TPM?
-        answer: Beginning with Windows 10, version 1803, the TPM status can be checked in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. [**Get-TPM**](/powershell/module/trustedplatformmodule/get-tpm?view=windowsserver2019-ps)** can also be run in PowerShell to get more details about the TPM on the current computer.
-
-      - question: Can I use BitLocker on an operating system drive without a TPM?
-        answer: |
-          Yes, BitLocker can be enabled on an operating system drive without a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. BitLocker won't unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs won't be able to use the system integrity verification that BitLocker can also provide.
-          To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
-          
-      - question: How do I obtain BIOS support for the TPM on my computer?
-        answer: |
-          Contact the computer manufacturer to request a Trusted Computing Group (TCG)-compliant BIOS or UEFI boot firmware that meets the following requirements:
-          
-          - It's compliant with the TCG standards for a client computer.
-          - It has a secure update mechanism to help prevent a malicious BIOS or boot firmware from being installed on the computer.
-          
-      - question: What credentials are required to use BitLocker?
-        answer: To turn on, turn off, or change configurations of BitLocker on operating system and fixed data drives, membership in the local **Administrators** group is required. Standard users can turn on, turn off, or change configurations of BitLocker on removable data drives.
-
-      - question: What is the recommended boot order for computers that are going to be BitLocker-protected?
-        answer: The computer's startup options should be configured to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk isn't first and the computer typically boots from the hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause a prompt for the BitLocker recovery key. For the same reason, if a laptop is used with a docking station, ensure that the hard disk drive is first in the boot order both when the laptop is docked and undocked. 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
deleted file mode 100644
index 9f04e173a3..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: BitLocker
-description: This article provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
-ms.author: frankroj
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-manager: aaroncz
-ms.collection: 
-  - highpri
-  - tier1
-ms.topic: conceptual
-ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
----
-
-# BitLocker
-
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-This article provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
-
-## BitLocker overview
-
-BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
-
-BitLocker provides the maximum protection when used with a Trusted Platform Module (TPM) version 1.2 or later versions. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system was offline.
-
-On computers that don't have a TPM version 1.2 or later versions, BitLocker can still be used to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the computer or resume from hibernation. Starting with Windows 8, an operating system volume password can be used to protect the operating system volume on a computer without TPM. Both options don't provide the pre-startup system integrity verification offered by BitLocker with a TPM.
-
-In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device (such as a USB flash drive) that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer won't start or resume from hibernation until the correct PIN or startup key is presented.
-
-## Practical applications
-
-Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
-
-There are two additional tools in the Remote Server Administration Tools that can be used to manage BitLocker.
-
-- **BitLocker Recovery Password Viewer**. The BitLocker Recovery Password Viewer enables the BitLocker Drive Encryption recovery passwords that have been backed up to Active Directory Domain Services (AD DS) to be located and viewed. This tool can be used to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
-
-    By using this tool, a computer object's **Properties** dialog box can be examined to view the corresponding BitLocker recovery passwords. Additionally, a domain container can be searched for a BitLocker recovery password across all the domains in the Active Directory forest by right clicking on the domain container. Viewing recovery passwords can only be viewed by domain administrator or having delegated permissions by a domain administrator.
-
-- **BitLocker Drive Encryption Tools**. BitLocker Drive Encryption Tools include the command-line tools, manage-bde and repair-bde, and the BitLocker cmdlets for Windows PowerShell. Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the
-BitLocker control panel, and they're appropriate to be used for automated deployments and other scripting scenarios. Repair-bde is provided for disaster recovery scenarios in which a BitLocker-protected drive can't be unlocked normally or by using the recovery console.
-
-[!INCLUDE [bitlocker](../../../../includes/licensing/bitlocker-enablement.md)]
-
-## System requirements
-
-BitLocker has the following hardware requirements:
-
-For BitLocker to use the system integrity check provided by a TPM, the computer must have TPM 1.2 or later versions. If a computer doesn't have a TPM, saving a startup key on a removable drive, such as a USB flash drive, becomes mandatory when enabling BitLocker.
-
-A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM doesn't require TCG-compliant firmware.
-
-The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
-
-> [!IMPORTANT]
-> From Windows 7, an OS drive can be encrypted without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup).
-
-> [!NOTE]
-> TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature.
-
-> Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI.
-
-The hard disk must be partitioned with at least two drives:
-
-- The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.
-- The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker isn't enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. It's recommended that the system drive be approximately 350 MB in size. After BitLocker is turned on, it should have approximately 250 MB of free space.
-
-When installed on a new computer, Windows automatically creates the partitions that are required for BitLocker.
-
-A partition subject to encryption can't be marked as an active partition. This requirement applies to the operating system drives, fixed data drives, and removable data drives.
-
-When installing the BitLocker optional component on a server, the Enhanced Storage feature also needs to be installed. The Enhanced Storage feature is used to support hardware encrypted drives.
-
-## In this section
-
-| Article | Description |
-| - | - |
-| [Overview of BitLocker Device Encryption in Windows 10](bitlocker-device-encryption-overview-windows-10.md) | This article provides an overview of the ways in which BitLocker Device Encryption can help protect data on devices running Windows 10. |
-| [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml) | This article answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.|
-| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This article explains the procedure you can use to plan your BitLocker deployment. |
-| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This article explains how BitLocker features can be used to protect your data through drive encryption. |
-| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This article explains how to deploy BitLocker on Windows Server.|
-| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This article describes how BitLocker Network Unlock works and how to configure it. |
-| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This article describes how to use tools to manage BitLocker.|
-| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This article describes how to use the BitLocker Recovery Password Viewer. |
-| [BitLocker Group Policy settings](bitlocker-group-policy-settings.md) | This article describes the function, location, and effect of each group policy setting that is used to manage BitLocker. |
-| [BCD settings and BitLocker](bcd-settings-and-bitlocker.md) | This article describes the BCD settings that are used by BitLocker.|
-| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This article describes how to recover BitLocker keys from AD DS. |
-| [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide helps you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device's configuration. |
-| [Troubleshoot BitLocker](/troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
-| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This article describes how to protect CSVs and SANs with BitLocker.|
-| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This article describes how to use BitLocker with Windows IoT Core |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml
deleted file mode 100644
index 8b53e2e639..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker Security FAQ
-  description: Learn more about how BitLocker security works. Browse frequently asked questions, such as, "What form of encryption does BitLocker use?"
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker Security FAQ
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: |
-          What form of encryption does BitLocker use? Is it configurable?
-        answer: |
-          BitLocker uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 128 bits or 256 bits. The default encryption setting is AES-128, but the options are configurable by using Group Policy.
-
-      - question: |
-          What is the best practice for using BitLocker on an operating system drive?
-        answer: |
-          The recommended practice for BitLocker configuration on an operating system drive is to implement BitLocker on a computer with a TPM version 1.2 or higher, and a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware implementation, along with a PIN. By requiring a PIN that was set by the user in addition to the TPM validation, a malicious user that has physical access to the computer can't start the computer.
-
-      - question: |
-          What are the implications of using the sleep or hibernate power management options?
-        answer: |
-          BitLocker on operating system drives in its basic configuration (with a TPM but without other startup authentication) provides extra security for the hibernate mode. However, BitLocker provides greater security when it's configured to use another startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. In sleep mode, the computer is vulnerable to direct memory access attacks, since unprotected data remains in RAM. Therefore, for improved security, it's recommended to disable sleep mode and to use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](./bitlocker-group-policy-settings.md) or Mobile Device Management with the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp). 
-          
-      - question: |
-          What are the advantages of a TPM?
-        answer: |
-          Most operating systems use a shared memory space and rely on the operating system to manage physical memory. A TPM is a hardware component that uses its own internal firmware and logic circuits for processing instructions, thus shielding it from external software vulnerabilities. Attacking the TPM requires physical access to the computer. Additionally, the tools and skills necessary to attack hardware are often more expensive, and usually aren't as available as the ones used to attack software. And because each TPM is unique to the computer that contains it, attacking multiple TPM computers would be difficult and time-consuming.
-          
-          > [!NOTE]
-          > Configuring BitLocker with an additional factor of authentication provides even more protection against TPM hardware attacks.
-          
diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml
deleted file mode 100644
index c780b6ee5a..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker To Go FAQ
-  description: "Learn more about BitLocker To Go"
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  ms.author: frankroj
-  author: frankroj
-  manager: aaroncz
-  audience: ITPro
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.custom: bitlocker
-title: BitLocker To Go FAQ
-summary: |
-  **Applies to:**
-  - Windows 10
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: What is BitLocker To Go?
-        answer: |
-          BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of: 
-          
-          - USB flash drives
-          - SD cards
-          - External hard disk drives
-          - Other drives that are formatted by using the NTFS, FAT16, FAT32, or exFAT file system. 
-           
-          Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
-          
-          As with BitLocker, drives that are encrypted by BitLocker To Go can be opened by using a password or smart card on another computer. In Control Panel, use **BitLocker Drive Encryption**.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml
deleted file mode 100644
index 13441d1f58..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: BitLocker Upgrading FAQ
-  description: Learn more about upgrading systems that have BitLocker enabled. Find frequently asked questions, such as, "Can I upgrade to Windows 10 with BitLocker enabled?"
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  ms.topic: faq
-  ms.date: 11/08/2022
-  ms.reviewer: 
-  ms.custom: bitlocker
-title: BitLocker Upgrading FAQ
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: |
-          Can I upgrade to Windows 10 with BitLocker enabled?
-        answer: |
-          Yes. 
-
-      - question: |
-          What is the difference between suspending and decrypting BitLocker?
-        answer: |
-          **Decrypt** completely removes BitLocker protection and fully decrypts the drive.
-          
-          **Suspend** keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the **Suspend** option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.
-          
-      - question: |
-          Do I have to suspend BitLocker protection to download and install system updates and upgrades?
-        answer: |
-          No user action is required for BitLocker in order to apply updates from Microsoft, including [Windows quality updates and feature updates](/windows/deployment/update/waas-quick-start). 
-          Users need to suspend BitLocker for Non-Microsoft software updates, such as:   
-          
-          -	Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM. Users don't have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. It's recommended that users test their TPM firmware updates if they don't want to suspend BitLocker protection.
-          -	Non-Microsoft application updates that modify the UEFI\BIOS configuration.
-          -	Manual or third-party updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation).
-          -	Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if BitLocker doesn't use Secure Boot for integrity validation during updates).
-           -	BitLocker can be checked if it uses Secure Boot for integrity validation with the command line `manage-bde.exe -protectors -get C:`. If Secure Boot for integrity validation is being used, it will be report **Uses Secure Boot for integrity validation**.
-          
-          
-          > [!NOTE]
-          > If BitLocker has been suspended, BitLocker protection can be resumed after the upgrade or update has been installed. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, the computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
deleted file mode 100644
index e96cf15557..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: BitLocker Use BitLocker Recovery Password Viewer 
-description: This article for the IT professional describes how to use the BitLocker Recovery Password Viewer.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.collection: 
-  - highpri
-  - tier1
-ms.topic: conceptual
-ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
----
-
-# BitLocker: Use BitLocker Recovery Password Viewer
-
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-This article describes how to use the BitLocker Recovery Password Viewer.
-
-The BitLocker Recovery Password Viewer tool is an optional tool included with the Remote Server Administration Tools (RSAT). It lets BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS) be located and viewed. This tool can be used to help recover data that is stored on a drive that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, a computer object's **Properties** dialog box can be examined to view the corresponding BitLocker recovery passwords.
-
-Additionally a domain container can be searched for BitLocker recovery password across all the domains in the Active Directory forest via a right-click. Passwords can also be searched by password identifier (ID).
-
-## Before starting
-
-To complete the procedures in this scenario, the following requirements must be met:
-
-- Domain administrator credentials.
-- Test computers must be joined to the domain.
-- On the domain-joined test computers, BitLocker must have been turned on.
-
-The following procedures describe the most common tasks performed by using the BitLocker Recovery Password Viewer.
-
-### To view the recovery passwords for a computer
-
-1. In **Active Directory Users and Computers**, locate and then select the container in which the computer is located.
-
-2. Right-click the computer object, and then select **Properties**.
-
-3. In the **Properties** dialog box, select the **BitLocker Recovery** tab to view the BitLocker recovery passwords that are associated with the computer.
-
-### To copy the recovery passwords for a computer
-
-1. Follow the steps in the previous procedure to view the BitLocker recovery passwords.
-
-2. On the **BitLocker Recovery** tab of the **Properties** dialog box, right-click the BitLocker recovery password that needs to be copied, and then select **Copy Details**.
-
-3. Press CTRL+V to paste the copied text to a destination location, such as a text file or spreadsheet.
-
-### To locate a recovery password by using a password ID
-
-1. In Active Directory Users and Computers, right-click the domain container, and then select **Find BitLocker Recovery Password**.
-
-2. In the **Find BitLocker Recovery Password** dialog box, type the first eight characters of the recovery password in the **Password ID (first 8 characters)** box, and then select **Search**.
-
-By completing the procedures in this scenario, the recovery passwords for a computer have been viewed and copied and a password ID was used to locate a recovery password.
-
-## Related articles
-
-- [BitLocker Overview](bitlocker-overview.md)
-- [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml)
-- [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
-- [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
-- [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
deleted file mode 100644
index 4d0267a25a..0000000000
--- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
+++ /dev/null
@@ -1,118 +0,0 @@
-### YamlMime:FAQ
-metadata:
-  title: Using BitLocker with other programs FAQ
-  description: Learn how to integrate BitLocker with other software on a device.
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  author: frankroj
-  ms.author: frankroj
-  manager: aaroncz
-  ms.topic: faq
-  ms.date: 11/08/2022
-title: Using BitLocker with other programs FAQ
-summary: |
-  **Applies to:**
-  - Windows 10 and later
-  - Windows Server 2016 and later
-  
-
-sections:
-  - name: Ignored
-    questions:
-      - question: |
-          Can I use EFS with BitLocker?
-        answer: |
-          Yes, Encrypting File System (EFS) can be used to encrypt files on a BitLocker-protected drive. BitLocker helps protect the entire operating system drive against offline attacks, whereas EFS can provide additional user-based file level encryption for security separation between multiple users of the same computer. EFS can also be used in Windows to encrypt files on other drives that aren't encrypted by BitLocker. The root secrets of EFS are stored by default on the operating system drive; therefore, if BitLocker is enabled for the operating system drive, data that is encrypted by EFS on other drives is also indirectly protected by BitLocker.
-
-      - question: |
-          Can I run a kernel debugger with BitLocker?
-        answer: |
-          Yes. However, the debugger should be turned on before enabling BitLocker. Turning on the debugger ensures that the correct measurements are calculated when sealing to the TPM, allowing the computer to start properly. If debugging needs to be turned on or off when using BitLocker, be sure to suspend BitLocker first to avoid putting the computer into recovery mode.
-
-      - question: |
-          How does BitLocker handle memory dumps?
-        answer: |
-          BitLocker has a storage driver stack that ensures memory dumps are encrypted when BitLocker is enabled.
-
-      - question: |
-          Can BitLocker support smart cards for pre-boot authentication?
-        answer: |
-          BitLocker doesn't support smart cards for pre-boot authentication. There's no single industry standard for smart card support in the firmware, and most computers either don't implement firmware support for smart cards, or only support specific smart cards and readers. This lack of standardization makes supporting them difficult.
-
-      - question: |
-          Can I use a non-Microsoft TPM driver?
-        answer: |
-          Microsoft doesn't support non-Microsoft TPM drivers and strongly recommends against using them with BitLocker. Attempting to use a non-Microsoft TPM driver with BitLocker may cause BitLocker to report that a TPM isn't present on the computer and not allow the TPM to be used with BitLocker.
-
-      - question: |
-          Can other tools that manage or modify the master boot record work with BitLocker?
-        answer: |
-          We don't recommend modifying the master boot record on computers whose operating system drives are BitLocker-protected for several security, reliability, and product support reasons. Changes to the master boot record (MBR) could change the security environment and prevent the computer from starting normally and complicate any efforts to recover from a corrupted MBR. Changes made to the MBR by anything other than Windows might force the computer into recovery mode or prevent it from booting entirely.
-
-      - question: |
-          Why is the system check failing when I'm encrypting my operating system drive?
-        answer: |
-          The system check is designed to ensure the computer's BIOS or UEFI firmware is compatible with BitLocker and that the TPM is working correctly. The system check can fail for several reasons:
-          
-          - The computer's BIOS or UEFI firmware can't read USB flash drives.
-          - The computer's BIOS, uEFI firmware, or boot menu doesn't have reading USB flash drives enabled.
-          - There are multiple USB flash drives inserted into the computer.
-          - The PIN wasn't entered correctly.
-          - The computer's BIOS or UEFI firmware only supports using the function keys (F1-F10) to enter numerals in the pre-boot environment.
-          - The startup key was removed before the computer finished rebooting.
-          - The TPM has malfunctioned and fails to unseal the keys.
-          
-      - question: |
-          What can I do if the recovery key on my USB flash drive can't be read?
-        answer: |
-          Some computers can't read USB flash drives in the pre-boot environment. First, check the BIOS or UEFI firmware and boot settings to ensure that the use of USB drives is enabled. If it isn't enabled, enable the use of USB drives in the BIOS or UEFI firmware and boot settings, and then try to read the recovery key from the USB flash drive again. If the USB flash drive still can't be read, the hard drive will need to be mounted as a data drive on another computer so that there's an operating system to attempt to read the recovery key from the USB flash drive. If the USB flash drive has been corrupted or damaged, a recovery password may need to be supplied or use the recovery information that was backed up to AD DS. Also, if the recovery key is being used in the pre-boot environment, ensure that the drive is formatted by using the NTFS, FAT16, or FAT32 file system.
-
-      - question: |
-          Why am I unable to save my recovery key to my USB flash drive?
-        answer: |
-          The **Save to USB** option isn't shown by default for removable drives. If the option is unavailable, it means that a system administrator has disallowed the use of recovery keys.
-
-      - question: |
-          Why am I unable to automatically unlock my drive?
-        answer: |
-          Automatic unlocking for fixed data drives requires the operating system drive to also be protected by BitLocker. If a computer is being used that doesn't have a BitLocker-protected operating system drive, then the fixed drive can't be automatically unlocked. For removable data drives, automatic unlocking can be added by right-clicking the drive in Windows Explorer and selecting **Manage BitLocker**. Password or smart card credentials that were supplied when BitLocker was turned on can still be used to unlock the removable drive on other computers.
-
-      - question: |
-          Can I use BitLocker in Safe Mode?
-        answer: |
-          Limited BitLocker functionality is available in Safe Mode. BitLocker-protected drives can be unlocked and decrypted by using the **BitLocker Drive Encryption** Control Panel item. Right-clicking to access BitLocker options from Windows Explorer isn't available in Safe Mode.
-
-      - question: |
-          How do I "lock" a data drive?
-        answer: |
-          Both fixed and removable data drives can be locked by using the Manage-bde command-line tool and the -lock command.
-          
-          > [!NOTE]
-          > Ensure all data is saved to the drive before locking it. Once locked, the drive will become inaccessible.
-           
-          The syntax of this command is:
-          
-          ```cmd
-          manage-bde.exe <driveletter> -lock
-          ````
-          
-          Outside of using this command, data drives will be locked on shutdown and restart of the operating system. A removable data drive will also be locked automatically when the drive is removed from the computer.
-          
-      - question: |
-          Can I use BitLocker with the Volume Shadow Copy Service?
-        answer: |
-          Yes. However, shadow copies made prior to enabling BitLocker will be automatically deleted when BitLocker is enabled on software-encrypted drives. If a hardware encrypted drive is being used, the shadow copies are retained.
-
-      - question: |
-          Does BitLocker support virtual hard disks (VHDs)?
-        answer: |
-          BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
-          - With TPM: Yes, it's supported.
-          - Without  TPM: Yes, it's supported (with password protector).
-          
-          BitLocker is also supported on data volume VHDs, such as those used by clusters, if running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
-          
-      - question: |
-          Can I use BitLocker with virtual machines (VMs)?
-        answer: |
-          Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (via **Settings** > **Accounts** > **Access work or school** > **Connect**) to receive policy. Encryption can be enabled either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or sign-in script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.
diff --git a/windows/security/information-protection/bitlocker/images/yes-icon.png b/windows/security/information-protection/bitlocker/images/yes-icon.png
deleted file mode 100644
index bbae7d3052..0000000000
Binary files a/windows/security/information-protection/bitlocker/images/yes-icon.png and /dev/null differ
diff --git a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md b/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
deleted file mode 100644
index 3aa684f0c2..0000000000
--- a/windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Configure Personal Data Encryption (PDE) in Intune
-description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-<!-- Max 5963468 OS 32516487 -->
-<!-- Max 6946251 -->
-
-# Configure Personal Data Encryption (PDE) policies in Intune
-
-The various required and recommended policies needed for Personal Data Encryption (PDE) can be configured in Intune. The following links for both required and recommended policies contain step by step instructions on how to configure these policies in Intune.
-
-## Required prerequisites
-
-1. [Enable Personal Data Encryption (PDE)](pde-in-intune/intune-enable-pde.md)
-
-1. [Disable Winlogon automatic restart sign-on (ARSO)](pde-in-intune/intune-disable-arso.md)
-
-## Security hardening recommendations
-
-1. [Disable kernel-mode crash dumps and live dumps](pde-in-intune/intune-disable-memory-dumps.md)
-
-1. [Disable Windows Error Reporting (WER)/user-mode crash dumps](pde-in-intune/intune-disable-wer.md)
-
-1. [Disable hibernation](pde-in-intune/intune-disable-hibernation.md)
-
-1. [Disable allowing users to select when a password is required when resuming from connected standby](pde-in-intune/intune-disable-password-connected-standby.md)
-
-## See also
-
-- [Personal Data Encryption (PDE)](overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md b/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
deleted file mode 100644
index 1d6d83ff6c..0000000000
--- a/windows/security/information-protection/personal-data-encryption/includes/pde-description.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Personal Data Encryption (PDE) description
-description: Personal Data Encryption (PDE) description include file
-
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: include
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-<!-- Max 5963468 OS 32516487 -->
-<!-- Max 6946251 -->
-
-Personal data encryption (PDE) is a security feature introduced in Windows 11, version 22H2 that provides additional encryption features to Windows. PDE differs from BitLocker in that it  encrypts individual files and content instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.
-
-PDE utilizes Windows Hello for Business to link data encryption keys with user credentials. This feature can minimize the number of credentials the user has to remember to gain access to content. For example, when using BitLocker with PIN, a user would need to authenticate twice - once with the BitLocker PIN and a second time with Windows credentials. This requirement requires users to remember two different credentials. With PDE, users only need to enter one set of credentials via Windows Hello for Business.
-
-Because PDE utilizes Windows Hello for Business, PDE is also accessibility friendly due to the accessibility features available when using Windows Hello for Business.
-
-Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business. Users will only be able to access their PDE protected content once they've signed into Windows using Windows Hello for Business. Additionally, PDE has the ability to also discard the encryption keys when the device is locked.
-
-> [!NOTE]
-> PDE can be enabled using MDM policies. The content to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect content using PDE.
diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md
deleted file mode 100644
index c7efa3d342..0000000000
--- a/windows/security/information-protection/personal-data-encryption/overview-pde.md
+++ /dev/null
@@ -1,217 +0,0 @@
----
-title: Personal Data Encryption (PDE)
-description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-<!-- Max 5963468 OS 32516487 -->
-<!-- Max 6946251 -->
-
-# Personal Data Encryption (PDE)
-
-**Applies to:**
-
-- Windows 11, version 22H2 and later Enterprise and Education editions
-
-[!INCLUDE [Personal Data Encryption (PDE) description](includes/pde-description.md)]
-
-[!INCLUDE [personal-data-encryption-pde](../../../../includes/licensing/personal-data-encryption-pde.md)]
-
-## Prerequisites
-
-### Required
-
-- [Azure AD joined device](/azure/active-directory/devices/concept-azure-ad-join)
-- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-overview.md)
-- Windows 11, version 22H2 and later Enterprise and Education editions
-
-### Not supported with PDE
-
-- [FIDO/security key authentication](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)
-- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
-  - For information on disabling ARSO via Intune, see [Disable Winlogon automatic restart sign-on (ARSO)](pde-in-intune/intune-disable-arso.md).
-- [Windows Information Protection (WIP)](../windows-information-protection/protect-enterprise-data-using-wip.md)
-- [Hybrid Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join-hybrid)
-- Remote Desktop connections
-
-### Security hardening recommendations
-
-- [Kernel-mode crash dumps  and live dumps disabled](/windows/client-management/mdm/policy-csp-memorydump#memorydump-policies)
-
-   Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps. For information on disabling crash dumps and live dumps via Intune, see [Disable kernel-mode crash dumps and live dumps](pde-in-intune/intune-disable-memory-dumps.md).
-
-- [Windows Error Reporting (WER) disabled/User-mode crash dumps disabled](/windows/client-management/mdm/policy-csp-errorreporting#errorreporting-disablewindowserrorreporting)
-
-   Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps. For more information on disabling crash dumps via Intune, see [Disable Windows Error Reporting (WER)/user-mode crash dumps](pde-in-intune/intune-disable-wer.md).
-
-- [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate)
-
-   Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation. For more information on disabling crash dumps via Intune, see [Disable hibernation](pde-in-intune/intune-disable-hibernation.md).
-
-- [Allowing users to select when a password is required when resuming from connected standby disabled](/windows/client-management/mdm/policy-csp-admx-credentialproviders#admx-credentialproviders-allowdomaindelaylock)
-
-    When this policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including Azure Active Directory joined devices, is different:
-
-  - On-premises Active Directory joined devices:
-
-    - A user can't change the amount of time after the device´s screen turns off before a password is required when waking the device.
-
-    - A password is required immediately after the screen turns off.
-
-    The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices.
-
-  - Workgroup devices, including Azure AD joined devices:
-
-    - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device.
-
-    - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome.
-
-    Because of this undesired outcome, it's recommended to explicitly disable this policy on Azure AD joined devices instead of leaving it at the default of **Not configured**.
-
-   For information on disabling this policy via Intune, see [Disable allowing users to select when a password is required when resuming from connected standby](pde-in-intune/intune-disable-password-connected-standby.md).
-
-### Highly recommended
-
-- [BitLocker Drive Encryption](../bitlocker/bitlocker-overview.md) enabled
-
-   Although PDE will work without BitLocker, it's recommended to also enable BitLocker. PDE is meant to work alongside BitLocker for increased security. PDE isn't a replacement for BitLocker.
-
-- Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview)
-
-   In certain scenarios such as TPM resets or destructive PIN resets, the keys used by PDE to protect content will be lost. In such scenarios, any content protected with PDE will no longer be accessible. The only way to recover such content would be from backup.
-
-- [Windows Hello for Business PIN reset service](../../identity-protection/hello-for-business/hello-feature-pin-reset.md)
-
-   Destructive PIN resets will cause keys used by PDE to protect content to be lost. A destructive PIN reset will make any content protected with PDE no longer accessible after the destructive PIN reset has occurred. Content protected with PDE will need to be recovered from a backup after a destructive PIN reset. For this reason Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets.
-
-- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)
-
-   Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN
-
-## PDE protection levels
-
-PDE uses AES-CBC with a 256-bit key to protect content and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
-
-| Item | Level 1 | Level 2 |
-|---|---|---|
-| PDE protected data accessible when user has signed in via Windows Hello for Business | Yes | Yes |
-| PDE protected data is accessible at Windows lock screen | Yes | Data is accessible for one minute after lock, then it's no longer available |
-| PDE protected data is accessible after user signs out of Windows | No | No |
-| PDE protected data is accessible when device is shut down | No | No |
-| PDE protected data is accessible via UNC paths | No | No |
-| PDE protected data is accessible when signing with Windows password instead of Windows Hello for Business | No | No |
-| PDE protected data is accessible via Remote Desktop session | No | No |
-| Decryption keys used by PDE discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows |
-
-## PDE protected content accessibility
-
-When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access PDE protected content, they'll be denied access to the content.
-
-Scenarios where a user will be denied access to PDE protected content include:
-
-- User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN.
-- If protected via level 2 protection, when the device is locked.
-- When trying to access content on the device remotely. For example, UNC network paths.
-- Remote Desktop sessions.
-- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected content.
-
-## How to enable PDE
-
-To enable PDE on devices, push an MDM policy to the devices with the following parameters:
-
-- Name: **Personal Data Encryption**
-- OMA-URI: **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
-- Data type: **Integer**
-- Value: **1**
-
-There's also a [PDE CSP](/windows/client-management/mdm/personaldataencryption-csp) available for MDM solutions that support it.
-
-> [!NOTE]
-> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
-
-For information on enabling PDE via Intune, see [Enable Personal Data Encryption (PDE)](pde-in-intune/intune-enable-pde.md).
-
-## Differences between PDE and BitLocker
-
-PDE is meant to work alongside BitLocker. PDE isn't a replacement for BitLocker, nor is BitLocker a replacement for PDE. Using both features together provides better security than using either BitLocker or PDE alone. However there are differences between BitLocker and PDE and how they work. These differences are why using them together offers better security.
-
-| Item | PDE | BitLocker |
-|--|--|--|
-| Release of decryption key | At user sign-in via Windows Hello for Business | At boot |
-| Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At reboot |
-| Files protected | Individual specified files | Entire volume/drive |
-| Authentication to access protected content | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in |
-
-## Differences between PDE and EFS
-
-The main difference between protecting files with PDE instead of EFS is the method they use to protect the file. PDE uses Windows Hello for Business to secure the keys that protect the files. EFS uses certificates to secure and protect the files.
-
-To see if a file is protected with PDE or with EFS:
-
-1. Open the properties of the file
-2. Under the **General** tab, select **Advanced...**
-3. In the **Advanced Attributes** windows, select **Details**
-
-For PDE protected files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
-
-For EFS protected files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
-
-Encryption information including what encryption method is being used to protect the file can be obtained with the [cipher.exe /c](/windows-server/administration/windows-commands/cipher) command.
-
-## Disable PDE and decrypt content
-
-Once PDE is enabled, it isn't recommended to disable it. However if PDE does need to be disabled, it can be done so via the MDM policy described in the section [How to enable PDE](#how-to-enable-pde). The value of the OMA-URI needs to be changed from **`1`** to **`0`** as follows:
-
-- Name: **Personal Data Encryption**
-- OMA-URI: **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**
-- Data type: **Integer**
-- Value: **0**
-
-Disabling PDE doesn't decrypt any PDE protected content. It only prevents the PDE API from being able to protect any additional content. PDE protected files can be manually decrypted using the following steps:
-
-1. Open the properties of the file
-2. Under the **General** tab, select **Advanced...**
-3. Uncheck the option **Encrypt contents to secure data**
-4. Select **OK**, and then **OK** again
-
-PDE protected files can also be decrypted using [cipher.exe](/windows-server/administration/windows-commands/cipher). Using `cipher.exe` can be helpful to decrypt files in the following scenarios:
-
-- Decrypting a large number of files on a device
-- Decrypting files on a large number of devices.
-
-To decrypt files on a device using `cipher.exe`:
-
-- Decrypt all files under a directory including subdirectories:
-
-    ```cmd
-    cipher.exe /d /s:<path_to_directory>
-    ```
-
-- Decrypt a single file or all of the files in the specified directory, but not any subdirectories:
-
-    ```cmd
-    cipher.exe /d <path_to_file_or_directory>
-    ```
-
-> [!IMPORTANT]
-> Once a user selects to manually decrypt a file, the user will not be able to manually protect the file again using PDE.
-
-## Windows out of box applications that support PDE
-
-Certain Windows applications support PDE out of the box. If PDE is enabled on a device, these applications will utilize PDE.
-
-- Mail
-  - Supports protecting both email bodies and attachments
-
-## See also
-
-- [Personal Data Encryption (PDE) FAQ](faq-pde.yml)
-- [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
diff --git a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md b/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
deleted file mode 100644
index 9781fb82d7..0000000000
--- a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: Disable Winlogon automatic restart sign-on (ARSO) for PDE in Intune
-description: Disable Winlogon automatic restart sign-on (ARSO) for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-# Disable Winlogon automatic restart sign-on (ARSO) for PDE
-
-Winlogon automatic restart sign-on (ARSO) isn't supported for use with Personal Data Encryption (PDE). For this reason, in order to use PDE, ARSO needs to be disabled.
-
-## Disable Winlogon automatic restart sign-on (ARSO) in Intune
-
-To disable ARSO using Intune, follow the below steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. In the **Home** screen, select **Devices** in the left pane.
-
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
-1. In the **Create profile** window that opens:
-
-   1. Under **Platform**, select **Windows 10 and later**.
-
-   1. Under **Profile type**, select **Templates**.
-
-   1. When the templates appear, under **Template name**, select **Administrative templates**.
-
-   1. Select **Create** to close the **Create profile** window.
-
-1. The **Create profile** screen will open. In the **Basics** page:
-
-   1. Next to **Name**, enter **Disable ARSO**.
-
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
-1. In the **Configuration settings** page:
-
-   1. On the left pane of the page, make sure **Computer Configuration** is selected.
-
-   1. Under **Setting name**, scroll down and select **Windows Components**.
-
-   1. Under **Setting name**, scroll down and select **Windows Logon Options**. You may need to navigate between pages on the bottom right corner before finding the **Windows Logon Options** option.
-
-   1. Under **Setting name** of the **Windows Logon Options** pane, select **Sign-in and lock last interactive user automatically after a restart**.
-
-   1. In the **Sign-in and lock last interactive user automatically after a restart** window that opens, select **Disabled**, and then select **OK**.
-
-   1. Select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
-1. In the **Assignments** page:
-
-   1. Under **Included groups**, select **Add groups**.
-
-        > [!NOTE]
-        >
-        > Make sure to select **Add groups** under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
-
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
-
-## Additional PDE configurations in Intune
-
-The following PDE configurations can also be configured using Intune:
-
-### Required prerequisites
-
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
-
-### Security hardening recommendations
-
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
-
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
-
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
-
-## More information
-
-- [Personal Data Encryption (PDE)](../overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md b/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
deleted file mode 100644
index 19a5b9498e..0000000000
--- a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
+++ /dev/null
@@ -1,98 +0,0 @@
----
-title: Disable hibernation for PDE in Intune
-description: Disable hibernation for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-# Disable hibernation for PDE
-
-Hibernation files can potentially cause the keys used by Personal Data Encryption (PDE) to protect content to be exposed. For greatest security, disable hibernation.
-
-## Disable hibernation in Intune
-
-To disable hibernation using Intune, follow the below steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. In the **Home** screen, select **Devices** in the left pane.
-
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
-1. In the **Create profile** window that opens:
-
-   1. Under **Platform**, select **Windows 10 and later**.
-
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
-1. The **Create profile** screen will open. In the **Basics** page:
-
-   1. Next to **Name**, enter **Disable Hibernation**.
-
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
-1. In the **Configuration settings** page:
-
-   1. select **Add settings**.
-
-   1. In the **Settings picker** window that opens:
-
-      1. Under **Browse by category**, scroll down and select **Power**.
-
-      1. When the settings for the **Power** category appear under **Setting name** in the lower pane, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
-
-   1. Change **Allow Hibernate** from **Allow** to **Block** by selecting the slider next to the option.
-
-   1. Select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
-1. In the **Assignments** page:
-
-   1. Under **Included groups**, select **Add groups**.
-
-        > [!NOTE]
-        >
-        > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
-
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
-
-## Additional PDE configurations in Intune
-
-The following PDE configurations can also be configured using Intune:
-
-### Required prerequisites
-
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
-
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
-
-### Security hardening recommendations
-
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
-
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
-
-## More information
-
-- [Personal Data Encryption (PDE)](../overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md b/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
deleted file mode 100644
index b9ab18802e..0000000000
--- a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Disable kernel-mode crash dumps and live dumps for PDE in Intune
-description: Disable kernel-mode crash dumps and live dumps for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-# Disable kernel-mode crash dumps and live dumps for PDE
-
-Kernel-mode crash dumps and live dumps can potentially cause the keys used by Personal Data Encryption (PDE) to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps.
-
-## Disable kernel-mode crash dumps and live dumps in Intune
-
-To disable kernel-mode crash dumps and live dumps using Intune, follow the below steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. In the **Home** screen, select **Devices** in the left pane.
-
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
-1. In the **Create profile** window that opens:
-
-   1. Under **Platform**, select **Windows 10 and later**.
-
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
-1. The **Create profile** screen will open. In the **Basics** page:
-
-   1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps**.
-
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
-1. In the **Configuration settings** page:
-
-   1. Select **Add settings**.
-
-   1. In the **Settings picker** window that opens:
-
-      1. Under **Browse by category**, scroll down and select **Memory Dump**.
-
-      1. When the settings for the **Memory Dump** category appear under **Setting name** in the lower pane, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
-
-   1. Change both **Allow Live Dump** and **Allow Crash Dump** from **Allow** to **Block** by selecting the slider next to each option, and then select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
-1. In the **Assignments** page:
-
-   1. Under **Included groups**, select **Add groups**.
-
-        > [!NOTE]
-        >
-        > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
-
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
-
-## Additional PDE configurations in Intune
-
-The following PDE configurations can also be configured using Intune:
-
-### Required prerequisites
-
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
-
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
-
-### Security hardening recommendations
-
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
-
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
-
-## More information
-
-- [Personal Data Encryption (PDE)](../overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md b/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
deleted file mode 100644
index d61d11a19c..0000000000
--- a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
+++ /dev/null
@@ -1,118 +0,0 @@
----
-title: Disable allowing users to select when a password is required when resuming from connected standby for PDE in Intune
-description: Disable allowing users to select when a password is required when resuming from connected standby for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-# Disable allowing users to select when a password is required when resuming from connected standby for PDE
-
-When the **Disable allowing users to select when a password is required when resuming from connected standby** policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including Azure Active Directory joined devices, is different:
-
-- On-premises Active Directory joined devices:
-
-  - A user can't change the amount of time after the device´s screen turns off before a password is required when waking the device.
-
-  - A password is required immediately after the screen turns off.
-
-    The above is the desired outcome, but PDE isn't supported with on-premises Active Directory joined devices.
-
-- Workgroup devices, including Azure AD joined devices:
-
-  - A user on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device.
-
-  - During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. This outcome isn't a desired outcome.
-
-Because of this undesired outcome, it's recommended to explicitly disable this policy on Azure AD joined devices instead of leaving it at the default of **Not configured**.
-
-## Disable allowing users to select when a password is required when resuming from connected standby in Intune
-
-To disable the policy **Disable allowing users to select when a password is required when resuming from connected standby** using Intune, follow the below steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. In the **Home** screen, select **Devices** in the left pane.
-
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
-1. In the **Create profile** window that opens:
-
-   1. Under **Platform**, select **Windows 10 and later**.
-
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
-1. The **Create profile** screen will open. In the **Basics** page:
-
-    1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby**.
-
-    1. Next to **Description**, enter a description.
-
-    1. Select **Next**.
-
-1. In the **Configuration settings** page:
-
-   1. Select **Add settings**.
-
-   1. In the **Settings picker** window that opens:
-
-      1. Under **Browse by category**, expand **Administrative Templates**.
-
-      1. Under **Administrative Templates**, scroll down and expand **System**.
-
-      1. Under **System**, scroll down and select **Logon**.
-
-      1. When the settings for the **Logon** subcategory appear under **Setting name** in the lower pane, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
-
-   1. Leave the slider for **Allow users to select when a password is required when resuming from connected standby** at the default of **Disabled**.
-
-   1. select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
-1. In the **Assignments** page:
-
-   1. Under **Included groups**, select **Add groups**.
-
-        > [!NOTE]
-        >
-        > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
-
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
-
-## Additional PDE configurations in Intune
-
-The following PDE configurations can also be configured using Intune:
-
-### Required prerequisites
-
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
-
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
-
-### Security hardening recommendations
-
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
-
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
-
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-## More information
-
-- [Personal Data Encryption (PDE)](../overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md b/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
deleted file mode 100644
index f4a795887a..0000000000
--- a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
+++ /dev/null
@@ -1,102 +0,0 @@
----
-title: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE in Intune
-description: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-# Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-
-Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps.
-
-## Disable Windows Error Reporting (WER)/user-mode crash dumps in Intune
-
-To disable Windows Error Reporting (WER) and user-mode crash dumps using Intune, follow the below steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. In the **Home** screen, select **Devices** in the left pane.
-
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
-1. In the **Create profile** window that opens:
-
-   1. Under **Platform**, select **Windows 10 and later**.
-
-   1. Under **Profile type**, select **Settings catalog**.
-
-   1. Select **Create** to close the **Create profile** window.
-
-1. The **Create profile** screen will open. In the **Basics** page:
-
-   1. Next to **Name**, enter **Disable Windows Error Reporting (WER)**.
-
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
-1. In the **Configuration settings** page:
-
-   1. Select **Add settings**.
-
-   1. In the **Settings picker** window that opens:
-
-      1. Under **Browse by category**, expand **Administrative Templates**.
-
-      1. Under **Administrative Templates**, scroll down and expand **Windows Components**.
-
-      1. Under **Windows Components**, scroll down and select **Windows Error Reporting**. Make sure to only select **Windows Error Reporting** and not to expand it.
-
-      1. When the settings for the **Windows Error Reporting** subcategory appear under **Setting name** in the lower pane, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
-
-   1. Change **Disable Windows Error Reporting** from **Disabled** to **Enabled** by selecting the slider next to the option.
-
-   1. Select **Next**.
-
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
-1. In the **Assignments** page:
-
-   1. Under **Included groups**, select **Add groups**.
-
-        > [!NOTE]
-        >
-        > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
-
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
-
-## Additional PDE configurations in Intune
-
-The following PDE configurations can also be configured using Intune:
-
-### Required prerequisites
-
-- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
-
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
-
-### Security hardening recommendations
-
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
-
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
-
-## More information
-
-- [Personal Data Encryption (PDE)](../overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
diff --git a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md b/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
deleted file mode 100644
index ac064684ca..0000000000
--- a/windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
+++ /dev/null
@@ -1,112 +0,0 @@
----
-title: Enable Personal Data Encryption (PDE) in Intune
-description: Enable Personal Data Encryption (PDE) in Intune
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rhonnegowda
-manager: aaroncz
-ms.topic: how-to
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-ms.date: 03/13/2023
----
-
-# Enable Personal Data Encryption (PDE)
-
-By default, Personal Data Encryption (PDE) is not enabled on devices. Before PDE can be used on a device, it needs to be enabled.  This can be done via a custom OMA-URI policy assigned to the device.
-
-> [!NOTE]
-> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
-
-## Enable Personal Data Encryption (PDE) in Intune
-
-To enable Personal Data Encryption (PDE) using Intune, follow the below steps:
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-1. In the **Home** screen, select **Devices** in the left pane.
-
-1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
-
-1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
-
-1. In the **Create profile** window that opens:
-
-   1. Under **Platform**, select **Windows 10 and later**.
-
-   1. Under **Profile type**, select **Templates**.
-
-   1. When the templates appears, under **Template name**, select **Custom**.
-
-   1. Select **Create** to close the **Create profile** window.
-
-1. The **Custom** screen will open. In the **Basics** page:
-
-   1. Next to **Name**, enter **Personal Data Encryption**.
-
-   1. Next to **Description**, enter a description.
-
-   1. Select **Next**.
-
-1. In **Configuration settings** page:
-
-   1. Next to **OMA-URI Settings**, select **Add**.
-
-   1. In the **Add Row** window that opens:
-
-     1. Next to **Name**, enter **Personal Data Encryption**.
-
-     1. Next to **Description**, enter a description.
-
-     1. Next to **OMA-URI**, enter in:
-
-        **`./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`**
-
-     1. Next to **Data type**, select **Integer**.
-
-     1. Next to **Value**, enter in **1**.
-
-     1. Select **Save** to close the **Add Row** window.
-
-   1. Select **Next**.
-
-1. In the **Assignments** page:
-
-   1. Under **Included groups**, select **Add groups**.
-
-        > [!NOTE]
-        >
-        > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
-
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
-
-   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
-
-1. In **Applicability Rules**, configure if necessary and then select **Next**.
-
-1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
-
-## Additional PDE configurations in Intune
-
-The following PDE configurations can also be configured using Intune:
-
-### Required prerequisites
-
-- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
-
-### Security hardening recommendations
-
-- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
-
-- [Disable Windows Error Reporting (WER)/user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
-
-- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
-
-- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
-
-## More information
-
-- [Personal Data Encryption (PDE)](../overview-pde.md)
-- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
-
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 11f11a6ce5..3db313bdd3 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -1,15 +1,12 @@
 ---
 title: Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) 
 description: Learn how unenlightened and enlightened apps might behave, based on Windows Information Protection (WIP) network policies, app configuration, and other criteria
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
index 5cd04b1208..3d7152aa4c 100644
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
@@ -1,15 +1,12 @@
 ---
 title: How to collect Windows Information Protection (WIP) audit event logs 
 description: How to collect & understand Windows Information Protection audit event logs via the Reporting configuration service provider (CSP) or Windows Event Forwarding.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # How to collect Windows Information Protection (WIP) audit event logs
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index e2a7ffaa5f..303f8c3057 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -1,15 +1,12 @@
 ---
 title: Create an EFS Data Recovery Agent certificate
 description: Follow these steps to create, verify, and perform a quick recovery by using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.reviewer: rafals
 ms.topic: how-to
 ms.date: 07/15/2022
-ms.technology: itpro-security
 ---
 
 # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
index f912dc23f0..709de2a54d 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
@@ -1,15 +1,12 @@
 ---
 title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune 
 description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # Associate and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
index 1cab70ff7c..01f7c3b238 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
@@ -1,15 +1,12 @@
 ---
 title: Create and deploy a WIP policy in Configuration Manager
 description: Use Microsoft Configuration Manager to create and deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.reviewer: rafals
 ms.topic: how-to
 ms.date: 07/15/2022
-ms.technology: itpro-security
 ---
 
 # Create and deploy a Windows Information Protection policy in Configuration Manager
@@ -97,15 +94,14 @@ If you don't know the publisher or product name, you can find them for both desk
 
 **To find the Publisher and Product Name values for Store apps without installing them**
 
-1. Go to the [Microsoft Store for Business](https://businessstore.microsoft.com/store) website, and find your app. For example, Microsoft OneNote.
+1. Go to the [Microsoft Store](https://apps.microsoft.com/) website, and find your app. For example, Microsoft OneNote.
 
    > [!NOTE]
-   > 
    > If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in [Add an AppLocker policy file](#add-an-applocker-policy-file) in this article.
 
-2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
+2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is `https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl`, and you'd copy the ID value, `9wzdncrfhvjl`.
 
-3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
+3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata`, where `9wzdncrfhvjl` is replaced with your ID value.
 
    The API runs and opens a text editor with the app details.
 
@@ -183,7 +179,7 @@ Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the
 
 ### Add an AppLocker policy file
 
-For this example, we're going to add an AppLocker XML file to the **App Rules** list. You'll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](../../threat-protection/windows-defender-application-control/applocker/applocker-overview.md) content.
+For this example, we're going to add an AppLocker XML file to the **App Rules** list. You'll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](../../application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md) content.
 
 **To create an app rule and xml file using the AppLocker tool**
 
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 7b9a855583..6cb50dc76b 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -1,14 +1,12 @@
 ---
 title: Create a WIP policy in Intune
 description: Learn how to use the Microsoft Intune admin center to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
-ms.prod: windows-client
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.reviewer: rafals
 ms.topic: how-to
 ms.date: 07/15/2022
-ms.technology: itpro-security
 ---
 
 # Create a Windows Information Protection policy in Microsoft Intune
@@ -211,7 +209,7 @@ This section covers two examples of using an AppLocker XML file to the **Protect
 - [Create a Packaged App rule for Store apps](#create-a-packaged-app-rule-for-store-apps)
 - [Create an Executable rule for unsigned apps](#create-an-executable-rule-for-unsigned-apps)
 
-For more info about AppLocker, see the [AppLocker](../../threat-protection/windows-defender-application-control/applocker/applocker-overview.md) content.
+For more info about AppLocker, see the [AppLocker](../../application-security/application-control/windows-defender-application-control/applocker/applocker-overview.md) content.
 
 #### Create a Packaged App rule for Store apps
 
@@ -600,7 +598,7 @@ You can restrict which files are protected by WIP when they're downloaded from a
 
 - [What is Azure Rights Management?](/information-protection/understand-explore/what-is-azure-rms)
 
-- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](./overview-create-wip-policy.md)
+- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](overview-create-wip-policy.md)
 
 - [Intune MAM Without Enrollment](/archive/blogs/configmgrdogs/intune-mam-without-enrollment)
 
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index 745f01da04..0269f73fe5 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -1,15 +1,12 @@
 ---
 title: Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune 
 description: After you've created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 03/05/2019
 ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index 198006483b..1660b49f10 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -2,14 +2,11 @@
 title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) 
 description: Learn the difference between enlightened and unenlightened apps. Find out which enlightened apps are provided by Microsoft. Learn how to allow-list them.
 ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 05/02/2019
-ms.technology: itpro-security
 ---
 
 # List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index b6358e6d30..f98f1a7125 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -1,14 +1,11 @@
 ---
 title: General guidance and best practices for Windows Information Protection (WIP) 
 description: Find resources about apps that can work with Windows Information Protection (WIP) to protect data. Enlightened apps can tell corporate and personal data apart.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
-ms.technology: itpro-security
 ---
 
 # General guidance and best practices for Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
index cef1666430..f30aaac954 100644
--- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
+++ b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
@@ -2,14 +2,11 @@
 title: How to disable Windows Information Protection (WIP)
 description: How to disable Windows Information Protection (WIP) in Microsoft Intune or Microsoft Configuration Manager.
 ms.date: 07/21/2022
-ms.prod: windows-client
 ms.topic: how-to
-ms.localizationpriority: medium
 author: lizgt2000
 ms.author: lizlong
 ms.reviewer: aaroncz
-manager: dougeby
-ms.technology: itpro-security
+manager: aaroncz
 ---
 
 # How to disable Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index db34a870d4..783f627a5c 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -1,15 +1,12 @@
 ---
 title: Limitations while using Windows Information Protection (WIP)
 description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP).
-ms.prod: windows-client
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.reviewer: rafals
 ms.topic: conceptual
 ms.date: 04/05/2019
-ms.localizationpriority: medium
-ms.technology: itpro-security
 ---
 
 # Limitations while using Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 83eea4e8b9..c849026e4b 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -1,14 +1,11 @@
 ---
 title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) 
 description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 05/25/2022
-ms.technology: itpro-security
 ---
 
 # Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
@@ -21,11 +18,11 @@ This list provides all of the tasks and settings that are required for the opera
 |Task|Description|
 |----|-----------|
 |Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. |
-|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](./create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
+|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
 |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it's incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
 |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|
 |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.|
-|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.<br><br>This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](./create-and-verify-an-efs-dra-certificate.md) topic.|
+|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.<br><br>This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) topic.|
 
 
 >[!NOTE]
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
index 529715e6d2..25099e224a 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
@@ -1,14 +1,11 @@
 ---
 title: Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager 
 description: Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
-ms.technology: itpro-security
 ---
 
 # Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
index 95ecaef6c6..794a46361f 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
@@ -1,15 +1,11 @@
 ---
 title: Create a Windows Information Protection (WIP) policy using Microsoft Intune 
 description: Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 03/11/2019
-ms.technology: itpro-security
 ---
 
 # Create a Windows Information Protection (WIP) policy using Microsoft Intune
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index 39b0e027de..4135a203b8 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -1,15 +1,12 @@
 ---
 title: Protect your enterprise data using Windows Information Protection
 description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud.
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.reviewer: rafals
 ms.topic: overview
 ms.date: 07/15/2022
-ms.technology: itpro-security
 ---
 
 # Protect your enterprise data using Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
index 46f941f6f7..fc9dfc237c 100644
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
@@ -1,14 +1,11 @@
 ---
 title: Recommended URLs for Windows Information Protection 
 description: Recommended URLs to add to your Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP).
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 03/25/2019
-ms.technology: itpro-security
 ---
 
 # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
@@ -28,7 +25,7 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
 |If your organization uses... |Add these entries to your Enterprise Cloud Resources network setting<br>(Replace "contoso" with your domain name(s)|
 |-----------------------------|---------------------------------------------------------------------|
 |Sharepoint Online |- `contoso.sharepoint.com`<br/>- `contoso-my.sharepoint.com`<br/>- `contoso-files.sharepoint.com` |
-|Yammer |- `www.yammer.com`<br/>- `yammer.com`<br/>- `persona.yammer.com` |
+|Viva Engage |- `www.yammer.com`<br/>- `yammer.com`<br/>- `persona.yammer.com` |
 |Outlook Web Access (OWA) |- `outlook.office.com`<br/>- `outlook.office365.com`<br/>- `attachments.office.net` |
 |Microsoft Dynamics |`contoso.crm.dynamics.com` |
 |Visual Studio Online |`contoso.visualstudio.com` |
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 6ae2852d49..30c94d76be 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -2,14 +2,11 @@
 title: Testing scenarios for Windows Information Protection (WIP) 
 description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
 ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 03/05/2019
-ms.technology: itpro-security
 ---
 
 # Testing scenarios for Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
index 43ac28801a..43f6497a22 100644
--- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
@@ -1,15 +1,11 @@
 ---
 title: Using Outlook on the web with WIP 
 description: Options for using Outlook on the web with Windows Information Protection (WIP).
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
-ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # Using Outlook on the web with Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
index f2c6ad57af..02730fbed2 100644
--- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
+++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
@@ -1,15 +1,11 @@
 ---
 title: Determine the Enterprise Context of an app running in Windows Information Protection (WIP) 
 description: Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP).
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
-ms.reviewer: 
-ms.technology: itpro-security
 ---
 
 # Determine the Enterprise Context of an app running in Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
index 4bcc628d6a..08963510aa 100644
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@@ -1,15 +1,11 @@
 ---
 title: Fine-tune Windows Information Policy (WIP) with WIP Learning
 description: How to access the WIP Learning report to monitor and apply Windows Information Protection in your company.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 02/26/2019
-ms.technology: itpro-security
 ---
 
 # Fine-tune Windows Information Protection (WIP) with WIP Learning
@@ -19,7 +15,7 @@ ms.technology: itpro-security
 
 With WIP Learning, you can intelligently tune which apps and websites are included in your WIP policy to help reduce disruptive prompts and keep it accurate and relevant. WIP Learning generates two reports: The **App learning report** and the **Website learning report**. Both reports can be accessed from Microsoft Azure Intune.
 
-The **App learning report** monitors your apps, not in policy, that attempt to access work data. You can identify these apps using the report and add them to your WIP policies to avoid productivity disruption before fully enforcing WIP with [“Block”](protect-enterprise-data-using-wip.md#bkmk-modes) mode. Frequent monitoring of the report will help you continuously identify access attempts so you can update your policy accordingly.
+The **App learning report** monitors your apps, not in policy, that attempt to access work data. You can identify these apps using the report and add them to your WIP policies to avoid productivity disruption before fully enforcing WIP with ["Block"](protect-enterprise-data-using-wip.md#bkmk-modes) mode. Frequent monitoring of the report will help you continuously identify access attempts so you can update your policy accordingly.
 
 In the **Website learning report**, you can view a summary of the devices that have shared work data with websites. You can use this information to determine which websites should be added to group and user WIP policies. The summary shows which website URLs are accessed by WIP-enabled apps so you can decide which ones are cloud or personal, and add them to the resource list.
 
diff --git a/windows/security/introduction/index.md b/windows/security/introduction.md
similarity index 73%
rename from windows/security/introduction/index.md
rename to windows/security/introduction.md
index f051acac9f..69e2193bf2 100644
--- a/windows/security/introduction/index.md
+++ b/windows/security/introduction.md
@@ -1,10 +1,11 @@
 ---
 title: Introduction to Windows security
 description: System security book.
-ms.date: 04/24/2023
+ms.date: 09/01/2023
 ms.topic: tutorial
 ms.author: paoloma
-ms.custom: ai-gen-docs
+content_well_notification: 
+  - AI-contribution
 author: paolomatarazzo
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -14,7 +15,7 @@ appliesto:
 
 The acceleration of digital transformation and the expansion of both remote and hybrid work brings new opportunities to organizations, communities, and individuals. This expansion introduces new threats and risks.
 
-Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](../threat-protection/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud.
+Organizations worldwide are adopting a **Zero Trust** security model based on the premise that no person or device anywhere can have access until safety and integrity is proven. Windows 11 is built on Zero Trust principles to enable hybrid productivity and new experiences anywhere, without compromising security. Windows 11 raises the [security baselines](operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) with new requirements for advanced hardware and software protection that extends from chip to cloud.
 
 ## How Windows 11 enables Zero Trust protection
 
@@ -24,7 +25,7 @@ A Zero Trust security model gives the right people the right access at the right
 1. When verified, give people and devices access to only necessary resources for the necessary amount of time
 1. Use continuous analytics to drive threat detection and improve defenses
 
-For Windows 11, the Zero Trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides *chip-to-cloud security*, enabling IT administrators to implement strong authorization and authentication processes with features like [Windows Hello for Business](../identity-protection/hello-for-business/hello-overview.md). IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. Windows 11 works out-of-the-box with Microsoft Intune and Azure Active Directory, which enable timely and seamless access decisions. Furthermore, IT administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
+For Windows 11, the Zero Trust principle of *verify explicitly* applies to risks introduced by both devices and people. Windows 11 provides *chip-to-cloud security*, enabling IT administrators to implement strong authorization and authentication processes with features like [Windows Hello for Business](identity-protection/hello-for-business/index.md). IT administrators also gain attestation and measurements for determining if a device meets requirements and can be trusted. Windows 11 works out-of-the-box with Microsoft Intune and Azure Active Directory, which enables timely and seamless access decisions. Furthermore, IT administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
 
 ### Security, by default
 
@@ -34,7 +35,7 @@ Windows 11 is a natural evolution of its predecessor, Windows 10. We have collab
 
 With hardware-based isolation security that begins at the chip, Windows 11 stores sensitive data behind other barriers separated from the operating system. As a result, information including encryption keys and user credentials are protected from unauthorized access and tampering.
 
-In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with [Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs) and [Secure Boot](../trusted-boot.md) built-in and enabled by default to contain and limit malware exploits.
+In Windows 11, hardware and software work together to protect the operating system. For example, new devices come with [Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs) and [Secure Boot](operating-system-security/system-security/trusted-boot.md) built-in and enabled by default to contain and limit malware exploits.
 
 ### Robust application security and privacy controls
 
@@ -44,7 +45,7 @@ In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/d
 
 ### Secured identities
 
-Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](../information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Windows Defender Credential Guard](../identity-protection/credential-guard/credential-guard.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](../identity-protection/hello-for-business/hello-overview.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
+Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
 
 ### Connecting to cloud services
 
@@ -53,5 +54,3 @@ Microsoft offers comprehensive cloud services for identity, storage, and access
 ## Next steps
 
 To learn more about the security features included in Windows 11, download the [Windows 11 Security Book: Powerful security from chip to cloud](https://aka.ms/Windows11SecurityBook).
-
-[!INCLUDE [ai-disclaimer-generic](../../../includes/ai-disclaimer-generic.md)]
\ No newline at end of file
diff --git a/windows/security/introduction/security-features-edition-requirements.md b/windows/security/introduction/security-features-edition-requirements.md
deleted file mode 100644
index 0cffb54f8f..0000000000
--- a/windows/security/introduction/security-features-edition-requirements.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: Windows security features and edition requirements
-description: Learn about Windows edition requirements for the feature included in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 05/04/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security features and edition requirements
-
-This article lists the security features that are available in Windows, and the Windows editions that support them.
-
-> [!NOTE]
-> The **Windows edition** requirements listed in the following table may be different from the **licensing** requirements. If you're looking for licensing requirements, see [Windows security features and licensing requirements](security-features-licensing-requirements.md).
-
-[!INCLUDE [_edition-requirements](../../../includes/licensing/_edition-requirements.md)]
-
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/introduction/security-features-licensing-requirements.md b/windows/security/introduction/security-features-licensing-requirements.md
deleted file mode 100644
index df7e5bdcec..0000000000
--- a/windows/security/introduction/security-features-licensing-requirements.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: Windows security features and licensing requirements
-description: Learn about Windows features and licensing requirements for the feature included in Windows.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
-ms.collection:
-- tier3
-ms.topic: conceptual
-ms.date: 04/24/2023
-appliesto:
-- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-security
----
-
-# Windows security features and licensing requirements
-
-This article lists the security features that are available in Windows, and the licensing requirements to use them.
-
-> [!NOTE]
-> The **licensing** requirements listed in the following table may be different from the **Windows edition** requirements. If you're looking for Windows edition requirements, see [Windows security features and edition requirements](security-features-edition-requirements.md).
-
-[!INCLUDE [_licensing-requirements](../../../includes/licensing/_licensing-requirements.md)]
-
-For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/licensing-and-edition-requirements.md b/windows/security/licensing-and-edition-requirements.md
new file mode 100644
index 0000000000..6b192f2171
--- /dev/null
+++ b/windows/security/licensing-and-edition-requirements.md
@@ -0,0 +1,31 @@
+---
+title: Windows security features licensing and edition requirements
+description: Learn about Windows licensing and edition requirements for the features included in Windows.
+ms.collection:
+- tier2
+ms.topic: conceptual
+ms.date: 06/15/2023
+appliesto:
+- ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+ms.author: paoloma
+author: paolomatarazzo
+ms.prod: windows-client
+---
+
+# Windows security features licensing and edition requirements
+
+This article lists the security features that are available in Windows.
+
+Select one of the two tabs to learn about licensing requirements to use the security features, or to learn about the Windows edition requirements that support them:
+
+#### [:::image type="icon" source="images/icons/certificate.svg" border="false"::: **Licensing requirements**](#tab/licensing)
+
+[!INCLUDE [licensing-requirements](../../includes/licensing/_licensing-requirements.md)]
+
+#### [:::image type="icon" source="images/icons/windows-os.svg" border="false"::: **Edition requirements**](#tab/edition)
+
+[!INCLUDE [_edition-requirements](../../includes/licensing/_edition-requirements.md)]
+
+---
+
+For more information about Windows licensing, see [Windows Commercial Licensing overview](/windows/whats-new/windows-licensing).
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
similarity index 98%
rename from windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
index 9ed2b2769e..cf39c89999 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -1,16 +1,8 @@
 ---
 title: BCD settings and BitLocker 
 description: This article for IT professionals describes the BCD settings that are used by BitLocker.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
-ms.topic: conceptual
+ms.topic: reference
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # Boot Configuration Data settings and BitLocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md
similarity index 99%
rename from windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md
index 3518062515..52cc2816b8 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-basic-deployment.md
@@ -1,26 +1,12 @@
 ---
 title: BitLocker basic deployment
 description: This article for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # BitLocker basic deployment
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 This article for the IT professional explains how BitLocker features can be used to protect data through drive encryption.
 
 ## Using BitLocker to encrypt volumes
@@ -466,4 +452,4 @@ Disable-BitLocker -MountPoint E:,F:,G:
 - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [BitLocker recovery guide](bitlocker-recovery-guide-plan.md)
 - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
-- [BitLocker overview](bitlocker-overview.md)
+- [BitLocker overview](index.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md
similarity index 91%
rename from windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md
index df0af1d002..46118e83d3 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-countermeasures.md
@@ -1,26 +1,12 @@
 ---
-title: BitLocker Countermeasures 
+title: BitLocker Countermeasures
 description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Anti-malware (ELAM) to protect against attacks on the BitLocker encryption key.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # BitLocker Countermeasures
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 Windows uses technologies including trusted platform module (TPM), secure boot, and measured boot to help protect BitLocker encryption keys against attacks. BitLocker is part of a strategic approach to securing data against offline attacks through encryption technology. Data on a lost or stolen computer is vulnerable. For example, there could be unauthorized access, either by running a software attack tool against the computer or by transferring the computer's hard disk to a different computer.
 
 BitLocker helps mitigate unauthorized data access on lost or stolen computers before the authorized operating system is started. This mitigation is done by:
@@ -45,7 +31,7 @@ A trusted platform module (TPM) is a microchip designed to provide basic securit
 
 Unified Extensible Firmware Interface (UEFI) is a programmable boot environment that initializes devices and starts the operating system's bootloader.
 
-The UEFI specification defines a firmware execution authentication process called [Secure Boot](../secure-the-windows-10-boot-process.md). Secure Boot blocks untrusted firmware and bootloaders (signed or unsigned) from being able to start on the system.
+The UEFI specification defines a firmware execution authentication process called [Secure Boot](../../system-security/secure-the-windows-10-boot-process.md). Secure Boot blocks untrusted firmware and bootloaders (signed or unsigned) from being able to start on the system.
 
 By default, BitLocker provides integrity protection for Secure Boot by utilizing the TPM PCR[7] measurement. An unauthorized EFI firmware, EFI boot application, or bootloader can't run and acquire the BitLocker key.
 
@@ -62,7 +48,7 @@ The next sections cover pre-boot authentication and DMA policies that can provid
 
 ### Pre-boot authentication
 
-Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. The Group Policy setting is [Require additional authentication at startup](./bitlocker-group-policy-settings.md) and the corresponding setting in the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication.
+Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. The Group Policy setting is [Require additional authentication at startup](bitlocker-group-policy-settings.md) and the corresponding setting in the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) is SystemDrivesRequireStartupAuthentication.
 
 BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed. If Windows can't access the encryption keys, the device can't read or edit the files on the system drive. The only option for bypassing pre-boot authentication is entering the recovery key.
 
@@ -70,11 +56,11 @@ Pre-boot authentication is designed to prevent the encryption keys from being lo
 
 On computers with a compatible TPM, operating system drives that are BitLocker-protected can be unlocked in four ways:
 
-- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign-in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.  
+- **TPM-only.** Using TPM-only validation doesn't require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign-in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.
 
 - **TPM with startup key.** In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume can't be accessed without the startup key.
 
-- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enters a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN.  
+- **TPM with PIN.** In addition to the protection that the TPM provides, BitLocker requires that the user enters a PIN. Data on the encrypted volume can't be accessed without entering the PIN. TPMs also have [anti-hammering protection](/windows/security/hardware-protection/tpm/tpm-fundamentals#anti-hammering) that is designed to prevent brute force attacks that attempt to determine the PIN.
 
 - **TPM with startup key and PIN.** In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it can't be used for access to the drive, because the correct PIN is also required.
 
@@ -86,11 +72,11 @@ Pre-boot authentication with a PIN can mitigate an attack vector for devices tha
 
 On the other hand, Pre-boot authentication-prompts can be inconvenient to users. In addition, users who forget their PIN or lose their startup key are denied access to their data until they can contact their organization's support team to obtain a recovery key. Pre-boot authentication can also make it more difficult to update unattended desktops and remotely administered servers because a PIN needs to be entered when a computer reboots or resumes from hibernation.
 
-To address these issues, [BitLocker Network Unlock](./bitlocker-how-to-enable-network-unlock.md) can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server.  
+To address these issues, [BitLocker Network Unlock](bitlocker-how-to-enable-network-unlock.md) can be deployed. Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server.
 
 ### Protecting Thunderbolt and other DMA ports
 
-There are a few different options to protect DMA ports, such as Thunderbolt&trade;3. Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt&trade; 3 ports enabled by default. This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.  
+There are a few different options to protect DMA ports, such as Thunderbolt&trade;3. Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt&trade; 3 ports enabled by default. This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.
 
 You can use the System Information desktop app `MSINFO32.exe` to check if a device has kernel DMA protection enabled:
 
@@ -106,13 +92,13 @@ If kernel DMA protection isn't enabled, follow these steps to protect Thunderbol
 
     - MDM: [DataProtection/AllowDirectMemoryAccess](/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy
 
-    - Group Policy: [Disable new DMA devices when this computer is locked](./bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.)
+    - Group Policy: [Disable new DMA devices when this computer is locked](bitlocker-group-policy-settings.md#disable-new-dma-devices-when-this-computer-is-locked) (This setting isn't configured by default.)
 
 For Thunderbolt v1 and v2 (DisplayPort Connector), refer to the **Thunderbolt Mitigation** section in [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). For SBP-2 and 1394 (also known as Firewire), refer to the **SBP-2 Mitigation** section in [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d).
 
 ## Attack countermeasures
 
-This section covers countermeasures for specific types of attacks. 
+This section covers countermeasures for specific types of attacks.
 
 ### Bootkits and rootkits
 
@@ -142,7 +128,7 @@ Enable secure boot and mandatorily prompt a password to change BIOS settings. Fo
 ### Tricking BitLocker to pass the key to a rogue operating system
 
 An attacker might modify the boot manager configuration database (BCD) which is stored on a non-encrypted partition and add an entry point to a rogue operating system on a different partition. During the boot process, BitLocker code will make sure that the operating system that the encryption key obtained from the TPM is given to, is cryptographically verified to be the intended recipient. Because this strong cryptographic verification already exists, we don't recommend storing a hash of a disk partition table in Platform Configuration Register (PCR) 5.
- 
+
 An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This will not succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0, and to successfully unseal the blob, PCR 11 in the TPM must have a value of 0. However, when the boot manager passes the control to any boot loader (legitimate or rogue) it always changes PCR 11 to a value of 1. Since the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can't unlock the BitLocker key.
 
 ## Attacker countermeasures
@@ -180,7 +166,7 @@ Mitigation:
 > [!IMPORTANT]
 > These settings are **not configured** by default.
 
-For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for [enhanced PIN](./bitlocker-group-policy-settings.md) is:
+For some systems, bypassing TPM-only may require opening the case, and may require soldering, but could possibly be done for a reasonable cost. Bypassing a TPM with a PIN protector would cost much more, and require brute forcing the PIN. With a sophisticated enhanced PIN, it could be nearly impossible. The Group Policy setting for [enhanced PIN](bitlocker-group-policy-settings.md) is:
 
 - *Computer Configuration* > *Policies* > *Administrative Templates* > *Windows Components* > *BitLocker Drive Encryption* > *Operating System Drives* > **Allow enhanced PINs for startup**
 
@@ -192,6 +178,6 @@ For secure administrative workstations, Microsoft recommends a TPM with PIN prot
 ## Related articles
 
 - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d)
-- [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md)
+- [BitLocker Group Policy settings](bitlocker-group-policy-settings.md)
 - [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp)
 - [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-)
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md
new file mode 100644
index 0000000000..1654153fec
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-deployment-comparison.md
@@ -0,0 +1,49 @@
+---
+title: BitLocker deployment comparison 
+description: This article shows the BitLocker deployment comparison chart.
+ms.topic: conceptual
+ms.date: 11/08/2022
+---
+
+# BitLocker deployment comparison
+
+This article depicts the BitLocker deployment comparison chart.
+
+## BitLocker deployment comparison chart
+
+| Requirements | Microsoft Intune | Microsoft Configuration Manager | Microsoft BitLocker Administration and Monitoring (MBAM) |
+|--|--|--|--|
+| *Minimum client operating system version* | Windows 11 and Windows 10 | Windows 11, Windows 10, and Windows 8.1 | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11 |
+| *Supported Windows SKUs* | Enterprise, Pro, Education | Enterprise, Pro, Education | Enterprise |
+| *Minimum Windows version* | 1909 | None | None |
+| *Supported domain-joined status* | Microsoft Azure Active Directory (Azure AD) joined, hybrid Azure AD joined | Active Directory-joined, hybrid Azure AD joined | Active Directory-joined |
+| *Permissions required to manage policies* | Endpoint security manager or custom | Full administrator or custom | Domain Admin or Delegated GPO access |
+| *Cloud or on premises* | Cloud | On premises | On premises |
+| Server components required? |  | ✅ | ✅ |
+| *Additional agent required?* | No (device enrollment only) | Configuration Manager client | MBAM client |
+| *Administrative plane* | Microsoft Intune admin center | Configuration Manager console | Group Policy Management Console and MBAM sites |
+| *Administrative portal installation required* |  | ✅ | ✅ |
+| *Compliance reporting capabilities* | ✅ | ✅ | ✅ |
+| *Force encryption* | ✅ | ✅ | ✅ |
+| *Encryption for storage cards (mobile)* | ✅ | ✅ |  |
+| *Allow recovery password* | ✅ | ✅ | ✅ |
+| *Manage startup authentication* | ✅ | ✅ | ✅ |
+| *Select cipher strength and algorithms for fixed drives* | ✅ | ✅ | ✅ |
+| *Select cipher strength and algorithms for removable drives* | ✅ | ✅ | ✅ |
+| *Select cipher strength and algorithms for operating environment drives* | ✅ | ✅ | ✅ |
+| *Standard recovery password storage location* | Azure AD or Active Directory | Configuration Manager site database | MBAM database |
+| *Store recovery password for operating system and fixed drives to Azure AD or Active Directory* | Yes (Active Directory and Azure AD) | Yes (Active Directory only) | Yes (Active Directory only) |
+| *Customize preboot message and recovery link* | ✅ | ✅ | ✅ |
+| *Allow/deny key file creation* | ✅ | ✅ | ✅ |
+| *Deny Write permission to unprotected drives* | ✅ | ✅ | ✅ |
+| *Can be administered outside company network* | ✅ | ✅ |  |
+| *Support for organization unique IDs* |  | ✅ | ✅ |
+| *Self-service recovery* | Yes (through Azure AD or Company Portal app) | ✅ | ✅ |
+| *Recovery password rotation for fixed and operating environment drives* | Yes (Windows 10, version 1909 and later) | ✅ | ✅ |
+| *Wait to complete encryption until recovery information is backed up to Azure AD* | ✅ |  |  |
+| *Wait to complete encryption until recovery information is backed up to Active Directory* |  | ✅ | ✅ |
+| *Allow or deny Data Recovery Agent* | ✅ | ✅ | ✅ |
+| *Unlock a volume using certificate with custom object identifier* |  | ✅ | ✅ |
+| *Prevent memory overwrite on restart* |  | ✅ | ✅ |
+| *Configure custom Trusted Platform Module Platform Configuration Register profiles* |  |  | ✅ |
+| *Manage auto-unlock functionality* |  | ✅ | ✅ |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
similarity index 97%
rename from windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index c0f495b8a6..d93426076e 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -1,29 +1,16 @@
 ---
 title: Overview of BitLocker Device Encryption in Windows
 description: This article provides an overview of how BitLocker Device Encryption can help protect data on devices running Windows.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.collection: 
   - highpri
   - tier1
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
-# Overview of BitLocker Device Encryption in Windows
+# Overview of BitLocker device encryption
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-This article explains how BitLocker Device Encryption can help protect data on devices running Windows. See [BitLocker](bitlocker-overview.md) for a general overview and list of articles.
+This article explains how BitLocker Device Encryption can help protect data on devices running Windows. See [BitLocker](index.md) for a general overview and list of articles.
 
 When users travel, their organization's confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and providing new strategies.
 
@@ -31,7 +18,6 @@ When users travel, their organization's confidential data goes with them. Wherev
 
 The below table lists specific data-protection concerns and how they're addressed in Windows 11, Windows 10, and Windows 7.
 
-
 | Windows 7 | Windows 11 and Windows 10 |
 |---|---|
 | When BitLocker is used with a PIN to protect startup, PCs such as kiosks can't be restarted remotely. | Modern Windows devices are increasingly protected with BitLocker Device Encryption out of the box and support SSO to seamlessly protect the BitLocker encryption keys from cold boot attacks.<br><br>Network Unlock allows PCs to start automatically when connected to the internal network. |
@@ -126,7 +112,7 @@ Requiring a PIN at startup is a useful security feature because it acts as a sec
 
 Windows 11 and Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, Modern Standby devices don't require a PIN for startup: They're designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
 
-For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md).
+For more information about how startup security works and the countermeasures that Windows 11 and Windows 10 provide, see [Protect BitLocker from pre-boot attacks](bitlocker-countermeasures.md).
 
 ## Configure Network Unlock
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md
similarity index 99%
rename from windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md
index b14f859b9a..f6aa783b9e 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -1,35 +1,21 @@
 ---
 title: BitLocker Group Policy settings 
 description: This article for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.collection: 
   - highpri
   - tier1
-ms.topic: conceptual
+ms.topic: reference
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # BitLocker group policy settings
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 This article for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
 
 Group Policy administrative templates or local computer policy settings can be used to control what BitLocker drive encryption tasks and configurations can be performed by users, for example through the **BitLocker Drive Encryption** control panel. Which of these policies are configured and how they're configured depends on how BitLocker is implemented and what level of interaction is desired for end users.
 
 > [!NOTE]
-> A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM). For details about those settings, see [Trusted Platform Module Group Policy settings](../tpm/trusted-platform-module-services-group-policy-settings.md).
+> A separate set of Group Policy settings supports the use of the Trusted Platform Module (TPM). For details about those settings, see [TPM Group Policy settings](../../../hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md).
 
 BitLocker Group Policy settings can be accessed using the Local Group Policy Editor and the Group Policy Management Console (GPMC) under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption**.
 
@@ -233,7 +219,7 @@ This policy setting is applied when BitLocker is turned on. The startup PIN must
 
 Originally, BitLocker allowed a length from 4 to 20 characters for a PIN. Windows Hello has its own PIN for sign-in, length of which can be 4 to 127 characters. Both BitLocker and Windows Hello use the TPM to prevent PIN brute-force attacks.
 
-The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](../tpm/trusted-platform-module-services-group-policy-settings.md)) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made.
+The TPM can be configured to use Dictionary Attack Prevention parameters ([lockout threshold and lockout duration](../../../hardware-security/tpm/trusted-platform-module-services-group-policy-settings.md) to control how many failed authorizations attempts are allowed before the TPM is locked out, and how much time must elapse before another attempt can be made.
 
 The Dictionary Attack Prevention Parameters provide a way to balance security needs with usability. For example, when BitLocker is used with a TPM + PIN configuration, the number of PIN guesses is limited over time. A TPM 2.0 in this example could be configured to allow only 32 PIN guesses immediately, and then only one more guess every two hours. This number of attempts totals to a maximum of about 4415 guesses per year. If the PIN is four digits, all 9999 possible PIN combinations could be attempted in a little over two years.
 
@@ -452,7 +438,7 @@ When set to **Do not allow complexity**, no password complexity validation is do
 > [!NOTE]
 > Passwords can't be used if FIPS compliance is enabled. The **System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing** policy setting in **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** specifies whether FIPS compliance is enabled.
 
-For information about this setting, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](../../threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).
+For information about this setting, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](../../../threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).
 
 ### Validate smart card certificate usage rule compliance
 
@@ -1306,7 +1292,7 @@ The optional recovery key can be saved to a USB drive. Because recovery password
 
 The FIPS setting can be edited by using the Security Policy Editor (`Secpol.msc`) or by editing the Windows registry. Only administrators can perform these procedures.
 
-For more information about setting this policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](../../threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).
+For more information about setting this policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](../../../threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).
 
 ## Power management group policy settings: Sleep and Hibernate
 
@@ -1337,6 +1323,6 @@ PCR 7 measurements are a mandatory logo requirement for systems that support Mod
 
 - [Trusted Platform Module](/windows/device-security/tpm/trusted-platform-module-overview)
 - [TPM Group Policy settings](/windows/device-security/tpm/trusted-platform-module-services-group-policy-settings)
-- [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml)
-- [BitLocker overview](bitlocker-overview.md)
+- [BitLocker frequently asked questions (FAQ)](faq.yml)
+- [BitLocker overview](index.md)
 - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
similarity index 64%
rename from windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index 9d743637c9..1c64084bcd 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -1,57 +1,32 @@
 ---
-title: BitLocker How to deploy on Windows Server 2012 and later
-description: This article for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
+title: BitLocker How to deploy on Windows Server
+description: This article for the IT professional explains how to deploy BitLocker and Windows Server
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
-# BitLocker: How to deploy on Windows Server 2012 and later
+# BitLocker: How to deploy on Windows Server
 
-**Applies to:**
-
-- Windows Server 2012
-- Windows Server 2012 R2
-- Windows Server 2016 and above
-
-This article explains how to deploy BitLocker on Windows Server 2012 and later versions. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server on which it's to be installed.
+This article explains how to deploy BitLocker on Windows Server. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server on which it's to be installed.
 
 ## Installing BitLocker
 
 ### To install BitLocker using server manager
 
-1. Open server manager by selecting the server manager icon or running servermanager.exe.
-
-2. Select **Manage** from the **Server Manager Navigation** bar and select **Add Roles and Features** to start the **Add Roles and Features Wizard.**
-
-3. With the **Add Roles and Features** wizard open, select **Next** at the **Before you begin** pane (if shown).
-
-4. Select **Role-based or feature-based installation** on the **Installation type** pane of the **Add Roles and Features** wizard and select **Next** to continue.
-
-5. Select the **Select a server from the server pool** option in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed.
-
-6. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane.
-
+1. Open server manager by selecting the server manager icon or running `servermanager.exe`.
+1. Select **Manage** from the **Server Manager Navigation** bar and select **Add Roles and Features** to start the **Add Roles and Features Wizard.**
+1. With the **Add Roles and Features** wizard open, select **Next** at the **Before you begin** pane (if shown).
+1. Select **Role-based or feature-based installation** on the **Installation type** pane of the **Add Roles and Features** wizard and select **Next** to continue.
+1. Select the **Select a server from the server pool** option in the **Server Selection** pane and confirm the server on which the BitLocker feature is to be installed.
+1. Select **Next** on the **Server Roles** pane of the **Add Roles and Features** wizard to proceed to the **Features** pane.
    > [!NOTE]
    > Server roles and features are installed by using the same wizard in Server Manager.
-
-7. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the extra management features available for BitLocker. If the extra management features are not needed and/or don't need to be installed, deselect the **Include management tools**.
-
+1. Select the check box next to **BitLocker Drive Encryption** within the **Features** pane of the **Add Roles and Features** wizard. The wizard shows the extra management features available for BitLocker. If the extra management features aren't needed and/or don't need to be installed, deselect the **Include management tools**.
    > [!NOTE]
    > The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for encrypted hard drives on capable systems.
-
-8. Select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard.
-
-9. Select **Install** on the **Confirmation** pane of the **Add Roles and Features** wizard to begin BitLocker feature installation. The BitLocker feature requires a restart for its installation to be complete. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the computer after installation is complete.
-
-10. If the **Restart the destination server automatically if required** check box isn't selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If necessary, a notification of other action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text.
+1. Select **Add Features**. Once optional features selection is complete, select **Next** to proceed in the wizard.
+1. Select **Install** on the **Confirmation** pane of the **Add Roles and Features** wizard to begin BitLocker feature installation. The BitLocker feature requires a restart for its installation to be complete. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the computer after installation is complete.
+1. If the **Restart the destination server automatically if required** check box isn't selected, the **Results** pane of the **Add Roles and Features** wizard displays the success or failure of the BitLocker feature installation. If necessary, a notification of other action necessary to complete the feature installation, such as the restart of the computer, will be displayed in the results text.
 
 ### To install BitLocker using Windows PowerShell
 
@@ -64,7 +39,7 @@ Windows PowerShell offers administrators another option for BitLocker feature in
 
 The `servermanager` Windows PowerShell module can use either the `Install-WindowsFeature` or `Add-WindowsFeature` to install the BitLocker feature. The `Add-WindowsFeature` cmdlet is merely a stub to the `Install-WindowsFeature`. This example uses the `Install-WindowsFeature` cmdlet. The feature name for BitLocker in the `servermanager` module is `BitLocker`.
 
-By default, installation of features in Windows PowerShell doesn't include optional sub-features or management tools as part of the installation process. What is installed as part of the installation process can be seen using the `-WhatIf` option in Windows PowerShell.
+By default, installation of features in Windows PowerShell doesn't include optional subfeatures or management tools as part of the installation process. What is installed as part of the installation process can be seen using the `-WhatIf` option in Windows PowerShell.
 
 ```powershell
 Install-WindowsFeature BitLocker -WhatIf
@@ -72,7 +47,7 @@ Install-WindowsFeature BitLocker -WhatIf
 
 The results of this command show that only the BitLocker Drive Encryption feature is installed using this command.
 
-To see what would be installed with the BitLocker feature, including all available management tools and sub-features, use the following command:
+To see what would be installed with the BitLocker feature, including all available management tools and subfeatures, use the following command:
 
 ```powershell
 Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl
@@ -88,7 +63,7 @@ The result of this command displays the following list of all the administration
 - AD DS Tools
 - AD DS and AD LDS Tools
 
-The command to complete a full installation of the BitLocker feature with all available sub-features and then to reboot the server at completion is:
+The command to complete a full installation of the BitLocker feature with all available subfeatures and then to reboot the server at completion is:
 
 ```powershell
 Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart
@@ -99,13 +74,13 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -
 
 ### Using the dism module to install BitLocker
 
-The `dism.exe` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism.exe` module doesn't support wildcards when searching for feature names. To list feature names for the `dism.exe` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system.
+The `dism.exe` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism.exe` module doesn't support wildcards when searching for feature names. To list feature names for the `dism.exe` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command lists all of the optional features in an online (running) operating system.
 
 ```powershell
 Get-WindowsOptionalFeature -Online | ft
 ```
 
-From this output, it can be seen that there are three BitLocker-related optional feature names: **BitLocker**, **BitLocker-Utilities** and **BitLocker-NetworkUnlock**. To install the BitLocker feature, the **BitLocker** and **BitLocker-Utilities** features are the only required items.
+From this output, there are three BitLocker-related optional feature names: **BitLocker**, **BitLocker-Utilities** and **BitLocker-NetworkUnlock**. To install the BitLocker feature, the **BitLocker** and **BitLocker-Utilities** features are the only required items.
 
 To install BitLocker using the `dism.exe` module, use the following command:
 
@@ -121,7 +96,7 @@ Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilitie
 
 ## Related articles
 
-- [BitLocker overview](bitlocker-overview.md)
-- [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml)
+- [BitLocker overview](index.md)
+- [BitLocker frequently asked questions (FAQ)](faq.yml)
 - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
similarity index 98%
rename from windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index 442be0541b..11f7b07e86 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -1,26 +1,12 @@
 ---
 title: BitLocker - How to enable Network Unlock 
 description: This article for the IT professional describes how BitLocker Network Unlock works and how to configure it.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # BitLocker: How to enable Network Unlock
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 This article describes how BitLocker Network Unlock works and how to configure it.
 
 Network Unlock is a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker-enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware. Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). Requiring a PIN after a reboot can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers.
@@ -462,6 +448,6 @@ Follow these steps to configure Network Unlock on these older systems.
 
 ## Related articles
 
-- [BitLocker overview](bitlocker-overview.md)
-- [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml)
+- [BitLocker overview](index.md)
+- [BitLocker frequently asked questions (FAQ)](faq.yml)
 - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md
similarity index 89%
rename from windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md
index 8f46db3e99..c88b6cde1e 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -1,28 +1,21 @@
 ---
 title: BitLocker management
 description: Refer to relevant documentation, products, and services to learn about managing BitLocker and see recommendations for different computers.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # BitLocker management
 
 The ideal solution for BitLocker management is to eliminate the need for IT administrators to set management policies using tools or other mechanisms by having Windows perform tasks that are more practical to automate. This vision leverages modern hardware developments. The growth of TPM 2.0, secure boot, and other hardware improvements, for example, have helped to alleviate the support burden on help desks and a decrease in support-call volumes, yielding improved user satisfaction. Windows continues to be the focus for new features and improvements for built-in encryption management, such as automatically enabling encryption on devices that support Modern Standby beginning with Windows 8.1.
 
-Though much Windows [BitLocker documentation](bitlocker-overview.md) has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. This article links to relevant documentation, products, and services to help answer this and other related frequently asked questions, and also provides BitLocker recommendations for different types of computers.
+Though much Windows [BitLocker documentation](index.md) has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. This article links to relevant documentation, products, and services to help answer this and other related frequently asked questions, and also provides BitLocker recommendations for different types of computers.
 
-[!INCLUDE [bitlocker](../../../../includes/licensing/bitlocker-management.md)]
+[!INCLUDE [bitlocker](../../../../../includes/licensing/bitlocker-management.md)]
 
 ## Managing domain-joined computers and moving to cloud  
 
-Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](./bitlocker-group-policy-settings.md).
+Companies that image their own computers using Configuration Manager can use an existing task sequence to [pre-provision BitLocker](/configmgr/osd/understand/task-sequence-steps#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](/configmgr/osd/understand/task-sequence-steps#BKMK_EnableBitLocker). These steps during an operating system deployment can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use Configuration Manager to pre-set any desired [BitLocker Group Policy](bitlocker-group-policy-settings.md).
 
 Enterprises can use [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](/lifecycle/products/?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201%2F) or they can receive extended support until April 2026. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD).
 
@@ -96,10 +89,10 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi
 
 ## Related Articles
 
-- [BitLocker: FAQs](bitlocker-frequently-asked-questions.yml)
+- [BitLocker: FAQs](faq.yml)
 - [Microsoft BitLocker Administration and Management (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/)
 - [Overview of BitLocker Device Encryption in Windows](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption)
-- [BitLocker Group Policy Reference](./bitlocker-group-policy-settings.md)
+- [BitLocker Group Policy Reference](bitlocker-group-policy-settings.md)
 - [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune/)
 *(Overview)*
 - [Configuration Settings Providers](/windows/client-management/mdm/policy-configuration-service-provider)
@@ -111,11 +104,10 @@ Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes256 -UsedSpaceOnly -Pi
 - [Windows Server Installation Options](/windows-server/get-started-19/install-upgrade-migrate-19/)
 - [How to update local source media to add roles and features](/archive/blogs/joscon/how-to-update-local-source-media-to-add-roles-and-features)
 - [How to add or remove optional components on Server Core](/archive/blogs/server_core/using-features-on-demand-with-updated-systems-and-patched-images) *(Features on Demand)*
-- [BitLocker: How to deploy on Windows Server 2012 and newer](bitlocker-how-to-deploy-on-windows-server.md)  
-- [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
+- [How to deploy BitLocker on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)  
+- [How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
 - [Shielded VMs and Guarded Fabric](https://blogs.technet.microsoft.com/windowsserver/2016/05/10/a-closer-look-at-shielded-vms-in-windows-server-2016/)
 
 ### PowerShell
 
 - [BitLocker cmdlets for Windows PowerShell](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md#bitlocker-cmdlets-for-windows-powershell)
-- [Surface Pro Specifications](https://www.microsoft.com/surface/support/surface-pro-specs/)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
similarity index 98%
rename from windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 39eb80e0aa..c934ae7570 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -1,29 +1,15 @@
 ---
 title: BitLocker recovery guide
 description: This article for IT professionals describes how to recover BitLocker keys from Active Directory Domain Services (AD DS).
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-ms.reviewer: rafals
-manager: aaroncz
 ms.collection: 
   - highpri
   - tier1
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
 ---
 
 # BitLocker recovery guide
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 This article describes how to recover BitLocker keys from AD DS.
 
 Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data. It's recommended to create a recovery model for BitLocker while planning for BitLocker deployment.
@@ -345,17 +331,17 @@ It can also be configured using mobile device management (MDM), including in Int
 
 **`<LocURI>./Device/Vendor/MSFT/BitLocker/SystemDrivesRecoveryMessage</LocURI>`**
 
-![Custom URL.](./images/bl-intune-custom-url.png)
+![Custom URL.](images/bl-intune-custom-url.png)
 
 Example of a customized recovery screen:
 
-![Customized BitLocker Recovery Screen.](./images/bl-password-hint1.png)
+![Customized BitLocker Recovery Screen.](images/bl-password-hint1.png)
 
 ### BitLocker recovery key hints
 
 BitLocker metadata has been enhanced starting in Windows 10, version 1903, to include information about when and where the BitLocker recovery key was backed up. This information isn't exposed through the UI or any public API. It's used solely by the BitLocker recovery screen in the form of hints to help a user locate a volume's recovery key. Hints are displayed on the recovery screen and refer to the location where the key has been saved. Hints are displayed on both the modern (blue) and legacy (black) recovery screen. The hints apply to both the boot manager recovery screen and the WinRE unlock screen.
 
-![Customized BitLocker recovery screen.](./images/bl-password-hint2.png)
+![Customized BitLocker recovery screen.](images/bl-password-hint2.png)
 
 > [!IMPORTANT]
 > It is not recommend to print recovery keys or saving them to a file. Instead, use Active Directory backup or a cloud-based backup. Cloud-based backup includes Azure Active Directory (Azure AD) and Microsoft account.
@@ -392,7 +378,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** The hints for the Microsoft account and custom URL are displayed.
 
-![Example 1 of Customized BitLocker recovery screen.](./images/rp-example1.png)
+![Example 1 of Customized BitLocker recovery screen.](images/rp-example1.png)
 
 #### Example 2 (single recovery key with single backup)
 
@@ -406,7 +392,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** Only the custom URL is displayed.
 
-![Example 2 of customized BitLocker recovery screen.](./images/rp-example2.png)
+![Example 2 of customized BitLocker recovery screen.](images/rp-example2.png)
 
 #### Example 3 (single recovery key with multiple backups)
 
@@ -420,7 +406,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** Only the Microsoft Account hint is displayed.
 
-![Example 3 of customized BitLocker recovery screen.](./images/rp-example3.png)
+![Example 3 of customized BitLocker recovery screen.](images/rp-example3.png)
 
 #### Example 4  (multiple recovery passwords)
 
@@ -449,7 +435,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** Only the hint for a successfully backed up key is displayed, even if it isn't the most recent key.
 
-![Example 4 of customized BitLocker recovery screen.](./images/rp-example4.png)
+![Example 4 of customized BitLocker recovery screen.](images/rp-example4.png)
 
 #### Example 5  (multiple recovery passwords)
 
@@ -475,7 +461,7 @@ There are rules governing which hint is shown during the recovery (in the order
 
 **Result:** The hint for the most recent key is displayed.
 
-![Example 5 of customized BitLocker recovery screen.](./images/rp-example5.png)
+![Example 5 of customized BitLocker recovery screen.](images/rp-example5.png)
 
 ## Using additional recovery information
 
@@ -990,4 +976,4 @@ End Function
 
 ## Related articles
 
-- [BitLocker overview](bitlocker-overview.md)
+- [BitLocker overview](index.md)
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
similarity index 82%
rename from windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
rename to windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index 9e538c4fef..cde89fc313 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -1,40 +1,17 @@
 ---
-title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker 
-description: This article for the IT professional describes how to use tools to manage BitLocker.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
+title: How to use the BitLocker drive encryption tools to manage BitLocker 
+description: Learn how to use tools to manage BitLocker.
 ms.collection: 
-  - highpri
   - tier1
-ms.topic: conceptual
-ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
+ms.topic: how-to
+ms.date: 07/25/2023
 ---
 
-# BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker
+# How to use the BitLocker drive encryption tools to manage BitLocker
 
-**Applies to:**
+BitLocker drive encryption tools include the command-line tools *manage-bde.exe*, *repair-bde.exe*, and the cmdlets for Windows PowerShell.
 
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-This article for the IT professional describes how to use tools to manage BitLocker.
-
-BitLocker Drive Encryption Tools include the command-line tools manage-bde and repair-bde and the BitLocker cmdlets for Windows PowerShell.
-
-Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.
-
-Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive can't be unlocked normally or using the recovery console.
-
-1. [Manage-bde](#manage-bde)
-2. [Repair-bde](#repair-bde)
-3. [BitLocker cmdlets for Windows PowerShell](#bitlocker-cmdlets-for-windows-powershell)
+The tools can be used to perform any tasks that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.
 
 ## Manage-bde
 
@@ -101,26 +78,24 @@ manage-bde.exe -protectors -add -pw C:
 manage-bde.exe -on C:
 ```
 
-## Repair-bde
+## BitLocker Repair Tool
 
 Hard disk areas on which BitLocker stores critical information could be damaged, for example, when a hard disk fails or if Windows exits unexpectedly.
 
-The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted with BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, the backup key package in addition to the recovery password or recovery key must be supplied. This key package is backed up in Active Directory Domain Services (AD DS) if the default settings for AD DS backup are used. With this key package and either the recovery password or recovery key, portions of a corrupted BitLocker-protected drive can be decrypted. Each key package will work only for a drive that has the corresponding drive identifier. The BitLocker Recovery Password Viewer can be used to obtain this key package from AD DS.
+The BitLocker Repair Tool (*repair-bde.exe*) is useful for disaster recovery scenarios, in which a BitLocker protected drive can't be unlocked normally or using the recovery console.
+
+The Repair Tool can reconstruct critical parts of the drive and salvage recoverable data, as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive is corrupt, the backup key package in addition to the recovery password or recovery key must be supplied. The key package is backed up in Active Directory Domain Services (AD DS) if the default settings for AD DS backup are used. With the key package and either the recovery password or recovery key, portions of a corrupted BitLocker-protected drive can be decrypted. Each key package works only for a drive that has the corresponding drive identifier. The BitLocker Recovery Password Viewer can be used to obtain this key package from AD DS.
 
 > [!TIP]
-> If recovery information is not being backed up to AD DS or if key packages need to be saved in an alternative way, the command:
+> If recovery information is not backed up to AD DS or if key packages need to be saved in an alternative way, use the following command to generate a key package for a volume:
 >
 > `manage-bde.exe -KeyPackage`
->
-> can be used to generate a key package for a volume.
 
-The Repair-bde command-line tool is intended for use when the operating system doesn't start or when the BitLocker Recovery Console can't be started. Use Repair-bde if the following conditions are true:
+The Repair Tool is intended for use when the operating system doesn't start or when the BitLocker Recovery Console can't be started. Use Repair-bde in the following conditions:
 
-- The drive has been encrypted using BitLocker Drive Encryption.
-
-- Windows doesn't start, or the BitLocker recovery console can't be started.
-
-- There isn't a backup copy of the data that is contained on the encrypted drive.
+- The drive is encrypted using BitLocker Drive Encryption
+- Windows doesn't start, or the BitLocker recovery console can't start
+- There isn't a backup copy of the data that is contained on the encrypted drive
 
 > [!NOTE]
 > Damage to the drive may not be related to BitLocker. Therefore, it is recommended to try other tools to help diagnose and resolve the problem with the drive before using the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers.
@@ -246,8 +221,8 @@ Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-
 
 ## Related articles
 
-- [BitLocker overview](bitlocker-overview.md)
-- [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml)
+- [BitLocker overview](index.md)
+- [BitLocker frequently asked questions (FAQ)](faq.yml)
 - [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)
 - [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md)
 - [BitLocker: How to deploy on Windows Server 2012](bitlocker-how-to-deploy-on-windows-server.md)
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
new file mode 100644
index 0000000000..322c07dbd6
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -0,0 +1,45 @@
+---
+title: How to use BitLocker Recovery Password Viewer 
+description: Learn how to use the BitLocker Recovery Password Viewer tool.
+ms.collection: 
+  - tier1
+ms.topic: how-to
+ms.date: 07/25/2023
+---
+
+# How to use BitLocker Recovery Password Viewer
+
+BitLocker Recovery Password Viewer is an optional tool included with the *Remote Server Administration Tools (RSAT)*. With Recovery Password Viewer you can view the BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). The tool is an extension for the *Active Directory Users and Computers Microsoft Management Console (MMC)* snap-in.
+
+With BitLocker Recovery Password Viewer you can:
+
+- Check the Active Directory computer object's properties to find the associated BitLocker recovery passwords
+- Search Active Directory for BitLocker recovery password across all the domains in the Active Directory forest. Passwords can also be searched by password identifier (ID)
+
+## Requirements
+
+To complete the procedures in this scenario, the following requirements must be met:
+
+- Domain administrator credentials
+- Devices must be joined to the domain
+- On the domain-joined devices, BitLocker must be enabled
+
+The following procedures describe the most common tasks performed by using the BitLocker Recovery Password Viewer.
+
+## View the recovery passwords for a computer object
+
+1. In **Active Directory Users and Computers**, locate and then select the container in which the computer is located
+1. Right-click the computer object and select **Properties**
+1. In the **Properties** dialog box, select the **BitLocker Recovery** tab to view the BitLocker recovery passwords that are associated with the computer
+
+## Copy the recovery passwords for a computer object
+
+1. Follow the steps in the previous procedure to view the BitLocker recovery passwords
+1. On the **BitLocker Recovery** tab of the **Properties** dialog box, right-click the BitLocker recovery password that needs to be copied, and then select **Copy Details**
+1. Press <kbd>CTRL</kbd>+<kbd>V</kbd> to paste the copied text to a destination location, such as a text file or spreadsheet
+
+## Locate a recovery password by using a password ID
+
+1. In Active Directory Users and Computers, right-click the domain container and select **Find BitLocker Recovery Password**
+1. In the **Find BitLocker Recovery Password** dialog box, type the first eight characters of the recovery password in the **Password ID (first 8 characters)** box, and select **Search**
+1. Once the recovery password is located, you can use the previous procedure to copy it
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
new file mode 100644
index 0000000000..9af21917f8
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
@@ -0,0 +1,476 @@
+### YamlMime:FAQ
+metadata:
+  title: BitLocker FAQ
+  description: Learn more about BitLocker by reviewing the frequently asked questions. 
+  ms.collection:
+    - tier1
+  ms.topic: faq
+  ms.date: 07/25/2023
+title: BitLocker FAQ
+summary: Learn more about BitLocker by reviewing the frequently asked questions.
+
+sections:
+
+### YamlMime:FAQ
+  - name: Overview and requirements
+    questions:
+      - question: How does BitLocker work?
+        answer: |
+          **How BitLocker works with operating system drives**
+          
+          BitLocker Can be used to mitigate unauthorized data access on lost or stolen computers by encrypting all user files and system files on the operating system drive, including the swap files and hibernation files, and checking the integrity of early boot components and boot configuration data.
+          
+          **How BitLocker works with fixed and removable data drives**
+          
+          BitLocker can be used to encrypt the entire contents of a data drive. Group Policy can be used to require BitLocker be enabled on a drive before the computer can write data to the drive. BitLocker can be configured with various unlock methods for data drives, and a data drive supports multiple unlock methods.
+          
+      - question: Does BitLocker support multifactor authentication?
+        answer: Yes, BitLocker supports multifactor authentication for operating system drives. If BitLocker is enabled on a computer that has a TPM version 1.2 or later, additional forms of authentication can be used with the TPM protection.
+
+      - question: What are the BitLocker hardware and software requirements?
+        answer: |
+          For requirements, see [System requirements](index.md#system-requirements).
+          
+          > [!NOTE]
+          > Dynamic disks aren't supported by BitLocker. Dynamic data volumes won't be displayed in the Control Panel. Although the operating system volume will always be displayed in the Control Panel, regardless of whether it's a Dynamic disk, if it's a dynamic disk it can't be protected by BitLocker.
+
+      - question: Why are two partitions required? Why does the system drive have to be so large?
+        answer: Two partitions are required to run BitLocker because pre-startup authentication and system integrity verification must occur on a separate partition from the encrypted operating system drive. This configuration helps protect the operating system and the information in the encrypted drive.
+
+      - question: Which Trusted Platform Modules (TPMs) does BitLocker support?
+        answer: |
+          BitLocker supports TPM version 1.2 or higher. BitLocker support for TPM 2.0 requires Unified Extensible Firmware Interface (UEFI) for the device. 
+          
+          > [!NOTE]
+          > TPM 2.0 isn't supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security, enable the Secure Boot feature.
+          > 
+          > Installed Operating System on hardware in legacy mode will stop the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode that will prepare the OS and the disk to support UEFI.
+          
+      - question: How can I tell if a computer has a TPM?
+        answer: Beginning with Windows 10, version 1803, the TPM status can be checked in **Windows Defender Security Center** > **Device Security** > **Security processor details**. In previous versions of Windows, open the TPM MMC console (tpm.msc) and look under the **Status** heading. [**Get-TPM**](/powershell/module/trustedplatformmodule/get-tpm?view=windowsserver2019-ps)** can also be run in PowerShell to get more details about the TPM on the current computer.
+
+      - question: Can I use BitLocker on an operating system drive without a TPM?
+        answer: |
+          Yes, BitLocker can be enabled on an operating system drive without a TPM version 1.2 or higher, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment. BitLocker won't unlock the protected drive until BitLocker's own volume master key is first released by either the computer's TPM or by a USB flash drive containing the BitLocker startup key for that computer. However, computers without TPMs won't be able to use the system integrity verification that BitLocker can also provide.
+          To help determine whether a computer can read from a USB device during the boot process, use the BitLocker system check as part of the BitLocker setup process. This system check performs tests to confirm that the computer can properly read from the USB devices at the appropriate time and that the computer meets other BitLocker requirements.
+          
+      - question: How do I obtain BIOS support for the TPM on my computer?
+        answer: |
+          Contact the computer manufacturer to request a Trusted Computing Group (TCG)-compliant BIOS or UEFI boot firmware that meets the following requirements:
+          
+          - It's compliant with the TCG standards for a client computer.
+          - It has a secure update mechanism to help prevent a malicious BIOS or boot firmware from being installed on the computer.
+          
+      - question: What credentials are required to use BitLocker?
+        answer: To turn on, turn off, or change configurations of BitLocker on operating system and fixed data drives, membership in the local **Administrators** group is required. Standard users can turn on, turn off, or change configurations of BitLocker on removable data drives.
+
+      - question: What is the recommended boot order for computers that are going to be BitLocker-protected?
+        answer: The computer's startup options should be configured to have the hard disk drive first in the boot order, before any other drives such as CD/DVD drives or USB drives. If the hard disk isn't first and the computer typically boots from the hard disk, then a boot order change may be detected or assumed when removable media is found during boot. The boot order typically affects the system measurement that is verified by BitLocker and a change in boot order will cause a prompt for the BitLocker recovery key. For the same reason, if a laptop is used with a docking station, ensure that the hard disk drive is first in the boot order both when the laptop is docked and undocked. 
+
+  - name: BitLocker and Windows upgrade
+    questions:
+      - question: |
+          Can I upgrade to Windows 10 with BitLocker enabled?
+        answer: |
+          Yes. 
+
+      - question: |
+          What is the difference between suspending and decrypting BitLocker?
+        answer: |
+          **Decrypt** completely removes BitLocker protection and fully decrypts the drive.
+          
+          **Suspend** keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the **Suspend** option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.
+          
+      - question: |
+          Do I have to suspend BitLocker protection to download and install system updates and upgrades?
+        answer: |
+          No user action is required for BitLocker in order to apply updates from Microsoft, including [Windows quality updates and feature updates](/windows/deployment/update/waas-quick-start). 
+          Users need to suspend BitLocker for Non-Microsoft software updates, such as:   
+          
+          -	Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM. Users don't have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. It's recommended that users test their TPM firmware updates if they don't want to suspend BitLocker protection.
+          -	Non-Microsoft application updates that modify the UEFI\BIOS configuration.
+          -	Manual or third-party updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation).
+          -	Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if BitLocker doesn't use Secure Boot for integrity validation during updates).
+           -	BitLocker can be checked if it uses Secure Boot for integrity validation with the command line `manage-bde.exe -protectors -get C:`. If Secure Boot for integrity validation is being used, it will be report **Uses Secure Boot for integrity validation**.
+          
+          
+          > [!NOTE]
+          > If BitLocker has been suspended, BitLocker protection can be resumed after the upgrade or update has been installed. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, the computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.
+
+  - name: Deployment and administration
+    questions:
+      - question: Can BitLocker deployment be automated in an enterprise environment?
+        answer: |
+          Yes, the deployment and configuration of both BitLocker and the TPM can be automated using either WMI or Windows PowerShell scripts. Which method is chosen to implement the automation depends on the environment. `Manage-bde.exe` can also be used to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](/windows/win32/secprov/bitlocker-drive-encryption-provider). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](/powershell/module/bitlocker/index?view=win10-ps).
+          
+      - question: Can BitLocker encrypt more than just the operating system drive?
+        answer: Yes.
+
+      - question: Is there a noticeable performance impact when BitLocker is enabled on a computer?
+        answer: Typically, there's a small performance overhead, often in single-digit percentages, which is relative to the throughput of the storage operations on which it needs to operate.
+
+      - question: How long will initial encryption take when BitLocker is turned on?
+        answer: |
+          Although BitLocker encryption occurs in the background while a user continues to work with the system remaining usable, encryption times vary depending on the type of drive that is being encrypted, the size of the drive, and the speed of the drive. If encrypting large drives, encryption may want to be scheduled during times when the drive isn't being used.
+          
+          When BitLocker is enabled, BitLocker can also be set to encrypt the entire drive or just the used space on the drive. On a new hard drive, encrypting just the used spaced can be considerably faster than encrypting the entire drive. When this encryption option is selected, BitLocker automatically encrypts data as it is saved, ensuring that no data is stored unencrypted.
+          
+      - question: What happens if the computer is turned off during encryption or decryption?
+        answer: If the computer is turned off or goes into hibernation, the BitLocker encryption and decryption process will resume where it stopped the next time Windows starts. BitLocker resuming encryption or decryption is true even if the power is suddenly unavailable.
+
+      - question: Does BitLocker encrypt and decrypt the entire drive all at once when reading and writing data?
+        answer: No, BitLocker doesn't encrypt and decrypt the entire drive when reading and writing data. The encrypted sectors in the BitLocker-protected drive are decrypted only as they're requested from system read operations. Blocks that are written to the drive are encrypted before the system writes them to the physical disk. No unencrypted data is ever stored on a BitLocker-protected drive.
+
+      - question: How can I prevent users on a network from storing data on an unencrypted drive?
+        answer: |
+          Group Policy settings can be configured to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+          When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that aren't protected by BitLocker as read-only.
+          
+      - question: What is Used Disk Space Only encryption?
+        answer: |
+          BitLocker in Windows 10 lets users choose to encrypt just their data. Although it's not the most secure way to encrypt a drive, this option can reduce encryption time by more than 99 percent, depending on how much data that needs to be encrypted. For more information, see [Used Disk Space Only encryption](bitlocker-device-encryption-overview-windows-10.md#used-disk-space-only-encryption).
+          
+      - question: What system changes would cause the integrity check on my operating system drive to fail?
+        answer: |
+          The following types of system changes can cause an integrity check failure and prevent the TPM from releasing the BitLocker key to decrypt the protected operating system drive:
+          
+          - Moving the BitLocker-protected drive into a new computer.
+          - Installing a new motherboard with a new TPM.
+          - Turning off, disabling, or clearing the TPM.
+          - Changing any boot configuration settings.
+          - Changing the BIOS, UEFI firmware, master boot record, boot sector, boot manager, option ROM, or other early boot components or boot configuration data.
+          
+      - question: What causes BitLocker to start into recovery mode when attempting to start the operating system drive?
+        answer: |
+          Because BitLocker is designed to protect computers from numerous attacks, there are numerous reasons why BitLocker could start in recovery mode. 
+          For example: 
+          
+          - Changing the BIOS boot order to boot another drive in advance of the hard drive.
+          - Adding or removing hardware, such as inserting a new card in the computer.
+          - Removing, inserting, or completely depleting the charge on a smart battery on a portable computer.
+          
+          In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. 
+          The TPM isn't involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed.
+          
+      - question: What can prevent BitLocker from binding to PCR 7?
+        answer: BitLocker can be prevented from binding to PCR 7 if a non-Windows OS booted prior to Windows, or if Secure Boot isn't available to the device, either because it has been disabled or the hardware doesn't support it.
+
+      - question: Can I swap hard disks on the same computer if BitLocker is enabled on the operating system drive?
+        answer: Yes, multiple hard disks can be swapped on the same computer if BitLocker is enabled, but only if the hard disks were BitLocker-protected on the same computer. The BitLocker keys are unique to the TPM and the operating system drive. If a backup operating system or data drive needs to be prepared in case of a disk failure, make sure that they were matched with the correct TPM. Different hard drives can also be configured for different operating systems and then enable BitLocker on each one with different authentication methods (such as one with TPM-only and one with TPM+PIN) without any conflicts.
+
+      - question: Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?
+        answer: Yes, if the drive is a data drive, it can be unlocked from the **BitLocker Drive Encryption** Control Panel item by using a password or smart card. If the data drive was configured for automatic unlock only, it will need to be unlocked by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or it can be unlocked by using the recovery key.
+
+      - question: Why is **Turn BitLocker on** not available when I right-click a drive?
+        answer: Some drives can't be encrypted with BitLocker. Reasons a drive can't be encrypted include insufficient disk size, an incompatible file system, if the drive is a dynamic disk, or a drive is designated as the system partition. By default, the system drive (or system partition) is hidden from display. However, if it isn't created as a hidden drive when the operating system was installed due to a custom installation process, that drive might be displayed but can't be encrypted.
+
+      - question: What type of disk configurations are supported by BitLocker?
+        answer: Any number of internal, fixed data drives can be protected with BitLocker. On some versions ATA and SATA-based, direct-attached storage devices are also supported.
+
+  - name: Key Management
+    questions:
+      - question: How can I authenticate or unlock my removable data drive?
+        answer: |
+          Removable data drives can be unlocked using a password or a smart card. An SID protector can also be configured to unlock a drive by using user domain credentials. After encryption has started, the drive can also be automatically unlocked on a specific computer for a specific user account. System administrators can configure which options are available for users including password complexity and minimum length requirements. To unlock by using a SID protector, use `manage-bde.exe`:
+          
+          ```cmd
+          Manage-bde.exe -protectors -add e: -sid <i>domain\username</i></code>
+          ```
+          
+      - question: What is the difference between a recovery password, recovery key, PIN, enhanced PIN, and startup key?
+        answer: |
+          For tables that list and describe elements such as a recovery password, recovery key, and PIN, see [BitLocker key protectors](prepare-your-organization-for-bitlocker-planning-and-policies.md#bitlocker-key-protectors) and [BitLocker authentication methods](prepare-your-organization-for-bitlocker-planning-and-policies.md#bitlocker-authentication-methods). 
+          
+      - question: How can the recovery password and recovery key be stored?
+        answer: |
+          The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to a Microsoft Account, or printed.
+          
+          For removable data drives, the recovery password and recovery key can be saved to a folder, saved to a Microsoft Account, or printed. By default, a recovery key for a removable drive can't be stored on a removable drive.
+          
+          A domain administrator can also configure Group Policy to automatically generate recovery passwords and store them in Active Directory Domain Services (AD DS) for any BitLocker-protected drive.
+          
+      - question: Is it possible to add an additional method of authentication without decrypting the drive if I only have the TPM authentication method enabled?
+        answer: |
+          The `Manage-bde.exe` command-line tool can be used to replace TPM-only authentication mode with a multifactor authentication mode. For example, if BitLocker is enabled with TPM authentication only and PIN authentication needs to be added, use the following commands from an elevated command prompt, replacing *4-20 digit numeric PIN* with the desired numeric PIN:
+          
+          ```cmd
+          manage-bde.exe -protectors -delete %systemdrive% -type tpm
+         
+          manage-bde.exe -protectors -add %systemdrive% -tpmandpin <4-20 digit numeric PIN>
+          ```
+          
+          
+      - question: When should an additional method of authentication be considered?
+        answer: |
+          New hardware that meets [Windows Hardware Compatibility Program](/windows-hardware/design/compatibility/) requirements make a PIN less critical as a mitigation, and having a TPM-only protector is likely sufficient when combined with policies like device lockout. For example, Surface Pro and Surface Book don't have external DMA ports to attack. 
+          For older hardware, where a PIN may be needed, it's recommended to enable [enhanced PINs](bitlocker-group-policy-settings.md#allow-enhanced-pins-for-startup) that allow non-numeric characters such as letters and punctuation marks, and to set the PIN length based on the risk tolerance and the hardware anti-hammering capabilities available to the TPMs on the computers. 
+          
+      - question: If I lose my recovery information, will the BitLocker-protected data be unrecoverable?
+        answer: |
+          BitLocker is designed to make the encrypted drive unrecoverable without the required authentication. When in recovery mode, the user needs the recovery password or recovery key to unlock the encrypted drive.
+          
+          > [!IMPORTANT]
+          > Store the recovery information in AD DS, along with in a Microsoft Account, or another safe location.
+           
+      - question: Can the USB flash drive that is used as the startup key also be used to store the recovery key?
+        answer: While using a USB flash drive as both the startup key and for storage of the recovery key is technically possible, it isn't a best practice to use one USB flash drive to store both keys. If the USB flash drive that contains the startup key is lost or stolen, the recovery key will also be lost. In addition, inserting this key would cause the computer to automatically boot from the recovery key even if TPM-measured files have changed, which circumvents the TPM's system integrity check.
+
+      - question: Can I save the startup key on multiple USB flash drives?
+        answer: Yes, computer's startup key can be saved on multiple USB flash drives. Right-clicking a BitLocker-protected drive and selecting **Manage BitLocker** will provide the options to save the recovery keys on additional USB flash drives as needed.
+
+      - question: Can I save multiple (different) startup keys on the same USB flash drive?
+        answer: Yes, BitLocker startup keys for different  computers can be saved on the same USB flash drive.
+
+      - question: Can I generate multiple (different) startup keys for the same computer?
+        answer: Generating different startup keys for the same computer can be done through scripting. However, for computers that have a TPM, creating different startup keys prevents BitLocker from using the TPM's system integrity check.
+
+      - question: Can I generate multiple PIN combinations?
+        answer: Generating multiple PIN combinations can't be done.
+
+      - question: What encryption keys are used in BitLocker? How do they work together?
+        answer: Raw data is encrypted with the full volume encryption key, which is then encrypted with the volume master key. The volume master key is in turn encrypted by one of several possible methods depending on the authentication (that is, key protectors or TPM) and recovery scenarios.
+
+      - question: Where are the encryption keys stored?
+        answer: |
+          The full volume encryption key is encrypted by the volume master key and stored in the encrypted drive. The volume master key is encrypted by the appropriate key protector and stored in the encrypted drive. If BitLocker has been suspended, the clear key that is used to encrypt the volume master key is also stored in the encrypted drive, along with the encrypted volume master key.
+          
+          This storage process ensures that the volume master key is never stored unencrypted and is protected unless BitLocker is disabled. The keys are also saved to two additional locations on the drive for redundancy. The keys can be read and processed by the boot manager.
+          
+      - question: Why do I have to use the function keys to enter the PIN or the 48-character recovery password?
+        answer: |
+          The F1 through F10 keys are universally mapped scan codes available in the pre-boot environment on all computers and in all languages. The numeric keys 0 through 9 aren't usable in the pre-boot environment on all keyboards.
+          
+          When using an enhanced PIN, users should run the optional system check during the BitLocker setup process to ensure that the PIN can be entered correctly in the pre-boot environment.
+          
+      - question: How does BitLocker help prevent an attacker from discovering the PIN that unlocks my operating system drive?
+        answer: |
+          It's possible that a personal identification number (PIN) can be discovered by an attacker performing a brute force attack. A brute force attack occurs when an attacker uses an automated tool to try different PIN combinations until the correct one is discovered. For BitLocker-protected computers, this type of attack, also known as a dictionary attack, requires that the attacker has physical access to the computer.
+          
+          The TPM has the built-in ability to detect and react to these types of attacks. Because different manufacturers' TPMs may support different PIN and attack mitigations, contact the TPM's manufacturer to determine how the computer's TPM mitigates PIN brute force attacks.
+          After the TPM's manufacturer has been determined, contact the manufacturer to gather the TPM's vendor-specific information. Most manufacturers use the PIN authentication failure count to exponentially increase lockout time to the PIN interface. However, each manufacturer has different policies regarding when and how the failure counter is decreased or reset.
+          
+      - question: How can I determine the manufacturer of my TPM?
+        answer: The TPM manufacturer can be determined in **Windows Defender Security Center** > **Device Security** > **Security processor details**.
+
+      - question: How can I evaluate a TPM's dictionary attack mitigation mechanism?
+        answer: |
+          The following questions can assist when asking a TPM manufacturer about the design of a dictionary attack mitigation mechanism:
+          
+          - How many failed authorization attempts can occur before lockout?
+          - What is the algorithm for determining the duration of a lockout based on the number of failed attempts and any other relevant parameters?
+          - What actions can cause the failure count and lockout duration to be decreased or reset?
+          
+      - question: Can PIN length and complexity be managed with Group Policy?
+        answer: |
+          Yes and No. The minimum personal identification number (PIN) length can be configured by using the **Configure minimum PIN length for startup** Group Policy setting and allow the use of alphanumeric PINs by enabling the **Allow enhanced PINs for startup** Group Policy setting. However, PIN complexity can't be required via Group Policy.
+          
+          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+
+  - name: BitLocker To Go
+    questions:
+      - question: What is BitLocker To Go?
+        answer: |
+          BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of: 
+          
+          - USB flash drives
+          - SD cards
+          - External hard disk drives
+          - Other drives that are formatted by using the NTFS, FAT16, FAT32, or exFAT file system. 
+
+          Drive partitioning must meet the [BitLocker Drive Encryption Partitioning Requirements](/windows-hardware/manufacture/desktop/bitlocker-drive-encryption#bitlocker-drive-encryption-partitioning-requirements).
+          
+          As with BitLocker, drives that are encrypted by BitLocker To Go can be opened by using a password or smart card on another computer. In Control Panel, use **BitLocker Drive Encryption**.
+
+  - name: BitLocker and Active Directory Domain Services (AD DS) 
+    questions:
+      - question: |
+          What type of information is stored in AD DS?
+        answer: |
+          Stored information | Description
+          -------------------|------------
+          Hash of the TPM owner password | Beginning with Windows 10, the password hash isn't stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
+          BitLocker recovery password | The recovery password allows unlocking of and access to the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
+          BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, `Repair-bde`. 
+          
+      - question: |
+          What if BitLocker is enabled on a computer before the computer has joined the domain?
+        answer: |
+          If BitLocker is enabled on a drive before Group Policy has been applied to enforce a backup, the recovery information won't be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, the Group Policy settings **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** can be chosen to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in the organization is backed up to AD DS.
+          
+          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+          
+          The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information. However, BitLocker doesn't automatically manage this process. The `manage-bde.exe` command-line tool can also be used to manually back up recovery information to AD DS. For example, to back up all of the recovery information for the `$env:SystemDrive` to AD DS, the following command script can be used from an elevated command prompt:
+          
+          ```powershell
+          $BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive
+          $RecoveryProtector = $BitLocker.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }
+          
+          Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
+          BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryProtector.KeyProtectorID
+          ```
+          
+          > [!IMPORTANT]
+          > Joining a computer to the domain should be the first step for new computers within an organization. After computers are joined to a domain, storing the BitLocker recovery key to AD DS is automatic (when enabled in Group Policy).
+
+      - question: |
+          Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
+        answer: |
+          Yes, an event log entry that indicates the success or failure of an Active Directory backup is recorded on the client computer. However, even if an event log entry says "Success," the information could have been subsequently removed from AD DS, or BitLocker could have been reconfigured in such a way that the Active Directory information can no longer unlock the drive (such as by removing the recovery password key protector). In addition, it's also possible that the log entry could be spoofed.
+          
+          Ultimately, determining whether a legitimate backup exists in AD DS requires querying AD DS with domain administrator credentials by using the BitLocker password viewer tool.
+          
+      - question: |
+          If I change the BitLocker recovery password on my computer and store the new password in AD DS, will AD DS overwrite the old password?
+        answer: |
+          No. By design, BitLocker recovery password entries don't get deleted from AD DS. Therefore, multiple passwords might be seen for each drive. To identify the latest password, check the date on the object.
+
+      - question: |
+          What happens if the backup initially fails? Will BitLocker retry it?
+        answer: |
+          If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker doesn't try again to back up the recovery information to AD DS.
+          
+          When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, and **Choose how BitLocker-protected removable data drives can be recovered** policy settings, users can't enable BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker can't be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
+          
+          For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+          
+          When an administrator clears these check boxes, the administrator is allowing a drive to be BitLocker-protected without having the recovery information successfully backed up to AD DS; however, BitLocker won't automatically retry the backup if it fails. Instead, administrators can create a backup script, as described earlier in [What if BitLocker is enabled on a computer before the computer has joined the domain?](#what-if-bitlocker-is-enabled-on-a-computer-before-the-computer-has-joined-the-domain-) to capture the information after connectivity is restored.
+
+  - name: Security
+    questions:
+      - question: |
+          What form of encryption does BitLocker use? Is it configurable?
+        answer: |
+          BitLocker uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 128 bits or 256 bits. The default encryption setting is AES-128, but the options are configurable by using Group Policy.
+
+      - question: |
+          What is the best practice for using BitLocker on an operating system drive?
+        answer: |
+          The recommended practice for BitLocker configuration on an operating system drive is to implement BitLocker on a computer with a TPM version 1.2 or higher, and a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware implementation, along with a PIN. By requiring a PIN that was set by the user in addition to the TPM validation, a malicious user that has physical access to the computer can't start the computer.
+
+      - question: |
+          What are the implications of using the sleep or hibernate power management options?
+        answer: |
+          BitLocker on operating system drives in its basic configuration (with a TPM but without other startup authentication) provides extra security for the hibernate mode. However, BitLocker provides greater security when it's configured to use another startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. In sleep mode, the computer is vulnerable to direct memory access attacks, since unprotected data remains in RAM. Therefore, for improved security, it's recommended to disable sleep mode and to use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](./bitlocker-group-policy-settings.md) or Mobile Device Management with the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp). 
+          
+      - question: |
+          What are the advantages of a TPM?
+        answer: |
+          Most operating systems use a shared memory space and rely on the operating system to manage physical memory. A TPM is a hardware component that uses its own internal firmware and logic circuits for processing instructions, thus shielding it from external software vulnerabilities. Attacking the TPM requires physical access to the computer. Additionally, the tools and skills necessary to attack hardware are often more expensive, and usually aren't as available as the ones used to attack software. And because each TPM is unique to the computer that contains it, attacking multiple TPM computers would be difficult and time-consuming.
+          
+          > [!NOTE]
+          > Configuring BitLocker with an additional factor of authentication provides even more protection against TPM hardware attacks.
+          
+  - name: Network Unlock
+    questions:
+      - question: |
+          BitLocker Network Unlock FAQ
+        answer: |  
+          BitLocker Network Unlock enables easier management for BitLocker-enabled desktops and servers that use the TPM+PIN protection method in a domain environment. When a computer that is connected to a wired corporate network is rebooted, Network Unlock allows the PIN entry prompt to be bypassed. It automatically unlocks BitLocker-protected operating system volumes by using a trusted key that is provided by the Windows Deployment Services server as its secondary authentication method.
+          
+          To use Network Unlock, a PIN must be configured for the computer. When the computer isn't connected to the network, a PIN will need to be provided to unlock it.
+          
+          BitLocker Network Unlock has software and hardware requirements for both client computers, Windows Deployment services, and domain controllers that must be met before it can be used.
+          
+          Network Unlock uses two protectors - the TPM protector and the protector provided by the network or by the PIN. Automatic unlock uses a single protector - the one stored in the TPM. If the computer is joined to a network without the key protector, it will prompt to enter a PIN. If the PIN isn't available, the recovery key will need to be used to unlock the computer if it can't be connected to the network.
+          
+          For more info, see [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md).
+
+  - name: Use BitLocker with other programs
+    questions:
+      - question: |
+          Can I use EFS with BitLocker?
+        answer: |
+          Yes, Encrypting File System (EFS) can be used to encrypt files on a BitLocker-protected drive. BitLocker helps protect the entire operating system drive against offline attacks, whereas EFS can provide additional user-based file level encryption for security separation between multiple users of the same computer. EFS can also be used in Windows to encrypt files on other drives that aren't encrypted by BitLocker. The root secrets of EFS are stored by default on the operating system drive; therefore, if BitLocker is enabled for the operating system drive, data that is encrypted by EFS on other drives is also indirectly protected by BitLocker.
+
+      - question: |
+          Can I run a kernel debugger with BitLocker?
+        answer: |
+          Yes. However, the debugger should be turned on before enabling BitLocker. Turning on the debugger ensures that the correct measurements are calculated when sealing to the TPM, allowing the computer to start properly. If debugging needs to be turned on or off when using BitLocker, be sure to suspend BitLocker first to avoid putting the computer into recovery mode.
+
+      - question: |
+          How does BitLocker handle memory dumps?
+        answer: |
+          BitLocker has a storage driver stack that ensures memory dumps are encrypted when BitLocker is enabled.
+
+      - question: |
+          Can BitLocker support smart cards for pre-boot authentication?
+        answer: |
+          BitLocker doesn't support smart cards for pre-boot authentication. There's no single industry standard for smart card support in the firmware, and most computers either don't implement firmware support for smart cards, or only support specific smart cards and readers. This lack of standardization makes supporting them difficult.
+
+      - question: |
+          Can I use a non-Microsoft TPM driver?
+        answer: |
+          Microsoft doesn't support non-Microsoft TPM drivers and strongly recommends against using them with BitLocker. Attempting to use a non-Microsoft TPM driver with BitLocker may cause BitLocker to report that a TPM isn't present on the computer and not allow the TPM to be used with BitLocker.
+
+      - question: |
+          Can other tools that manage or modify the master boot record work with BitLocker?
+        answer: |
+          We don't recommend modifying the master boot record on computers whose operating system drives are BitLocker-protected for several security, reliability, and product support reasons. Changes to the master boot record (MBR) could change the security environment and prevent the computer from starting normally and complicate any efforts to recover from a corrupted MBR. Changes made to the MBR by anything other than Windows might force the computer into recovery mode or prevent it from booting entirely.
+
+      - question: |
+          Why is the system check failing when I'm encrypting my operating system drive?
+        answer: |
+          The system check is designed to ensure the computer's BIOS or UEFI firmware is compatible with BitLocker and that the TPM is working correctly. The system check can fail for several reasons:
+          
+          - The computer's BIOS or UEFI firmware can't read USB flash drives.
+          - The computer's BIOS, uEFI firmware, or boot menu doesn't have reading USB flash drives enabled.
+          - There are multiple USB flash drives inserted into the computer.
+          - The PIN wasn't entered correctly.
+          - The computer's BIOS or UEFI firmware only supports using the function keys (F1-F10) to enter numerals in the pre-boot environment.
+          - The startup key was removed before the computer finished rebooting.
+          - The TPM has malfunctioned and fails to unseal the keys.
+          
+      - question: |
+          What can I do if the recovery key on my USB flash drive can't be read?
+        answer: |
+          Some computers can't read USB flash drives in the pre-boot environment. First, check the BIOS or UEFI firmware and boot settings to ensure that the use of USB drives is enabled. If it isn't enabled, enable the use of USB drives in the BIOS or UEFI firmware and boot settings, and then try to read the recovery key from the USB flash drive again. If the USB flash drive still can't be read, the hard drive will need to be mounted as a data drive on another computer so that there's an operating system to attempt to read the recovery key from the USB flash drive. If the USB flash drive has been corrupted or damaged, a recovery password may need to be supplied or use the recovery information that was backed up to AD DS. Also, if the recovery key is being used in the pre-boot environment, ensure that the drive is formatted by using the NTFS, FAT16, or FAT32 file system.
+
+      - question: |
+          Why am I unable to save my recovery key to my USB flash drive?
+        answer: |
+          The **Save to USB** option isn't shown by default for removable drives. If the option is unavailable, it means that a system administrator has disallowed the use of recovery keys.
+
+      - question: |
+          Why am I unable to automatically unlock my drive?
+        answer: |
+          Automatic unlocking for fixed data drives requires the operating system drive to also be protected by BitLocker. If a computer is being used that doesn't have a BitLocker-protected operating system drive, then the fixed drive can't be automatically unlocked. For removable data drives, automatic unlocking can be added by right-clicking the drive in Windows Explorer and selecting **Manage BitLocker**. Password or smart card credentials that were supplied when BitLocker was turned on can still be used to unlock the removable drive on other computers.
+
+      - question: |
+          Can I use BitLocker in Safe Mode?
+        answer: |
+          Limited BitLocker functionality is available in Safe Mode. BitLocker-protected drives can be unlocked and decrypted by using the **BitLocker Drive Encryption** Control Panel item. Right-clicking to access BitLocker options from Windows Explorer isn't available in Safe Mode.
+
+      - question: |
+          How do I "lock" a data drive?
+        answer: |
+          Both fixed and removable data drives can be locked by using the Manage-bde command-line tool and the -lock command.
+          
+          > [!NOTE]
+          > Ensure all data is saved to the drive before locking it. Once locked, the drive will become inaccessible.
+
+          The syntax of this command is:
+          
+          ```cmd
+          manage-bde.exe <driveletter> -lock
+          ````
+          
+          Outside of using this command, data drives will be locked on shutdown and restart of the operating system. A removable data drive will also be locked automatically when the drive is removed from the computer.
+          
+      - question: |
+          Can I use BitLocker with the Volume Shadow Copy Service?
+        answer: |
+          Yes. However, shadow copies made prior to enabling BitLocker will be automatically deleted when BitLocker is enabled on software-encrypted drives. If a hardware encrypted drive is being used, the shadow copies are retained.
+
+      - question: |
+          Does BitLocker support virtual hard disks (VHDs)?
+        answer: |
+          BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
+          - With TPM: Yes, it's supported.
+          - Without  TPM: Yes, it's supported (with password protector).
+          
+          BitLocker is also supported on data volume VHDs, such as those used by clusters, if running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
+          
+      - question: |
+          Can I use BitLocker with virtual machines (VMs)?
+        answer: |
+          Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (via **Settings** > **Accounts** > **Access work or school** > **Connect**) to receive policy. Encryption can be enabled either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or sign-in script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.
diff --git a/windows/security/information-protection/bitlocker/images/bitlockernetworkunlocksequence.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bitlockernetworkunlocksequence.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/bitlockernetworkunlocksequence.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/bitlockernetworkunlocksequence.png
diff --git a/windows/security/information-protection/bitlocker/images/bl-intune-custom-url.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bl-intune-custom-url.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/bl-intune-custom-url.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/bl-intune-custom-url.png
diff --git a/windows/security/information-protection/bitlocker/images/bl-narrator.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bl-narrator.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/bl-narrator.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/bl-narrator.png
diff --git a/windows/security/information-protection/bitlocker/images/bl-password-hint1.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bl-password-hint1.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/bl-password-hint1.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/bl-password-hint1.png
diff --git a/windows/security/information-protection/bitlocker/images/bl-password-hint2.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bl-password-hint2.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/bl-password-hint2.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/bl-password-hint2.png
diff --git a/windows/security/information-protection/bitlocker/images/kernel-dma-protection.png b/windows/security/operating-system-security/data-protection/bitlocker/images/kernel-dma-protection.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/kernel-dma-protection.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/kernel-dma-protection.png
diff --git a/windows/security/information-protection/bitlocker/images/manage-bde-status.png b/windows/security/operating-system-security/data-protection/bitlocker/images/manage-bde-status.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/manage-bde-status.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/manage-bde-status.png
diff --git a/windows/security/information-protection/bitlocker/images/pre-boot-authentication-group-policy.png b/windows/security/operating-system-security/data-protection/bitlocker/images/pre-boot-authentication-group-policy.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/pre-boot-authentication-group-policy.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/pre-boot-authentication-group-policy.png
diff --git a/windows/security/information-protection/bitlocker/images/rp-example1.png b/windows/security/operating-system-security/data-protection/bitlocker/images/rp-example1.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/rp-example1.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/rp-example1.png
diff --git a/windows/security/information-protection/bitlocker/images/rp-example2.png b/windows/security/operating-system-security/data-protection/bitlocker/images/rp-example2.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/rp-example2.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/rp-example2.png
diff --git a/windows/security/information-protection/bitlocker/images/rp-example3.png b/windows/security/operating-system-security/data-protection/bitlocker/images/rp-example3.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/rp-example3.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/rp-example3.png
diff --git a/windows/security/information-protection/bitlocker/images/rp-example4.png b/windows/security/operating-system-security/data-protection/bitlocker/images/rp-example4.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/rp-example4.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/rp-example4.png
diff --git a/windows/security/information-protection/bitlocker/images/rp-example5.png b/windows/security/operating-system-security/data-protection/bitlocker/images/rp-example5.png
similarity index 100%
rename from windows/security/information-protection/bitlocker/images/rp-example5.png
rename to windows/security/operating-system-security/data-protection/bitlocker/images/rp-example5.png
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md
new file mode 100644
index 0000000000..3faff60393
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md
@@ -0,0 +1,51 @@
+---
+title: BitLocker overview
+description: Learn about BitLocker requirements, practical applications, and deprecated features.
+ms.collection:
+  - highpri
+  - tier1
+ms.topic: overview
+ms.date: 08/03/2023
+---
+
+# BitLocker overview
+
+Bitlocker is a Windows disk encryption feature, designed to protect data by providing encryption for entire volumes.\
+BitLocker addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices.
+
+BitLocker provides maximum protection when used with a Trusted Platform Module (TPM). A TPM is a hardware component installed in many devices and it works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system is offline.
+
+On devices that don't have a TPM, BitLocker can still be used to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the device or resume from hibernation. An operating system volume password can be used to protect the operating system volume on a computer without TPM. Both options don't provide the pre-startup system integrity verification offered by BitLocker with a TPM.
+
+In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device (such as a USB flash drive) that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer won't start or resume from hibernation until the correct PIN or startup key is presented.
+
+## Practical applications
+
+Data on a lost or stolen device is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard drive to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected devices are decommissioned or recycled.
+
+## System requirements
+
+BitLocker has the following hardware requirements:
+
+- For BitLocker to use the system integrity check provided by a TPM, the computer must have TPM 1.2 or later versions. If a computer doesn't have a TPM, saving a startup key on a removable drive, such as a USB flash drive, becomes mandatory when enabling BitLocker
+- A device with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM doesn't require TCG-compliant firmware
+- The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment
+
+    > [!NOTE]
+    > TPM 2.0 is not supported in Legacy and Compatibility Support Module (CSM) modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as native UEFI only. The Legacy and CSM options must be disabled. For added security, enable the secure boot feature.
+    >
+    > Installed Operating System on hardware in Legacy mode stops the OS from booting when the BIOS mode is changed to UEFI. Use the tool [MBR2GPT](/windows/deployment/mbr-to-gpt) before changing the BIOS mode, which prepares the OS and the disk to support UEFI.
+
+- The hard disk must be partitioned with at least two drives:
+  - The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system
+  - The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker isn't enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. It's recommended that the system drive be approximately 350 MB in size. After BitLocker is turned on, it should have approximately 250 MB of free space
+
+> [!IMPORTANT]
+> When installed on a new device, Windows automatically creates the partitions that are required for BitLocker.
+>
+> An encrypted partition can't be marked as active.
+
+> [!NOTE]
+> When installing the BitLocker optional component on a server, the Enhanced Storage feature also needs to be installed. The Enhanced Storage feature is used to support hardware encrypted drives.
+
+[!INCLUDE [bitlocker](../../../../../includes/licensing/bitlocker-enablement.md)]
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
similarity index 97%
rename from windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
rename to windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 415ebdab44..ebce5dd70e 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -1,26 +1,12 @@
 ---
 title: Prepare the organization for BitLocker Planning and policies 
 description: This article for the IT professional explains how can to plan for a BitLocker deployment.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # Prepare an organization for BitLocker: Planning and policies
 
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
 This article for the IT professional explains how to plan BitLocker deployment.
 
 When BitLocker deployment strategy is defined, define the appropriate policies and configuration requirements based on the business requirements of the organization. The following sections will help with collecting information. Use this information to help with the decision-making process about deploying and managing BitLocker systems.
@@ -199,9 +185,7 @@ On Windows Server 2012 R2 and Windows 8.1 and older, recovery passwords generate
 
 ## Related articles
 
-- [Trusted Platform Module](../tpm/trusted-platform-module-top-node.md)
-- [TPM Group Policy settings](../tpm/trusted-platform-module-services-group-policy-settings.md)
-- [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.yml)
-- [BitLocker](bitlocker-overview.md)
+- [BitLocker frequently asked questions (FAQ)](faq.yml)
+- [BitLocker](index.md)
 - [BitLocker Group Policy settings](bitlocker-group-policy-settings.md)
 - [BitLocker basic deployment](bitlocker-basic-deployment.md)
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
similarity index 98%
rename from windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
rename to windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index 14934b6ab3..fd2168f6bb 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -1,16 +1,8 @@
 ---
 title: Protecting cluster shared volumes and storage area networks with BitLocker 
 description: This article for IT pros describes how to protect CSVs and SANs with BitLocker.
-ms.reviewer: 
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: frankroj
-ms.author: frankroj
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 11/08/2022
-ms.custom: bitlocker
-ms.technology: itpro-security
 ---
 
 # Protecting cluster shared volumes and storage area networks with BitLocker
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml
new file mode 100644
index 0000000000..1fd7418979
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml
@@ -0,0 +1,63 @@
+items:
+- name: Overview
+  href: index.md
+- name: BitLocker device encryption
+  href: bitlocker-device-encryption-overview-windows-10.md
+- name: BitLocker Countermeasures
+  href: bitlocker-countermeasures.md
+- name: Deployment guides
+  items:
+    - name: Planning for BitLocker
+      href: prepare-your-organization-for-bitlocker-planning-and-policies.md
+    - name: BitLocker basic deployment
+      href: bitlocker-basic-deployment.md
+    - name: BitLocker deployment comparison
+      href: bitlocker-deployment-comparison.md
+- name: How-to guides
+  items:
+    - name: Manage BitLocker in your organization
+      href: bitlocker-management-for-enterprises.md
+    - name: Configure BitLocker on Windows Server
+      href: bitlocker-how-to-deploy-on-windows-server.md
+    - name: Manage BitLocker with Drive Encryption Tools
+      href: bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+    - name: Use BitLocker Recovery Password Viewer
+      href: bitlocker-use-bitlocker-recovery-password-viewer.md
+    - name: BitLocker Recovery Guide
+      href: bitlocker-recovery-guide-plan.md
+    - name: Protect cluster shared volumes and storage area networks with BitLocker
+      href: protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+- name: BitLocker features
+  items:
+    - name: Network Unlock
+      href: bitlocker-how-to-enable-network-unlock.md
+- name: Reference
+  items:
+    - name: BitLocker Group Policy settings
+      href: bitlocker-group-policy-settings.md
+    - name: BCD settings
+      href: bcd-settings-and-bitlocker.md
+    - name: BitLocker frequently asked questions (FAQ)
+      href: faq.yml
+- name: Troubleshooting
+  items:
+    - name: Troubleshoot BitLocker 🔗
+      href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
+    - name: "BitLocker cannot encrypt a drive: known issues 🔗"
+      href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
+    - name: "Enforcing BitLocker policies by using Intune: known issues 🔗"
+      href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
+    - name: "BitLocker Network Unlock: known issues 🔗"
+      href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
+    - name: "BitLocker recovery: known issues 🔗"
+      href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
+    - name: "BitLocker configuration: known issues 🔗"
+      href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
+    - name: Troubleshoot BitLocker and TPM issues
+      items:
+        - name: "BitLocker cannot encrypt a drive: known TPM issues 🔗"
+          href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
+        - name: "BitLocker and TPM: other known issues 🔗"
+          href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
+        - name: Decode Measured Boot logs to track PCR changes 🔗
+          href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/configure-s-mime.md b/windows/security/operating-system-security/data-protection/configure-s-mime.md
new file mode 100644
index 0000000000..4d5e976fde
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/configure-s-mime.md
@@ -0,0 +1,71 @@
+---
+title: Configure S/MIME for Windows
+description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. Learn how to configure S/MIME for Windows.
+ms.topic: how-to
+ms.date: 05/31/2023
+---
+
+
+# Configure S/MIME for Windows
+
+Secure/Multipurpose Internet Mail Extensions (S/MIME) provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. S/MIME enables users to encrypt outgoing messages and attachments so that only intended recipients can read them. To read the messages, recipients must have a digital identification (ID), also known as a certificate.\
+Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
+
+## Message encryption
+
+Users can send encrypted message to recipients that have an encryption certificate.\
+Users can only read encrypted messages if the message is received on their Exchange account, and they have corresponding decryption keys.
+
+Encrypted messages can be read only by recipients who have a certificate. If you try to send an encrypted message to recipients whose encryption certificate isn't available, the app prompts you to remove these recipients before sending the email.
+
+## Digital signatures
+
+A digitally signed message reassures the recipient that the message hasn't been tampered with, and verifies the identity of the sender. Recipients can only verify the digital signature if they're using an email client that supports S/MIME.
+
+[!INCLUDE [email-encryption-smime](../../../../includes/licensing/email-encryption-smime.md)]
+
+## Prerequisites
+
+- [S/MIME is enabled for Exchange accounts](/exchange/security-and-compliance/smime-exo/smime-exo) (on-premises and Exchange Online). Users can't use S/MIME signing and encryption with a personal account such as Outlook.com
+- Valid Personal Information Exchange (PFX) certificates are installed on the device
+  - [How to Create PFX Certificate Profiles in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/mt131410(v=technet.10))
+  - [Use certificates for authentication in Microsoft Intune](/mem/intune/protect/certificates-configure)
+
+## Choose S/MIME settings
+
+On the device, perform the following steps: (add select certificate)
+
+1. Open the Mail app
+1. Open **Settings > Email security**
+   :::image type="content" alt-text="Screenshot of the Windows Mail app, security settings." source="images/email-security.png":::
+1. In **Select an account**, select the account for which you want to configure S/MIME options
+1. Make a certificate selection for digital signature and encryption
+   - Select **Automatically** to let the app choose the certificate
+   - Select **Manually** to specify the certificate yourself from the list of valid certificates on the device
+1. (Optional) Select **Always sign with S/MIME**, **Always encrypt with S/MIME**, or both, to automatically digitally sign or encrypt all outgoing messages
+
+   > [!NOTE]
+   > The option to sign or encrypt can be changed for individual messages, unless EAS policies prevent it.
+
+1. Select the back arrow
+
+## Encrypt or sign individual messages
+
+1. While composing a message, select **Options** from the ribbon
+1. Use **Sign** and **Encrypt** icons to turn on digital signature and encryption for this message
+
+    :::image type="content" alt-text="Screenshot of the Windows Mail app, showing the options to sign or encrypt message." source="images/sign-encrypt.png":::
+
+## Read signed or encrypted messages
+
+When you receive an encrypted message, the mail app checks whether there's a certificate available on your computer. If there's a certificate available, the message is decrypted when you open it. If your certificate is stored on a smartcard, you'll be prompted to insert the smartcard to read the message. Your smartcard may also require a PIN to access the certificate.
+
+## Install certificates from a received message
+
+When you receive a signed email, the app provides a feature to install corresponding encryption certificate on your device if the certificate is available. This certificate can then be used to send encrypted email to this person.
+
+1. Open a signed email
+1. Select the digital signature icon in the reading pane
+1. Select **Install.**
+
+  :::image type="content" alt-text="Screenshot of the Windows Mail app, showing a message to install the sender's encryption certificate." source="images/install-cert.png":::
diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
similarity index 96%
rename from windows/security/information-protection/encrypted-hard-drive.md
rename to windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
index bb2fc98a8e..42e381d999 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/operating-system-security/data-protection/encrypted-hard-drive.md
@@ -1,27 +1,12 @@
 ---
 title: Encrypted Hard Drive 
 description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
-ms.reviewer: 
-manager: aaroncz
-ms.author: frankroj
-ms.prod: windows-client
-author: frankroj
 ms.date: 11/08/2022
-ms.technology: itpro-security
 ms.topic: conceptual
 ---
 
 # Encrypted Hard Drive
 
-*Applies to:*
-
-- Windows 10
-- Windows 11
-- Windows Server 2022
-- Windows Server 2019
-- Windows Server 2016
-- Azure Stack HCI
-
 Encrypted hard drive uses the rapid encryption that is provided by BitLocker drive encryption to enhance data security and management.
 
 By offloading the cryptographic operations to hardware, Encrypted hard drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted hard drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
@@ -48,7 +33,7 @@ Encrypted hard drives are supported natively in the operating system through the
 
 If you're a storage device vendor who is looking for more info on how to implement Encrypted Hard Drive, see the [Encrypted Hard Drive Device Guide](/previous-versions/windows/hardware/design/dn653989(v=vs.85)).
 
-[!INCLUDE [encrypted-hard-drive](../../../includes/licensing/encrypted-hard-drive.md)]
+[!INCLUDE [encrypted-hard-drive](../../../../includes/licensing/encrypted-hard-drive.md)]
 
 ## System Requirements
 
diff --git a/windows/security/operating-system-security/data-protection/images/email-security.png b/windows/security/operating-system-security/data-protection/images/email-security.png
new file mode 100644
index 0000000000..f8157ef180
Binary files /dev/null and b/windows/security/operating-system-security/data-protection/images/email-security.png differ
diff --git a/windows/security/identity-protection/images/installcert.png b/windows/security/operating-system-security/data-protection/images/install-cert.png
similarity index 100%
rename from windows/security/identity-protection/images/installcert.png
rename to windows/security/operating-system-security/data-protection/images/install-cert.png
diff --git a/windows/security/identity-protection/images/signencrypt.png b/windows/security/operating-system-security/data-protection/images/sign-encrypt.png
similarity index 100%
rename from windows/security/identity-protection/images/signencrypt.png
rename to windows/security/operating-system-security/data-protection/images/sign-encrypt.png
diff --git a/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md b/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md
new file mode 100644
index 0000000000..7a7277136f
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/personal-data-encryption/configure.md
@@ -0,0 +1,141 @@
+---
+title: PDE settings and configuration
+description: Learn about the available options to configure Personal Data Encryption (PDE) and how to configure them via Microsoft Intune or Configuration Service Providers (CSP).
+ms.topic: how-to
+ms.date: 08/11/2023
+---
+
+# PDE settings and configuration
+
+This article describes the Personal Data Encryption (PDE) settings and how to configure them via Microsoft Intune or Configuration Service Providers (CSP).
+
+> [!NOTE]
+> PDE can be configured using MDM policies. The content to be protected by PDE can be specified using [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). There is no user interface in Windows to either enable PDE or protect content using PDE.
+>
+> The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
+
+## PDE settings
+
+The following table lists the required settings to enable PDE.
+
+| Setting name | Description |
+|-|-|
+|Enable Personal Data Encryption|PDE isn't enabled by default. Before PDE can be used, you must enable it.|
+|Sign-in and lock last interactive user automatically after a restart| Winlogon automatic restart sign-on (ARSO) isn't supported for use with PDE. To use PDE, ARSO must be disabled.|
+
+## PDE hardening recommendations
+
+The following table lists the recommended settings to improve PDE's security.
+
+| Setting name | Description |
+|-|-|
+|Kernel-mode crash dumps and live dumps|Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps.|
+|Windows Error Reporting (WER)/user-mode crash dumps|Disabling Windows Error Reporting prevents user-mode crash dumps. User-mode crash dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable user-mode crash dumps.|
+|Hibernation|Hibernation files can potentially cause the keys used by Personal Data Encryption (PDE) to protect content to be exposed. For greatest security, disable hibernation.|
+|Allow users to select when a password is required when resuming from connected standby |When this policy isn't configured on Azure AD joined devices, users on a Connected Standby device can change the amount of time after the device´s screen turns off before a password is required to wake the device. During the time when the screen turns off but a password isn't required, the keys used by PDE to protect content could potentially be exposed. It's recommended to explicitly disable this policy on Azure AD joined devices.|
+
+## Configure PDE with Microsoft Intune
+
+[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+|**PDE**|Enable Personal Data Encryption (User)|Enable Personal Data Encryption|
+|**Administrative Templates > Windows Components > Windows Logon Options**|Sign-in and lock last interactive user automatically after a restart|Disabled|
+|**Memory Dump**|Allow Live Dump|Block|
+|**Memory Dump**|Allow Crash Dump|Block|
+|**Administrative Templates > Windows Components > Windows Error Reporting** | Disable Windows Error Reporting | Enabled|
+|**Power**|Allow Hibernate|Block|
+|**Administrative Templates > System > Logon** | Allow users to select when a password is required when resuming from connected standby | Disabled|
+
+[!INCLUDE [intune-settings-catalog-2](../../../../../includes/configure/intune-settings-catalog-2.md)]
+
+> [!TIP]
+> Use the following Graph call to automatically create the settings catalog policy in your tenant without assignments nor scope tags.
+>
+> When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires *DeviceManagementConfiguration.ReadWrite.All* permissions.
+
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/deviceManagement/configurationPolicies
+Content-Type: application/json
+
+{ "id": "00-0000-0000-0000-000000000000", "name": "_MSLearn_PDE", "description": "", "platforms": "windows10", "technologies": "mdm", "roleScopeTagIds": [ "0" ], "settings": [ { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "device_vendor_msft_policy_config_admx_credentialproviders_allowdomaindelaylock", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "device_vendor_msft_policy_config_admx_credentialproviders_allowdomaindelaylock_0", "children": [] } } }, { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "device_vendor_msft_policy_config_errorreporting_disablewindowserrorreporting", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "device_vendor_msft_policy_config_errorreporting_disablewindowserrorreporting_1", "children": [] } } }, { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "device_vendor_msft_policy_config_windowslogon_allowautomaticrestartsignon", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "device_vendor_msft_policy_config_windowslogon_allowautomaticrestartsignon_0", "children": [] } } }, { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "device_vendor_msft_policy_config_memorydump_allowcrashdump", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "device_vendor_msft_policy_config_memorydump_allowcrashdump_0", "children": [] } } }, { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "device_vendor_msft_policy_config_memorydump_allowlivedump", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "device_vendor_msft_policy_config_memorydump_allowlivedump_0", "children": [] } } }, { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "user_vendor_msft_pde_enablepersonaldataencryption", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "user_vendor_msft_pde_enablepersonaldataencryption_1", "children": [] } } }, { "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting", "settingInstance": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", "settingDefinitionId": "device_vendor_msft_policy_config_power_allowhibernate", "choiceSettingValue": { "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingValue", "value": "device_vendor_msft_policy_config_power_allowhibernate_0", "children": [] } } } ] }
+```
+
+## Configure PDE with CSP
+
+Alternatively, you can configure devices using the [Policy CSP][CSP-1] and [PDE CSP][CSP-2].
+
+|OMA-URI|Format|Value|
+|-|-|-|
+|`./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`|int|`1`|
+|`./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn`|string|`<disabled/>`|
+|`./Device/Vendor/MSFT/Policy/Config/MemoryDump/AllowCrashDump`| int| `0`|
+|`./Device/Vendor/MSFT/Policy/Config/MemoryDump/AllowLiveDump` |int| `0`|
+|`./Device/Vendor/MSFT/Policy/Config/ErrorReporting/DisableWindowsErrorReporting`|string|`<enabled/>`|
+|`./Device/Vendor/MSFT/Policy/Config/Power/AllowHibernate` |int| `0`|
+|`./Device/Vendor/MSFT/Policy/Config/ADMX_CredentialProviders/AllowDomainDelayLock`|string|`<disabled/>`|
+
+## Disable PDE
+
+Once PDE is enabled, it isn't recommended to disable it. However if you need to disable PDE, you can do so using the following steps.
+
+### Disable PDE with a settings catalog policy in Intune
+
+[!INCLUDE [intune-settings-catalog-1](../../../../../includes/configure/intune-settings-catalog-1.md)]
+
+| Category | Setting name | Value |
+|--|--|--|
+|**PDE**|**Enable Personal Data Encryption (User)**|Disable Personal Data Encryption|
+
+[!INCLUDE [intune-settings-catalog-2](../../../../../includes/configure/intune-settings-catalog-2.md)]
+
+### Disable PDE with CSP
+
+You can disable PDE with CSP using the following setting:
+
+|OMA-URI|Format|Value|
+|-|-|-|
+|`./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`|int|`0`|
+
+## Decrypt PDE-encrypted content
+
+Disabling PDE doesn't decrypt any PDE protected content. It only prevents the PDE API from being able to protect any additional content. PDE-protected files can be manually decrypted using the following steps:
+
+1. Open the properties of the file
+1. Under the **General** tab, select **Advanced...**
+1. Uncheck the option **Encrypt contents to secure data**
+1. Select **OK**, and then **OK** again
+
+PDE-protected files can also be decrypted using [`cipher.exe`][WINS-1], which can be helpful in the following scenarios:
+
+- Decrypting a large number of files on a device
+- Decrypting files on multiple of devices
+
+To decrypt files on a device using `cipher.exe`:
+
+- Decrypt all files under a directory including subdirectories:
+
+  ```cmd
+  cipher.exe /d /s:<path_to_directory>
+  ```
+
+- Decrypt a single file or all of the files in the specified directory, but not any subdirectories:
+
+  ```cmd
+  cipher.exe /d <path_to_file_or_directory>
+  ```
+
+> [!IMPORTANT]
+> Once a user selects to manually decrypt a file, the user won't be able to manually protect the file again using PDE.
+
+## Next steps
+
+- Review the [Personal Data Encryption (PDE) FAQ](faq.yml)
+
+<!--links used in this document-->
+
+[CSP-1]: /windows/client-management/mdm/policy-configuration-service-provider
+[CSP-2]: /windows/client-management/mdm/personaldataencryption-csp
+
+[WINS-1]: /windows-server/administration/windows-commands/cipher
diff --git a/windows/security/information-protection/personal-data-encryption/faq-pde.yml b/windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml
similarity index 69%
rename from windows/security/information-protection/personal-data-encryption/faq-pde.yml
rename to windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml
index 01ba4b7b8e..9dbd3b3def 100644
--- a/windows/security/information-protection/personal-data-encryption/faq-pde.yml
+++ b/windows/security/operating-system-security/data-protection/personal-data-encryption/faq.yml
@@ -3,18 +3,8 @@
 metadata:
   title: Frequently asked questions for Personal Data Encryption (PDE)
   description: Answers to common questions regarding Personal Data Encryption (PDE).
-  author: frankroj
-  ms.author: frankroj
-  ms.reviewer: rhonnegowda
-  manager: aaroncz
   ms.topic: faq
-  ms.prod: windows-client
-  ms.technology: itpro-security
-  ms.localizationpriority: medium
-  ms.date: 03/13/2023
-
-# Max 5963468 OS 32516487
-# Max 6946251
+  ms.date: 08/11/2023
 
 title: Frequently asked questions for Personal Data Encryption (PDE)
 summary: |
@@ -55,17 +45,9 @@ sections:
         answer: |
           No. PDE protected content can only be accessed after signing on locally to Windows with Windows Hello for Business credentials.
 
-      - question: How can it be determined if a file is protected with PDE?
-        answer: |
-          - Files protected with PDE and EFS will both show a padlock on the file's icon. To verify whether a file is protected with PDE vs. EFS:
-            1. In the properties of the file, navigate to **General** > **Advanced**. The option **Encrypt contents to secure data** should be selected.
-            2. Select the **Details** button.
-            3. If the file is protected with PDE, under **Protection status:**, the item **Personal Data Encryption is:** will be marked as **On**.
-          - [`cipher.exe`](/windows-server/administration/windows-commands/cipher) can also be used to show the encryption state of the file.
-
       - question: Can users manually encrypt and decrypt files with PDE?
         answer: |
-          Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section **Disable PDE and decrypt files** in [Personal Data Encryption (PDE)](overview-pde.md).
+          Currently users can decrypt files manually but they can't encrypt files manually. For information on how a user can manually decrypt a file, see the section [Decrypt PDE-encrypted content](configure.md#decrypt-pde-encrypted-content). 
 
       - question: If a user signs into Windows with a password instead of Windows Hello for Business, will they be able to access their PDE protected content?
         answer: |
@@ -74,9 +56,3 @@ sections:
       - question: What encryption method and strength does PDE use?
         answer: |
           PDE uses AES-CBC with a 256-bit key to encrypt content.
-
-additionalContent: |
-  ## See also
-    - [Personal Data Encryption (PDE)](overview-pde.md)
-    - [Configure Personal Data Encryption (PDE) polices in Intune](configure-pde-in-intune.md)
-    
diff --git a/windows/security/operating-system-security/data-protection/personal-data-encryption/index.md b/windows/security/operating-system-security/data-protection/personal-data-encryption/index.md
new file mode 100644
index 0000000000..0608ea1a7c
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/personal-data-encryption/index.md
@@ -0,0 +1,115 @@
+---
+title: Personal Data Encryption (PDE)
+description: Personal Data Encryption unlocks user encrypted files at user sign-in instead of at boot.
+ms.topic: how-to
+ms.date: 08/11/2023
+---
+
+# Personal Data Encryption (PDE)
+
+Starting in Windows 11, version 22H2, Personal Data Encryption (PDE) is a security feature that provides file-based data encryption capabilities to Windows.
+
+PDE utilizes Windows Hello for Business to link *data encryption keys* with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user.\
+When a user logs off, decryption keys are discarded and data is inaccessible, even if another user signs into the device.
+
+The use of Windows Hello for Business offers the following advantages:
+
+- It reduces the number of credentials to access encrypted content: users only need to sign-in with Windows Hello for Business
+- The accessibility features available when using Windows Hello for Business extend to PDE protected content
+
+PDE differs from BitLocker in that it encrypts files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker.\
+Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business.
+
+## Prerequisites
+
+To use PDE, the following prerequisites must be met:
+
+- Windows 11, version 22H2 and later
+- The devices must be [Azure AD joined][AAD-1]. Domain-joined and hybrid Azure AD joined devices aren't supported
+- Users must sign in using [Windows Hello for Business](../../../identity-protection/hello-for-business/index.md)
+
+> [!IMPORTANT]
+> If you sign in with a password or a [security key][AAD-2], you can't access PDE protected content.
+
+[!INCLUDE [personal-data-encryption-pde](../../../../../includes/licensing/personal-data-encryption-pde.md)]
+
+## PDE protection levels
+
+PDE uses *AES-CBC* with a *256-bit key* to protect content and offers two levels of protection. The level of protection is determined based on the organizational needs. These levels can be set via the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager).
+
+| Item | Level 1 | Level 2 |
+|---|---|---|
+| PDE protected data accessible when user has signed in via Windows Hello for Business | Yes | Yes |
+| PDE protected data is accessible at Windows lock screen | Yes | Data is accessible for one minute after lock, then it's no longer available |
+| PDE protected data is accessible after user signs out of Windows | No | No |
+| PDE protected data is accessible when device is shut down | No | No |
+| PDE protected data is accessible via UNC paths | No | No |
+| PDE protected data is accessible when signing with Windows password instead of Windows Hello for Business | No | No |
+| PDE protected data is accessible via Remote Desktop session | No | No |
+| Decryption keys used by PDE discarded | After user signs out of Windows | One minute after Windows lock screen is engaged or after user signs out of Windows |
+
+## PDE protected content accessibility
+
+When a file is protected with PDE, its icon will show a padlock. If the user hasn't signed in locally with Windows Hello for Business or an unauthorized user attempts to access PDE protected content, they'll be denied access to the content.
+
+Scenarios where a user will be denied access to PDE protected content include:
+
+- User has signed into Windows via a password instead of signing in with Windows Hello for Business biometric or PIN
+- If protected via level 2 protection, when the device is locked
+- When trying to access content on the device remotely. For example, UNC network paths
+- Remote Desktop sessions
+- Other users on the device who aren't owners of the content, even if they're signed in via Windows Hello for Business and have permissions to navigate to the PDE protected content
+
+## Differences between PDE and BitLocker
+
+PDE is meant to work alongside BitLocker. PDE isn't a replacement for BitLocker, nor is BitLocker a replacement for PDE. Using both features together provides better security than using either BitLocker or PDE alone. However there are differences between BitLocker and PDE and how they work. These differences are why using them together offers better security.
+
+| Item | PDE | BitLocker |
+|--|--|--|
+| Release of decryption key | At user sign-in via Windows Hello for Business | At boot |
+| Decryption keys discarded | When user signs out of Windows or one minute after Windows lock screen is engaged | At shutdown |
+| Protected content | All files in protected folders | Entire volume/drive |
+| Authentication to access protected content | Windows Hello for Business | When BitLocker with TPM + PIN is enabled, BitLocker PIN plus Windows sign-in |
+
+## Differences between PDE and EFS
+
+The main difference between protecting files with PDE instead of EFS is the method they use to protect the file. PDE uses Windows Hello for Business to secure the keys that protect the files. EFS uses certificates to secure and protect the files.
+
+To see if a file is protected with PDE or with EFS:
+
+1. Open the properties of the file
+1. Under the **General** tab, select **Advanced...**
+1. In the **Advanced Attributes** windows, select **Details**
+
+For PDE protected files, under **Protection status:** there will be an item listed as **Personal Data Encryption is:** and it will have the attribute of **On**.
+
+For EFS protected files, under **Users who can access this file:**, there will be a **Certificate thumbprint** next to the users with access to the file. There will also be a section at the bottom labeled **Recovery certificates for this file as defined by recovery policy:**.
+
+Encryption information including what encryption method is being used to protect the file can be obtained with the [`cipher.exe /c`](/windows-server/administration/windows-commands/cipher) command.
+
+## Recommendations for using PDE
+
+The following are recommendations for using PDE:
+
+- Enable [BitLocker Drive Encryption](../bitlocker/index.md). Although PDE works without BitLocker, it's recommended to enable BitLocker. PDE is meant to work alongside BitLocker for increased security at it isn't a replacement for BitLocker
+- Backup solution such as [OneDrive in Microsoft 365](/sharepoint/onedrive-overview). In certain scenarios, such as TPM resets or destructive PIN resets, the keys used by PDE to protect content will be lost making any PDE-protected content inaccessible. The only way to recover such content is from a backup. If the files are synced to OneDrive, to regain access you must re-sync OneDrive
+- [Windows Hello for Business PIN reset service](../../../identity-protection/hello-for-business/hello-feature-pin-reset.md). Destructive PIN resets will cause keys used by PDE to protect content to be lost, making any content protected with PDE inaccessible. After a destructive PIN reset, content protected with PDE must be recovered from a backup. For this reason, Windows Hello for Business PIN reset service is recommended since it provides non-destructive PIN resets
+- [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) offers additional security when authenticating with Windows Hello for Business via biometrics or PIN
+
+## Windows out of box applications that support PDE
+
+Certain Windows applications support PDE out of the box. If PDE is enabled on a device, these applications will utilize PDE:
+
+| App name | Details |
+|-|-|
+| Mail | Supports protecting both email bodies and attachments|
+
+## Next steps
+
+- Learn about the available options to configure Personal Data Encryption (PDE) and how to configure them via Microsoft Intune or configuration Service Provider (CSP): [PDE settings and configuration](configure.md)
+- Review the [Personal Data Encryption (PDE) FAQ](faq.yml)
+
+<!--links used in this document-->
+
+[AAD-1]: /azure/active-directory/devices/concept-azure-ad-join
+[AAD-2]: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
diff --git a/windows/security/operating-system-security/data-protection/personal-data-encryption/toc.yml b/windows/security/operating-system-security/data-protection/personal-data-encryption/toc.yml
new file mode 100644
index 0000000000..f526600bd4
--- /dev/null
+++ b/windows/security/operating-system-security/data-protection/personal-data-encryption/toc.yml
@@ -0,0 +1,7 @@
+items:
+- name: PDE overview
+  href: index.md
+- name: Configure PDE
+  href: configure.md
+- name: PDE frequently asked questions (FAQ)
+  href: faq.yml
\ No newline at end of file
diff --git a/windows/security/operating-system-security/data-protection/toc.yml b/windows/security/operating-system-security/data-protection/toc.yml
index 89647a44e4..0131f73784 100644
--- a/windows/security/operating-system-security/data-protection/toc.yml
+++ b/windows/security/operating-system-security/data-protection/toc.yml
@@ -1,106 +1,12 @@
 items:
-- name: Overview
-  href: ../../encryption-data-protection.md
 - name: BitLocker
-  href: ../../information-protection/bitlocker/bitlocker-overview.md
-  items:
-  - name: Overview of BitLocker Device Encryption in Windows
-    href: ../../information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
-  - name: BitLocker frequently asked questions (FAQ)
-    href: ../../information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
-    items:
-    - name: Overview and requirements
-      href: ../../information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-    - name: Upgrading
-      href: ../../information-protection/bitlocker/bitlocker-upgrading-faq.yml
-    - name: Deployment and administration
-      href: ../../information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-    - name: Key management
-      href: ../../information-protection/bitlocker/bitlocker-key-management-faq.yml
-    - name: BitLocker To Go
-      href: ../../information-protection/bitlocker/bitlocker-to-go-faq.yml
-    - name: Active Directory Domain Services
-      href: ../../information-protection/bitlocker/bitlocker-and-adds-faq.yml
-    - name: Security
-      href: ../../information-protection/bitlocker/bitlocker-security-faq.yml
-    - name: BitLocker Network Unlock
-      href: ../../information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-    - name: General
-      href: ../../information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
-  - name: "Prepare your organization for BitLocker: Planning and policies"
-    href: ../../information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
-  - name: BitLocker deployment comparison
-    href: ../../information-protection/bitlocker/bitlocker-deployment-comparison.md
-  - name: BitLocker basic deployment
-    href: ../../information-protection/bitlocker/bitlocker-basic-deployment.md
-  - name: Deploy BitLocker on Windows Server 2012 and later
-    href: ../../information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
-  - name: BitLocker management
-    href: ../../information-protection/bitlocker/bitlocker-management-for-enterprises.md
-  - name: Enable Network Unlock with BitLocker
-    href: ../../information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
-  - name: Use BitLocker Drive Encryption Tools to manage BitLocker
-    href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-  - name: Use BitLocker Recovery Password Viewer
-    href: ../../information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
-  - name: BitLocker Group Policy settings
-    href: ../../information-protection/bitlocker/bitlocker-group-policy-settings.md
-  - name: BCD settings and BitLocker
-    href: ../../information-protection/bitlocker/bcd-settings-and-bitlocker.md
-  - name: BitLocker Recovery Guide
-    href: ../../information-protection/bitlocker/bitlocker-recovery-guide-plan.md
-  - name: BitLocker Countermeasures
-    href: ../../information-protection/bitlocker/bitlocker-countermeasures.md
-  - name: Protecting cluster shared volumes and storage area networks with BitLocker
-    href: ../../information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-  - name: Troubleshoot BitLocker
-    items:
-      - name: Troubleshoot BitLocker
-        href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
-      - name: "BitLocker cannot encrypt a drive: known issues"
-        href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
-      - name: "Enforcing BitLocker policies by using Intune: known issues"
-        href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
-      - name: "BitLocker Network Unlock: known issues"
-        href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
-      - name: "BitLocker recovery: known issues"
-        href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
-      - name: "BitLocker configuration: known issues"
-        href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
-      - name: Troubleshoot BitLocker and TPM issues
-        items:
-          - name: "BitLocker cannot encrypt a drive: known TPM issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
-          - name: "BitLocker and TPM: other known issues"
-            href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
-          - name: Decode Measured Boot logs to track PCR changes
-            href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
+  href: bitlocker/toc.yml
 - name: Encrypted Hard Drive
-  href: ../../information-protection/encrypted-hard-drive.md
-- name: Personal Data Encryption (PDE)
-  items:
-  - name: Personal Data Encryption (PDE) overview
-    href: ../../information-protection/personal-data-encryption/overview-pde.md
-  - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-    href: ../../information-protection/personal-data-encryption/faq-pde.yml
-  - name: Configure Personal Data Encryption (PDE) in Intune
-    items:
-    - name: Configure Personal Data Encryption (PDE) in Intune
-      href: ../../information-protection/personal-data-encryption/configure-pde-in-intune.md
-    - name: Enable Personal Data Encryption (PDE)
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
-    - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
-    - name: Disable kernel-mode crash dumps and live dumps for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
-    - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
-    - name: Disable hibernation for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
-    - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
-      href: ../../information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
-- name: Configure S/MIME for Windows
-  href: ../../identity-protection/configure-s-mime.md
+  href: encrypted-hard-drive.md
+- name: Personal data encryption (PDE)
+  href: personal-data-encryption/toc.yml
+- name: Email Encryption (S/MIME)
+  href: configure-s-mime.md
 - name: Windows Information Protection (WIP)
   href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
   items:
diff --git a/windows/security/operating-system-security/device-management/toc.yml b/windows/security/operating-system-security/device-management/toc.yml
index 239b2eb2a6..5af1dc4845 100644
--- a/windows/security/operating-system-security/device-management/toc.yml
+++ b/windows/security/operating-system-security/device-management/toc.yml
@@ -1,21 +1,13 @@
 items:
-  - name: Security policy settings
-    href: ../../threat-protection/security-policy-settings/security-policy-settings.md
-  - name: Security auditing
-    href: ../../threat-protection/auditing/security-auditing-overview.md
-  - name: Secured-core configuration lock
-    href: /windows/client-management/config-lock
-  - name: Assigned Access (kiosk mode)
-    href: /windows/configuration/kiosk-methods
   - name: Security baselines
-    href: ../../threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+    href: windows-security-configuration-framework/windows-security-baselines.md
     items:
     - name: Security Compliance Toolkit
-      href: ../../threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+      href: windows-security-configuration-framework/security-compliance-toolkit-10.md
     - name: Get support
-      href: ../../threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+      href: windows-security-configuration-framework/get-support-for-security-baselines.md
     - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-      href: ../../threat-protection/mbsa-removal-and-guidance.md
+      href: windows-security-configuration-framework/mbsa-removal-and-guidance.md
   - name: More Windows security
     items:
     - name: Override Process Mitigation Options to help enforce app-related security policies
@@ -23,4 +15,4 @@ items:
     - name: Use Windows Event Forwarding to help with intrusion detection
       href: ../../threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
     - name: Block untrusted fonts in an enterprise
-      href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
\ No newline at end of file
+      href: ../../threat-protection/block-untrusted-fonts-in-enterprise.md
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
similarity index 51%
rename from windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
rename to windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
index 65d2045cbc..25675c2123 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -1,15 +1,9 @@
 ---
 title: Get support for security baselines
 description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
-ms.prod: windows-client
 ms.localizationpriority: medium
-ms.author: vinpa
-author: vinaypamnani-msft
-manager: aaroncz
 ms.topic: conceptual
-ms.date: 10/19/2022
-ms.reviewer: jmunck
-ms.technology: itpro-security
+ms.date: 07/11/2023
 ---
 
 # Get Support
@@ -24,10 +18,10 @@ More information about this change can be found on the [Microsoft Security Guida
 
 Any version of Windows baseline before Windows 10 1703 can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. See the version matrix in this article to see if your version of Windows baseline is available on SCT.
 
--   [SCM 4.0 Download](/previous-versions/tn-archive/cc936627(v=technet.10))
--   [SCM Frequently Asked Questions (FAQ)](https://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx)
--   [SCM Release Notes](https://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes.aspx)
--   [SCM baseline download help](https://social.technet.microsoft.com/wiki/contents/articles/1865.microsoft-security-compliance-manager-scm-baseline-download-help.aspx)
+- [SCM 4.0 Download](/previous-versions/tn-archive/cc936627(v=technet.10))
+- [SCM Frequently Asked Questions (FAQ)](https://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx)
+- [SCM Release Notes](https://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes.aspx)
+- [SCM baseline download help](https://social.technet.microsoft.com/wiki/contents/articles/1865.microsoft-security-compliance-manager-scm-baseline-download-help.aspx)
 
 **What file formats are supported by the new SCT?**
 
@@ -45,41 +39,31 @@ No. A potential alternative is Desired State Configuration (DSC), a feature of t
 
 No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new toolkit likewise doesn't include SCAP support.
 
-<br />
-
 ## Version Matrix
 
-**Client Versions**
+**Client Versions**:
 
 | Name | Build | Baseline Release Date | Security Tools |
-| ---- | ----- | --------------------- | -------------- |
-| Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br>|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2022<br>December 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) |
+|--|--|--|--|
+| Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br> | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update) | October 2022<br>December 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
-<br />
+**Server Versions**:
 
-**Server Versions**
+| Name                   | Build                                                                                                                                                       | Baseline Release Date | Security Tools                                                      |
+|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---------------------------------------------------------------------|
+| Windows Server 2022    | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685)                          | September 2021        | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2019    | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) | November 2018         | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2016    | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)                                      | October 2016          | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2012 R2 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)                                      | August 2014           | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
-| Name | Build | Baseline Release Date | Security Tools |
-|---|---|---|---|
-|Windows Server 2022 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685) |September 2021 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-|Windows Server 2019 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) |November 2018 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-|Windows Server 2016 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) |October 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-|Windows Server 2012 R2|[SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)|August 2014 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)|
+**Microsoft Products**:
 
-<br />
+| Name                                            | Details                                                                                                                                                    | Security Tools                                                      |
+|-------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------|
+| Microsoft 365 Apps for enterprise, version 2206 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2206/ba-p/3502714) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Microsoft Edge, version 107                     | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v98/ba-p/3165443)                      | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
-**Microsoft Products**
-
-
-|           Name            |                                                                            Details                                                                            |                               Security Tools                                |
-|---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
-|   Microsoft 365 Apps for enterprise, version 2206    | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2206/ba-p/3502714) |     [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)     |
-|   Microsoft Edge, version 107    | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v98/ba-p/3165443) |     [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)     |
-
-<br />
-
-## See also
+## Related articles
 
 [Windows security baselines](windows-security-baselines.md)
diff --git a/windows/security/threat-protection/images/powershell-example.png b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/images/powershell-example.png
similarity index 100%
rename from windows/security/threat-protection/images/powershell-example.png
rename to windows/security/operating-system-security/device-management/windows-security-configuration-framework/images/powershell-example.png
diff --git a/windows/security/threat-protection/images/vbs-example.png b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/images/vbs-example.png
similarity index 100%
rename from windows/security/threat-protection/images/vbs-example.png
rename to windows/security/operating-system-security/device-management/windows-security-configuration-framework/images/vbs-example.png
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
similarity index 87%
rename from windows/security/threat-protection/mbsa-removal-and-guidance.md
rename to windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
index ca5ddc47aa..8faa272dca 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance.md
@@ -1,44 +1,39 @@
 ---
 title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
 description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
-ms.prod: windows-client
 ms.localizationpriority: medium
-ms.author: paoloma
-author: paolomatarazzo
-manager: aaroncz
-ms.technology: itpro-security
-ms.date: 03/29/2023
+ms.date: 07/11/2023
 ms.topic: article
 ---
- 
+
 # What is Microsoft Baseline Security Analyzer and its uses?
- 
-Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these extra checks hadn't been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive. 
- 
+
+Microsoft Baseline Security Analyzer (MBSA) is used to verify patch compliance. MBSA also performed several other security checks for Windows, IIS, and SQL Server. Unfortunately, the logic behind these extra checks hadn't been actively maintained since Windows XP and Windows Server 2003. Changes in the products since then rendered many of these security checks obsolete and some of their recommendations counterproductive.
+
 MBSA was largely used in situations where Microsoft Update a local WSUS or Configuration Manager server wasn't available, or as a compliance tool to ensure that all security updates were deployed to a managed environment. While MBSA version 2.3 introduced support for Windows Server 2012 R2 and Windows 8.1, it has since been deprecated and no longer developed. MBSA 2.3 isn't updated to fully support Windows 10 and Windows Server 2016.
 
 > [!NOTE]
-> In accordance with our [SHA-1 deprecation initiative](https://aka.ms/sha1deprecation), the Wsusscn2.cab file is no longer dual-signed using both SHA-1 and the SHA-2 suite of hash algorithms (specifically SHA-256). This file is now signed using only SHA-256. Administrators who verify digital signatures on this file should now expect only single SHA-256 signatures. Starting with the August 2020 Wsusscn2.cab file, MBSA will return the following error "The catalog file is damaged or an invalid catalog." when attempting to scan using the offline scan file. 
+> In accordance with our [SHA-1 deprecation initiative](https://aka.ms/sha1deprecation), the Wsusscn2.cab file is no longer dual-signed using both SHA-1 and the SHA-2 suite of hash algorithms (specifically SHA-256). This file is now signed using only SHA-256. Administrators who verify digital signatures on this file should now expect only single SHA-256 signatures. Starting with the August 2020 Wsusscn2.cab file, MBSA will return the following error "The catalog file is damaged or an invalid catalog." when attempting to scan using the offline scan file.
 
 ## Solution
 
 A script can help you with an alternative to MBSA's patch-compliance checking:
 
-- [Using WUA to Scan for Updates Offline](/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. 
+- [Using WUA to Scan for Updates Offline](/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script.
 For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://www.powershellgallery.com/packages/Scan-UpdatesOffline/1.0).
 
 For example:
 
-[![Screenshot that shows the VBS script.](images/vbs-example.png)](/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) 
-[![Screenshot that shows the PowerShell script.](images/powershell-example.png)](https://www.powershellgallery.com/packages/Scan-UpdatesOffline/1.0) 
-  
+[![Screenshot that shows the VBS script.](images/vbs-example.png)](/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline)
+[![Screenshot that shows the PowerShell script.](images/powershell-example.png)](https://www.powershellgallery.com/packages/Scan-UpdatesOffline/1.0)
+
 The preceding scripts use the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
 The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it doesn't contain any information on non-security updates, tools or drivers.
 
-## More information  
+## More information
 
 For security compliance and for desktop/server hardening, we recommend the Microsoft Security Baselines and the Security Compliance Toolkit.
 
-- [Windows security baselines](windows-security-baselines.md) 
-- [Download Microsoft Security Compliance Toolkit 1.0](https://www.microsoft.com/download/details.aspx?id=55319) 
+- [Windows security baselines](windows-security-baselines.md)
+- [Download Microsoft Security Compliance Toolkit 1.0](https://www.microsoft.com/download/details.aspx?id=55319)
 - [Microsoft Security Guidance blog](/archive/blogs/secguide/)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
similarity index 54%
rename from windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
rename to windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
index bac325bbe0..b145f9c722 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -1,94 +1,79 @@
 ---
-title: Microsoft Security Compliance Toolkit 1.0 Guide
-description: This article describes how to use Security Compliance Toolkit 1.0 in your organization
-ms.prod: windows-client
+title: Microsoft Security Compliance Toolkit Guide
+description: This article describes how to use Security Compliance Toolkit in your organization
 ms.localizationpriority: medium
-ms.author: vinpa
-author: vinaypamnani-msft
-manager: aaroncz
-ms.collection: 
+ms.collection:
   - highpri
   - tier3
 ms.topic: conceptual
-ms.date: 02/14/2022
-ms.reviewer: rmunck
-ms.technology: itpro-security
+ms.date: 07/11/2023
 ---
 
-# Microsoft Security Compliance Toolkit 1.0 - How to use
+# Microsoft Security Compliance Toolkit - How to use
 
 ## What is the Security Compliance Toolkit (SCT)?
 
 The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
 
 The SCT enables administrators to effectively manage their enterprise's Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy.
-<p></p>
 
 The Security Compliance Toolkit consists of:
 
--   Windows 11 security baseline
-    -   Windows 11, version 22H2
-    -   Windows 11, version 21H2
--   Windows 10 security baselines
-    -   Windows 10, version 22H2
-    -   Windows 10, version 21H2
-    -   Windows 10, version 20H2
-    -   Windows 10, version 1809
-    -   Windows 10, version 1607
-    -   Windows 10, version 1507
-
--   Windows Server security baselines
-    -   Windows Server 2022
-    -   Windows Server 2019
-    -   Windows Server 2016
-    -   Windows Server 2012 R2
-
--   Microsoft Office security baseline
-    -   Office 2016 
-    -   Microsoft 365 Apps for Enterprise Version 2206
-    
--   Microsoft Edge security baseline
-    -   Edge version 107
-
--   Tools
-    -   Policy Analyzer
-    -   Local Group Policy Object (LGPO)
-    -   Set Object Security
-    -   GPO to Policy Rules
-
+- Windows 11 security baseline
+  - Windows 11, version 22H2
+  - Windows 11, version 21H2
+- Windows 10 security baselines
+  - Windows 10, version 22H2
+  - Windows 10, version 21H2
+  - Windows 10, version 20H2
+  - Windows 10, version 1809
+  - Windows 10, version 1607
+  - Windows 10, version 1507
+- Windows Server security baselines
+  - Windows Server 2022
+  - Windows Server 2019
+  - Windows Server 2016
+  - Windows Server 2012 R2
+- Microsoft Office security baseline
+  - Office 2016
+  - Microsoft 365 Apps for Enterprise Version 2206
+- Microsoft Edge security baseline
+  - Edge version 114
+- Tools
+  - Policy Analyzer
+  - Local Group Policy Object (LGPO)
+  - Set Object Security
+  - GPO to Policy Rules
 
 You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more information about security baseline recommendations, see the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines).
 
 ## What is the Policy Analyzer tool?
 
 The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features include:
--   Highlight when a set of Group Policies has redundant settings or internal inconsistencies
--   Highlight the differences between versions or sets of Group Policies
--   Compare GPOs against current local policy and local registry settings
--   Export results to a Microsoft Excel spreadsheet
 
-Policy Analyzer lets you treat a set of GPOs as a single unit. This treatment makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. 
+- Highlight when a set of Group Policies has redundant settings or internal inconsistencies
+- Highlight the differences between versions or sets of Group Policies
+- Compare GPOs against current local policy and local registry settings
+- Export results to a Microsoft Excel spreadsheet
+
+Policy Analyzer lets you treat a set of GPOs as a single unit. This treatment makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set.
 
 More information on the Policy Analyzer tool can be found on the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the Local Group Policy Object (LGPO) tool?
 
-LGPO.exe is a command-line utility that is designed to help automate management of Local Group Policy. 
-Using local policy gives administrators a simple way to verify the effects of Group Policy settings, and is also useful for managing non-domain-joined systems. 
-LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, and from formatted "LGPO text" files. 
-It can export local policy to a GPO backup. 
-It can export the contents of a Registry Policy file to the "LGPO text" format that can then be edited, and can build a Registry Policy file from an LGPO text file.
+`LGPO.exe` is a command-line utility that is designed to help automate management of Local Group Policy. Using local policy gives administrators a simple way to verify the effects of Group Policy settings, and is also useful for managing non-domain-joined systems. `LGPO.exe` can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, and from formatted "LGPO text" files. It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the "LGPO text" format that can then be edited, and can build a Registry Policy file from an LGPO text file.
 
 Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the Set Object Security tool?
 
-SetObjectSecurity.exe enables you to set the security descriptor for just about any type of Windows securable object, such as files, directories, registry keys, event logs, services, and SMB shares. For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg-file-compatible representation of the security descriptor for a REG_BINARY registry value.
+`SetObjectSecurity.exe` enables you to set the security descriptor for just about any type of Windows securable object, such as files, directories, registry keys, event logs, services, and SMB shares. For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg file compatible representation of the security descriptor for a REG_BINARY registry value.
 
 Documentation for the Set Object Security tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the GPO to Policy Rules tool?
 
-Automate the conversion of GPO backups to Policy Analyzer .PolicyRules files and skip the GUI. GPO2PolicyRules is a command-line tool that is included with the Policy Analyzer download. 
+Automate the conversion of GPO backups to Policy Analyzer .PolicyRules files and skip the GUI. GPO2PolicyRules is a command-line tool that is included with the Policy Analyzer download.
 
 Documentation for the GPO to PolicyRules tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
similarity index 93%
rename from windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
rename to windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
index b4829615f9..63b6cae99b 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md
@@ -1,18 +1,12 @@
 ---
 title: Security baselines guide
 description: Learn how to use security baselines in your organization.
-ms.prod: windows-client
 ms.localizationpriority: medium
-ms.author: vinpa
-author: vinaypamnani-msft
-manager: aaroncz
-ms.collection: 
+ms.collection:
   - highpri
   - tier3
 ms.topic: conceptual
-ms.date: 01/26/2022
-ms.reviewer: jmunck
-ms.technology: itpro-security
+ms.date: 07/11/2023
 ---
 
 # Security baselines
@@ -41,7 +35,7 @@ For example, there are over 3,000 group policy settings for Windows 10, which do
 
 In modern organizations, the security threat landscape is constantly evolving, and IT pros and policy-makers must keep up with security threats and make required changes to security settings to help mitigate these threats. To enable faster deployments and make managing Microsoft products easier, Microsoft provides customers with security baselines that are available in consumable formats, such as group policy object backups.
 
-[!INCLUDE [security-baselines](../../../../includes/licensing/security-baselines.md)]
+[!INCLUDE [security-baselines](../../../../../includes/licensing/security-baselines.md)]
 
 ## Baseline principles
 
@@ -70,12 +64,7 @@ There are several ways to get and use security baselines:
 
 3. MDM security baselines can easily be configured in Microsoft Intune on devices that run Windows 10 and Windows 11. For more information, see [List of the settings in the Windows 10/11 MDM security baseline in Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
-## Community
-
-[![Microsoft Security Guidance Blog.](./../images/community.png)](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
-
-
-## See also
+## Related articles
 
 - [Microsoft Security Baselines Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
 - [Microsoft Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319)
diff --git a/windows/security/operating-system-security/index.md b/windows/security/operating-system-security/index.md
new file mode 100644
index 0000000000..1c0cd9103b
--- /dev/null
+++ b/windows/security/operating-system-security/index.md
@@ -0,0 +1,16 @@
+---
+title: Windows operating system security
+description: Securing the operating system includes system security, encryption, network security, and threat protection.
+ms.date: 08/02/2023
+ms.topic: article
+---
+
+# Windows operating system security
+
+Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats.
+
+Watch the latest [Microsoft Mechanics Windows 11 security](https://youtu.be/tg9QUrnVFho) video that shows off some of the latest Windows 11 security technology.
+
+Use the links in the following sections to learn more about the operating system security features and capabilities in Windows.
+
+[!INCLUDE [operating-system-security](../includes/sections/operating-system-security.md)]
diff --git a/windows/security/operating-system-security/network-security/toc.yml b/windows/security/operating-system-security/network-security/toc.yml
index c62a6aaad4..9745213bd4 100644
--- a/windows/security/operating-system-security/network-security/toc.yml
+++ b/windows/security/operating-system-security/network-security/toc.yml
@@ -1,8 +1,12 @@
 items:
   - name: Transport layer security (TLS) 🔗
     href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
-  - name: WiFi Security
+  - name: Domain Name System (DNS) security 🔗
+    href: /windows-server/networking/dns/doh-client-support
+  - name: Wi-Fi Security
     href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
+  - name: Extensible Authentication Protocol (EAP) for network access
+    href: /windows-server/networking/technologies/extensible-authentication-protocol/network-access
   - name: Windows Firewall 🔗
     href: windows-firewall/windows-firewall-with-advanced-security.md
   - name: Virtual Private Network (VPN)
@@ -14,4 +18,4 @@ items:
   - name: Server Message Block (SMB) file service 🔗
     href: /windows-server/storage/file-server/file-server-smb-overview
   - name: Server Message Block Direct (SMB Direct) 🔗
-    href: /windows-server/storage/file-server/smb-direct
\ No newline at end of file
+    href: /windows-server/storage/file-server/smb-direct
diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 834f56a321..d87edf7174 100644
--- a/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -1,19 +1,25 @@
 ---
-title: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
-ms.date: 09/23/2021
+title: How to configure cryptographic settings for IKEv2 VPN connections
+description: Learn how to update the IKEv2 cryptographic settings of VPN servers and clients by running VPN cmdlets to secure connections.
+ms.date: 08/03/2023
 ms.topic: how-to
 ---
 
-# How to configure Diffie Hellman protocol over IKEv2 VPN connections
+# How to configure cryptographic settings for IKEv2 VPN connections
 
-In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges.
+In IKEv2 VPN connections, the default setting for IKEv2 cryptographic settings are:
+
+- Encryption Algorithm: DES3  
+- Integrity, Hash Algorithm: SHA1  
+- Diffie Hellman Group (Key Size): DH2
+
+These settings aren't secure for IKE exchanges.  
 
 To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets.
 
 ## VPN server
 
-For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration.
+For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps&preserve-view=true) to configure the tunnel type. These settings are effective for all IKEv2 VPN connections.
 
 ```powershell
 Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy
@@ -25,12 +31,48 @@ On an earlier version of Windows Server, run [Set-VpnServerIPsecConfiguration](/
 Set-VpnServerIPsecConfiguration -CustomPolicy
 ```
 
-## VPN client 
+## VPN client
 
-For VPN client, you need to configure each VPN connection. 
+For VPN client, you need to configure each VPN connection.
 For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps&preserve-view=true) and specify the name of the connection:
 
-
 ```powershell
 Set-VpnConnectionIPsecConfiguration -ConnectionName <String>
-```
\ No newline at end of file
+```
+
+## IKEv2 Crypto Settings Example
+
+The following commands configure the IKEv2 cryptographic settings to:  
+
+- Encryption Algorithm: AES128  
+- Integrity, Hash Algorithm: SHA256  
+- Diffie Hellman Group (Key Size): DH14  
+
+### IKEv2 VPN Server  
+
+```powershell
+Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PFSgroup PFS2048 -SALifeTimeSeconds 28800 -MMSALifeTimeSeconds 86400 -SADataSizeForRenegotiationKilobytes 1024000  
+restart-service RemoteAccess -PassThru
+```
+
+If you need to switch back to the default IKEv2 settings, use this command:
+
+```powershell
+Set-VpnServerConfiguration -TunnelType IKEv2 -RevertToDefault  
+restart-service RemoteAccess -PassThru
+```
+
+### IKEv2 VPN Client  
+
+```powershell
+Set-VpnConnectionIPsecConfiguration -ConnectionName <String - your VPN connection name> -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES128 -DHGroup Group14 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 -Force
+```
+
+If you need to switch back to the default IKEv2 settings, use this command:
+
+```powershell
+Set-VpnConnectionIPsecConfiguration -ConnectionName <String - your VPN connection name> -RevertToDefault -Force
+```
+
+> [!TIP]  
+> If you're configuring a all-user VPN connection or a Device Tunnel you must use the `-AllUserConnection` parameter in the `Set-VpnConnectionIPsecConfiguration` command.  
\ No newline at end of file
diff --git a/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 08b4c532c8..ae9673a74d 100644
--- a/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -1,13 +1,13 @@
 ---
 title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
 description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
-ms.date: 12/28/2022
+ms.date: 08/03/2023
 ms.topic: how-to
 ---
 
 # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
 
-This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections. The following scenarios are typically used:
+This article explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over Wi-Fi or VPN connections. The following scenarios are typically used:
 
 - Connecting to a network using Wi-Fi or VPN
 - Use credentials for Wi-Fi or VPN authentication to also authenticate requests to access domain resources, without being prompted for domain credentials
@@ -17,15 +17,15 @@ For example, you want to connect to a corporate network and access an internal w
 The credentials that are used for the connection authentication are placed in *Credential Manager* as the default credentials for the **logon session**. Credential Manager stores credentials that can be used for specific domain resources. These are based on the target name of the resource:
 
 - For VPN, the VPN stack saves its credential as the **session default**
-- For WiFi, Extensible Authentication Protocol (EAP) provides support
+- For Wi-Fi, Extensible Authentication Protocol (EAP) provides support
 
 The credentials are placed in Credential Manager as a *session credential*:
 
 - A *session credential* implies that it is valid for the current user session
-- The credentials are cleaned up when the WiFi or VPN connection is disconnected
+- The credentials are cleaned up when the Wi-Fi or VPN connection is disconnected
 
 > [!NOTE]
-> In Windows 10, version 21H2 and later, the *session credential* is not visible in Credential Manager.
+> In Windows 10, version 21H2 and later, the *session credential* isn't visible in Credential Manager.
 
 For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from Credential Manager to the SSP that is requesting it.
 For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
index 1fc65b4198..b79e1c9335 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
@@ -1,7 +1,7 @@
 ---
 title: VPN authentication options 
 description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
-ms.date: 09/23/2021
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
@@ -9,7 +9,7 @@ ms.topic: conceptual
 
 In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
 
-Windows supports a number of EAP authentication methods. 
+Windows supports a number of EAP authentication methods.
 
 - EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (EAP-MSCHAPv2):
   - User name and password authentication
@@ -43,7 +43,7 @@ Windows supports a number of EAP authentication methods.
 
   - Fast Reconnect: reduces the delay between an authentication request by a client and the response by the Network Policy Server (NPS) or other Remote Authentication Dial-in User Service (RADIUS) server. This reduces resource requirements for both client and server, and minimizes the number of times that users are prompted for credentials.
 
-  - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it is possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
+  - [Cryptobinding](/openspecs/windows_protocols/ms-peap/757a16c7-0826-4ba9-bb71-8c3f1339e937): By deriving and exchanging values from the PEAP phase 1 key material (**Tunnel Key**) and from the PEAP phase 2 inner EAP method key material (**Inner Session Key**), it's possible to prove that the two authentications terminate at the same two entities (PEAP peer and PEAP server). This process, termed "cryptobinding", is used to protect the PEAP negotiation against "Man in the Middle" attacks.
 
 - Tunneled Transport Layer Security (TTLS)
   - Inner method
@@ -71,14 +71,14 @@ For a UWP VPN plug-in, the app vendor controls the authentication method to be u
 
 ## Configure authentication
 
-See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration. 
+See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration.
 
 >[!NOTE]
 >To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../../../identity-protection/hello-for-business/hello-identity-verification.md).
 
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 
-:::image type="content" source="images/vpn-eap-xml.png" alt-text="EAP XML configuration in Intune profile.":::
+:::image type="content" source="images/vpn-eap-xml.png" alt-text="Screenshot showing EAP XML configuration in Intune profile.":::
 
 ## Related topics
 
@@ -90,3 +90,4 @@ The following image shows the field for EAP XML in a Microsoft Intune VPN profil
 - [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
 - [VPN security features](vpn-security-features.md)
 - [VPN profile options](vpn-profile-options.md)
+- [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access)
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md b/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md
index 9af27f73a3..eb532bf8d6 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md
@@ -1,7 +1,7 @@
 ---
 title: VPN auto-triggered profile options
 description: With auto-triggered VPN profile options, Windows can automatically establish a VPN connection based on IT admin-defined rules. Learn about the types of auto-trigger rules that you can create for VPN connections.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md
index 3dca76e27e..26738c946b 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md
@@ -1,13 +1,13 @@
 ---
 title: VPN and conditional access
 description: Learn how to integrate the VPN client with the Conditional Access platform, and how to create access rules for Azure Active Directory (Azure AD) connected apps.
-ms.date: 05/23/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
 # VPN and conditional access
 
-The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.  
+The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
 
 >[!NOTE]
 >Conditional Access is an Azure AD Premium feature.
@@ -16,11 +16,11 @@ Conditional Access Platform components used for Device Compliance include the fo
 
 - [Conditional Access Framework](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
 - [Azure AD Connect Health](/azure/active-directory/connect-health/active-directory-aadconnect-health)
-- [Windows Health Attestation Service](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
-- Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA. 
+- [Windows Health Attestation Service](../../system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) (optional)
+- Azure AD Certificate Authority - It's a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA can't be configured as part of an on-premises Enterprise CA.
 See also [Always On VPN deployment for Windows Server and Windows 10](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy).
 - Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When the client reconnects and determines that the certificate has expired, the client will again check with Azure AD for health validation before a new certificate is issued.
-- [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
+- [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started): Cloud-based device compliance uses Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
   - Antivirus status
   - Auto-update status and update compliance
   - Password policy compliance
@@ -35,7 +35,7 @@ The following client-side components are also required:
 
 ## VPN device compliance
 
-At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the &lt;SSO&gt; section.
+At this time, the Azure AD certificates issued to users don't contain a CRL Distribution Point (CDP) and aren't suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the &lt;SSO&gt; section.
 
 Server-side infrastructure requirements to support VPN device compliance include:
 
@@ -79,19 +79,20 @@ When a VPNv2 Profile is configured with \<DeviceCompliance> \<Enabled>true<\/Ena
 
 ## Configure conditional access
 
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration. 
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
 
 ## Learn more about Conditional Access and Azure AD Health
 
 - [Azure Active Directory conditional access](/azure/active-directory/conditional-access/overview)
 - [Getting started with Azure Active Directory Conditional Access](/azure/active-directory/authentication/tutorial-enable-azure-mfa)
-- [Control the health of Windows devices](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
+- [Control the health of Windows devices](../../system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4)
 
-## Related topics
+## Related articles
+
 - [VPN technical guide](vpn-guide.md)
 - [VPN connection types](vpn-connection-type.md)
 - [VPN routing decisions](vpn-routing.md)
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md b/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md
index 686ae5380b..3f71587ce8 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md
@@ -1,7 +1,7 @@
 ---
-title: VPN connection types (Windows 10 and Windows 11)
+title: VPN connection types
 description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
-ms.date: 05/24/2022
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
@@ -16,6 +16,7 @@ There are many options for VPN clients. In Windows, the built-in plug-in and the
 ## Built-in VPN client
 
 Tunneling protocols:
+
 - [Internet Key Exchange version 2 (IKEv2)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)): configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
 - [L2TP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10)): L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
 - [PPTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687676(v=ws.10))
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-guide.md b/windows/security/operating-system-security/network-security/vpn/vpn-guide.md
index 66e09e5a4c..cd91bd8540 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-guide.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-guide.md
@@ -1,7 +1,7 @@
 ---
 title: Windows VPN technical guide
 description: Learn how to plan and configure Windows devices for your organization's VPN solution.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md b/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md
index 406f11946c..e727022c01 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md
@@ -1,7 +1,7 @@
 ---
 title: VPN name resolution
 description: Learn how name resolution works when using a VPN connection.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md
index 8a1774472f..21b3797cf1 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md
@@ -1,8 +1,8 @@
 ---
 title: Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 description: Learn how to optimize Microsoft 365 traffic for remote workers with the Windows VPN client
-ms.topic: article
-ms.date: 05/24/2023
+ms.topic: how-to
+ms.date: 08/03/2023
 ---
 # Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 
@@ -11,13 +11,13 @@ This article describes how to configure the recommendations in the article [VPN
 The recommendations can be implemented for the built-in Windows VPN client using a *Force Tunneling with Exclusions* approach, defining IP-based exclusions even when using *force tunneling*. Certain traffic can be *split* to use the physical interface, while still forcing all other traffic via the VPN interface. Traffic addressed to defined destinations (like those listed in the Microsoft 365 optimized categories) follows a much more direct and efficient path, without the need to traverse or *hairpin* via the VPN tunnel and back out of the organization's network. For cloud-services like Microsoft 365, this makes a significant difference in performance and usability for remote users.
 
 > [!NOTE]
-> The term *force tunneling with exclusions* is sometimes confusingly called *split tunnels* by other vendors and in some online documentation. For Windows VPN, the term *split tunneling* is defined differently, as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
+> The term *force tunneling with exclusions* is sometimes confusingly called *split tunnels* by other vendors and in some online documentation. For Windows VPN, the term *split tunneling* is defined differently, as described in the article [VPN routing decisions](vpn-routing.md#split-tunnel-configuration).
 
 ## Solution Overview
 
 The solution is based upon the use of a VPN Configuration Service Provider Reference profile ([VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)) and the embedded [ProfileXML](/windows/client-management/mdm/vpnv2-profile-xsd). These are used to configure the VPN profile on the device. Various provisioning approaches can be used to create and deploy the VPN profile as discussed in the article [Step 6. Configure Windows 10 client Always On VPN connections](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files).
 
-Typically, these VPN profiles are distributed using a Mobile Device Management solution like Intune, as described in [VPN profile options](./vpn-profile-options.md#apply-profilexml-using-intune) and [Configure the VPN client by using Intune](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#configure-the-vpn-client-by-using-intune).
+Typically, these VPN profiles are distributed using a Mobile Device Management solution like Intune, as described in [VPN profile options](vpn-profile-options.md#apply-profilexml-using-intune) and [Configure the VPN client by using Intune](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#configure-the-vpn-client-by-using-intune).
 
 To enable the use of force tunneling in Windows 10 or Windows 11 VPN, the `<RoutingPolicyType>` setting is typically configured with a value of _ForceTunnel_ in your existing Profile XML (or script) by way of the following entry, under the `<NativeProfile></NativeProfile>` section:
 
@@ -640,11 +640,11 @@ Write-Host "$Message"
 
 ```
 
-An example of an [Intune-ready XML file](./vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file.
+An example of an [Intune-ready XML file](vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file.
 
 >[!NOTE]
 >This XML is formatted for use with Intune and cannot contain any carriage returns or whitespace.
 
 ```xml
 <VPNProfile><RememberCredentials>true</RememberCredentials><DnsSuffix>corp.contoso.com</DnsSuffix><AlwaysOn>true</AlwaysOn><TrustedNetworkDetection>corp.contoso.com</TrustedNetworkDetection><NativeProfile><Servers>edge1.contoso.com</Servers><RoutingPolicyType>ForceTunnel</RoutingPolicyType><NativeProtocolType>IKEv2</NativeProtocolType><Authentication><MachineMethod>Certificate</MachineMethod></Authentication></NativeProfile><Route><Address>13.107.6.152</Address><PrefixSize>31</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>13.107.18.10</Address><PrefixSize>31</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>13.107.128.0</Address><PrefixSize>22</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>23.103.160.0</Address><PrefixSize>20</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>40.96.0.0</Address><PrefixSize>13</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>40.104.0.0</Address><PrefixSize>15</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>52.96.0.0</Address><PrefixSize>14</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>131.253.33.215</Address><PrefixSize>32</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>132.245.0.0</Address><PrefixSize>16</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>150.171.32.0</Address><PrefixSize>22</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>191.234.140.0</Address><PrefixSize>22</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>204.79.197.215</Address><PrefixSize>32</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>13.107.136.0</Address><PrefixSize>22</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>40.108.128.0</Address><PrefixSize>17</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>52.104.0.0</Address><PrefixSize>14</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>104.146.128.0</Address><PrefixSize>17</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>150.171.40.0</Address><PrefixSize>22</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>13.107.60.1</Address><PrefixSize>32</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>13.107.64.0</Address><PrefixSize>18</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>52.112.0.0</Address><PrefixSize>14</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Route><Address>52.120.0.0</Address><PrefixSize>14</PrefixSize><ExclusionRoute>true</ExclusionRoute></Route><Proxy><AutoConfigUrl>http://webproxy.corp.contoso.com/proxy.pac</AutoConfigUrl></Proxy></VPNProfile>
-```
\ No newline at end of file
+```
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md b/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md
index 5c344676b6..f7974cce7c 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md
@@ -1,22 +1,22 @@
 ---
 title: VPN profile options 
 description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
-ms.date: 05/17/2018
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
 # VPN profile options
 
-Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). 
+Most of the VPN settings in Windows can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. VPN settings can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
 
 >[!NOTE]
 >If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) first.
 
 The following table lists the VPN settings and whether the setting can be configured in Intune and Configuration Manager, or can only be configured using **ProfileXML**.
 
-| Profile setting | Can be configured in Intune and Configuration Manager | 
-| --- | --- | 
-| Connection type | Yes | 
+| Profile setting | Can be configured in Intune and Configuration Manager |
+| --- | --- |
+| Connection type | Yes |
 | Routing: split-tunnel routes | Yes, except exclusion routes |
 | Routing: forced-tunnel | Yes |
 | Authentication (EAP) | Yes, if connection type is built in |
@@ -33,15 +33,14 @@ The following table lists the VPN settings and whether the setting can be config
 | Traffic filters | Yes |
 | Proxy settings | Yes, by PAC/WPAD file or server and port |
 
-> [!NOTE] 
+> [!NOTE]
 > VPN proxy settings are only used on Force Tunnel Connections. On Split Tunnel Connections, the general proxy settings are used.
 
 The ProfileXML node was added to the VPNv2 CSP to allow users to deploy VPN profile as a single blob. This node is useful for deploying profiles with features that aren't yet supported by MDMs. You can get more examples in the [ProfileXML XSD](/windows/client-management/mdm/vpnv2-profile-xsd) article.
 
-
 ## Sample Native VPN profile
 
-The following sample is a sample Native VPN profile. This blob would fall under the ProfileXML node. 
+The following sample is a sample Native VPN profile. This blob would fall under the ProfileXML node.
 
 ```xml
 <VPNProfile>  
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-routing.md b/windows/security/operating-system-security/network-security/vpn/vpn-routing.md
index 6931f683fd..85d884162a 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-routing.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-routing.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 title: VPN routing decisions
 description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
 ms.topic: conceptual
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md b/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md
index 4c7d2f87b4..c07cabae8d 100644
--- a/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md
@@ -1,7 +1,7 @@
 ---
 title: VPN security features
 description: Learn about security features for VPN, including LockDown VPN and traffic filters.
-ms.date: 05/24/2023
+ms.date: 08/03/2023
 ms.topic: conceptual
 ---
 
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md
index ece353e83c..e6bba9c9db 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.collection: 
   - highpri
   - tier3
+  - must-keep
 ms.topic: conceptual
 ms.date: 09/07/2021
 ---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md b/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
index 1214df4042..a61bf25eec 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
@@ -6,7 +6,8 @@ ms.date: 11/09/2022
 ms.collection: 
   - highpri
   - tier3
-ms.topic: article
+  - must-keep
+ms.topic: best-practice
 ---
 
 # Best practices for configuring Windows Defender Firewall
@@ -19,7 +20,7 @@ network. These recommendations cover a wide range of deployments including home
 networks and enterprise desktop/server systems.
 
 To open Windows Firewall, go to the **Start** menu, select **Run**,
-type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](./open-windows-firewall-with-advanced-security.md).
+type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](open-windows-firewall-with-advanced-security.md).
 
 ## Keep default settings
 
@@ -45,7 +46,7 @@ Firewall whenever possible. These settings have been designed to secure your dev
 > [!IMPORTANT]
 > To maintain maximum security, do not change the default Block setting for inbound connections.
 
-For more on configuring basic firewall settings, see [Turn on Windows Firewall and Configure Default Behavior](./turn-on-windows-firewall-and-configure-default-behavior.md) and [Checklist: Configuring Basic Firewall Settings](./checklist-configuring-basic-firewall-settings.md).
+For more on configuring basic firewall settings, see [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md) and [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md).
 
 ## Understand rule precedence for inbound rules
 
@@ -58,7 +59,7 @@ This rule-adding task can be accomplished by right-clicking either **Inbound Rul
 *Figure 3: Rule Creation Wizard*
 
 > [!NOTE]
->This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](./windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation.
+>This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation.
 
 In many cases, allowing specific types of inbound traffic will be required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions.
 
@@ -108,7 +109,7 @@ Creation of application rules at runtime can also be prohibited by administrator
 
 *Figure 4: Dialog box to allow access*
 
-See also [Checklist: Creating Inbound Firewall Rules](./checklist-creating-inbound-firewall-rules.md).
+See also [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md).
 
 ## Establish local policy merge and application rules
 
@@ -143,6 +144,36 @@ In general, to maintain maximum security, admins should only push firewall excep
 > [!NOTE]
 > The use of wildcard patterns, such as *C:\*\\teams.exe* is not supported in application rules. We currently only support rules created using the full path to the application(s).
 
+## Understand Group Policy Processing  
+
+The Windows Firewall settings configured via group policy are stored in the registry. By default, group policies are refreshed in the background every 90 minutes, with a random offset of 0 to 30 minutes.
+
+Windows Firewall monitors the registry for changes, and if something is written to the registry it notifies the *Windows Filtering Platform (WFP)*, which performs the following actions:
+
+- Reads all firewall rules and settings
+- Applies any new filters
+- Removes the old filters
+
+> [!NOTE]
+> The actions are triggered whenever something is written to, or deleted from the registry location the GPO settings are stored, regardless if there's really a configuration change. During the process, IPsec connections are disconnected.
+
+Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. To control the behavior of the registry group policy processing, you can use the policy `Computer Configuration > Administrative Templates > System > Group Policy > Configure registry policy processing`. The *Process even if the Group Policy objects have not changed* option updates and reapplies the policies even if the policies have not changed. This option is disabled by default.
+
+If you enable the option *Process even if the Group Policy objects have not changed*, the WFP filters get reapplied during **every** background refresh. In case you have ten group policies, the WFP filters get reapplied ten times during the refresh interval. If an error happens during policy processing, the applied settings may be incomplete, resulting in issues like:
+
+- Windows Defender Firewall blocks inbound or outbound traffic allowed by group policies
+- Local Firewall settings are applied instead of group policy settings
+- IPsec connections cannot establish
+
+The temporary solution is to refresh the group policy settings, using the command `gpupdate.exe /force`, which requires connectivity to a domain controller.
+
+To avoid the issue, leave the policy `Computer Configuration > Administrative Templates > System > Group Policy > Configure registry policy processing` to the default value of *Not Configured* or, if already configured, configure it *Disabled*.
+
+> [!IMPORTANT]
+> The checkbox next to **Process even if the Group Policy objects have not changed** must be unchecked. If you leave it unchecked, WFP filters are written only in case there's a configuration change.
+>
+> If there's a requirement to force registry deletion and rewrite, then disable background processing by checking the checkbox next to **Do not apply during periodic background processing**.
+
 ## Know how to use "shields up" mode for active attacks
 
 An important firewall feature you can use to mitigate damage during an active attack is the "shields up" mode. It's an informal term referring to an easy method a firewall administrator can use to temporarily increase security in the face of an active attack.
@@ -172,7 +203,7 @@ What follows are a few general guidelines for configuring outbound rules.
 - It's recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use
 - In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments)
 
-For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](./checklist-creating-outbound-firewall-rules.md).
+For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md).
 
 ## Document your changes
 
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md b/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md
index f5c4d18144..11638e864b 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.collection: 
   - highpri
   - tier3
+  - must-keep
 ms.topic: conceptual
 ms.date: 09/07/2021
 ---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md
index 7ccafddaa2..5751151190 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.collection: 
   - highpri
   - tier3
+  - must-keep
 ms.topic: conceptual
 ms.date: 09/07/2021
 ---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md
index 08c06d4796..a2cad4e58d 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.collection: 
   - highpri
   - tier3
+  - must-keep
 ms.topic: conceptual
 ms.date: 09/07/2021
 ---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
index ba08eadadb..31071302f6 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
@@ -154,7 +154,7 @@ To disable stealth-mode, see [Disable stealth mode in Windows](/troubleshoot/win
 
 Network drops from Universal Windows Platform (UWP) default inbound/outbound block filters are often caused by the UWP app not being configured correctly (that is, the UWP app is missing the correct capability tokens or loopback isn't enabled) or the private range is configured incorrectly. 
 
-For more information on how to debug drops caused by UWP default block filters, see [Troubleshooting UWP App Connectivity Issues](./troubleshooting-uwp-firewall.md).
+For more information on how to debug drops caused by UWP default block filters, see [Troubleshooting UWP App Connectivity Issues](troubleshooting-uwp-firewall.md).
 
 **WSH default**
 
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 874e99e9c0..49aee564d3 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.collection: 
   - highpri
   - tier3
+  - must-keep
 ms.topic: conceptual
 ms.date: 09/08/2021
 ---
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
index 83418c0d85..af1b573655 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
@@ -5,6 +5,7 @@ ms.prod: windows-client
 ms.collection: 
   - highpri
   - tier3
+  - must-keep
 ms.topic: conceptual
 ms.date: 09/08/2021
 ---
diff --git a/windows/security/cryptography-certificate-mgmt.md b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
similarity index 72%
rename from windows/security/cryptography-certificate-mgmt.md
rename to windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
index 2edd15d942..3dab6e2b51 100644
--- a/windows/security/cryptography-certificate-mgmt.md
+++ b/windows/security/operating-system-security/system-security/cryptography-certificate-mgmt.md
@@ -1,22 +1,16 @@
 ---
 title: Cryptography and Certificate Management
 description: Get an overview of cryptography and certificate management in Windows
-author: paolomatarazzo
-ms.author: paoloma
-manager: aaroncz
 ms.topic: conceptual
-ms.date: 09/07/2021
-ms.prod: windows-client
-ms.technology: itpro-security
+ms.date: 08/11/2023
 ms.reviewer: skhadeer, raverma
 ---
 
 # Cryptography and Certificate Management
 
-
 ## Cryptography
 
-Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets. 
+Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. The cryptography stack in Windows extends from the chip to the cloud enabling Windows, applications, and services protect system and user secrets.
 
 Cryptography in Windows is Federal Information Processing Standards (FIPS) 140 certified. FIPS 140 certification ensures that US government approved algorithms are being used (RSA for signing, ECDH with NIST curves for key agreement, AES for symmetric encryption, and SHA2 for hashing), tests module integrity to prove that no tampering has occurred and proves the randomness for entropy sources.
 
@@ -28,10 +22,10 @@ Windows cryptographic modules provide low-level primitives such as:
 - Signing and verification (padding support for OAEP, PSS, PKCS1)
 - Key agreement and key derivation (support for ECDH over NIST-standard prime curves P-256, P-384, P-521, and HKDF)
 
-These modules are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can use these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG). 
+These modules are natively exposed on Windows through the Crypto API (CAPI) and the Cryptography Next Generation API (CNG) which is powered by Microsoft's open-source cryptographic library SymCrypt. Application developers can use these APIs to perform low-level cryptographic operations (BCrypt), key storage operations (NCrypt), protect static data (DPAPI), and securely share secrets (DPAPI-NG).
 
 ## Certificate management
 
-Windows offers several APIs to operate and manage certificates. Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Certificates are electronic documents used to claim ownership of a public key. Public keys are used to prove server and client identity, validate code integrity, and used in secure emails. Windows offers users the ability to auto-enroll and renew certificates in Active Directory with Group Policy to reduce the risk of potential outages due to certificate expiration or misconfiguration. Windows validates certificates through an automatic update mechanism that downloads certificate trust lists (CTL) daily. Trusted root certificates are used by applications as a reference for trustworthy PKI hierarchies and digital certificates. The list of trusted and untrusted certificates are stored in the CTL and can be updated by administrators. In the case of certificate revocation, a certificate is added as an untrusted certificate in the CTL causing it to be revoked globally across user devices immediately. 
+Windows offers several APIs to operate and manage certificates. Certificates are crucial to public key infrastructure (PKI) as they provide the means for safeguarding and authenticating information. Certificates are electronic documents used to claim ownership of a public key. Public keys are used to prove server and client identity, validate code integrity, and used in secure emails. Windows offers users the ability to autoenroll and renew certificates in Active Directory with Group Policy to reduce the risk of potential outages due to certificate expiration or misconfiguration. Windows validates certificates through an automatic update mechanism that downloads certificate trust lists (CTL) daily. Trusted root certificates are used by applications as a reference for trustworthy PKI hierarchies and digital certificates. The list of trusted and untrusted certificates are stored in the CTL and can be updated by administrators. In the case of certificate revocation, a certificate is added as an untrusted certificate in the CTL causing it to be revoked globally across user devices immediately.
 
-Windows also offers enterprise certificate pinning to help reduce man-in-the-middle attacks by enabling users to protect their internal domain names from chaining to unwanted certificates. A web application's server authentication certificate chain is checked to ensure it matches a restricted set of certificates. Any web application triggering a name mismatch will start event logging and prevent user access from Edge or Internet Explorer. 
+Windows also offers enterprise certificate pinning to help reduce man-in-the-middle attacks by enabling users to protect their internal domain names from chaining to unwanted certificates. A web application's server authentication certificate chain is checked to ensure it matches a restricted set of certificates. Any web application triggering a name mismatch starts event logging and prevents user access from Microsoft Edge.
diff --git a/windows/security/information-protection/images/dn168167.boot_process(en-us,MSDN.10).png b/windows/security/operating-system-security/system-security/images/boot_process.png
similarity index 100%
rename from windows/security/information-protection/images/dn168167.boot_process(en-us,MSDN.10).png
rename to windows/security/operating-system-security/system-security/images/boot_process.png
diff --git a/windows/security/threat-protection/images/hva-fig1-endtoend1.png b/windows/security/operating-system-security/system-security/images/hva-fig1-endtoend1.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig1-endtoend1.png
rename to windows/security/operating-system-security/system-security/images/hva-fig1-endtoend1.png
diff --git a/windows/security/threat-protection/images/hva-fig10-conditionalaccesscontrol.png b/windows/security/operating-system-security/system-security/images/hva-fig10-conditionalaccesscontrol.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig10-conditionalaccesscontrol.png
rename to windows/security/operating-system-security/system-security/images/hva-fig10-conditionalaccesscontrol.png
diff --git a/windows/security/threat-protection/images/hva-fig11-office365.png b/windows/security/operating-system-security/system-security/images/hva-fig11-office365.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig11-office365.png
rename to windows/security/operating-system-security/system-security/images/hva-fig11-office365.png
diff --git a/windows/security/threat-protection/images/hva-fig12-conditionalaccess12.png b/windows/security/operating-system-security/system-security/images/hva-fig12-conditionalaccess12.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig12-conditionalaccess12.png
rename to windows/security/operating-system-security/system-security/images/hva-fig12-conditionalaccess12.png
diff --git a/windows/security/threat-protection/images/hva-fig2-assessfromcloud2.png b/windows/security/operating-system-security/system-security/images/hva-fig2-assessfromcloud2.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig2-assessfromcloud2.png
rename to windows/security/operating-system-security/system-security/images/hva-fig2-assessfromcloud2.png
diff --git a/windows/security/threat-protection/images/hva-fig3-endtoendoverview3.png b/windows/security/operating-system-security/system-security/images/hva-fig3-endtoendoverview3.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig3-endtoendoverview3.png
rename to windows/security/operating-system-security/system-security/images/hva-fig3-endtoendoverview3.png
diff --git a/windows/security/threat-protection/images/hva-fig4-hardware.png b/windows/security/operating-system-security/system-security/images/hva-fig4-hardware.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig4-hardware.png
rename to windows/security/operating-system-security/system-security/images/hva-fig4-hardware.png
diff --git a/windows/security/threat-protection/images/hva-fig5-virtualbasedsecurity.png b/windows/security/operating-system-security/system-security/images/hva-fig5-virtualbasedsecurity.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig5-virtualbasedsecurity.png
rename to windows/security/operating-system-security/system-security/images/hva-fig5-virtualbasedsecurity.png
diff --git a/windows/security/threat-protection/images/hva-fig6-logs.png b/windows/security/operating-system-security/system-security/images/hva-fig6-logs.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig6-logs.png
rename to windows/security/operating-system-security/system-security/images/hva-fig6-logs.png
diff --git a/windows/security/threat-protection/images/hva-fig7-measurement.png b/windows/security/operating-system-security/system-security/images/hva-fig7-measurement.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig7-measurement.png
rename to windows/security/operating-system-security/system-security/images/hva-fig7-measurement.png
diff --git a/windows/security/threat-protection/images/hva-fig8-evaldevicehealth8.png b/windows/security/operating-system-security/system-security/images/hva-fig8-evaldevicehealth8.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig8-evaldevicehealth8.png
rename to windows/security/operating-system-security/system-security/images/hva-fig8-evaldevicehealth8.png
diff --git a/windows/security/threat-protection/images/hva-fig8a-healthattest8a.png b/windows/security/operating-system-security/system-security/images/hva-fig8a-healthattest8a.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig8a-healthattest8a.png
rename to windows/security/operating-system-security/system-security/images/hva-fig8a-healthattest8a.png
diff --git a/windows/security/threat-protection/images/hva-fig9-intune.png b/windows/security/operating-system-security/system-security/images/hva-fig9-intune.png
similarity index 100%
rename from windows/security/threat-protection/images/hva-fig9-intune.png
rename to windows/security/operating-system-security/system-security/images/hva-fig9-intune.png
diff --git a/windows/security/information-protection/images/dn168167.measure_boot(en-us,MSDN.10).png b/windows/security/operating-system-security/system-security/images/measured_boot.png
similarity index 100%
rename from windows/security/information-protection/images/dn168167.measure_boot(en-us,MSDN.10).png
rename to windows/security/operating-system-security/system-security/images/measured_boot.png
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
similarity index 58%
rename from windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
rename to windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index dba7799e88..65b3843328 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/operating-system-security/system-security/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -1,29 +1,19 @@
 ---
 title: Control the health of Windows devices
 description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
-ms.prod: windows-client
-ms.date: 10/13/2017
-ms.localizationpriority: medium
-ms.technology: itpro-security
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.date: 08/11/2023
 ms.topic: conceptual
 ---
 
 # Control the health of Windows devices
 
-**Applies to**
-
--   Windows 10
-
 This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
 
 ## Introduction
 
 For Bring Your Own Device (BYOD) scenarios, employees bring commercially available devices to access both work-related resources and their personal data. Users want to use the device of their choice to access the organization's applications, data, and resources not only from the internal network but also from anywhere. This phenomenon is also known as the consumerization of IT.
 
-Users want to have the best productivity experience when accessing corporate applications and working on organization data from their devices. That means they won't tolerate being prompted to enter their work credentials each time they access an application or a file server. From a security perspective, it also means that users will manipulate corporate credentials and corporate data on unmanaged devices.
+Users want to have the best productivity experience when accessing corporate applications and working on organization data from their devices. That means they don't tolerate being prompted to enter their work credentials each time they access an application or a file server. From a security perspective, it also means that users manipulate corporate credentials and corporate data on unmanaged devices.
 
 With the increased use of BYOD, there will be more unmanaged and potentially unhealthy systems accessing corporate services, internal resources, and cloud apps.
 
@@ -31,7 +21,7 @@ Even managed devices can be compromised and become harmful. Organizations need t
 
 As Microsoft moves forward, security investments are increasingly focused on security preventive defenses and also on detection and response capabilities.
 
-Windows 10 is an important component of an end-to-end security solution that focuses not only on the implementation of security preventive defenses, but adds device health attestation capabilities to the overall security strategy.
+Windows is an important component of an end-to-end security solution that focuses not only on the implementation of security preventive defenses, but adds device health attestation capabilities to the overall security strategy.
 
 ## Description of a robust end-to-end security solution
 
@@ -41,7 +31,7 @@ During recent years, one particular category of threat has become prevalent: adv
 
 With the BYOD phenomena, a poorly maintained device represents a target of choice. For an attacker, it's an easy way to breach the security network perimeter, gain access to, and then steal high-value assets.
 
-The attackers target individuals, not specifically because of who they are, but because of who they work for. An infected device will bring malware into an organization, even if the organization has hardened the perimeter of networks or has invested in its defensive posture. A defensive strategy isn't sufficient against these threats.
+The attackers target individuals, not specifically because of who they are, but because of who they work for. An infected device brings malware into an organization, even if the organization has hardened the perimeter of networks or has invested in its defensive posture. A defensive strategy isn't sufficient against these threats.
 
 ### A different approach
 
@@ -77,15 +67,15 @@ Access to content is then authorized to the appropriate level of trust for whate
 
 Depending on the requirements and the sensitivity of the managed asset, device health status can be combined with user identity information when processing an access request. Access to content is then authorized to the appropriate level of trust. The Conditional Access engine may be structured to allow more verification as needed by the sensitivity of the managed asset. For example, if access to high-value data is requested, further security authentication may need to be established by querying the user to answer a phone call before access is granted.
 
-### <a href="" id="microsoft-s-security-investments-in-windows-10"></a>Microsoft's security investments in Windows 10
+### Microsoft's security investments in Windows
 
-In Windows 10, there are three pillars of investments:
+In Windows, there are three pillars of investments:
 
--   **Secure identities.** Microsoft is part of the FIDO alliance that aims to provide an interoperable method of secure authentication by moving away from the use of passwords for authentication, both on the local system and for services like on-premises resources and cloud resources.
--   **Information protection.** Microsoft is making investments to allow organizations to have better control over who has access to important data and what they can do with that data. With Windows 10, organizations can take advantage of policies that specify which applications are considered to be corporate applications and can be trusted to access secure data.
--   **Threat resistance.** Microsoft is helping organizations to better secure enterprise assets against the threats of malware and attacks by using security defenses relying on hardware.
+- **Secure identities.** Microsoft is part of the FIDO alliance that aims to provide an interoperable method of secure authentication by moving away from the use of passwords for authentication, both on the local system and for services like on-premises resources and cloud resources.
+- **Information protection.** Microsoft is making investments to allow organizations to have better control over who has access to important data and what they can do with that data. With Windows, organizations can take advantage of policies that specify which applications are considered to be corporate applications and can be trusted to access secure data.
+- **Threat resistance.** Microsoft is helping organizations to better secure enterprise assets against the threats of malware and attacks by using security defenses relying on hardware.
 
-### Protect, control, and report on the security status of Windows 10-based devices
+### Protect, control, and report on the security status of Windows-based devices
 
 This section is an overview that describes different parts of the end-to-end security solution that helps protect high-value assets and information from attackers and malware.
 
@@ -93,113 +83,112 @@ This section is an overview that describes different parts of the end-to-end sec
 
 | Number | Part of the solution | Description |
 | - | - | - |
-| **1** | Windows 10-based device | The first time a Windows 10-based device is powered on, the out-of-box experience (OOBE) screen is displayed. During setup, the device can be automatically registered into Azure Active Directory (AD) and enrolled in MDM.<br/>A Windows 10-based device with TPM can report health status at any time by using the Health Attestation Service available with all editions of Windows 10.|
+| **1** | Windows-based device | The first time a Windows-based device is powered on, the out-of-box experience (OOBE) screen is displayed. During setup, the device can be automatically registered into Azure Active Directory (AD) and enrolled in MDM.<br/>A Windows-based device with TPM can report health status at any time by using the Health Attestation Service available with all supported editions of Windows.|
 | **2** | Identity provider | Azure AD contains users, registered devices, and registered application of organization's tenant. A device always belongs to a user and a user can have multiple devices. A device is represented as an object with different attributes like the compliance status of the device. A trusted MDM can update the compliance status.<br/>Azure AD is more than a repository. Azure AD is able to authenticate users and devices and can also authorize access to managed resources. Azure AD has a conditional access control engine that uses the identity of the user, the location of the device and also the compliance status of the device when making a trusted access decision.|
-| **3**|Mobile device management| Windows 10 has MDM support that enables the device to be managed out-of-box without deploying any agent.<br/>MDM can be Microsoft Intune or any third-party MDM solution that is compatible with Windows 10.|
-| **4** | Remote health attestation | The Health Attestation Service is a trusted cloud service operated by Microsoft that performs a series of health checks and reports to MDM what Windows 10 security features are enabled on the device.<br/>Security verification includes boot state (WinPE, Safe Mode, Debug/test modes) and components that manage security and integrity of runtime operations (BitLocker, Device Guard).|
+| **3**|Mobile device management| Windows has MDM support that enables the device to be managed out-of-box without deploying any agent.<br/>MDM can be Microsoft Intune or any third-party MDM solution that is compatible with Windows.|
+| **4** | Remote health attestation | The Health Attestation Service is a trusted cloud service operated by Microsoft that performs a series of health checks and reports to MDM what Windows security features are enabled on the device.<br/>Security verification includes boot state (WinPE, Safe Mode, Debug/test modes) and components that manage security and integrity of runtime operations (BitLocker, Device Guard).|
 | **5** | Enterprise managed asset | Enterprise managed asset is the resource to protect.<br/>For example, the asset can be Office 365, other cloud apps, on-premises web resources published by Azure AD, or even VPN access.|
 
-The combination of Windows 10-based devices, identity provider, MDM, and remote health attestation creates a robust end-to-end-solution that provides validation of health and compliance of devices that access high-value assets.
+The combination of Windows-based devices, identity provider, MDM, and remote health attestation creates a robust end-to-end-solution that provides validation of health and compliance of devices that access high-value assets.
 
 ## Protect devices and enterprise credentials against threats
 
-This section describes what Windows 10 offers in terms of security defenses and what control can be measured and reported to.
+This section describes what Windows offers in terms of security defenses and what control can be measured and reported to.
 
-### Windows 10 hardware-based security defenses
+### Windows hardware-based security defenses
 
-The most aggressive forms of malware try to insert themselves into the boot process as early as possible so that they can take control of the operating system early and prevent protection mechanisms and antimalware software from working. This type of malicious code is often called a rootkit or bootkit. The best way to avoid having to deal with low-level malware is to secure the boot process so that the device is protected from the very start.
-Windows 10 supports multiple layers of boot protection. Some of these features are available only if specific types of hardware are installed. For more information, see the [Hardware requirements](#hardware-req) section.
+The most aggressive forms of malware try to insert themselves into the boot process as early as possible so that they can take control of the operating system early and prevent protection mechanisms and antimalware software from working. This type of malicious code is often called a rootkit or bootkit. The best way to avoid having to deal with low-level malware is to secure the boot process so that the device is protected from the very start. Windows supports multiple layers of boot protection. Some of these features are available only if specific types of hardware are installed. For more information, see the [Hardware requirements](#hardware-requirements) section.
 
 :::image type="content" alt-text="figure 4." source="images/hva-fig4-hardware.png":::
 
-Windows 10 supports features to help prevent sophisticated low-level malware like rootkits and bootkits from loading during the startup process:
+Windows supports features to help prevent sophisticated low-level malware like rootkits and bootkits from loading during the startup process:
 
--   **Trusted Platform Module.** A Trusted Platform Module (TPM) is a hardware component that provides unique security features.
+- **Trusted Platform Module.** A Trusted Platform Module (TPM) is a hardware component that provides unique security features.
 
-    Windows 10 uses security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation.
+  Windows uses security characteristics of a TPM for measuring boot integrity sequence (and based on that, unlocking automatically BitLocker protected drives), for protecting credentials or for health attestation.
 
-    A TPM implements controls that meet the specification described by the Trusted Computing Group (TCG). At the time of this writing, there are two versions of TPM specification produced by TCG that aren't compatible with each other:
+  A TPM implements controls that meet the specification described by the Trusted Computing Group (TCG). At the time of this writing, there are two versions of TPM specification produced by TCG that aren't compatible with each other:
 
-    -   The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
-    -   The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
+  - The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
+  - The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
 
-    Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](/windows-hardware/design/minimum/minimum-hardware-requirements-overview).
+  Windows uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Windows Hello, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows](/windows-hardware/design/minimum/minimum-hardware-requirements-overview).
 
-    Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0.
+  Windows recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows supports only TPM 2.0.
 
-    TPM 2.0 provides a major revision to the capabilities over TPM 1.2:
+  TPM 2.0 provides a major revision to the capabilities over TPM 1.2:
 
-    -   Update crypto strength to meet modern security needs
+  - Update crypto strength to meet modern security needs
 
-        -   Support for SHA-256 for PCRs
-        -   Support for HMAC command
+    - Support for SHA-256 for PCRs
+    - Support for HMAC command
 
-    -   Cryptographic algorithms flexibility to support government needs
+  - Cryptographic algorithms flexibility to support government needs
 
-        -   TPM 1.2 is severely restricted in terms of what algorithms it can support
-        -   TPM 2.0 can support arbitrary algorithms with minor updates to the TCG specification documents
+    - TPM 1.2 is severely restricted in terms of what algorithms it can support
+    - TPM 2.0 can support arbitrary algorithms with minor updates to the TCG specification documents
 
-    -   Consistency across implementations
+  - Consistency across implementations
 
-        -   The TPM 1.2 specification allows vendors wide latitude when choosing implementation details
-        -   TPM 2.0 standardizes much of this behavior
+    - The TPM 1.2 specification allows vendors wide latitude when choosing implementation details
+    - TPM 2.0 standardizes much of this behavior
 
--   **Secure Boot.** Devices with UEFI firmware can be configured to load only trusted operating system bootloaders. Secure Boot doesn't require a TPM.
+- **Secure Boot.** Devices with UEFI firmware can be configured to load only trusted operating system bootloaders. Secure Boot doesn't require a TPM.
 
-    The most basic protection is the Secure Boot feature, which is a standard part of the UEFI 2.2+ architecture. On a PC with conventional BIOS, anyone who can take control of the boot process can boot by using an alternative OS loader, and potentially gain access to system resources. When Secure Boot is enabled, you can boot using only an OS loader that's signed using a certificate stored in the UEFI Secure Boot DB. Naturally, the Microsoft certificate used to digitally sign the Windows 10 OS loaders are in that store, which allows UEFI to validate the certificate as part of its security policy. Secure Boot must be enabled by default on all computers that are certified for Windows 10 under the Windows Hardware Compatibility Program.
+    The most basic protection is the Secure Boot feature, which is a standard part of the UEFI 2.2+ architecture. On a PC with conventional BIOS, anyone who can take control of the boot process can boot by using an alternative OS loader, and potentially gain access to system resources. When Secure Boot is enabled, you can boot using only an OS loader that's signed using a certificate stored in the UEFI Secure Boot DB. Naturally, the Microsoft certificate used to digitally sign the Windows OS loaders are in that store, which allows UEFI to validate the certificate as part of its security policy. Secure Boot must be enabled by default on all computers that are certified for Windows under the Windows Hardware Compatibility Program.
 
-    Secure Boot is a UEFI firmware-based feature, which allows for the signing and verification of critical boot files and drivers at boot time. Secure Boot checks signature values of the Windows Boot Manager, BCD store, Windows OS loader file, and other boot critical DLLs at boot time before the system is allowed to fully boot into a usable operating system by using policies that are defined by the OEM at build time. Secure Boot prevents many types of boot-based rootkit, malware, and other security-related attacks against the Windows platform. Secure Boot protects the operating system boot process whether booting from local hard disk, USB, PXE, or DVD, or into full Windows or Windows Recovery Environment (RE).
-    Secure Boot protects the boot environment of a Windows 10 installation by verifying the signatures of the critical boot components to confirm malicious activity didn't compromise them. Secure Boot protection ends after the Windows kernel file (ntoskrnl.exe) has been loaded.
+    Secure Boot is a UEFI firmware-based feature, which allows for the signing and verification of critical boot files and drivers at boot time. Secure Boot checks signature values of the Windows Boot Manager, BCD store, Windows OS loader file, and other boot critical DLLs at boot time before the system is allowed to fully boot into a usable operating system by using policies that are defined by the OEM at build time. Secure Boot prevents many types of boot-based rootkit, malware, and other security-related attacks against the Windows platform. Secure Boot protects the operating system boot process whether booting from local hard disk, USB, PXE, or DVD, or into full Windows or Windows Recovery Environment (RE). Secure Boot protects the boot environment of a Windows installation by verifying the signatures of the critical boot components to confirm malicious activity didn't compromise them. Secure Boot protection ends after the Windows kernel file (ntoskrnl.exe) has been loaded.
 
     > [!NOTE]
     > Secure Boot protects the platform until the Windows kernel is loaded. Then protections like ELAM take over.
 
--   **Secure Boot configuration policy.** Extends Secure Boot functionality to critical Windows 10 configuration.
+- **Secure Boot configuration policy.** Extends Secure Boot functionality to critical Windows configuration.
 
     Examples of protected configuration information include protecting Disable Execute bit (NX option) or ensuring that the test signing policy (code integrity) can't be enabled. This protective action ensures that the binaries and configuration of the computer can be trusted after the boot process has completed.
     Secure Boot configuration policy does this protective action with UEFI policy. These signatures for these policies are signed in the same way that operating system binaries are signed for use with Secure Boot.
 
-    The Secure Boot configuration policy must be signed by a private key that corresponds to one of the public keys stored in the Key Exchange Key (KEK) list. The Microsoft Certificate Authority (CA) will be present in the KEK list of all Windows certified Secure Boot systems. By default, a policy signed by the Microsoft KEK shall be work on all Secure Boot systems. BootMgr must verify the signature against the KEK list before applying a signed policy. With Windows 10, the default Secure Boot configuration policy is embedded in bootmgr.
+    The Secure Boot configuration policy must be signed by a private key that corresponds to one of the public keys stored in the Key Exchange Key (KEK) list. The Microsoft Certificate Authority (CA) will be present in the KEK list of all Windows certified Secure Boot systems. By default, a policy signed by the Microsoft KEK shall be work on all Secure Boot systems. BootMgr must verify the signature against the KEK list before applying a signed policy. With Windows, the default Secure Boot configuration policy is embedded in bootmgr.
 
-    The bootloader verifies the digital signature of the Windows 10 kernel before loading it. The Windows 10 kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and the ELAM component. This step is important and protects the rest of the boot process by verifying that all Windows boot components have integrity and can be trusted.
+    The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and the ELAM component. This step is important and protects the rest of the boot process by verifying that all Windows boot components have integrity and can be trusted.
 
--   **Early Launch Antimalware (ELAM).** ELAM tests all drivers before they load and prevents unapproved drivers from loading.
+- **Early Launch Antimalware (ELAM).** ELAM tests all drivers before they load and prevents unapproved drivers from loading.
 
     Traditional antimalware apps don't start until after the boot drivers have been loaded, which gives a rootkit that is disguised as a driver the opportunity to work. ELAM is a Windows mechanism introduced in a previous version of Windows that allows antimalware software to run early in the boot sequence. Thus, the antimalware component is the first third-party component to run and control the initialization of other boot drivers until the Windows operating system is operational. When the system is started with a complete runtime environment (network access, storage, and so on), then a full-featured antimalware is loaded.
 
     ELAM can load a Microsoft or non-Microsoft antimalware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the operating system hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: Examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows won't load it.
 
     > [!NOTE]
-    > Windows Defender, Microsoft's antimalware included by default in Windows 10, supports ELAM; it can be replaced with a third-party antimalware compatible solution. The name of the Windows Defender ELAM driver is WdBoot.sys. Windows Defender in Windows 10 uses its ELAM driver to roll back any malicious changes made to the Windows Defender driver at the next reboot. This prevents kernel mode malware making lasting changes to Windows Defender's mini-filter driver before shutdown or reboot.
+    > Windows Defender, Microsoft's antimalware included by default in Windows, supports ELAM; it can be replaced with a third-party antimalware compatible solution. The name of the Windows Defender ELAM driver is WdBoot.sys. Windows Defender uses its ELAM driver to roll back any malicious changes made to the Windows Defender driver at the next reboot. This prevents kernel mode malware making lasting changes to Windows Defender's mini-filter driver before shutdown or reboot.
 
     The ELAM signed driver is loaded before any other third-party drivers or applications, which allows the antimalware software to detect and block any attempts to tamper with the boot process by trying to load unsigned or untrusted code.
 
     The ELAM driver is a small driver with a small policy database that has a narrow scope, focused on drivers that are loaded early at system launch. The policy database is stored in a registry hive that is also measured to the TPM, to record the operational parameters of the ELAM driver. An ELAM driver must be signed by Microsoft and the associated certificate must contain the complementary EKU (1.3.6.1.4.1.311.61.4.1).
--   **Virtualization-based security (Hyper-V + Secure Kernel).** Virtualization-based security is a new enforced security boundary that allows you to protect critical parts of Windows 10.
 
-    Virtualization-based security isolates sensitive code like Kernel Mode Code Integrity or sensitive corporate domain credentials from the rest of the Windows operating system. For more information, see [Virtualization-based security](#virtual) section.
+- **Virtualization-based security (Hyper-V + Secure Kernel).** Virtualization-based security is a new enforced security boundary that allows you to protect critical parts of Windows.
 
--   **Hypervisor-protected Code Integrity (HVCI).** Hypervisor-protected Code Integrity is a feature of Device Guard that ensures only drivers, executables, and DLLs that comply with the Device Guard Code Integrity policy are allowed to run.
+    Virtualization-based security isolates sensitive code like Kernel Mode Code Integrity or sensitive corporate domain credentials from the rest of the Windows operating system. For more information, see [Virtualization-based security](#virtualization-based-security) section.
 
-    When enabled and configured, Windows 10 can start the Hyper-V virtualization-based security services. HVCI helps protect the system core (kernel), privileged drivers, and system defenses, like antimalware solutions, by preventing malware from running early in the boot process, or after startup.
+- **Hypervisor-protected Code Integrity (HVCI).** Hypervisor-protected Code Integrity is a feature of Device Guard that ensures only drivers, executables, and DLLs that comply with the Device Guard Code Integrity policy are allowed to run.
+
+    When enabled and configured, Windows can start the Hyper-V virtualization-based security services. HVCI helps protect the system core (kernel), privileged drivers, and system defenses, like antimalware solutions, by preventing malware from running early in the boot process, or after startup.
 
     HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This dependency on verification means that kernel memory pages can never be Writable and Executable (W+X) and executable code can't be directly modified.
 
     > [!NOTE]
-    > Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) blog post.
+    > Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows](https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-compatibility-with-device-guard-in-windows-10/ba-p/364865) blog post.
 
     The Device Guard Code Integrity feature lets organizations control what code is trusted to run into the Windows kernel and what applications are approved to run in user mode. It's configurable by using a policy.
     Device Guard Code Integrity policy is a binary file that Microsoft recommends you sign. The signing of the Code Integrity policy aids in the protection against a malicious user with Administrator privileges trying to modify or remove the current Code Integrity policy.
 
--   **Credential Guard.** Credential Guard protects corporate credentials with hardware-based credential isolation.
+- **Credential Guard.** Credential Guard protects corporate credentials with hardware-based credential isolation.
 
-    In Windows 10, Credential Guard aims to protect domain corporate credentials from theft and reuse by malware. With Credential Guard, Windows 10 implemented an architectural change that fundamentally prevents the current forms of the pass-the-hash (PtH) attack.
+    In Windows, Credential Guard aims to protect domain corporate credentials from theft and reuse by malware. With Credential Guard, Windows implemented an architectural change that fundamentally prevents the current forms of the pass-the-hash (PtH) attack.
 
     This attack-free state is accomplished by using Hyper-V and the new virtualization-based security feature to create a protected container where trusted code and secrets are isolated from the Windows kernel. This accomplishment means that even if the Windows kernel is compromised, an attacker has no way to read and extract the data required to initiate a PtH attack. Credential Guard prevents this unauthorized access because the memory where secrets are stored is no longer accessible from the regular OS, even in kernel mode - the hypervisor controls who can access the memory.
 
--   **Health attestation.** The device's firmware logs the boot process, and Windows 10 can send it to a trusted server that can check and assess the device's health.
+- **Health attestation.** The device's firmware logs the boot process, and Windows can send it to a trusted server that can check and assess the device's health.
 
-    Windows 10 takes measurements of the UEFI firmware and each of the Windows and antimalware components are made as they load during the boot process. Additionally, they're taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and can't be changed unless the system is reset.
+    Windows takes measurements of the UEFI firmware and each of the Windows and antimalware components are made as they load during the boot process. Additionally, they're taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and can't be changed unless the system is reset.
 
     For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](/previous-versions/windows/hardware/design/dn653311(v=vs.85)).
 
@@ -207,65 +196,64 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik
 
     Although Secure Boot is a proactive form of protection, health attestation is a reactive form of boot protection. Health attestation ships disabled in Windows and is enabled by an antimalware or an MDM vendor. Unlike Secure Boot, health attestation won't stop the boot process and enter remediation when a measurement doesn't work. But with conditional access control, health attestation will help to prevent access to high-value assets.
 
-### <a href="" id="virtual"></a>Virtualization-based security
+### Virtualization-based security
 
-Virtualization-based security provides a new trust boundary for Windows 10 and uses Hyper-V hypervisor technology to enhance platform security. Virtualization-based security provides a secure execution environment to run specific Windows trusted code (trustlet) and to protect sensitive data.
+Virtualization-based security provides a new trust boundary for Windows and uses Hyper-V hypervisor technology to enhance platform security. Virtualization-based security provides a secure execution environment to run specific Windows trusted code (trustlet) and to protect sensitive data.
 
 Virtualization-based security helps to protect against a compromised kernel or a malicious user with Administrator privileges. Virtualization-based security isn't trying to protect against a physical attacker.
 
-The following Windows 10 services are protected with virtualization-based security:
+The following Windows services are protected with virtualization-based security:
 
--   **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory
--   **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
--   **Other isolated services**: for example, on Windows Server 2016, there's the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
+- **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory
+- **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
+- **Other isolated services**: for example, on Windows Server 2016, there's the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
 
 > [!NOTE]
-> Virtualization-based security is only available with Windows 10 Enterprise. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.
+> Virtualization-based security is only available with Enterprise edition. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.
 
-
-The schema below is a high-level view of Windows 10 with virtualization-based security.
+The schema below is a high-level view of Windows with virtualization-based security.
 
 :::image type="content" alt-text="figure 5." source="images/hva-fig5-virtualbasedsecurity.png":::
 
 ### Credential Guard
 
-In Windows 10, when Credential Guard is enabled, Local Security Authority Subsystem Service (lsass.exe) runs a sensitive code in an Isolated user mode to help protect data from malware that may be running in the normal user mode. This code execution helps ensure that protected data isn't stolen and reused on
+In Windows, when Credential Guard is enabled, Local Security Authority Subsystem Service (lsass.exe) runs a sensitive code in an Isolated user mode to help protect data from malware that may be running in the normal user mode. This code execution helps ensure that protected data isn't stolen and reused on
 remote machines, which mitigates many PtH-style attacks.
 
 Credential Guard helps protect credentials by encrypting them with either a per-boot or persistent key:
 
--   **The per-boot key** is used for any in-memory credentials that don't require persistence. An example of such a credential would be a ticket-granting ticket (TGT) session key. This key is negotiated with a Key Distribution Center (KDC) every time authentication occurs and is protected with a per-boot key.
--   **The persistent key**, or some derivative, is used to help protect items that are stored and reloaded after a reboot. Such protection is intended for long-term storage, and must be protected with a consistent key.
+- **The per-boot key** is used for any in-memory credentials that don't require persistence. An example of such a credential would be a ticket-granting ticket (TGT) session key. This key is negotiated with a Key Distribution Center (KDC) every time authentication occurs and is protected with a per-boot key.
+- **The persistent key**, or some derivative, is used to help protect items that are stored and reloaded after a reboot. Such protection is intended for long-term storage, and must be protected with a consistent key.
 Credential Guard is activated by a registry key and then enabled by using a UEFI variable. This activation is done to protect against remote modifications of the configuration. The use of a UEFI variable implies that physical access is required to change the configuration. When lsass.exe detects that
 credential isolation is enabled, it then spawns LsaIso.exe as an isolated process, which ensures that it runs within isolated user mode. The startup of LsaIso.exe is performed before initialization of a security support provider, which ensures that the secure mode support routines are ready before any authentication begins.
 
 ### Device Guard
 
-Device Guard is a new feature of Windows 10 Enterprise that allows organizations to lock down a device to help protect it from running untrusted software. In this configuration, the only applications allowed to run are those applications that are trusted by the organization.
+Device Guard is a feature of Windows Enterprise that allows organizations to lock down a device to help protect it from running untrusted software. In this configuration, the only applications allowed to run are those applications that are trusted by the organization.
 
 The trust decision to execute code is performed by using Hyper-V Code Integrity, which runs in virtualization-based security, a Hyper-V protected container that runs alongside regular Windows.
 
-Hyper-V Code Integrity is a feature that validates the integrity of a driver or system file each time it's loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with Administrator privileges. On x64-based versions of Windows 10, kernel-mode drivers must be digitally signed.
+Hyper-V Code Integrity is a feature that validates the integrity of a driver or system file each time it's loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with Administrator privileges. On x64-based versions of Windows, kernel-mode drivers must be digitally signed.
 
 > [!NOTE]
-> Independently of activation of Device Guard Policy, Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation ("EV") Code Signing Certificate.
+> Independently of activation of Device Guard Policy, Windows drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation ("EV") Code Signing Certificate.
 
-With Device Guard in Windows 10, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows 10 Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, and traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts.
+With Device Guard, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, and traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts.
 
-Device Guard is a built-in feature of Windows 10 Enterprise that prevents the execution of unwanted code and applications. Device Guard can be configured using two rule actions - allow and deny:
+Device Guard is a built-in feature of Windows Enterprise that prevents the execution of unwanted code and applications. Device Guard can be configured using two rule actions - allow and deny:
 
--   **Allow** limits execution of applications to an allowed list of code or trusted publisher and blocks everything else.
--   **Deny** completes the allow trusted publisher approach by blocking the execution of a specific application.
+- **Allow** limits execution of applications to an allowed list of code or trusted publisher and blocks everything else.
+- **Deny** completes the allow trusted publisher approach by blocking the execution of a specific application.
 
 At the time of this writing, and according to Microsoft's latest research, more than 90 percent of malware is unsigned completely. So implementing a basic Device Guard policy can simply and effectively help block malware. In fact, Device Guard has the potential to go further, and can also help block signed malware.
 
 Device Guard needs to be planned and configured to be truly effective. It isn't just a protection that is enabled or disabled. Device Guard is a combination of hardware security features and software security features that, when configured together, can lock down a computer to help ensure the most secure and resistant system possible.
 
-There are three different parts that make up the Device Guard solution in Windows 10:
+There are three different parts that make up the Device Guard solution in Windows:
 
--   The first part is a base **set of hardware security features** introduced with the previous version of Windows. TPM for hardware cryptographic operations and UEFI with modern firmware, along with Secure Boot, allows you to control what the device is running when the systems start.
--   After the hardware security feature, there's the code integrity engine. In Windows 10, **Code Integrity is now fully configurable** and now resides in Isolated user mode, a part of the memory that is protected by virtualization-based security.
--   The last part of Device Guard is **manageability**. Code Integrity configuration is exposed through specific Group Policy Objects, PowerShell cmdlets, and MDM configuration service providers (CSPs).
+- The first part is a base **set of hardware security features** introduced with the previous version of Windows. TPM for hardware cryptographic operations and UEFI with modern firmware, along with Secure Boot, allows you to control what the device is running when the systems start.
+- After the hardware security feature, there's the code integrity engine. In Windows, **Code Integrity is now fully configurable** and now resides in Isolated user mode, a part of the memory that is protected by virtualization-based security.
+- The last part of Device Guard is **manageability**. Code Integrity configuration is exposed through specific Group Policy Objects, PowerShell cmdlets, and MDM configuration service providers (CSPs).
 
 For more information on how to deploy Device Guard in an enterprise, see the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
 
@@ -284,10 +272,10 @@ Similarly, on corporate fully managed workstations, where applications are insta
 
 It could be challenging to use Device Guard on corporate, lightly managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it's difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log will contain a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run.
 
-Before you can benefit from the protection included in Device Guard, Code Integrity policy must be created by using tools provided by Microsoft, but the policy can be deployed with common management tools, like Group Policy. The Code Integrity policy is a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10, along with restrictions on Windows 10 script hosts. Device Guard Code Integrity policy restricts what code can run on a device.
+Before you can benefit from the protection included in Device Guard, Code Integrity policy must be created by using tools provided by Microsoft, but the policy can be deployed with common management tools, like Group Policy. The Code Integrity policy is a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows, along with restrictions on Windows script hosts. Device Guard Code Integrity policy restricts what code can run on a device.
 
 > [!NOTE]
-> Device Guard policy can be signed in Windows 10, which adds additional protection against administrative users changing or removing this policy.
+> Device Guard policy can be signed in Windows, which adds additional protection against administrative users changing or removing this policy.
 
 Signed Device Guard policy offers stronger protection against a malicious local administrator trying to defeat Device Guard.
 
@@ -296,14 +284,14 @@ Device Guard policy into the UpdateSigner section.
 
 ### The importance of signing applications
 
-On computers with Device Guard, Microsoft proposes to move from a world where unsigned apps can be run without restriction to a world where only signed and trusted code is allowed to run on Windows 10.
+On computers with Device Guard, Microsoft proposes to move from a world where unsigned apps can be run without restriction to a world where only signed and trusted code is allowed to run on Windows.
 
-With Windows 10, organizations will make line-of-business (LOB) apps available to members of the organization through the Microsoft Store infrastructure. More specifically, LOB apps will be available in a private store within the public Microsoft Store. Microsoft Store signs and distributes Universal
+With Windows, organizations will make line-of-business (LOB) apps available to members of the organization through the Microsoft Store infrastructure. More specifically, LOB apps will be available in a private store within the public Microsoft Store. Microsoft Store signs and distributes Universal
 Windows apps and Classic Windows apps. All apps downloaded from the Microsoft Store are signed.
 
 In organizations today, many LOB applications are unsigned. Code signing is frequently viewed as a tough problem to solve for various reasons, like the lack of code signing expertise. Even if code signing is a best practice, many internal applications aren't signed.
 
-Windows 10 includes tools that allow IT pros to take applications that have been already packaged and run them through a process to create more signatures that can be distributed along with existing applications.
+Windows includes tools that allow IT pros to take applications that have been already packaged and run them through a process to create more signatures that can be distributed along with existing applications.
 
 ### Why are antimalware and device management solutions still necessary?
 
@@ -317,39 +305,39 @@ To combat these threats, patching is the single most effective control, with ant
 
 Most application software has no facility for updating itself, so even if the software vendor publishes an update that fixes the vulnerability, the user may not know that the update is available or how to obtain it, and therefore remains vulnerable to attack. Organizations still need to manage devices and to patch vulnerabilities.
 
-MDM solutions are becoming prevalent as a light-weight device management technology. Windows 10 extends the management capabilities that have become available for MDMs. One key feature Microsoft has added to Windows 10 is the ability for MDMs to acquire a strong statement of device health from managed and registered devices.
+MDM solutions are becoming prevalent as a light-weight device management technology. Windows extends the management capabilities that have become available for MDMs. One key feature Microsoft has added to Windows is the ability for MDMs to acquire a strong statement of device health from managed and registered devices.
 
 ### Device health attestation
 
 Device health attestation uses the TPM to provide cryptographically strong and verifiable measurements of the chain of software used to boot the device.
 
-For Windows 10-based devices, Microsoft introduces a new public API that will allow MDM software to access a remote attestation service called Windows Health Attestation Service. A health attestation result, in addition with other elements, can be used to allow or deny access to networks, apps, or services, based on whether devices prove to be healthy.
+For Windows-based devices, Microsoft introduces a new public API that will allow MDM software to access a remote attestation service called Windows Health Attestation Service. A health attestation result, in addition with other elements, can be used to allow or deny access to networks, apps, or services, based on whether devices prove to be healthy.
 
-For more information on device health attestation, see the [Detect an unhealthy Windows 10-based device](#detect-unhealthy) section.
+For more information on device health attestation, see the [Detect an unhealthy Windows-based device](#detect-an-unhealthy-windows-based-device) section.
 
-[!INCLUDE [device-health-attestation-service](../../../includes/licensing/device-health-attestation-service.md)]
+[!INCLUDE [device-health-attestation-service](../../../../includes/licensing/device-health-attestation-service.md)]
 
-### <a href="" id="hardware-req"></a>Hardware requirements
+### Hardware requirements
 
 The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview).
 
 |Hardware|Motivation|
 |--- |--- |
-|UEFI 2.3.1 or later firmware with Secure Boot enabled|Required to support UEFI Secure Boot.<p>UEFI Secure Boot ensures that the device boots only authorized code.<p>Additionally, Boot Integrity (Platform Secure Boot) must be supported following the requirements in Hardware Compatibility Specification for Systems for Windows 10 under the subsection: "System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby"|
-|Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled|Required to support virtualization-based security.<div class="alert">**Note:** Device Guard can be enabled without using virtualization-based security.</div>|
-|X64 processor|Required to support virtualization-based security that uses Windows Hypervisor. Hyper-V is supported only on x64 processor (and not on x86).<p>Direct Memory Access (DMA) protection can be enabled to provide extra memory protection but requires processors to include DMA protection technologies.|
-|IOMMU, such as Intel VT-d, AMD-Vi|Support for the IOMMU in Windows 10 enhances system resiliency against DMA attacks.|
+|UEFI 2.3.1 or later firmware with Secure Boot enabled|Required to support UEFI Secure Boot. UEFI Secure Boot ensures that the device boots only authorized code. Additionally, Boot Integrity (Platform Secure Boot) must be supported following the requirements in Hardware Compatibility Specification for Systems for Windows under the subsection: "System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby"|
+|Virtualization extensions, such as Intel VT-x, AMD-V, and SLAT must be enabled|Required to support virtualization-based security. **Note:** Device Guard can be enabled without using virtualization-based security.|
+|X64 processor|Required to support virtualization-based security that uses Windows Hypervisor. Hyper-V is supported only on x64 processor (and not on x86). Direct Memory Access (DMA) protection can be enabled to provide extra memory protection but requires processors to include DMA protection technologies.|
+|IOMMU, such as Intel VT-d, AMD-Vi|Support for the IOMMU in Windows enhances system resiliency against DMA attacks.|
 |Trusted Platform Module (TPM)|Required to support health attestation and necessary for other key protections for virtualization-based security. TPM 2.0 is supported. Support for TPM 1.2 was added beginning in Windows 10, version 1607 (RS1)|
 
-This section presented information about several closely related controls in Windows 10. The multi-layer defenses and in-depth approach help to eradicate low-level malware during boot sequence. Virtualization-based security is a fundamental operating system architecture change that adds a new security boundary. Device Guard and Credential Guard respectively help to block untrusted code and protect corporate domain credentials from theft and reuse. This section also briefly discussed the importance of managing devices and patching vulnerabilities. All these technologies can be used to harden and lock down devices while limiting the risk of attackers compromising them.
+This section presented information about several closely related controls in Windows . The multi-layer defenses and in-depth approach help to eradicate low-level malware during boot sequence. Virtualization-based security is a fundamental operating system architecture change that adds a new security boundary. Device Guard and Credential Guard respectively help to block untrusted code and protect corporate domain credentials from theft and reuse. This section also briefly discussed the importance of managing devices and patching vulnerabilities. All these technologies can be used to harden and lock down devices while limiting the risk of attackers compromising them.
 
-## <a href="" id="detect-unhealthy"></a>Detect an unhealthy Windows 10-based device
+## Detect an unhealthy Windows-based device
 
 As of today, many organizations only consider devices to be compliant with company policy after they've passed various checks that show, for example, that the operating system is in the correct state, properly configured, and has security protection enabled. Unfortunately, with today's systems, this form of reporting isn't entirely reliable because malware can spoof a software statement about system health. A rootkit, or a similar low-level exploit, can report a false healthy state to traditional compliance tools.
 
 The biggest challenge with rootkits is that they can be undetectable to the client. Because they start before antimalware, and they have system-level privileges, they can completely disguise themselves while continuing to access system resources. As a result, traditional computers infected with rootkits appear to be healthy, even with antimalware running.
 
-As previously discussed, the health attestation feature of Windows 10 uses the TPM hardware component to securely record a measurement of every boot-related component, including firmware, Windows 10 kernel, and even early boot drivers. Because health attestation uses the hardware-based security capabilities of TPM, the log of all boot measured components remains out of the reach of any malware.
+As previously discussed, the health attestation feature of Windows uses the TPM hardware component to securely record a measurement of every boot-related component, including firmware, Windows kernel, and even early boot drivers. Because health attestation uses the hardware-based security capabilities of TPM, the log of all boot measured components remains out of the reach of any malware.
 
 After the devices attest a trusted boot state, they can prove that they aren't running low-level malware that could spoof later compliance checks. TPM-based health attestation provides a reliable anchor of trust for assets that contain high-value data.
 
@@ -367,16 +355,16 @@ But health attestation only provides information, which is why an MDM solution i
 
 ### Remote device health attestation
 
-In Windows 10, health attestation refers to a feature where Measured Boot data generated during the boot process is sent to a remote device health attestation service operated by Microsoft.
+In Windows, health attestation refers to a feature where Measured Boot data generated during the boot process is sent to a remote device health attestation service operated by Microsoft.
 
-This approach is the most secure one available for Windows 10-based devices to detect when security defenses are down. During the boot process, the TCG log and PCRs' values are sent to a remote Microsoft cloud service. Logs are then checked by the Health Attestation Service to determine what changes have occurred on the device.
+This approach is the most secure one available for Windows-based devices to detect when security defenses are down. During the boot process, the TCG log and PCRs' values are sent to a remote Microsoft cloud service. Logs are then checked by the Health Attestation Service to determine what changes have occurred on the device.
 
 A relying party like an MDM can inspect the report generated by the remote health attestation service.
 
 > [!NOTE]
-> To use the health attestation feature of Windows 10, the device must be equipped with a discrete or firmware TPM. There is no restriction on any particular edition of Windows 10.
+> To use the health attestation feature of Windows, the device must be equipped with a discrete or firmware TPM. There is no restriction on any particular edition of Windows.
 
-Windows 10 supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an antimalware or an MDM agent.
+Windows supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an antimalware or an MDM agent.
 
 Remote device health attestation combined with an MDM provides a hardware-rooted method for reporting the current security status and detecting any changes, without having to trust the software running on the system.
 
@@ -388,20 +376,20 @@ Health attestation logs the measurements in various TPM Platform Configuration R
 
 :::image type="content" alt-text="figure 6." source="images/hva-fig6-logs.png":::
 
-When you start a device equipped with TPM, a measurement of different components is performed. These components include firmware, UEFI drivers, CPU microcode, and also all the Windows 10 drivers whose type is Boot Start. The raw measurements are stored in the TPM PCR registers while the details of all events (executable path, authority certification, and so on) are available in the TCG log.
+When you start a device equipped with TPM, a measurement of different components is performed. These components include firmware, UEFI drivers, CPU microcode, and also all the Windows drivers whose type is Boot Start. The raw measurements are stored in the TPM PCR registers while the details of all events (executable path, authority certification, and so on) are available in the TCG log.
 
 :::image type="content" alt-text="figure 7." source="images/hva-fig7-measurement.png":::
 
 The health attestation process works as follows:
 
-1.  Hardware boot components are measured.
-2.  Operating system boot components are measured.
-3.  If Device Guard is enabled, current Device Guard policy is measured.
-4.  Windows kernel is measured.
-5.  Antivirus software is started as the first kernel mode driver.
-6.  Boot start drivers are measured.
-7.  MDM server through the MDM agent issues a health check command by using the Health Attestation CSP.
-8.  Boot measurements are validated by the Health Attestation Service
+1. Hardware boot components are measured.
+2. Operating system boot components are measured.
+3. If Device Guard is enabled, current Device Guard policy is measured.
+4. Windows kernel is measured.
+5. Antivirus software is started as the first kernel mode driver.
+6. Boot start drivers are measured.
+7. MDM server through the MDM agent issues a health check command by using the Health Attestation CSP.
+8. Boot measurements are validated by the Health Attestation Service
 
 > [!NOTE]
 > By default, the last 100 system boot logs and all associated resume logs are archived in the %SystemRoot%\\logs\\measuredboot folder.
@@ -409,16 +397,16 @@ The number of retained logs may be set with the registry **REG\_DWORD** value **
 
 The following process describes how health boot measurements are sent to the health attestation service:
 
-1.  The client (a Windows 10-based device with TPM) initiates the request with the remote device health attestation service. Because the health attestation server is expected to be a Microsoft cloud service, the URI is already pre-provisioned in the client.
-2.  The client then sends the TCG log, the AIK signed data (PCR values, boot counter) and the AIK certificate information.
-3.  The remote device heath attestation service then:
+1. The client (a Windows-based device with TPM) initiates the request with the remote device health attestation service. Because the health attestation server is expected to be a Microsoft cloud service, the URI is already pre-provisioned in the client.
+2. The client then sends the TCG log, the AIK signed data (PCR values, boot counter) and the AIK certificate information.
+3. The remote device heath attestation service then:
 
-    1.  Verifies that the AIK certificate is issued by a known and trusted CA and the certificate is valid and not revoked.
-    2.  Verifies that the signature on the PCR quotes is correct and consistent with the TCG log value.
-    3.  Parses the properties in the TCG log.
-    4.  Issues the device health token that contains the health information, the AIK information, and the boot counter information. The health token also contains valid issuance time. The device health token is encrypted and signed, that means that the information is protected and only accessible to issuing health attestation service.
+    1. Verifies that the AIK certificate is issued by a known and trusted CA and the certificate is valid and not revoked.
+    2. Verifies that the signature on the PCR quotes is correct and consistent with the TCG log value.
+    3. Parses the properties in the TCG log.
+    4. Issues the device health token that contains the health information, the AIK information, and the boot counter information. The health token also contains valid issuance time. The device health token is encrypted and signed, that means that the information is protected and only accessible to issuing health attestation service.
 
-4.  The client stores the health encrypted blob in its local store. The device health token contains device health status, a device ID (the Windows AIK), and the boot counter.
+4. The client stores the health encrypted blob in its local store. The device health token contains device health status, a device ID (the Windows AIK), and the boot counter.
 
 :::image type="content" alt-text="figure 8." source="images/hva-fig8a-healthattest8a.png":::
 
@@ -426,7 +414,7 @@ The following process describes how health boot measurements are sent to the hea
 
 The device health attestation solution involves different components that are TPM, Health Attestation CSP, and the Windows Health Attestation Service. Those components are described in this section.
 
-### <a href="" id="trusted-platform-module-"></a>Trusted Platform Module
+### Trusted Platform Module
 
 This section describes how PCRs (that contain system configuration data), endorsement key (EK) (that act as an identity card for TPM), SRK (that protect keys) and AIKs (that can report platform state) are used for health attestation reporting.
 
@@ -434,11 +422,11 @@ In a simplified manner, the TPM is a passive component with limited resources. I
 
 A TPM incorporates in a single component:
 
--   An RSA 2048-bit key generator
--   A random number generator
--   Nonvolatile memory for storing EK, SRK, and AIK keys
--   A cryptographic engine to encrypt, decrypt, and sign
--   Volatile memory for storing the PCRs and RSA keys
+- An RSA 2048-bit key generator
+- A random number generator
+- Nonvolatile memory for storing EK, SRK, and AIK keys
+- A cryptographic engine to encrypt, decrypt, and sign
+- Volatile memory for storing the PCRs and RSA keys
 
 ### Endorsement key
 
@@ -450,29 +438,29 @@ The endorsement key acts as an identity card for the TPM. For more information,
 
 The endorsement key is often accompanied by one or two digital certificates:
 
--   One certificate is produced by the TPM manufacturer and is called the **endorsement certificate**. The endorsement certificate is used to prove the authenticity of the TPM (for example, that it's a real TPM manufactured by a specific chip maker) to local processes, applications, or cloud services. The endorsement certificate is created during manufacturing or the first time the TPM is initialized by communicating with an online service.
--   The other certificate is produced by the platform builder and is called the **platform certificate** to indicate that a specific TPM is integrated with a certain device.
-For certain devices that use firmware-based TPM produced by Intel or Qualcomm, the endorsement certificate is created when the TPM is initialized during the OOBE of Windows 10.
+- One certificate is produced by the TPM manufacturer and is called the **endorsement certificate**. The endorsement certificate is used to prove the authenticity of the TPM (for example, that it's a real TPM manufactured by a specific chip maker) to local processes, applications, or cloud services. The endorsement certificate is created during manufacturing or the first time the TPM is initialized by communicating with an online service.
+- The other certificate is produced by the platform builder and is called the **platform certificate** to indicate that a specific TPM is integrated with a certain device.
+For certain devices that use firmware-based TPM produced by Intel or Qualcomm, the endorsement certificate is created when the TPM is initialized during the OOBE of Windows.
 
 > [!NOTE]
 > Secure Boot protects the platform until the Windows kernel is loaded. Then protections like Trusted Boot, Hyper-V Code Integrity and ELAM take over. A device that uses Intel TPM or Qualcomm TPM gets a signed certificate online from the manufacturer that has created the chip and then stores the signed certificate in TPM storage. For the operation to succeed, if you are filtering Internet access from your client devices, you must authorize the following URLs:
 
--   For Intel firmware TPM: **```https://ekop.intel.com/ekcertservice```**
--   For Qualcomm firmware TPM: **```https://ekcert.spserv.microsoft.com/```**
+- For Intel firmware TPM: **```https://ekop.intel.com/ekcertservice```**
+- For Qualcomm firmware TPM: **```https://ekcert.spserv.microsoft.com/```**
 
 ### Attestation Identity Keys
 
-Because the endorsement certificate is unique for each device and doesn't change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows 10 issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
+Because the endorsement certificate is unique for each device and doesn't change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
 
 > [!NOTE]
-> Before the device can report its health using the TPM attestation functions, an AIK certificate must be provisioned in conjunction with a third-party service like the Microsoft Cloud CA service. After it is provisioned, the AIK private key can be used to report platform configuration. Windows 10 creates a signature over the platform log state (and a monotonic counter value) at each boot by using the AIK.
+> Before the device can report its health using the TPM attestation functions, an AIK certificate must be provisioned in conjunction with a third-party service like the Microsoft Cloud CA service. After it is provisioned, the AIK private key can be used to report platform configuration. Windows creates a signature over the platform log state (and a monotonic counter value) at each boot by using the AIK.
 
 The AIK is an asymmetric (public/private) key pair that is used as a substitute for the EK as an identity for the TPM for privacy purposes. The private portion of an AIK is never revealed or used outside the TPM and can only be used inside the TPM for a limited set of operations. Furthermore, it can only be used for signing, and only for limited, TPM-defined operations.
 
-Windows 10 creates AIKs protected by the TPM, if available, that are 2048-bit RSA signing keys. Microsoft is hosting a cloud service called Microsoft Cloud CA to establish cryptographically that it's communicating with a real TPM and that the TPM possesses the presented AIK. After the Microsoft
-Cloud CA service has established these facts, it will issue an AIK certificate to the Windows 10-based device.
+Windows creates AIKs protected by the TPM, if available, that are 2048-bit RSA signing keys. Microsoft is hosting a cloud service called Microsoft Cloud CA to establish cryptographically that it's communicating with a real TPM and that the TPM possesses the presented AIK. After the Microsoft
+Cloud CA service has established these facts, it will issue an AIK certificate to the Windows-based device.
 
-Many existing devices that will upgrade to Windows 10 won't have a TPM, or the TPM won't contain an endorsement certificate. **To accommodate those devices, Windows 10 allows the issuance of AIK certificates without the presence of an endorsement certificate.** Such AIK certificates aren't issued by Microsoft Cloud CA. These certificates aren't as trustworthy as an endorsement certificate that is burned into the device during manufacturing, but it will provide compatibility for advanced scenarios like Windows Hello for Business without TPM.
+Many existing devices that will upgrade to Windows 10 won't have a TPM, or the TPM won't contain an endorsement certificate. **To accommodate those devices, Windows 10 allows the issuance of AIK certificates without the presence of an endorsement certificate**. Such AIK certificates aren't issued by Microsoft Cloud CA. These certificates aren't as trustworthy as an endorsement certificate that is burned into the device during manufacturing, but it will provide compatibility for advanced scenarios like Windows Hello for Business without TPM.
 
 In the issued AIK certificate, a special OID is added to attest that endorsement certificate was used during the attestation process. This information can be used by a relying party to decide whether to reject devices that are attested using AIK certificates without an endorsement certificate or accept them. Another scenario can be to not allow access to high-value assets from devices that are attested by an AIK certificate that isn't backed by an endorsement certificate.
 
@@ -492,9 +480,9 @@ The value of a PCR on its own is hard to interpret (it's just a hash value), but
 
 ### TPM provisioning
 
-For the TPM of a Windows 10-based device to be usable, it must first be provisioned. The process of provisioning differs based on TPM versions, but, when successful, it results in the TPM being usable and the owner authorization data (ownerAuth) for the TPM being stored locally on the registry.
+For the TPM of a Windows-based device to be usable, it must first be provisioned. The process of provisioning differs based on TPM versions, but, when successful, it results in the TPM being usable and the owner authorization data (ownerAuth) for the TPM being stored locally on the registry.
 
-When the TPM is provisioned, Windows 10 will first attempt to determine the EK and locally stored **ownerAuth** values by looking in the registry at the following location: **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\Endorsement**
+When the TPM is provisioned, Windows will first attempt to determine the EK and locally stored **ownerAuth** values by looking in the registry at the following location: **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\Endorsement**
 
 During the provisioning process, the device may need to be restarted.
 
@@ -503,21 +491,21 @@ The **Get-TpmEndorsementKeyInfo PowerShell** cmdlet can be used with administrat
 If the TPM ownership isn't known but the EK exists, the client library will provision the TPM and will store the resulting **ownerAuth** value into the registry if the policy allows it will store the SRK public portion at the following location:
 **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\Admin\\SRKPub**
 
-As part of the provisioning process, Windows 10 will create an AIK with the TPM. When this operation is performed, the resulting AIK public portion is stored in the registry at the following location: **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\WindowsAIKPub**
+As part of the provisioning process, Windows will create an AIK with the TPM. When this operation is performed, the resulting AIK public portion is stored in the registry at the following location: **HKLM\\SYSTEM\\CurrentControlSet\\Services\\TPM\\WMI\\WindowsAIKPub**
 
 > [!NOTE]
-> For provisioning AIK certificates and filtering Internet access, you must authorize the following wildcard URL: <b>https://\*.microsoftaik.azure.net</b>
+> For provisioning AIK certificates and filtering Internet access, you must authorize the following wildcard URL: `https://\*.microsoftaik.azure.net`
 
-### Windows 10 Health Attestation CSP
+### Windows Health Attestation CSP
 
-Windows 10 contains a configuration service provider (CSP) specialized for interacting with the health attestation feature. A CSP is a component that plugs into the Windows MDM client and provides a published protocol for how MDM servers can configure settings and manage Windows-based devices. The management protocol is represented as a tree structure that can be specified as URIs with functions to perform on the URIs such as "get", "set", "delete", and so on.
+Windows contains a configuration service provider (CSP) specialized for interacting with the health attestation feature. A CSP is a component that plugs into the Windows MDM client and provides a published protocol for how MDM servers can configure settings and manage Windows-based devices. The management protocol is represented as a tree structure that can be specified as URIs with functions to perform on the URIs such as "get", "set", "delete", and so on.
 
-The following list is that of the functions performed by the Windows 10 Health Attestation CSP:
+The following list is that of the functions performed by the Windows Health Attestation CSP:
 
--   Collects data that is used to verify a device's health status
--   Forwards the data to the Health Attestation Service
--   Provisions the Health Attestation Certificate that it receives from the Health Attestation Service
--   Upon request, forwards the Health Attestation Certificate (received from the Health Attestation Service) and related runtime information to the MDM server for verification
+- Collects data that is used to verify a device's health status
+- Forwards the data to the Health Attestation Service
+- Provisions the Health Attestation Certificate that it receives from the Health Attestation Service
+- Upon request, forwards the Health Attestation Certificate (received from the Health Attestation Service) and related runtime information to the MDM server for verification
 
 During a health attestation session, the Health Attestation CSP forwards the TCG logs and PCRs' values that are measured during the boot, by using a secure communication channel to the Health Attestation Service.
 
@@ -532,29 +520,36 @@ The role of Windows Health Attestation Service is essentially to evaluate a set
 
 Checking that a TPM attestation and the associated log are valid takes several steps:
 
-1.  First, the server must check that the reports are signed by **trustworthy AIKs**. This verification might be done by checking that the public part of the AIK is listed in a database of assets, or perhaps that a certificate has been checked.
-2.  After the key has been checked, the signed attestation (a quote structure) should be checked to see whether it's a **valid signature over PCR values**.
-3.  Next the logs should be checked to ensure that they match the PCR values reported.
-4.  Finally, the logs themselves should be examined by an MDM solution to see whether they represent **known or valid security configurations**. For example, a simple check might be to see whether the measured early OS components are known to be good, that the ELAM driver is as expected, and that the ELAM driver policy file is up to date. If all of these checks succeed, an attestation statement can be issued that later can be used to determine whether or not the client should be granted access to a resource.
+1. First, the server must check that the reports are signed by **trustworthy AIKs**. This verification might be done by checking that the public part of the AIK is listed in a database of assets, or perhaps that a certificate has been checked.
+2. After the key has been checked, the signed attestation (a quote structure) should be checked to see whether it's a **valid signature over PCR values**.
+3. Next the logs should be checked to ensure that they match the PCR values reported.
+4. Finally, the logs themselves should be examined by an MDM solution to see whether they represent **known or valid security configurations**. For example, a simple check might be to see whether the measured early OS components are known to be good, that the ELAM driver is as expected, and that the ELAM driver policy file is up to date. If all of these checks succeed, an attestation statement can be issued that later can be used to determine whether or not the client should be granted access to a resource.
 
 The Health Attestation Service provides the following information to an MDM solution about the health of the device:
 
--   Secure Boot enablement
--   Boot and kernel debug enablement
--   BitLocker enablement
--   VSM enabled
--   Signed or unsigned Device Guard Code Integrity policy measurement
--   ELAM loaded
--   Safe Mode boot, DEP enablement, test signing enablement
--   Device TPM has been provisioned with a trusted endorsement certificate
+- Secure Boot enablement
+- Boot and kernel debug enablement
+- BitLocker enablement
+- VSM enabled
+- Signed or unsigned Device Guard Code Integrity policy measurement
+- ELAM loaded
+- Safe Mode boot, DEP enablement, test signing enablement
+- Device TPM has been provisioned with a trusted endorsement certificate
 
 For completeness of the measurements, see [Health Attestation CSP](/windows/client-management/mdm/healthattestation-csp).
 
-The following table presents some key items that can be reported back to MDM depending on the type of Windows 10-based device.
+The following list shows some key items that can be reported back to MDM for Windows-based devices:
 
-|OS type|Key items that can be reported|
-|--- |--- |
-|Windows 10 for desktop editions|<li>PCR0 measurement<li>Secure Boot Enabled<li>Secure Boot db matches Expected<li>Secure Boot dbx is up to date<li>Secure Boot policy GUID matches Expected<li>BitLocker enabled<li>Virtualization-based security enabled<li>ELAM was loaded<li>Code Integrity version is up to date<li>Code Integrity policy hash matches Expected|
+- PCR0 measurement
+- Secure Boot Enabled
+- Secure Boot db matches Expected
+- Secure Boot dbx is up to date
+- Secure Boot policy GUID matches Expected
+- BitLocker enabled
+- Virtualization-based security enabled
+- ELAM was loaded
+- Code Integrity version is up to date
+- Code Integrity policy hash matches expected
 
 ### Use MDM and the Health Attestation Service
 
@@ -562,29 +557,29 @@ To make device health relevant, the MDM solution evaluates the device health rep
 
 A solution that uses MDM and the Health Attestation Service consists of three main parts:
 
-1.  A device with health attestation enabled. This enablement will be done as a part of enrollment with an MDM provider (health attestation will be disabled by default).
-2.  After this service is enabled, and every boot thereafter, the device will send health measurements to the Health Attestation Service hosted by Microsoft, and it will receive a health attestation blob in return.
-3.  At any point after this cycle, an MDM server can request the health attestation blob from the device and ask Health Attestation Service to decrypt the content and validate that it's been attested.
+1. A device with health attestation enabled. This enablement will be done as a part of enrollment with an MDM provider (health attestation will be disabled by default).
+2. After this service is enabled, and every boot thereafter, the device will send health measurements to the Health Attestation Service hosted by Microsoft, and it will receive a health attestation blob in return.
+3. At any point after this cycle, an MDM server can request the health attestation blob from the device and ask Health Attestation Service to decrypt the content and validate that it's been attested.
 
     :::image type="content" alt-text="figure 9." source="images/hva-fig8-evaldevicehealth8.png":::
 
-Interaction between a Windows 10-based device, the Health Attestation Service, and MDM can be performed as follows:
+Interaction between a Windows-based device, the Health Attestation Service, and MDM can be performed as follows:
 
-1.  The client initiates a session with the MDM server. The URI for the MDM server would be part of the client app that initiates the request. The MDM server at this time could request the health attestation data by using the appropriate CSP URI.
-2.  The MDM server specifies a nonce along with the request.
-3.  The client then sends the AIK quoted nonce + the boot counter and the health blob information. This health blob is encrypted with a Health Attestation Service public key that only the Health Attestation Service can decrypt.
-4.  The MDM server:
+1. The client initiates a session with the MDM server. The URI for the MDM server would be part of the client app that initiates the request. The MDM server at this time could request the health attestation data by using the appropriate CSP URI.
+2. The MDM server specifies a nonce along with the request.
+3. The client then sends the AIK quoted nonce + the boot counter and the health blob information. This health blob is encrypted with a Health Attestation Service public key that only the Health Attestation Service can decrypt.
+4. The MDM server:
 
-    1.  Verifies that the nonce is as expected.
-    2.  Passes the quoted data, the nonce and the encrypted health blob to the Health Attestation Service server.
+    1. Verifies that the nonce is as expected.
+    2. Passes the quoted data, the nonce and the encrypted health blob to the Health Attestation Service server.
 
-5.  The Health Attestation Service:
+5. The Health Attestation Service:
 
-    1.  Decrypts the health blob.
-    2.  Verifies that the boot counter in the quote is correct using the AIK in the health blob and matches the value in the health blob.
-    3.  Verifies that the nonce matches in the quote and the one that is passed from MDM.
-    4.  Because the boot counter and the nonce are quoted with the AIK from the health blob, it also proves that the device is the same one as the one for which the health blob has been generated.
-    5.  Sends data back to the MDM server including health parameters, freshness, and so on.
+    1. Decrypts the health blob.
+    2. Verifies that the boot counter in the quote is correct using the AIK in the health blob and matches the value in the health blob.
+    3. Verifies that the nonce matches in the quote and the one that is passed from MDM.
+    4. Because the boot counter and the nonce are quoted with the AIK from the health blob, it also proves that the device is the same one as the one for which the health blob has been generated.
+    5. Sends data back to the MDM server including health parameters, freshness, and so on.
 
 > [!NOTE]
 > The MDM server (relying party) never performs the quote or boot counter validation itself. It gets the quoted data and the health blob (which is encrypted) and sends the data to the Health Attestation Service for validation. This way, the AIK is never visible to the MDM, which thereby addresses privacy concerns.
@@ -594,14 +589,14 @@ Setting the requirements for device compliance is the first step to ensure that
 Devices that attempt to connect to resources must have their health evaluated so that unhealthy and noncompliant devices can be detected and reported. To be fully efficient, an end-to-end security solution must impose a consequence for unhealthy devices like refusing access to high-value assets.
 That consequence for an unhealthy device is the purpose of conditional access control, which is detailed in the next section.
 
-## Control the security of a Windows 10-based device before access is granted
+## Control the security of a Windows-based device before access is granted
 
 Today's access control technology, in most cases, focuses on ensuring that the right people get access to the right resources. If users can authenticate, they get access to resources using a device that the organization's IT staff and systems know little about. Perhaps there's some check such as ensuring that a device is encrypted before giving access to email, but what if the device is infected with malware?
 
 The remote device health attestation process uses measured boot data to verify the health status of the device. The health of the device is then available for an MDM solution like Intune.
 
 > [!NOTE]
-> For the latest information on Intune and Windows 10 features support, see [What's new in Microsoft Intune](/mem/intune/fundamentals/whats-new).
+> For the latest information on Intune and Windows features support, see [What's new in Microsoft Intune](/mem/intune/fundamentals/whats-new).
 
 The figure below shows how the Health Attestation Service is expected to work with Microsoft's cloud-based Intune MDM service.
 
@@ -612,24 +607,24 @@ firewall is running, and the devices patch state is compliant.
 
 Finally, resources can be protected by denying access to endpoints that are unable to prove they're healthy. This feature is much needed for BYOD devices that need to access organizational resources.
 
-### Built-in support of MDM in Windows 10
+### Built-in support of MDM in Windows
 
-Windows 10 has an MDM client that ships as part of the operating system. This MDM client enables MDM servers to manage Windows 10-based devices without requiring a separate agent.
+Windows has an MDM client that ships as part of the operating system. This MDM client enables MDM servers to manage Windows-based devices without requiring a separate agent.
 
 ### Third-party MDM server support
 
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a compatible server that supports the OMA-DM protocol to perform enterprise management tasks. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
+Third-party MDM servers can manage Windows by using the MDM protocol. The built-in management client is able to communicate with a compatible server that supports the OMA-DM protocol to perform enterprise management tasks. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
 
 > [!NOTE]
-> MDM servers do not need to create or download a client to manage Windows 10. For more information, see [Mobile device management](/windows/client-management/mdm/).
+> MDM servers do not need to create or download a client to manage Windows. For more information, see [Mobile device management](/windows/client-management/mdm/).
 
-The third-party MDM server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users.
+The third-party MDM server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows users.
 
-### <a href="" id="management-of-windows-defender-by-third-party-mdm-"></a>Management of Windows Defender by third-party MDM
+### Management of Windows Defender by third-party MDM
 
-This management infrastructure makes it possible for IT pros to use MDM-capable products like Intune, to manage health attestation, Device Guard, or Windows Defender on Windows 10-based devices, including BYODs that aren't domain joined. IT pros will be able to manage and configure all of the actions and settings they're familiar with customizing by using Intune with Intune Endpoint Protection on down-level operating systems. Admins that currently only manage domain joined devices through Group Policy will find it easy to transition to managing Windows 10-based devices by using MDM because many of the settings and actions are shared across both mechanisms.
+This management infrastructure makes it possible for IT pros to use MDM-capable products like Intune, to manage health attestation, Device Guard, or Windows Defender on Windows-based devices, including BYODs that aren't domain joined. IT pros will be able to manage and configure all of the actions and settings they're familiar with customizing by using Intune with Intune Endpoint Protection on down-level operating systems. Admins that currently only manage domain joined devices through Group Policy will find it easy to transition to managing Windows-based devices by using MDM because many of the settings and actions are shared across both mechanisms.
 
-For more information on how to manage Windows 10 security and system settings with an MDM solution, see [Custom URI settings for Windows 10 devices](/mem/intune/configuration/custom-settings-windows-10).
+For more information on how to manage Windows security and system settings with an MDM solution, see [Custom URI settings for Windows devices](/mem/intune/configuration/custom-settings-windows-10).
 
 ### Conditional access control
 
@@ -641,7 +636,7 @@ If the device isn't registered, the user will get a message with instructions on
 
 :::image type="content" alt-text="figure 11." source="images/hva-fig10-conditionalaccesscontrol.png":::
 
-### <a href="" id="office-365-conditional-access-control-"></a>Office 365 conditional access control
+### Office 365 conditional access control
 
 Azure AD enforces conditional access policies to secure access to Office 365 services. A tenant admin can create a conditional access policy that blocks a user on a non-compliant device from accessing an Office 365 service. The user must conform to the company's device policies before access can be granted to the service. Alternately, the admin can also create a policy that requires users to just enroll their devices to gain access to an Office 365 service. Policies may be applied to all users of an organization, or limited to a few target groups and enhanced over time to include more
 target groups.
@@ -651,7 +646,7 @@ When a user requests access to an Office 365 service from a supported device pla
 When a user enrolls, the device is registered with Azure AD, and enrolled with a compatible MDM solution like Intune.
 
 > [!NOTE]
-> Microsoft is working with third-party MDM ISVs to support automated MDM enrollment and policy based access checks. Steps to turn on auto-MDM enrollment with Azure AD and Intune are explained in the [Windows 10, Azure AD And Microsoft Intune: Automatic MDM Enrollment Powered By The Cloud!](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067) blog post.
+> Microsoft is working with third-party MDM ISVs to support automated MDM enrollment and policy based access checks. Steps to turn on auto-MDM enrollment with Azure AD and Intune are explained in the [Windows, Azure AD And Microsoft Intune: Automatic MDM Enrollment Powered By The Cloud!](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067) blog post.
 
 When a user enrolls a device successfully, the device becomes trusted. Azure AD provides single-sign-on to access company applications and enforces conditional access policy to grant access to a service not only the first time the user requests access, but every time the user requests to renew access.
 
@@ -663,20 +658,20 @@ Depending on the type of email application that employees use to access Exchange
 
 Clients that attempt to access Office 365 will be evaluated for the following properties:
 
--   Is the device managed by an MDM?
--   Is the device registered with Azure AD?
--   Is the device compliant?
+- Is the device managed by an MDM?
+- Is the device registered with Azure AD?
+- Is the device compliant?
 
-To get to a compliant state, the Windows 10-based device needs to:
+To get to a compliant state, the Windows-based device needs to:
 
--   Enroll with an MDM solution.
--   Register with Azure AD.
--   Be compliant with the device policies set by the MDM solution.
+- Enroll with an MDM solution.
+- Register with Azure AD.
+- Be compliant with the device policies set by the MDM solution.
 
 > [!NOTE]
-> At the present time, conditional access policies are selectively enforced on users on iOS and Android devices. For more information, see the [Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility!](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-microsoft-intune-and-windows-10-8211-using-the-cloud-to/ba-p/244012) blog post.
+> At the present time, conditional access policies are selectively enforced on users on iOS and Android devices. For more information, see the [Azure AD, Microsoft Intune and Windows - Using the cloud to modernize enterprise mobility!](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-microsoft-intune-and-windows-10-8211-using-the-cloud-to/ba-p/244012) blog post.
 
-### <a href="" id="cloud-and-on-premises-apps-conditional-access-control-"></a>Cloud and on-premises apps conditional access control
+### Cloud and on-premises apps conditional access control
 
 Conditional access control is a powerful policy evaluation engine built into Azure AD. It gives IT pros an easy way to create access rules beyond Office 365 that evaluate the context of a user's sign in to make real-time decisions about which applications they should be allowed to access.
 
@@ -689,29 +684,29 @@ For more information about conditional access, see [Azure Conditional Access Pre
 
 For on-premises applications there are two options to enable conditional access control based on a device's compliance state:
 
--   For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more information, see [Using Azure AD Application Proxy to publish on-premises apps for remote users](/azure/active-directory/app-proxy/what-is-application-proxy).
--   Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
+- For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more information, see [Using Azure AD Application Proxy to publish on-premises apps for remote users](/azure/active-directory/app-proxy/what-is-application-proxy).
+- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
 
 :::image type="content" alt-text="figure 13." source="images/hva-fig12-conditionalaccess12.png":::
 
 The following process describes how Azure AD conditional access works:
 
-1.  User has already enrolled with MDM through Workplace Access/Azure AD join, which registers device with Azure AD.
-2.  When the device boots or resumes from hibernate, a task "Tpm-HASCertRetr" is triggered to request in background a health attestation blob. Device sends TPM boot measurements to the Health Attestation Service.
-3.  Health Attestation Service validates device state and issues an encrypted blob to the device based on the health state with details on failed checks (if any).
-4.  User logs on and the MDM agent contacts the Intune/MDM server.
-5.  MDM server pushes down new policies if available and queries health blob state and other inventory state.
-6.  Device sends a health attestation blob previously acquired and also the value of the other state inventory requested by the Intune/MDM server.
-7.  Intune/MDM server sends the health attestation blob to Health Attestation Service to be validated.
-8.  Health Attestation Service validates that the device that sent the health attestation blob is healthy, and returns this result to Intune/MDM server.
-9.  Intune/MDM server evaluates compliance based on the compliance and the queried inventory/health attestation state from device.
+1. User has already enrolled with MDM through Workplace Access/Azure AD join, which registers device with Azure AD.
+2. When the device boots or resumes from hibernate, a task "Tpm-HASCertRetr" is triggered to request in background a health attestation blob. Device sends TPM boot measurements to the Health Attestation Service.
+3. Health Attestation Service validates device state and issues an encrypted blob to the device based on the health state with details on failed checks (if any).
+4. User logs on and the MDM agent contacts the Intune/MDM server.
+5. MDM server pushes down new policies if available and queries health blob state and other inventory state.
+6. Device sends a health attestation blob previously acquired and also the value of the other state inventory requested by the Intune/MDM server.
+7. Intune/MDM server sends the health attestation blob to Health Attestation Service to be validated.
+8. Health Attestation Service validates that the device that sent the health attestation blob is healthy, and returns this result to Intune/MDM server.
+9. Intune/MDM server evaluates compliance based on the compliance and the queried inventory/health attestation state from device.
 10. Intune/MDM server updates compliance state against device object in Azure AD.
 11. User opens app, attempts to access a corporate managed asset.
 12. Access gated by compliance claim in Azure AD.
 13. If the device is compliant and the user is authorized, an access token is generated.
 14. User can access the corporate managed asset.
 
-For more information about Azure AD join, see [Azure AD & Windows 10: Better Together for Work or School](https://go.microsoft.com/fwlink/p/?LinkId=691619), a white paper.
+For more information about Azure AD join, see [Azure AD & Windows: Better Together for Work or School](https://go.microsoft.com/fwlink/p/?LinkId=691619), a white paper.
 
 Conditional access control is a topic that many organizations and IT pros may not know and they should. The different attributes that describe a user, a device, compliance, and context of access are powerful when used with a conditional access engine. Conditional access control is an essential step that helps organizations secure their environment.
 
@@ -719,50 +714,50 @@ Conditional access control is a topic that many organizations and IT pros may no
 
 The following list contains high-level key takeaways to improve the security posture of any organization. However, the few takeaways presented in this section shouldn't be interpreted as an exhaustive list of security best practices.
 
--   **Understand that no solution is 100 percent secure**
+- **Understand that no solution is 100 percent secure**
 
     If determined adversaries with malicious intent gain physical access to the device, they could eventually break through its security layers and control it.
 
--   **Use health attestation with an MDM solution**
+- **Use health attestation with an MDM solution**
 
     Devices that attempt to connect to high-value assets must have their health evaluated so that unhealthy and noncompliant devices can be detected, reported, and eventually blocked.
 
--   **Use Credential Guard**
+- **Use Credential Guard**
 
     Credential Guard is a feature that greatly helps protect corporate domain credentials from pass-the-hash attacks.
 
--   **Use Device Guard**
+- **Use Device Guard**
 
-    Device Guard is a real advance in security and an effective way to help protect against malware. The new Device Guard feature in Windows 10 blocks untrusted apps (apps not authorized by your organization).
+    Device Guard is a real advance in security and an effective way to help protect against malware. The Device Guard feature in Windows blocks untrusted apps (apps not authorized by your organization).
 
--   **Sign Device Guard policy**
+- **Sign Device Guard policy**
 
     Signed Device Guard policy helps protect against a user with administrator privileges trying to defeat the current policy. When a policy is signed, the only way to modify Device Guard later is to provide a new version of the policy signed by the same signer or from a signer specify as part of the Device Guard policy.
 
--   **Use virtualization-based security**
+- **Use virtualization-based security**
 
     When you have Kernel Mode Code Integrity protected by virtualization-based security, the code integrity rules are still enforced even if a vulnerability allows unauthorized kernel mode memory access. Keep in mind that Device Guard devices that run Kernel Code Integrity with virtualization-based security must have compatible drivers.
 
--   **Start to deploy Device Guard with Audit mode**
+- **Start to deploy Device Guard with Audit mode**
 
     Deploy Device Guard policy to targeted computers and devices in Audit mode. Monitor the Code Integrity event log that indicates a program or a driver would have been blocked if Device Guard was configured in Enforcement mode. Adjust Device Guard rules until a high level of confidence has been reached. After the testing phase has been completed, Device Guard policy can be switched to Enforcement mode.
 
--   **Build an isolated reference machine when deploying Device Guard**
+- **Build an isolated reference machine when deploying Device Guard**
 
     Because the corporate network can contain malware, you should start to configure a reference environment that is isolated from your main corporate network. After that, you can create a code integrity policy that includes the trusted applications you want to run on your protected devices.
 
--   **Use AppLocker when it makes sense**
+- **Use AppLocker when it makes sense**
 
     Although AppLocker isn't considered a new Device Guard feature, it complements Device Guard functionality for some scenarios like being able to deny a specific Universal Windows application for a specific user or a group of users.
 
--   **Lock down firmware and configuration**
+- **Lock down firmware and configuration**
 
-    After Windows 10 is installed, lock down firmware boot options access. This lockdown prevents a user with physical access from modifying UEFI settings, disabling Secure Boot, or booting other operating systems. Also, in order to protect against an administrator trying to disable Device Guard, add a rule in the current Device Guard policy that will deny and block execution of the **C:\\Windows\\System32\\SecConfig.efi** tool.
+    After Windows is installed, lock down firmware boot options access. This lockdown prevents a user with physical access from modifying UEFI settings, disabling Secure Boot, or booting other operating systems. Also, in order to protect against an administrator trying to disable Device Guard, add a rule in the current Device Guard policy that will deny and block execution of the **C:\\Windows\\System32\\SecConfig.efi** tool.
 
-Health attestation is a key feature of Windows 10 that includes client and cloud components to control access to high-value assets based on a user and their device's identity and compliance with corporate governance policy. Organizations can choose to detect and report unhealthy devices, or to configure health enforcement rules based on their needs. Health attestation provides an end-to-end security model and integration points, which vendors and software developers can use to build and integrate a customized solution.
+Health attestation is a key feature of Windows that includes client and cloud components to control access to high-value assets based on a user and their device's identity and compliance with corporate governance policy. Organizations can choose to detect and report unhealthy devices, or to configure health enforcement rules based on their needs. Health attestation provides an end-to-end security model and integration points, which vendors and software developers can use to build and integrate a customized solution.
 
 ## Related topics
 
 - [Protect derived domain credentials with Credential Guard](/windows/access-protection/credential-guard/credential-guard)
 - [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide)
-- [Trusted Platform Module technology overview](../information-protection/tpm/trusted-platform-module-overview.md)
+- [Trusted Platform Module technology overview](../../hardware-security/tpm/trusted-platform-module-overview.md)
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md
similarity index 68%
rename from windows/security/information-protection/secure-the-windows-10-boot-process.md
rename to windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md
index be0c4f800d..b0da2402b2 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/operating-system-security/system-security/secure-the-windows-10-boot-process.md
@@ -1,32 +1,24 @@
 ---
 title: Secure the Windows boot process
 description: This article describes how Windows security features help protect your PC from malware, including rootkits and other applications.
-ms.prod: windows-client
-ms.author: paoloma
-author: paolomatarazzo
-manager: aaroncz
+ms.topic: conceptual
+ms.date: 08/11/2023
 ms.collection:
   - highpri
   - tier1
-ms.topic: conceptual
-ms.date: 03/09/2023
-ms.technology: itpro-security
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
 ---
 
 # Secure the Windows boot process
 
-
-The Windows OS has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, the Windows 10 OS includes a series of security features that can mitigate the effect. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
+Windows has many features to help protect you from malware, and it does an amazingly good job. Except for apps that businesses develop and use internally, all Microsoft Store apps must meet a series of requirements to be certified and included in the Microsoft Store. This certification process examines several criteria, including security, and is an effective means of preventing malware from entering the Microsoft Store. Even if a malicious app does get through, Windows includes a series of security features that can mitigate the effect. For instance, Microsoft Store apps are sandboxed and lack the privileges necessary to access user data or change system settings.
 
 Windows has multiple levels of protection for desktop apps and data, too. Windows Defender Antivirus uses cloud-powered real-time detection to identify and quarantine apps that are known to be malicious. Windows Defender SmartScreen warns users before allowing them to run an untrustworthy app, even if it's recognized as malware. Before an app can change system settings, the user would have to grant the app administrative privileges by using User Account Control.
 
 Those components are just some of the ways that Windows protects you from malware. However, those security features protect you only after Windows starts. Modern malware, and bootkits specifically, are capable of starting before Windows, completely bypassing OS security, and remaining hidden.
 
-When you run Windows 10 or Windows 11 on a PC or any PC that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your PC from malware from the moment you power on your PC until your anti-malware starts. In the unlikely event that malware does infect a PC, it can't remain hidden; Trusted Boot can prove the system's integrity to your infrastructure in a way that malware can't disguise. Even on PCs without UEFI, Windows provides even better startup security than previous versions of Windows.
+Running Windows 10 or Windows 11 on a PC with Unified Extensible Firmware Interface (UEFI) support ensures that Trusted Boot safeguards your PC against malware right from the moment you power it on. This protection continues until your anti-malware software takes over. If, by any chance, malware manages to infect your PC, it won't be able to stay hidden. Trusted Boot can verify the system's integrity to your infrastructure in a manner that malware can't mask. Even for PCs without UEFI, Windows offers enhanced startup security compared to earlier Windows versions.
 
-First, let's examine what rootkits are and how they work. Then, we'll show you how Windows can protect you.
+To begin, let's take a closer look at rootkits and their functioning. Following that, we'll illustrate how Windows can ensure your protection.
 
 ## The threat: rootkits
 
@@ -50,9 +42,9 @@ Windows supports four features to help prevent rootkits and bootkits from loadin
 
 Figure 1 shows the Windows startup process.
 
-![Windows startup process.](./images/dn168167.boot_process(en-us,MSDN.10).png)
+![Screenshot that shows the Windows startup process.](images/boot_process.png)
 
-*Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage*
+*Figure 1. Secure Boot, Trusted Boot, and Measured Boot block malware at every stage*:
 
 Secure Boot and Measured Boot are only possible on PCs with UEFI 2.3.1 and a TPM chip. Fortunately, all Windows 10 and Windows 11 PCs that meet Windows Hardware Compatibility Program requirements have these components, and many PCs designed for earlier versions of Windows have them as well.
 
@@ -82,33 +74,29 @@ These requirements help protect you from rootkits while allowing you to run any
 
 To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software can't change the Secure Boot settings.
 
-The default state of Secure Boot has a wide circle of trust which can result in customers trusting boot components they may not need. Since the Microsoft 3rd Party UEFI CA certificate signs the bootloaders for all Linux distributions, trusting the Microsoft 3rd Party UEFI CA signature in the UEFI database  increase  s the attack surface of systems. A customer who intended to only trust and boot a single Linux distribution will trust all distributions – much more than their desired configuration. A vulnerability in any of the bootloaders exposes the system and places the customer at risk of exploit for a bootloader they never intended to use, as seen in recent vulnerabilities, for example [with the GRUB bootloader](https://msrc.microsoft.com/security-guidance/advisory/ADV200011) or [firmware-level rootkit]( https://www.darkreading.com/threat-intelligence/researchers-uncover-dangerous-new-firmware-level-rootkit) affecting boot components. [Secured-core PCs](/windows-hardware/design/device-experiences/OEM-highly-secure-11) require Secure Boot to be enabled and configured to distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with the most secure configuration of their PCs possible. 
+The default state of Secure Boot has a wide circle of trust, which can result in customers trusting boot components they may not need. Since the Microsoft 3rd Party UEFI CA certificate signs the bootloaders for all Linux distributions, trusting the Microsoft 3rd Party UEFI CA signature in the UEFI database  increase  s the attack surface of systems. A customer who intended to only trust and boot a single Linux distribution will trust all distributions - much more than their desired configuration. A vulnerability in any of the bootloaders exposes the system and places the customer at risk of exploit for a bootloader they never intended to use, as seen in recent vulnerabilities, for example [with the GRUB bootloader](https://msrc.microsoft.com/security-guidance/advisory/ADV200011) or [firmware-level rootkit]( https://www.darkreading.com/threat-intelligence/researchers-uncover-dangerous-new-firmware-level-rootkit) affecting boot components. [Secured-core PCs](/windows-hardware/design/device-experiences/OEM-highly-secure-11) require Secure Boot to be enabled and configured to distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with the most secure configuration of their PCs possible.
 
 To trust and boot operating systems, like Linux, and components signed by the UEFI signature, Secured-core PCs can be configured in the BIOS menu to add the signature in the UEFI database by following these steps:
 
-1. Open the firmware menu, either: 
-  
-  - Boot the PC, and press the manufacturer's key to open the menus. Common keys used: Esc, Delete, F1, F2, F10, F11, or F12. On tablets, common buttons are Volume up or Volume down. During startup, there's often a screen that mentions the key. If there's not one, or if the screen goes by too fast to see it, check your manufacturer's site.
+1. Open the firmware menu, either:
+    - Boot the PC, and press the manufacturer's key to open the menus. Common keys used: Esc, Delete, F1, F2, F10, F11, or F12. On tablets, common buttons are Volume up or Volume down. During startup, there's often a screen that mentions the key. If there's not one, or if the screen goes by too fast to see it, check your manufacturer's site.
+    - Or, if Windows is already installed, from either the Sign on screen or the Start menu, select Power ( ) > hold Shift while selecting Restart. Select Troubleshoot > Advanced options > UEFI Firmware settings.
+2. From the firmware menu, navigate to Security > Secure Boot and select the option to trust the "3rd Party CA".
+3. Save changes and exit.
 
-  - Or, if Windows is already installed, from either the Sign on screen or the Start menu, select Power ( ) > hold Shift while selecting Restart. Select Troubleshoot > Advanced options > UEFI Firmware settings.
-  
-2.    From the firmware menu navigate to Security > Secure Boot and select the option to trust the "3rd Party CA". 
-
-3.    Save changes and exit. 
- 
-Microsoft continues to collaborate with Linux and IHV ecosystem partners to design least privileged features to help you stay secure and opt-in trust for only the publishers and components you trust. 
+Microsoft continues to collaborate with Linux and IHV ecosystem partners to design least privileged features to help you stay secure and opt-in trust for only the publishers and components you trust.
 
 Like most mobile devices, Arm-based devices, such as the Microsoft Surface RT device, are designed to run only Windows 8.1. Therefore, Secure Boot can't be turned off, and you can't load a different OS. Fortunately, there's a large market of ARM processor devices designed to run other operating systems.
 
 ## Trusted Boot
 
-Trusted Boot takes over where Secure Boot ends. The bootloader verifies the digital signature of the Windows 10 kernel before loading it. The Windows 10 kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally.
+Trusted Boot takes over where Secure Boot ends. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM. If a file has been modified, the bootloader detects the problem and refuses to load the corrupted component. Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the PC to start normally.
 
 ## Early Launch Anti-Malware
 
 Because Secure Boot has protected the bootloader and Trusted Boot has protected the Windows kernel, the next opportunity for malware to start is by infecting a non-Microsoft boot driver. Traditional anti-malware apps don't start until after the boot drivers have been loaded, giving a rootkit disguised as a driver the opportunity to work.
 
-Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the OS hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows won't load it.
+Early Launch Anti-Malware (ELAM) can load a Microsoft or non-Microsoft anti-malware driver before all non-Microsoft boot drivers and applications, thus continuing the chain of trust established by Secure Boot and Trusted Boot. Because the OS hasn't started yet, and because Windows needs to boot as quickly as possible, ELAM has a simple task: examine every boot driver and determine whether it is on the list of trusted drivers. If it's not trusted, Windows doesn't load it.
 
 An ELAM driver isn't a full-featured anti-malware solution; that loads later in the boot process. Windows Defender (included with Windows) supports ELAM, as does several non-Microsoft anti-malware apps.
 
@@ -120,7 +108,7 @@ As a result, PCs infected with rootkits appear to be healthy, even with anti-mal
 
 Measured Boot works with the TPM and non-Microsoft software in Windows. It allows a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot uses the following process:
 
-1. The PC's UEFI firmware stores in the TPM a hash of the firmware, bootloader, boot drivers, and everything that will be loaded before the anti-malware app.
+1. The PC's UEFI firmware stores in the TPM a hash of the firmware, bootloader, boot drivers, and everything that is loaded before the anti-malware app.
 2. At the end of the startup process, Windows starts the non-Microsoft remote attestation client. The trusted attestation server sends the client a unique key.
 3. The TPM uses the unique key to digitally sign the log recorded by the UEFI.
 4. The client sends the log to the server, possibly with other security information.
@@ -129,13 +117,12 @@ Depending on the implementation and configuration, the server can now determine
 
 Figure 2 illustrates the Measured Boot and remote attestation process.
 
+![Screenshot that shows the Measured Boot and remote attestation process.](images/measured_boot.png)
 
+*Figure 2. Measured Boot proves the PC's health to a remote server*:
 
-![Measured Boot and remote attestation process.](./images/dn168167.measure_boot(en-us,MSDN.10).png)
+Windows includes the application programming interfaces to support Measured Boot. However, to take advanted of it, you need non-Microsoft tools to implement a remote attestation client and trusted attestation server. For example, see the following tools from Microsoft Research:
 
-*Figure 2. Measured Boot proves the PC's health to a remote server*
-
-Windows includes the application programming interfaces to support Measured Boot, but you'll need non-Microsoft tools to implement a remote attestation client and trusted attestation server to take advantage of it. For example, see the following tools from Microsoft Research:
 - [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487)
 - [TSS.MSR](https://github.com/microsoft/TSS.MSR#tssmsr)
 
diff --git a/windows/security/operating-system-security/system-security/toc.yml b/windows/security/operating-system-security/system-security/toc.yml
index 86abf54e55..b9ce4be880 100644
--- a/windows/security/operating-system-security/system-security/toc.yml
+++ b/windows/security/operating-system-security/system-security/toc.yml
@@ -1,28 +1,38 @@
 items:
 - name: Secure the Windows boot process
-  href: ../../information-protection/secure-the-windows-10-boot-process.md
+  href: secure-the-windows-10-boot-process.md
 - name: Secure Boot and Trusted Boot
-  href: ../../trusted-boot.md
-- name: Measured Boot
+  href: trusted-boot.md
+- name: Measured Boot 🔗
   href: /windows/compatibility/measured-boot
 - name: Device health attestation service
-  href: ../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+  href: protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
 - name: Cryptography and certificate management
-  href: ../../cryptography-certificate-mgmt.md
-- name: The Windows Security app
-  href: ../../threat-protection/windows-defender-security-center/windows-defender-security-center.md
+  href: cryptography-certificate-mgmt.md
+- name: Security policy settings
+  href: ../../threat-protection/security-policy-settings/security-policy-settings.md
+- name: Security auditing
+  href: ../../threat-protection/auditing/security-auditing-overview.md
+- name: Assigned Access (kiosk mode) 🔗
+  href: /windows/configuration/kiosk-methods
+- name: Windows Security settings
+  href: windows-defender-security-center/windows-defender-security-center.md
   items:
   - name: Virus & threat protection
-    href: ../../threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
+    href: windows-defender-security-center\wdsc-virus-threat-protection.md
   - name: Account protection
-    href: ../../threat-protection\windows-defender-security-center\wdsc-account-protection.md
+    href: windows-defender-security-center\wdsc-account-protection.md
   - name: Firewall & network protection
-    href: ../../threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
+    href: windows-defender-security-center\wdsc-firewall-network-protection.md
   - name: App & browser control
-    href: ../../threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
+    href: windows-defender-security-center\wdsc-app-browser-control.md
   - name: Device security
-    href: ../../threat-protection\windows-defender-security-center\wdsc-device-security.md
+    href: windows-defender-security-center\wdsc-device-security.md
   - name: Device performance & health
-    href: ../../threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
+    href: windows-defender-security-center\wdsc-device-performance-health.md
   - name: Family options
-    href: ../../threat-protection\windows-defender-security-center\wdsc-family-options.md
\ No newline at end of file
+    href: windows-defender-security-center\wdsc-family-options.md
+  - name: Customize contact information
+    href: windows-defender-security-center\wdsc-customize-contact-information.md
+  - name: Hide notifications
+    href: windows-defender-security-center\wdsc-hide-notifications.md
\ No newline at end of file
diff --git a/windows/security/trusted-boot.md b/windows/security/operating-system-security/system-security/trusted-boot.md
similarity index 60%
rename from windows/security/trusted-boot.md
rename to windows/security/operating-system-security/system-security/trusted-boot.md
index 8790964196..364719eebb 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/operating-system-security/system-security/trusted-boot.md
@@ -1,14 +1,11 @@
 ---
 title: Secure Boot and Trusted Boot
 description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
-author: vinaypamnani-msft
-ms.author: vinpa
-manager: aaroncz
 ms.topic: conceptual
 ms.date: 09/21/2021
-ms.prod: windows-client
-ms.technology: itpro-security
 ms.reviewer: jsuther
+appliesto:
+  - "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>"
 ---
 
 # Secure Boot and Trusted Boot
@@ -21,16 +18,16 @@ Secure Boot and Trusted Boot help prevent malware and corrupted components from
 
 The first step in protecting the operating system is to ensure that it boots securely after the initial hardware and firmware boot sequences have safely finished their early boot sequences. Secure Boot makes a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel's Trusted Boot sequence. Malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes throughout the boot sequence between the UEFI, bootloader, kernel, and application environments.
 
-As the PC begins the boot process, it will first verify that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader's digital signature to ensure that it's trusted by the Secure Boot policy and hasn't been tampered with. 
+As the PC begins the boot process, it first verifies that the firmware is digitally signed, reducing the risk of firmware rootkits. Secure Boot then checks all code that runs before the operating system and checks the OS bootloader's digital signature to ensure that it's trusted by the Secure Boot policy and hasn't been tampered with.
 
 ## Trusted Boot
 
-Trusted Boot picks up the process that started with Secure Boot. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your antimalware product's early-launch antimalware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
+Trusted Boot picks up the process that started with Secure Boot. The Windows bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including boot drivers, startup files, and your anti-malware product's early-launch anti-malware (ELAM) driver. If any of these files were tampered, the bootloader detects the problem and refuses to load the corrupted component. Tampering or malware attacks on the Windows boot sequence are blocked by the signature-enforcement handshakes between the UEFI, bootloader, kernel, and application environments.
 
 Often, Windows can automatically repair the corrupted component, restoring the integrity of Windows and allowing the Windows 11 device to start normally.
 
-[!INCLUDE [secure-boot-and-trusted-boot](../../includes/licensing/secure-boot-and-trusted-boot.md)]
+[!INCLUDE [secure-boot-and-trusted-boot](../../../../includes/licensing/secure-boot-and-trusted-boot.md)]
 
 ## See also
 
-[Secure the Windows boot process](information-protection/secure-the-windows-10-boot-process.md)
\ No newline at end of file
+[Secure the Windows boot process](secure-the-windows-10-boot-process.md)
diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-custom-flyout.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-security-center/images/security-center-custom-flyout.png
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-custom-flyout.png
diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-home.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-security-center/images/security-center-home.png
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-home.png
diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-start-menu.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-security-center/images/security-center-start-menu.png
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-start-menu.png
diff --git a/windows/security/threat-protection/windows-defender-security-center/images/security-center-taskbar.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-security-center/images/security-center-taskbar.png
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/images/security-center-taskbar.png
diff --git a/windows/security/threat-protection/windows-defender-security-center/images/settings-windows-defender-security-center-areas.PNG b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-security-center/images/settings-windows-defender-security-center-areas.PNG
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/images/settings-windows-defender-security-center-areas.png
diff --git a/windows/security/threat-protection/windows-defender-security-center/images/wdsc-all-hide.png b/windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png
similarity index 100%
rename from windows/security/threat-protection/windows-defender-security-center/images/wdsc-all-hide.png
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/images/wdsc-all-hide.png
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
new file mode 100644
index 0000000000..0282a7bcb2
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-account-protection.md
@@ -0,0 +1,37 @@
+---
+title: Account protection in Windows Security
+description: Use the Account protection section to manage security for your account and sign in to Microsoft.
+ms.date: 08/11/2023
+ms.topic: article
+---
+
+
+# Account protection
+
+The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list:
+
+- [Microsoft Account](https://account.microsoft.com/account/faq)
+- [Windows Hello for Business](../../../identity-protection/hello-for-business/hello-identity-verification.md)
+- [Lock your Windows 10 PC automatically when you step away from it](https://support.microsoft.com/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from)
+
+You can also choose to hide the section from users of the device, if you don't want your employees to access or view user-configured options for these features.
+
+## Hide the Account protection section
+
+You can choose to hide the entire section by using Group Policy. When hidden, this section doesn't appear on the home page of **Windows Security**, and its icon isn't shown on the navigation bar on the side.
+
+You can only configure these settings by using Group Policy.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select  **Edit**.
+1. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Account protection**.
+1. Open the **Hide the Account protection area** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
similarity index 77%
rename from windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
index 817ff1949e..6ede491eeb 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-app-browser-control.md
@@ -1,21 +1,12 @@
 ---
-title: App & browser control in the Windows Security app
+title: App & browser control in Windows Security
 description: Use the App & browser control section to see and configure Windows Defender SmartScreen and Exploit protection settings.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-manager: aaroncz
-ms.technology: itpro-security
+ms.date: 08/11/2023
 ms.topic: article
 ---
 
 # App and browser control
 
-**Applies to**
-
-- Windows 10 and later
-
 The **App and browser control** section contains information and settings for Windows Defender SmartScreen. IT administrators and IT pros can get configuration guidance from the [Windows Defender SmartScreen documentation library](/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview).
 
 In Windows 10, version 1709 and later, the section also provides configuration options for Exploit protection. You can prevent users from modifying these specific options with Group Policy. IT administrators can get more information at [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection).
@@ -31,36 +22,28 @@ You can only prevent users from modifying Exploit protection settings by using G
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
-
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration**, select **Policies** and then **Administrative templates**.
 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
-
-4. Open the **Prevent users from modifying settings** setting and set it to **Enabled**. Click **OK**.
-
+4. Open the **Prevent users from modifying settings** setting and set it to **Enabled**. Select **OK**.
 5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
 
 ## Hide the App & browser control section
 
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
 
 This section can be hidden only by using Group Policy.
 
 > [!IMPORTANT]
 > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
 2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**.
-
 3. Expand the tree to **Windows components > Windows Security > App and browser protection**.
-
-4. Open the **Hide the App and browser protection area** setting and set it to **Enabled**. Click **OK**.
-
+4. Open the **Hide the App and browser protection area** setting and set it to **Enabled**. Select **OK**.
 5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
 
 > [!NOTE]
-> If you hide all sections then the app will show a restricted interface, as in the following screenshot:
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
 >
-> ![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
+> ![Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
similarity index 64%
rename from windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
index 1aed92dc61..70c71bc872 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-customize-contact-information.md
@@ -1,21 +1,13 @@
 ---
-title: Customize Windows Security contact information
+title: Customize Windows Security contact information in Windows Security
 description: Provide information to your employees on how to contact your IT department when a security issue occurs
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-ms.technology: itpro-security
+ms.date: 08/11/2023
 ms.topic: article
 ---
 
-# Customize the Windows Security app for your organization
+# Customize the Windows Security settings for your organization
 
-**Applies to**
-
-- Windows 10 and later
-
-You can add information about your organization in a contact card to the Windows Security app. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
+You can add information about your organization in a contact card in **Windows Security**. You can include a link to a support site, a phone number for a help desk, and an email address for email-based support.
 
 ![The Windows Security custom fly-out.](images/security-center-custom-flyout.png)
 
@@ -24,42 +16,45 @@ This information will also be shown in some enterprise-specific notifications (i
 Users can select the displayed information to initiate a support request:
 
 - Select **Call** or the phone number to open Skype to start a call to the displayed number.
-- Select  **Email** or the email address to create a new email in the machine's default email app address to the displayed email.
+- Select **Email** or the email address to create a new email in the machine's default email app addressed to the displayed email.
 - Select **Help portal** or the website URL to open the machine's default web browser and go to the displayed address.
 
 ## Requirements
 
-You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows don't include these Group Policy settings.
 
 ## Use Group Policy to enable and customize contact information
 
 There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information.
 
-1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
-
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+2. In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
 3. Expand the tree to **Windows components > Windows Security > Enterprise Customization**.
+4. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They'll both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
 
-4. Enable the contact card and the customized notifications by configuring two separate Group Policy settings. They will both use the same source of information (explained in Steps 5 and 6). You can enable both, or select one or the other:
-
-    1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**.
+    1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Select **OK**.
 
         > [!NOTE]
         > This can only be done in Group Policy.
 
-    2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Click **OK**.
-
-5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**.
+    2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Select **OK**.
 
+5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Select **OK**.
 6. To ensure the custom notifications or contact card appear, you must also configure at least one of the following settings. Open the setting, select **Enabled**, and then add the contact information in the field under **Options**:
+
     1. **Specify contact email address or Email ID**
     2. **Specify contact phone number or Skype ID**
     3. **Specify contact website**
 
+    > [!NOTE]
+    > If you enable **Configure customized notifications** and **Specify contact website** policies, the contact website must begin with `http:` or `https:` (for example, `https://contoso.com/help`) to allow the user to interact with the notification and navigate to the specified URL.
+
 7. Select **OK** after you configure each setting to save your changes.
 
-To enable the customized notifications and add the contact information in Intune, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy) and [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
+To enable the customized notifications and add the contact information in Intune, see these articles:
+
+- [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy).
+- [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings).
 
 > [!IMPORTANT]
 > You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized.
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
new file mode 100644
index 0000000000..b34941e7bb
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-performance-health.md
@@ -0,0 +1,35 @@
+---
+title: Device & performance health in Windows Security
+description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
+ms.date: 07/31/2023
+ms.topic: article
+---
+
+
+# Device performance and health
+
+The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they're seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
+
+The [Windows 10 IT pro troubleshooting article](/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](/windows/windows-10/) can also be helpful for resolving issues.
+
+This section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+
+## Hide the Device performance & health section
+
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
+
+This section can be hidden only by using Group Policy.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Device performance and health**.
+1. Open the **Hide the Device performance and health area** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
new file mode 100644
index 0000000000..0c75434023
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-device-security.md
@@ -0,0 +1,53 @@
+---
+title: Device security in Windows Security
+description: Use the Device security section to manage security built into your device, including Virtualization-based security.
+ms.date: 08/11/2023
+ms.topic: article
+---
+
+# Device security
+
+The **Device security** section contains information and settings for built-in device security.
+
+You can choose to hide the section from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+
+## Hide the Device security section
+
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side. You can hide the device security section by using Group Policy only.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
+3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
+4. Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
+5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
+
+## Disable the Clear TPM button
+
+If you don't want users to be able to select the **Clear TPM** button in **Windows Security**, you can disable it.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
+3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
+4. Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
+5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+
+## Hide the TPM Firmware Update recommendation
+
+If you don't want users to see the recommendation to update TPM firmware, you can disable it.
+
+1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+2. In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
+3. Expand the tree to **Windows components** > **Windows Security** > **Device security**.
+4. Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
+5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
new file mode 100644
index 0000000000..7ba7b42e75
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-family-options.md
@@ -0,0 +1,35 @@
+---
+title: Family options in Windows Security
+description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
+ms.date: 08/11/2023
+ms.topic: article
+---
+
+
+# Family options
+
+The **Family options** section contains links to settings and further information for parents of a Windows PC. It isn't intended for enterprise or business environments.
+
+Home users can learn more at the [Help protection your family online in Windows Security article at support.microsoft.com](https://support.microsoft.com/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
+
+This section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to this section.
+
+## Hide the Family options section
+
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
+
+This section can be hidden only by using Group Policy.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Family options**.
+1. Open the **Hide the Family options area** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
new file mode 100644
index 0000000000..713b98447c
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-firewall-network-protection.md
@@ -0,0 +1,32 @@
+---
+title: Firewall and network protection in Windows Security
+description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
+ms.date: 08/11/2023
+ms.topic: article
+---
+
+# Firewall and network protection
+
+The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other third-party firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../../network-security/windows-firewall/windows-firewall-with-advanced-security.md).
+
+This section can be hidden from users of the machine. This information is useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
+
+## Hide the Firewall & network protection section
+
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
+
+This section can be hidden only by using Group Policy.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Firewall and network protection**.
+1. Open the **Hide the Firewall and network protection area** setting and set it to **Enabled**. Select **OK**.
+1. Deploy the updated GPO as you normally do.
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
similarity index 73%
rename from windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
rename to windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
index 8ca7f8d1c1..6e0c20b83c 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-hide-notifications.md
@@ -1,21 +1,13 @@
 ---
-title: Hide notifications from the Windows Security app
-description: Prevent Windows Security app notifications from appearing on user endpoints
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-ms.technology: itpro-security
+title: Hide notifications from Windows Security
+description: Prevent Windows Security notifications from appearing on user endpoints
+ms.date: 07/31/2023
 ms.topic: article
 ---
 
-# Hide Windows Security app notifications
+# Hide Windows Security notifications
 
-**Applies to**
-
-- Windows 10 and later
-
-The Windows Security app is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
+**Windows Security** is used by many Windows security features to provide notifications about the health and security of the machine. These include notifications about firewalls, antivirus products, Windows Defender SmartScreen, and others.
 
 In some cases, it may not be appropriate to show these notifications, for example, if you want to hide regular status updates, or if you want to hide all notifications to the employees in your organization.
 
@@ -24,65 +16,59 @@ There are two levels to hiding notifications:
 1. Hide non-critical notifications, such as regular updates about the number of scans Microsoft Defender Antivirus ran in the past week
 2. Hide all notifications
 
-If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting will have no effect.
+If you set **Hide all notifications** to **Enabled**, changing the **Hide non-critical notifications** setting has no effect.
 
 You can only use Group Policy to change these settings.
 
-
-
 ## Use Group Policy to hide non-critical notifications
 
 You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Windows Update for Business reports or Microsoft Configuration Manager reporting).
 
 These notifications can be hidden only by using Group Policy.
 
->[!IMPORTANT]
->
-> Requirement: You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
+> [!IMPORTANT]
+> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
 1. Download the latest [Administrative Templates (.admx) for Windows 10, v2004](https://www.microsoft.com/download/101445).
-
-2.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**
-
-6.  Open the **Hide non-critical notifications** setting and set it to **Enabled**. Click **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**
+1. Open the **Hide non-critical notifications** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
 
 ## Use Group Policy to hide all notifications
 
-You can hide all notifications that are sourced from the Windows Security app. This option may be useful if you don't want users of the machines from inadvertently modifying settings, running antivirus scans, or otherwise performing security-related actions without your input.
+You can hide all notifications that are sourced from **Windows Security**. This option may be useful if you don't want users of the machines from inadvertently modifying settings, running antivirus scans, or otherwise performing security-related actions without your input.
 
 These notifications can be hidden only by using Group Policy.
 
->[!IMPORTANT]
->
-> Requirement: You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
+> [!IMPORTANT]
+> You must have Windows 10, version 1903 or higher. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
 
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Notifications**. For Windows 10 version 1803 and below, the path would be **Windows components > Windows Defender Security Center > Notifications**.
 
     > [!NOTE]
     > For Windows 10 version 2004 and above the path would be **Windows components > Windows Security > Notifications**.
 
-6.  Open the **Hide all notifications** setting and set it to **Enabled**. Click **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
+1. Open the **Hide all notifications** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
 
 > [!NOTE]
 > You can use the following registry key and DWORD value to **Hide all notifications**.
-> **[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]**
-    **"DisableNotifications"=dword:00000001**
+>
+> ```text
+> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]
+>   "DisableNotifications"=dword:00000001
+> ```
+>
 > You can use the following registry key and DWORD value to **Hide not-critical notifications**.
->**[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]**
-     **"DisableEnhancedNotifications"=dword:00000001**
+>
+> ```text
+> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]
+>   "DisableEnhancedNotifications"=dword:00000001
+> ```
 
 ## Notifications
 
@@ -95,12 +81,12 @@ These notifications can be hidden only by using Group Policy.
 | HVCI, driver compat check fails (upon trying to enable) | There may be an incompatibility on your device. | HVCI_ENABLE_FAILURE | Yes |Firewall and network protection notification|
 | HVCI, reboot needed to enable | The recent change to your protection settings requires a restart of your device. | HVCI_ENABLE_SUCCESS | Yes |Firewall and network protection notification|
 | Item skipped in scan, due to exclusion setting, or network scanning disabled by admin | The Microsoft Defender Antivirus scan skipped an item due to exclusion or network scanning settings. | ITEM_SKIPPED | Yes |Virus & threat protection notification|
-| Remediation failure | Microsoft Defender Antivirus couldn’t completely resolve potential threats. | CLEAN_FAILED | Yes |Virus & threat protection notification|
+| Remediation failure | Microsoft Defender Antivirus couldn't completely resolve potential threats. | CLEAN_FAILED | Yes |Virus & threat protection notification|
 | Follow-up action (restart & scan) | Microsoft Defender Antivirus found _threat_ in _file name_. Restart and scan your device. Restart and scan | MANUALSTEPS_REQUIRED | Yes |Virus & threat protection notification|
 | Follow-up action (restart) | Microsoft Defender Antivirus found _threat_ in _file_. Restart your device. | WDAV_REBOOT | Yes |Virus & threat protection notification|
 | Follow-up action (Full scan) | Microsoft Defender Antivirus found _threat_ in _file_. Run a full scan of your device. | FULLSCAN_REQUIRED | Yes |Virus & threat protection notification|
 | Sample submission prompt | Review files that Windows Defender will send to Microsoft. Sending this information can improve how Microsoft Defender Antivirus helps protect your device. | SAMPLE_SUBMISSION_REQUIRED | Yes |Virus & threat protection notification|
-| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won’t be supported, and your device might be at risk. | SUPPORT_ENDING | Yes |Virus & threat protection notification|
+| OS support ending warning | Support for your version of Windows is ending. When this support ends, Microsoft Defender Antivirus won't be supported, and your device might be at risk. | SUPPORT_ENDING | Yes |Virus & threat protection notification|
 | OS support ended, device at risk | Support for your version of Windows has ended. Microsoft Defender Antivirus is no longer supported, and your device might be at risk. | SUPPORT_ENDED _and_ SUPPORT_ENDED_NO_DEFENDER | Yes |Virus & threat protection notification|
 | Summary notification, items found | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. Your device was scanned _n_ times. | RECAP_FOUND_THREATS_SCANNED | No |Virus & threat protection notification|
 | Summary notification, items found, no scan count | Microsoft Defender Antivirus successfully took action on _n_ threats since your last summary. | RECAP_FOUND_THREATS | No |Virus & threat protection notification|
@@ -109,7 +95,7 @@ These notifications can be hidden only by using Group Policy.
 | Scan finished, manual, threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_, and took action against threats. | RECENT_SCAN_FOUND_THREATS | No |Virus & threat protection notification|
 | Scan finished, manual, **no** threats found | Microsoft Defender Antivirus scanned your device at _timestamp_ on _date_.  No threats were found. | RECENT_SCAN_NO_THREATS | No |Virus & threat protection notification|
 | Threat found | Microsoft Defender Antivirus found threats. Get details. | CRITICAL | No |Virus & threat protection notification|
-| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device.  You’re also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
+| LPS on notification | Microsoft Defender Antivirus is periodically scanning your device.  You're also using another antivirus program for active protection. | PERIODIC_SCANNING_ON | No |Virus & threat protection notification|
 | Long running BaFS | Your IT administrator  requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS | No |Firewall and network protection notification|
 | Long running BaFS customized | _Company_ requires a security scan of this item.  The scan could take up to _n_ seconds. | BAFS_DETECTED_CUSTOM (body) | No |Firewall and network protection notification|
 | Sense detection | This application was removed because it was blocked by your IT security settings | WDAV_SENSE_DETECTED | No |Firewall and network protection notification|
@@ -131,4 +117,4 @@ These notifications can be hidden only by using Group Policy.
 | Dynamic lock on, bluetooth on, but device unpaired |  |  | No |Account protection notification|
 | Dynamic lock on, bluetooth on, but unable to detect device |  |  | No |Account protection notification|
 | NoPa or federated no hello |  |  | No |Account protection notification|
-| NoPa or federated hello broken |  |  | No |Account protection notification|
\ No newline at end of file
+| NoPa or federated hello broken |  |  | No |Account protection notification|
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
new file mode 100644
index 0000000000..cc0979c845
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/wdsc-virus-threat-protection.md
@@ -0,0 +1,58 @@
+---
+title: Virus and threat protection in Windows Security
+description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
+ms.date: 08/11/2023
+ms.topic: article
+---
+
+# Virus and threat protection
+
+The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
+
+In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
+
+IT administrators and IT pros can get more configuration information from these articles:
+
+- [Microsoft Defender Antivirus in Windows Security](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus)
+- [Microsoft Defender Antivirus documentation library](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10)
+- [Protect important folders with Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)
+- [Defend yourself from cybercrime with new Office 365 capabilities](https://blogs.office.com/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/)
+- [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365)
+- [Ransomware detection and recovering your files](https://support.office.com/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
+
+You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for these features.
+
+## Hide the Virus & threat protection section
+
+You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of **Windows Security**, and its icon won't be shown on the navigation bar on the side.
+
+This section can be hidden only by using Group Policy.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
+1. Open the **Hide the Virus and threat protection area** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Screenshot of the Windows Security with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
+
+## Hide the Ransomware protection area
+
+You can choose to hide the **Ransomware protection** area by using Group Policy. The area won't appear on the **Virus & threat protection** section of **Windows Security**.
+
+This area can be hidden only by using Group Policy.
+
+> [!IMPORTANT]
+> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings.
+
+1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select **Edit**.
+1. In **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.
+1. Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
+1. Open the **Hide the Ransomware data recovery area** setting and set it to **Enabled**. Select **OK**.
+1. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
diff --git a/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
new file mode 100644
index 0000000000..1970d566b4
--- /dev/null
+++ b/windows/security/operating-system-security/system-security/windows-defender-security-center/windows-defender-security-center.md
@@ -0,0 +1,94 @@
+---
+title: Windows Security
+description: Windows Security brings together common Windows security features into one place.
+ms.date: 08/11/2023
+ms.topic: article
+ms.collection:
+  - highpri
+  - tier2
+---
+
+# Windows Security
+
+This library describes **Windows Security** settings, and provides information on configuring certain features, including:
+
+- [Showing and customizing contact information](wdsc-customize-contact-information.md)
+- [Hiding notifications](wdsc-hide-notifications.md)
+
+In Windows 10, version 1709 and later, the settings also show information from third-party antivirus and firewall apps.
+
+In Windows 10, version 1803, the settings have two new areas: **Account protection** and **Device security**.
+
+![Screenshot of the Windows Security showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
+
+> [!NOTE]
+> **Windows Security** is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
+
+You can't uninstall **Windows Security**, but you can do one of the following actions:
+
+- Disable the interface on Windows Server 2016.
+- Hide all of the sections on client computers.
+- Disable Microsoft Defender Antivirus, if needed. For more information, see [Enable and configure Microsoft Defender Antivirus always-on protection in group policy](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus).
+
+For more information about each section, options for configuring the sections, and how to hide each of them, see the following articles:
+
+- [Virus & threat protection](wdsc-virus-threat-protection.md), which has information and access to antivirus ransomware protection settings and notifications, including Controlled folder access, and sign-in to Microsoft OneDrive.
+- [Account protection](wdsc-account-protection.md), which has information and access to sign-in and account protection settings.
+- [Firewall & network protection](wdsc-firewall-network-protection.md), which has information and access to firewall settings, including Windows Defender Firewall.
+- [App & browser control](wdsc-app-browser-control.md), covering Windows Defender SmartScreen settings and Exploit protection mitigations.
+- [Device security](wdsc-device-security.md), which provides access to built-in device security settings.
+- [Device performance & health](wdsc-device-performance-health.md), which has information about drivers, storage space, and general Windows Update issues.
+- [Family options](wdsc-family-options.md), which include access to parental controls along with tips and information for keeping kids safe online.
+
+> [!NOTE]
+> If you hide all sections then **Windows Security** will show a restricted interface, as in the following screenshot:
+>
+> ![Windows Security with all sections hidden by group policy.](images/wdsc-all-hide.png)
+
+## Open Windows Security
+
+- Select the icon in the notification area on the taskbar.
+
+    ![Screenshot of the icon for the Windows Security on the Windows task bar.](images/security-center-taskbar.png)
+
+- Search the Start menu for **Windows Security**.
+
+    ![Screenshot of the Start menu showing the results of a search for the Windows Security, the first option with a large shield symbol is selected.](images/security-center-start-menu.png)
+
+- Open an area from Windows **Settings**.
+
+    ![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
+
+> [!NOTE]
+> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, will generally take precedence over the settings in the Windows Security.
+
+## How Windows Security works with Windows security features
+
+> [!IMPORTANT]
+> **Microsoft Defender Antivirus** and **Windows Security** use similarly named services for specific purposes.
+>
+> The **Windows Security** uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service (*wscsvc*). This service makes sure that **Windows Security** provides the most up-to-date information about the protection status on the endpoint. This information includes protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
+>
+> These services don't affect the state of Microsoft Defender Antivirus. Disabling or modifying these services won't disable Microsoft Defender Antivirus. It will lead to a lowered protection state on the endpoint, even if you're using a third-party antivirus product.
+>
+> Microsoft Defender Antivirus will be [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
+>
+> Disabling the Windows Security Center Service won't disable Microsoft Defender Antivirus or [Windows Defender Firewall](../../network-security/windows-firewall/windows-firewall-with-advanced-security.md).
+
+> [!WARNING]
+> If you disable the Windows Security Center Service, or configure its associated group policy settings to prevent it from starting or running, **Windows Security** may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
+>
+> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
+>
+> This will significantly lower the protection of your device and could lead to malware infection.
+
+**Windows Security** operates as a separate app or process from each of the individual features, and displays notifications through the Action Center.
+
+It acts as a collector or single place to see the status and perform some configuration for each of the features.
+
+If you disable any of the individual features, it prevents that feature from reporting its status in **Windows Security**. For example, if you disable a feature through group policy or other management tools, such as Microsoft Configuration Manager, **Windows Security** itself still runs and shows status for the other security features.
+
+> [!IMPORTANT]
+> If you individually disable any of the services, it won't disable the other services or **Windows Security** itself.
+
+For example, [using a third-party antivirus disables Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, **Windows Security** still runs, shows its icon in the taskbar, and displays information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.
diff --git a/windows/security/operating-system-security/toc.yml b/windows/security/operating-system-security/toc.yml
index a0ee50c4bb..1e8df2650f 100644
--- a/windows/security/operating-system-security/toc.yml
+++ b/windows/security/operating-system-security/toc.yml
@@ -1,13 +1,13 @@
 items:
 - name: Overview
-  href: ../operating-system.md
+  href: index.md
 - name: System security
   href: system-security/toc.yml
-- name: Virus and threat protection
-  href: virus-and-threat-protection/toc.yml
-- name: Network security
-  href: network-security/toc.yml
-- name: Data protection
+- name: Encryption and data protection
   href: data-protection/toc.yml
 - name: Device management
-  href: device-management/toc.yml
\ No newline at end of file
+  href: device-management/toc.yml
+- name: Network security
+  href: network-security/toc.yml
+- name: Virus and threat protection
+  href: virus-and-threat-protection/toc.yml
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
similarity index 96%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
index 3c1ed6dcea..5968d29a6c 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/available-settings.md
@@ -1,18 +1,8 @@
 ---
 title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/28/2020
-ms.reviewer:
-manager: aaroncz
-ms.author: vinpa
-ms.technology: itpro-security
+ms.date: 08/11/2023
 ms.topic: reference
-appliesto:
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
-- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 
@@ -39,7 +29,7 @@ Setting|Supported on|Description|
 
 If you manage your policies using Microsoft Intune, use these MDM policy settings. All settings support desktop computers running Windows 10/11 Pro or Windows 10/11 Enterprise, enrolled with Microsoft Intune.
 
-For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](/windows/client-management/mdm/policy-csp-browser).
+For Microsoft Defender SmartScreen Microsoft Edge MDM policies, see [Policy CSP - Browser](/windows/client-management/mdm/policy-csp-browser).
 
 |Setting|Supported versions|Details|
 |--- |--- |--- |
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
similarity index 94%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
index aebf090b15..a16db47b99 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection.md
@@ -1,18 +1,10 @@
 ---
 title: Enhanced Phishing Protection in Microsoft Defender SmartScreen
 description: Learn how Enhanced Phishing Protection for Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps.
-ms.prod: windows-client
-ms.technology: itpro-security
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.reviewer: paoloma
-manager: aaroncz
-ms.localizationpriority: medium
-ms.date: 10/07/2022
-adobe-target: true
+ms.date: 08/11/2023
+ms.topic: conceptual
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2</a>
-ms.topic: conceptual
 ---
 
 # Enhanced Phishing Protection in Microsoft Defender SmartScreen
@@ -21,8 +13,8 @@ Starting in Windows 11, version 22H2, Enhanced Phishing Protection in Microsoft
 
 If a user signs into Windows using a password, Enhanced Phishing Protection works alongside Windows security protections, and helps protect typed work or school password used to sign into Windows 11 in these ways:
 
-- If users type their work or school password on any Chromium browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection alerts them. It also prompts them to change their password so attackers can't gain access to their account.
-- Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and prompt them to change their password.
+- If users type their work or school password on any Chromium browser, into a site deemed malicious by Microsoft Defender SmartScreen, Enhanced Phishing Protection alerts them. It also alerts them to change their password so attackers can't gain access to their account.
+- Reusing work or school passwords makes it easy for attackers who compromise a user's password to gain access to their other accounts. Enhanced Phishing Protection can warn users if they reuse their work or school Microsoft account password on sites and apps and alert them to change their password.
 - Since it's unsafe to store plaintext passwords in text editors, Enhanced Phishing Protection can warn users if they store their work or school password in Notepad, Word, or any Microsoft 365 Office app, and recommends they delete their password from the file.
 
 > [!NOTE]
@@ -40,7 +32,7 @@ Enhanced Phishing Protection provides robust phishing protections for work or sc
 
 - **Easy management through Group Policy and Microsoft Intune:** Enhanced Phishing Protection works with Group Policy and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Enhanced Phishing Protection, you can customize which phishing protection scenarios show users warning dialogs. For example, the Service Enabled setting determines whether the Enhanced Phishing Protection service is on or off. The feature is in audit mode if the other settings, which correspond to notification policies, aren't enabled.
 
-[!INCLUDE [enhanced-phishing-protection-with-smartscreen](../../../../includes/licensing/enhanced-phishing-protection-with-smartscreen.md)]
+[!INCLUDE [enhanced-phishing-protection-with-smartscreen](../../../../../includes/licensing/enhanced-phishing-protection-with-smartscreen.md)]
 
 ## Configure Enhanced Phishing Protection for your organization
 
@@ -54,7 +46,7 @@ To configure devices using Microsoft Intune, create a [**Settings catalog** poli
 |---------|---------|
 |Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.<li> If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.</li><li> If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.</li>|
 |Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate<li> If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they type their work or school password into one of the malicious scenarios described above.|
-|Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.<li> If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they reuse their work or school password.|
+|Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.<li> If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work, or school password and encourages them to change it.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they reuse their work or school password.|
 |Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.<li> If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they store their password in Notepad or Microsoft 365 Office Apps.|
 
 Assign the policy to a security group that contains as members the devices or users that you want to configure.
@@ -67,13 +59,13 @@ Enhanced Phishing Protection can be configured using the following Administrativ
 |---------|---------|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Service Enabled |This policy setting determines whether Enhanced Phishing Protection is in audit mode or off. Users don't see any notifications for any protection scenarios when Enhanced Phishing Protection is in audit mode. In audit mode, Enhanced Phishing Protection captures unsafe password entry events and sends diagnostic data through Microsoft Defender.<li> If you enable or don't configure this setting, Enhanced Phishing Protection is enabled in audit mode, preventing users to turn it off.</li><li> If you disable this policy setting, Enhanced Phishing Protection is off. When off, Enhanced Phishing Protection doesn't capture events, send data, or notify users. Additionally, your users are unable to turn it on.</li>|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Malicious|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site, into a sign-in URL with an invalid certificate, or into an application connecting to either a reported phishing site or a sign-in URL with an invalid certificate<li> If you enable this policy setting, Enhanced Phishing Protection warns your users if they type their work or school password into one of the malicious scenarios described above and encourages them to change their password.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they type their work or school password into one of the malicious scenarios described above.|
-|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.<li> If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work or school password and encourages them to change it.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they reuse their work or school password.|
+|Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Password Reuse |This policy setting determines whether Enhanced Phishing Protection warns your users if they reuse their work or school password.<li> If you enable this policy setting, Enhanced Phishing Protection warns users if they reuse their work, or school password and encourages them to change it.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they reuse their work or school password.|
 |Administrative Templates\Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection\Notify Unsafe App|This policy setting determines whether Enhanced Phishing Protection warns your users if they type their work or school passwords in Notepad or Microsoft 365 Office Apps.<li> If you enable this policy setting, Enhanced Phishing Protection warns your users if they store their password in Notepad or Microsoft 365 Office Apps.</li><li> If you disable or don't configure this policy setting, Enhanced Phishing Protection doesn't warn users if they store their password in Notepad or Microsoft 365 Office Apps.|
 
 #### [:::image type="icon" source="images/icons/windows-os.svg"::: **CSP**](#tab/csp)
 
 Enhanced Phishing Protection can be configured using the [WebThreatDefense CSP][WIN-1].
-  
+
 | Setting                 | OMA-URI                                                                   | Data type |
 |-------------------------|---------------------------------------------------------------------------|-----------|
 | **ServiceEnabled**      | `./Device/Vendor/MSFT/Policy/Config/WebThreatDefense/ServiceEnabled`      | Integer   |
@@ -90,7 +82,7 @@ By default, Enhanced Phishing Protection is deployed in audit mode, preventing n
 To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen settings.
 
 #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
-  
+
 |Settings catalog element|Recommendation|
 |---------|---------|
 |Service Enabled|**Enable**: Turns on Enhanced Phishing Protection in audit mode, which captures work or school password entry events and sends diagnostic data but doesn't show any notifications to your users.|
@@ -122,7 +114,7 @@ To better help you protect your organization, we recommend turning on and using
 
 - [SmartScreen Frequently Asked Questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
 - [WebThreatDefense CSP][WIN-1]
-- [Threat protection](../index.md)
+- [Threat protection](index.md)
 
 <!-- Links -->
 
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
new file mode 100644
index 0000000000..ace95add6b
--- /dev/null
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/group-policy.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 2048 2048">
+  <path d="M1792 0q53 0 99 20t82 55 55 81 20 100q0 53-20 99t-55 82-81 55-100 20h-128v1280q0 53-20 99t-55 82-81 55-100 20H256q-53 0-99-20t-82-55-55-81-20-100q0-53 20-99t55-82 81-55 100-20V256q0-53 20-99t55-82 81-55T512 0h1280zM128 1792q0 27 10 50t27 40 41 28 50 10h930q-34-60-34-128t34-128H256q-27 0-50 10t-40 27-28 41-10 50zm1280 128q27 0 50-10t40-27 28-41 10-50V256q0-68 34-128H512q-27 0-50 10t-40 27-28 41-10 50v1280h1024q26 0 45 19t19 45q0 26-19 45t-45 19q-25 0-49 9t-42 28q-18 18-27 42t-10 49q0 27 10 50t27 40 41 28 50 10zm384-1536q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10q-27 0-50 10t-40 27-28 41-10 50v128h128zm-1280 0h896v128H512V384zm0 256h256v128H512V640zm0 256h256v128H512V896zm0 256h256v128H512v-128zm640-512q53 0 99 20t82 55 55 81 20 100q0 17-4 33t-4 31v539l-248-124-248 124V960q0-14-4-30t-4-34q0-53 20-99t55-82 81-55 100-20zm0 128q-27 0-50 10t-40 27-28 41-10 50q0 27 10 50t27 40 41 28 50 10q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10zm136 549v-204q-30 20-65 29t-71 10q-36 0-71-9t-65-30v204l136-68 136 68z" fill="#0078D4" />
+</svg>
\ No newline at end of file
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
new file mode 100644
index 0000000000..6e0d938aed
--- /dev/null
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/intune.svg
@@ -0,0 +1,24 @@
+<svg id="a9ed4d43-c916-4b9a-b9ca-be76fbdc694c" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
+  <defs>
+    <linearGradient id="aaede26b-698f-4a65-b6db-859d207e2da6" x1="8.05" y1="11.32" x2="8.05" y2="1.26" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#0078d4" />
+      <stop offset="0.82" stop-color="#5ea0ef" />
+    </linearGradient>
+    <linearGradient id="bc54987f-34ba-4701-8ce4-6eca10aff9e9" x1="8.05" y1="15.21" x2="8.05" y2="11.32" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#1490df" />
+      <stop offset="0.98" stop-color="#1f56a3" />
+    </linearGradient>
+    <linearGradient id="a5434fd8-c18c-472c-be91-f2aa070858b7" x1="8.05" y1="7.87" x2="8.05" y2="4.94" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#d2ebff" />
+      <stop offset="1" stop-color="#f0fffd" />
+    </linearGradient>
+  </defs>
+  <title>Icon-intune-329</title>
+  <rect x="0.5" y="1.26" width="15.1" height="10.06" rx="0.5" fill="url(#aaede26b-698f-4a65-b6db-859d207e2da6)" />
+  <rect x="1.34" y="2.1" width="13.42" height="8.39" rx="0.28" fill="#fff" />
+  <path d="M11.08,14.37c-1.5-.23-1.56-1.31-1.55-3h-3c0,1.74-.06,2.82-1.55,3a.87.87,0,0,0-.74.84h7.54A.88.88,0,0,0,11.08,14.37Z" fill="url(#bc54987f-34ba-4701-8ce4-6eca10aff9e9)" />
+  <path d="M17.17,5.91H10.29a2.31,2.31,0,1,0,0,.92H11v9.58a.33.33,0,0,0,.33.33h5.83a.33.33,0,0,0,.33-.33V6.24A.33.33,0,0,0,17.17,5.91Z" fill="#32bedd" />
+  <rect x="11.62" y="6.82" width="5.27" height="8.7" rx="0.12" fill="#fff" />
+  <circle cx="8.05" cy="6.41" r="1.46" opacity="0.9" fill="url(#a5434fd8-c18c-472c-be91-f2aa070858b7)" />
+  <path d="M14.88,10.82,13.76,9.7a.06.06,0,0,0-.1.05v.68a.06.06,0,0,1-.06.06H11v.83H13.6a.06.06,0,0,1,.06.06v.69a.06.06,0,0,0,.1,0L14.88,11A.12.12,0,0,0,14.88,10.82Z" fill="#0078d4" />
+</svg>
\ No newline at end of file
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
new file mode 100644
index 0000000000..da64baf975
--- /dev/null
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/images/icons/windows-os.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048" width="18" height="18" >
+  <path d="M0 0h961v961H0V0zm1087 0h961v961h-961V0zM0 1087h961v961H0v-961zm1087 0h961v961h-961v-961z" fill="#0078D4" />
+</svg>
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
similarity index 88%
rename from windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
rename to windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
index b58a2be3ac..9b52d9fb84 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/index.md
@@ -1,19 +1,12 @@
 ---
 title: Microsoft Defender SmartScreen overview
 description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
+ms.date: 08/11/2023
+ms.topic: article
 ms.localizationpriority: high
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-security
-adobe-target: true
 ms.collection:
   - tier2
   - highpri
-ms.date: 03/20/2023
-ms.topic: article
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@@ -42,17 +35,17 @@ Microsoft Defender SmartScreen provide an early warning system against websites
 - **Reputation-based URL and app protection:** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users don't see any warnings. If there's no reputation, the item is marked as a higher risk and presents a warning to the user.
 - **Operating system integration:** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system. It checks any files an app (including 3rd-party browsers and email clients) that attempts to download and run.
 - **Improved heuristics and diagnostic data:** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up to date, so it can help to protect you against potentially malicious sites and files.
-- **Management through group policy and Microsoft Intune:** Microsoft Defender SmartScreen supports using both group policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen group policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md).
+- **Management through group policy and Microsoft Intune:** Microsoft Defender SmartScreen supports using both group policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen group policy and mobile device management (MDM) settings](available-settings.md).
 - **Blocking URLs associated with potentially unwanted applications:** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
 
 > [!IMPORTANT]
 > SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
 
-[!INCLUDE [microsoft-defender-smartscreen](../../../../includes/licensing/microsoft-defender-smartscreen.md)]
+[!INCLUDE [microsoft-defender-smartscreen](../../../../../includes/licensing/microsoft-defender-smartscreen.md)]
 
 ## Submit files to Microsoft Defender SmartScreen for review
 
-If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more information, see [Submit files for analysis](/microsoft-365/security/intelligence/submission-guide).
+If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more information, see [Submit files for analysis](/microsoft-365/security/intelligence/submission-guide).
 
 When submitting a file for Microsoft Defender SmartScreen, make sure to select **Microsoft Defender SmartScreen** from the product menu.
 
@@ -61,5 +54,4 @@ When submitting a file for Microsoft Defender SmartScreen, make sure to select *
 ## Related articles
 
 - [SmartScreen frequently asked questions](https://fb.smartscreen.microsoft.com/smartscreenfaq.aspx)
-- [Available Microsoft Defender SmartScreen group policy and mobile device management (MDM) settings](microsoft-defender-smartscreen-available-settings.md)
 - [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference)
diff --git a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
index a8c5cdf1e5..a1539064f6 100644
--- a/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
+++ b/windows/security/operating-system-security/virus-and-threat-protection/toc.yml
@@ -1,21 +1,22 @@
 items:
-- name: Overview
-  href: ../../threat-protection/index.md
-- name: Microsoft Defender Antivirus
-  href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-- name: Configuring LSA Protection
-  href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
-- name: Attack surface reduction (ASR)
-  href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
-- name: Tamper protection for MDE
-  href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-- name: Microsoft Vulnerable Driver Blocklist
-  href: ../../threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
-- name: Controlled folder access
-  href: /microsoft-365/security/defender-endpoint/controlled-folders
-- name: Exploit protection
-  href: /microsoft-365/security/defender-endpoint/exploit-protection
-- name: Microsoft Defender SmartScreen
-  href: ../../threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-- name: Microsoft Defender for Endpoint
-  href: /microsoft-365/security/defender-endpoint
\ No newline at end of file
+  - name: Microsoft Defender Antivirus 🔗
+    href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
+    preserveContext: true
+  - name: Attack surface reduction (ASR) 🔗
+    href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
+  - name: Tamper protection for MDE 🔗
+    href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
+  - name: Controlled folder access 🔗
+    href: /microsoft-365/security/defender-endpoint/controlled-folders
+  - name: Exploit protection 🔗
+    href: /microsoft-365/security/defender-endpoint/exploit-protection
+  - name: Microsoft Defender SmartScreen
+    items:
+      - name: Overview
+        href: microsoft-defender-smartscreen/index.md
+      - name: Available settings
+        href: microsoft-defender-smartscreen/available-settings.md
+      - name: Enhanced Phishing Protection
+        href: microsoft-defender-smartscreen/enhanced-phishing-protection.md
+  - name: Microsoft Defender for Endpoint 🔗
+    href: /microsoft-365/security/defender-endpoint
diff --git a/windows/security/operating-system.md b/windows/security/operating-system.md
deleted file mode 100644
index 5a71a44832..0000000000
--- a/windows/security/operating-system.md
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Windows operating system security
-description: Securing the operating system includes system security, encryption, network security, and threat protection.
-ms.reviewer: 
-ms.topic: article
-manager: aaroncz
-ms.author: paoloma
-author: paolomatarazzo
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 09/21/2021
----
-
-# Windows operating system security
-
-Security and privacy depend on an operating system that guards your system and information from the moment it starts up, providing fundamental chip-to-cloud protection. Windows 11 is the most secure Windows yet with extensive security measures designed to help keep you safe. These measures include built-in advanced encryption and data protection, robust network and system security, and intelligent safeguards against ever-evolving threats.
-
-Watch the latest [Microsoft Mechanics Windows 11 security](https://youtu.be/tg9QUrnVFho) video that shows off some of the latest Windows 11 security technology.
-
-Use the links in the following table to learn more about the operating system security features and capabilities in Windows 11.<br/><br/>
-
-| Security Measures | Features & Capabilities |
-|:---|:---|
-| Secure Boot and Trusted Boot | Secure Boot and Trusted Boot help prevent malware and corrupted components from loading when a Windows device is starting. Secure Boot starts with initial boot-up protection, and then Trusted Boot picks up the process. Together, Secure Boot and Trusted Boot help to ensure your Windows system boots up safely and securely.<br><br/> Learn more [Secure Boot and Trusted Boot](trusted-boot.md). |
-Cryptography and certificate management|Cryptography uses code to convert data so that only a specific recipient can read it by using a key. Cryptography enforces privacy to prevent anyone except the intended recipient from reading data, integrity to ensure data is free of tampering, and authentication that verifies identity to ensure that communication is secure. <br><br/> Learn more about [Cryptography and certificate management](cryptography-certificate-mgmt.md). <br/><br/>|
-Windows Security app | The Windows built-in security application found in settings provides an at-a-glance view of the security status and health of your device. These insights help you identify issues and take action to make sure you’re protected. You can quickly see the status of your virus and threat protection, firewall and network security, device security controls, and more. <br><br/> Learn more about the [Windows Security app](threat-protection/windows-defender-security-center/windows-defender-security-center.md).|
-| Encryption and data protection | Wherever confidential data is stored, it must be protected against unauthorized access, whether through physical device theft or from malicious applications. Windows provides strong at-rest data-protection solutions that guard against nefarious attackers. <br/><br/> Learn more about [Encryption](encryption-data-protection.md). 
-| BitLocker | BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. <br/> <br/> Learn more about [BitLocker](information-protection/bitlocker/bitlocker-overview.md). |
-| Encrypted Hard Drive | Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. <br> By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity. <br/><br/> Learn more about [Encrypted Hard Drives](information-protection/encrypted-hard-drive.md). <br><br/> |
-| Security baselines | A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact. These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers. <br/><br/>Security baselines are included in the [Security Compliance Toolkit](threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md) that you can download from the Microsoft Download Center.<br/><br/>Learn more about [security baselines](threat-protection/windows-security-configuration-framework/windows-security-baselines.md). |
-| Virtual Private Network | Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. <br><br/>Learn more about [Virtual Private Networks](identity-protection/vpn/vpn-guide.md).<br/><br/>|
-| Windows Defender Firewall | Windows Defender Firewall is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Defender Firewall also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. <br><br/> Learn more about [Windows Defender Firewall with advanced security](threat-protection/windows-firewall/windows-firewall-with-advanced-security.md).<br/><br/>
-| Antivirus & antimalware protection | Microsoft Defender Antivirus is included in all versions of Windows 10, Windows Server 2016 and later, and Windows 11. If you have another antivirus app installed and turned on, Microsoft Defender Antivirus will turn off automatically. If you uninstall the other app, Microsoft Defender Antivirus will turn back on. <br/><br/>From the moment you boot Windows, Microsoft Defender Antivirus continually monitors for malware, viruses, and security threats. Updates are downloaded automatically to help protect your device from threats.  Microsoft Defender Antivirus continually scans for malware and threats, and also detects and blocks [potentially unwanted applications](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus) (applications that can negatively impact your device even though they are not considered malware).<br/><br/>Microsoft Defender Antivirus integrates with [cloud-delivered protection](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus), which helps ensure near-instant detection and blocking of new and emerging threats.<br/><br/>Learn more about [next-generation protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows).| 
-| Attack surface reduction rules | Your attack surfaces are the places and ways you are vulnerable to a cyber attack. Attack surface reduction rules are built into Windows and Windows Server to prevent and block certain behaviors that are often abused to compromise your device or network. Such behaviors can include launching scripts or executables that attempt to download or run other files, running suspicious scripts, or performing other behaviors that apps don't typically initiate during normal work. You can configure your attack surface reduction rules to protect against these risky behaviors.<br/><br/> Learn more about [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) |
-| Anti-tampering protection | During cyber attacks (like ransomware attempts), bad actors attempt to disable security features, such as antivirus protection on targeted devices. Bad actors like to disable security features to get easier access to user’s data, to install malware, or to otherwise exploit user’s data, identity, and devices without fear of being blocked. Tamper protection helps prevent these kinds of activities.<br/><br/>With tamper protection, malware is prevented from taking actions such as:<br/>- Disabling virus and threat protection<br/>- Disabling real-time protection<br/>- Turning off behavior monitoring<br/>- Disabling antivirus (such as IOfficeAntivirus (IOAV))<br/>- Disabling cloud-delivered protection<br/>- Removing security intelligence updates <br/><br/>Learn more about [Tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection). | 
-| Network protection | Network protection in Windows helps prevent users from accessing dangerous IP addresses and domains that may host phishing scams, exploits, and other malicious content on the Internet. Network protection is part of attack surface reduction and helps provide an extra layer of protection for a user. Using reputation-based services, network protection blocks access to potentially harmful, low-reputation based domains and IP addresses. <br/><br/>In enterprise environments, network protection works best with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/), which provides detailed reporting into protection events as part of larger investigation scenarios.<br/><br/> Learn more about [Network protection](/microsoft-365/security/defender-endpoint/network-protection). |
-| Controlled folder access | With controlled folder access, you can protect your valuable information in specific folders by managing apps’ access to specific folders. Only trusted apps can access protected folders, which are specified when controlled folder access is configured. Typically, commonly used folders, such as those used for documents, pictures, downloads, are included in the list of controlled folders. Controlled folder access helps protect valuable data from malicious apps and threats, such as ransomware. <br/><br/>Learn more about [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders). |
-| Exploit protection | Exploit protection, available in Windows 10, version 1709 and later, automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection works best with Microsoft Defender for Endpoint, which gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios. <br/><br/>You can enable exploit protection on an individual device, and then use Group Policy to distribute the XML file to multiple devices simultaneously. When a mitigation is encountered on the device, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize which techniques the feature monitors.<br/><br/>Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | 
-| Microsoft Defender for Endpoint | Windows E5 customers benefit from [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint), an enterprise endpoint detection and response capability that helps enterprise security teams detect, investigate, and respond to advanced threats. With rich event data and attack insights, Defender for Endpoint enables your security team to investigate incidents and take remediation actions effectively and efficiently.<br/><br/>Defender for Endpoint also is part of [Microsoft 365 Defender](/microsoft-365/security/defender/), a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.<br/><br/>Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint) and [Microsoft 365 Defender](/microsoft-365/security/defender/). |
-
diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md
deleted file mode 100644
index ceed1cb436..0000000000
--- a/windows/security/security-foundations.md
+++ /dev/null
@@ -1,26 +0,0 @@
----
-title: Windows security foundations
-description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
-ms.reviewer: 
-ms.topic: article
-ms.author: paoloma
-author: paolomatarazzo
-ms.prod: windows-client
-ms.technology: itpro-security
-ms.date: 12/31/2017
----
-
-# Windows security foundations
-
-Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today’s threat environment.
-
-Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified.
-
-Use the links in the following table to learn more about the security foundations:
-
-| Concept | Description |
-|:---|:---|
-| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. <br/><br/>Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). |
-| Common Criteria Certifications |  Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products. <br/><br/>Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). |
-| Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.<br/><br/>Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).|
-| Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.<br/><br/>Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). |
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/security-foundations/certification/fips-140-validation.md
similarity index 99%
rename from windows/security/threat-protection/fips-140-validation.md
rename to windows/security/security-foundations/certification/fips-140-validation.md
index 85a59f77d7..1cb3c7c91f 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/security-foundations/certification/fips-140-validation.md
@@ -2,14 +2,14 @@
 title: Federal Information Processing Standard (FIPS) 140 Validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
 ms.prod: windows-client
-ms.date: 11/03/2022
+ms.date: 08/18/2023
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
 ms.collection: 
   - highpri
   - tier3
-ms.topic: article
+ms.topic: reference
 ms.localizationpriority: medium
 ms.reviewer: 
 ms.technology: itpro-security
@@ -47,7 +47,7 @@ Each of the cryptographic modules has a defined security policy that must be met
 
 ### Step 3: Enable the FIPS security policy
 
-Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode.  When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode.  This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](./security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).  
+Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode.  When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode.  This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](../../threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md).
 
 ### Step 4: Ensure that only FIPS validated cryptographic algorithms are used
 
diff --git a/windows/security/security-foundations/certification/toc.yml b/windows/security/security-foundations/certification/toc.yml
index 70d9d800b8..58c9db1958 100644
--- a/windows/security/security-foundations/certification/toc.yml
+++ b/windows/security/security-foundations/certification/toc.yml
@@ -1,5 +1,5 @@
 items:
 - name: FIPS 140-2 Validation
-  href: ../../threat-protection/fips-140-validation.md
+  href: fips-140-validation.md
 - name: Common Criteria Certifications
-  href: ../../threat-protection/windows-platform-common-criteria.md
\ No newline at end of file
+  href: windows-platform-common-criteria.md
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/security-foundations/certification/windows-platform-common-criteria.md
similarity index 97%
rename from windows/security/threat-protection/windows-platform-common-criteria.md
rename to windows/security/security-foundations/certification/windows-platform-common-criteria.md
index c79a189b61..0f426874c2 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/security-foundations/certification/windows-platform-common-criteria.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.author: sushmanemali
 author: s4sush
 manager: aaroncz
-ms.topic: article
+ms.topic: reference
 ms.localizationpriority: medium
 ms.date: 11/4/2022
 ms.reviewer: paoloma
@@ -278,10 +278,6 @@ Certified against the Protection Profile for General Purpose Operating Systems.
 ### Windows Server 2003 Certificate Server
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid9507-st.pdf)
-- [Administrator's Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=445093d8-45e2-4cf6-884c-8802c1e6cb2d)
-- [Configuration Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=46abc8b5-11be-4e3d-85c2-63226c3688d2)
-- [User's Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=74f66d84-2654-48d0-b9b5-b383d383425e)
-- [Evaluation Technical Report](https://www.microsoft.com/downloads/details.aspx?familyid=a594e77f-dcbb-4787-9d68-e4689e60a314)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid9507-vr.pdf)
 
 ### Windows Rights Management Services
diff --git a/windows/security/threat-protection/images/simplified-sdl.png b/windows/security/security-foundations/images/simplified-sdl.png
similarity index 100%
rename from windows/security/threat-protection/images/simplified-sdl.png
rename to windows/security/security-foundations/images/simplified-sdl.png
diff --git a/windows/security/security-foundations/index.md b/windows/security/security-foundations/index.md
new file mode 100644
index 0000000000..0f47d591b2
--- /dev/null
+++ b/windows/security/security-foundations/index.md
@@ -0,0 +1,18 @@
+---
+title: Windows security foundations
+description: Get an overview of security foundations, including the security development lifecycle, common criteria, and the bug bounty program.
+ms.topic: overview
+ms.date: 06/15/2023
+author: paolomatarazzo
+ms.author: paoloma
+---
+
+# Windows security foundations
+
+Microsoft is committed to continuously invest in improving our software development process, building highly secure-by-design software, and addressing security compliance requirements. At Microsoft, we embed security and privacy considerations from the earliest life-cycle phases of all our software development processes. We build in security from the ground for powerful defense in today's threat environment.
+
+Our strong security foundation uses Microsoft Security Development Lifecycle (SDL) Bug Bounty, support for product security standards and certifications, and Azure Code signing. As a result, we improve security by producing software with fewer defects and vulnerabilities instead of relying on applying updates after vulnerabilities have been identified.
+
+Use the links in the following table to learn more about the security foundations:
+
+[!INCLUDE [operating-system-security](../includes/sections/security-foundations.md)]
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/security-foundations/msft-security-dev-lifecycle.md
similarity index 82%
rename from windows/security/threat-protection/msft-security-dev-lifecycle.md
rename to windows/security/security-foundations/msft-security-dev-lifecycle.md
index 0b3f9185ea..99fc260eb9 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/security-foundations/msft-security-dev-lifecycle.md
@@ -1,29 +1,27 @@
 ---
 title: Microsoft Security Development Lifecycle
 description: Download the Microsoft Security Development Lifecycle white paper that covers a security assurance process focused on software development.
-ms.prod: windows-client
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
-ms.topic: article
-ms.localizationpriority: medium
-ms.technology: itpro-security
-ms.date: 12/31/2017
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.topic: conceptual
+ms.date: 07/31/2023
 ---
 
 # Microsoft Security Development Lifecycle
 
-The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. As a Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in software and culture at Microsoft. 
+The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. As a Microsoft-wide initiative and a mandatory policy since 2004, the SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.
 
 [:::image type="content" source="images/simplified-sdl.png" alt-text="Simplified secure development lifecycle":::](https://www.microsoft.com/en-us/securityengineering/sdl)
 
 With the help of the combination of a holistic and practical approach, the SDL aims to reduce the number and severity of vulnerabilities in software. The SDL introduces security and privacy throughout all phases of the development process. 
 
 The Microsoft SDL is based on three core concepts:
+
 - Education
 - Continuous process improvement
 - Accountability
 
 To learn more about the SDL, visit the [Security Engineering site](https://www.microsoft.com/en-us/securityengineering/sdl).
 
-And, download the [Simplified Implementation of the Microsoft SDL whitepaper](https://go.microsoft.com/?linkid=9708425).
\ No newline at end of file
+And, download the [Simplified Implementation of the Microsoft SDL whitepaper](https://www.microsoft.com/download/details.aspx?id=12379).
diff --git a/windows/security/security-foundations/toc.yml b/windows/security/security-foundations/toc.yml
index d52c477387..0741c7a555 100644
--- a/windows/security/security-foundations/toc.yml
+++ b/windows/security/security-foundations/toc.yml
@@ -1,7 +1,15 @@
 items:
 - name: Overview
-  href: ../security-foundations.md
-- name: Microsoft Security Development Lifecycle
-  href: ../threat-protection/msft-security-dev-lifecycle.md
+  href: index.md
+- name: Zero Trust and Windows
+  href: zero-trust-windows-device-health.md
+- name: Offensive research
+  items:
+  - name: Microsoft Security Development Lifecycle
+    href: msft-security-dev-lifecycle.md
+  - name: OneFuzz service
+    href: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/
+  - name: Microsoft Windows Insider Preview bounty program 🔗
+    href: https://www.microsoft.com/msrc/bounty-windows-insider-preview
 - name: Certification
   href: certification/toc.yml
\ No newline at end of file
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/security-foundations/zero-trust-windows-device-health.md
similarity index 89%
rename from windows/security/zero-trust-windows-device-health.md
rename to windows/security/security-foundations/zero-trust-windows-device-health.md
index 64a4233745..64696d3e5d 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/security-foundations/zero-trust-windows-device-health.md
@@ -1,18 +1,18 @@
 ---
 title: Zero Trust and Windows device health
 description: Describes the process of Windows device health attestation
-ms.reviewer: 
-ms.topic: article
+ms.reviewer:
+ms.topic: conceptual
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
-ms.custom: intro-overview
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.date: 12/31/2017
 ---
 
 # Zero Trust and Windows device health
+
 Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they're located. Implementing a Zero Trust model for security helps address today's complex environments.
 
 The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are:
@@ -23,15 +23,16 @@ The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) princip
 
 - **Assume breach**. Prevent attackers from obtaining access to minimize potential damage to data and systems. Protect privileged roles, verify end-to-end encryption, use analytics to get visibility, and drive threat detection to improve defenses.
 
-The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows enables **device health attestation** and **conditional access** capabilities, which are used to grant access to corporate resources. 
+The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows enables **device health attestation** and **conditional access** capabilities, which are used to grant access to corporate resources.
 
-[Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they're granted access to corporate resources. 
+[Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are before they're granted access to corporate resources.
 
 Windows 11 supports device health attestation, helping to confirm that devices are in a good state and haven't been tampered with. This capability helps users access corporate resources whether they're in the office, at home, or when they're traveling.
 
 Attestation helps verify the identity and status of essential components and that the device, firmware, and boot process haven't been altered. Information about the firmware, boot process, and software, is used to validate the security state of the device. This information is cryptographically stored in the security co-processor Trusted Platform Module (TPM). Once the device is attested, it can be granted access to resources.
 
 ## Device health attestation on Windows
+
  Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. The verification process uses remote attestation as the secure channel to determine and present the device's health. Remote attestation determines:
 
 - If the device can be trusted
@@ -40,7 +41,7 @@ Attestation helps verify the identity and status of essential components and tha
 
 These determinations are made with the help of a secure root of trust using the Trusted Platform Module (TPM). Devices can attest that the TPM is enabled, and that the device hasn't been tampered with.
 
-Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and wasn't tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](information-protection/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device.
+Windows includes many security features to help protect users from malware and attacks. However, trusting the Windows security components can only be achieved if the platform boots as expected and wasn't tampered with. Windows relies on Unified Extensible Firmware Interface (UEFI) Secure Boot, Early-launch antimalware (ELAM), Dynamic Root of Trust for Measurement (DRTM), Trusted Boot, and other low-level hardware and firmware security features. When you power on your PC until your anti-malware starts, Windows is backed with the appropriate hardware configuration to help keep you safe. [Measured and Trusted boot](../operating-system-security/system-security/secure-the-windows-10-boot-process.md), implemented by bootloaders and BIOS, verifies and cryptographically records each step of the boot in a chained manner. These events are bound to a security coprocessor (TPM) that acts as the Root of Trust. Remote Attestation is the mechanism by which these events are read and verified by a service to provide a verifiable, unbiased, and tamper resilient report. Remote attestation is the trusted auditor of your system's boot, allowing specific entities to trust the device.
 
 A summary of the steps involved in attestation and Zero Trust on the device side are as follows:
 
diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index 457a454e3b..3648c69063 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -2,13 +2,11 @@
 title: Advanced security audit policy settings 
 description: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171
-ms.reviewer: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.author: vinpa
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
@@ -74,7 +72,7 @@ This category includes the following subcategories:
 - [Audit Process Creation](audit-process-creation.md)
 - [Audit Process Termination](audit-process-termination.md)
 - [Audit RPC Events](audit-rpc-events.md)
-- [Audit Token Right Adjusted](./audit-token-right-adjusted.md)
+- [Audit Token Right Adjusted](audit-token-right-adjusted.md)
 
 ## DS Access
 
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md
index 61475f808a..b6bf8dec61 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing.md
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
@@ -27,6 +27,6 @@ When you apply basic audit policy settings to the local computer by using the Lo
 | Topic | Description |
 | - | - |
 | [Planning and deploying advanced security audit policies](planning-and-deploying-advanced-security-audit-policies.md) | This topic for the IT professional explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies |
-| [Advanced security auditing FAQ](./advanced-security-auditing-faq.yml) | This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
+| [Advanced security auditing FAQ](advanced-security-auditing-faq.yml) | This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
 | [Using advanced security auditing options to monitor dynamic access control objects](using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) | This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
-| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) | This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
\ No newline at end of file
+| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) | This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
index 95dffa1f91..e27eedd443 100644
--- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
index eb01843ba1..c613a28ed2 100644
--- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md
index 75f5a3fd62..5f21d6eab6 100644
--- a/windows/security/threat-protection/auditing/audit-account-lockout.md
+++ b/windows/security/threat-protection/auditing/audit-account-lockout.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md
index 8d219480b0..ad5c87de63 100644
--- a/windows/security/threat-protection/auditing/audit-application-generated.md
+++ b/windows/security/threat-protection/auditing/audit-application-generated.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md
index aae81ccb4f..9fb1c10453 100644
--- a/windows/security/threat-protection/auditing/audit-application-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-application-group-management.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
index bf1ae6aef5..be89c50a5a 100644
--- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
index 969c9e4655..2b14cd5e29 100644
--- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
index e2548c51f2..b86b2d9b6b 100644
--- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
index 6e0cbcb9f3..b330e72006 100644
--- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
+++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md
index 5461b50847..cb33e2480b 100644
--- a/windows/security/threat-protection/auditing/audit-certification-services.md
+++ b/windows/security/threat-protection/auditing/audit-certification-services.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md
index 30a8dc2162..78bd0d1701 100644
--- a/windows/security/threat-protection/auditing/audit-computer-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md
index ca9006d297..3d6283d2ab 100644
--- a/windows/security/threat-protection/auditing/audit-credential-validation.md
+++ b/windows/security/threat-protection/auditing/audit-credential-validation.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
index a90af61434..d909d6ba62 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
index e836a65007..bb87079a1b 100644
--- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md
index 5d052e1b17..0576b52401 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
index 18879247a3..d2b294d326 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
index 096a8c7235..bae794b8c0 100644
--- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md
+++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
index 79dc631db9..e254cd23b0 100644
--- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
index c86719486a..edc400cd02 100644
--- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md
+++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md
index 3970447680..65ea03ef20 100644
--- a/windows/security/threat-protection/auditing/audit-file-share.md
+++ b/windows/security/threat-protection/auditing/audit-file-share.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md
index 1ecd400b99..18e5b32a55 100644
--- a/windows/security/threat-protection/auditing/audit-file-system.md
+++ b/windows/security/threat-protection/auditing/audit-file-system.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
index 541a9ea9fa..2edf237cad 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
index 49924db420..a3d70e667a 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
index 828e0a1f16..fe1236b0e6 100644
--- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md
index 11fc2eca97..b5531fb996 100644
--- a/windows/security/threat-protection/auditing/audit-group-membership.md
+++ b/windows/security/threat-protection/auditing/audit-group-membership.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
index feb17cf68e..081f3a3d34 100644
--- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md
+++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
index c289430fe3..1719e81ee6 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
index ce2626dfde..0e2168d0f5 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
index b9833c2182..81cfde4d9d 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
index 2c4b89bde5..0ee38a23f7 100644
--- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
+++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
index f65c550e3a..bd54abd7d0 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index 1d333d9f8e..f942a116de 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
@@ -29,7 +29,7 @@ This subcategory contains events about issued TGSs and failed TGS requests.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | IF              | Yes             | Yes              | Yes              | Expected volume is very high on domain controllers.<br><br>IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see our [***Security Monitoring Recommendations***](./appendix-a-security-monitoring-recommendations-for-many-audit-events.md).<br /><br />We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. |
+| Domain Controller | IF              | Yes             | Yes              | Yes              | Expected volume is very high on domain controllers.<br><br>IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see our [***Security Monitoring Recommendations***](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).<br /><br />We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. |
 | Member Server     | No              | No              | No               | No               | This subcategory makes sense only on domain controllers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 | Workstation       | No              | No              | No               | No               | This subcategory makes sense only on domain controllers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 
@@ -39,4 +39,4 @@ This subcategory contains events about issued TGSs and failed TGS requests.
 
 -   [4770](event-4770.md)(S): A Kerberos service ticket was renewed.
 
--   [4773](event-4773.md)(F): A Kerberos service ticket request failed.
\ No newline at end of file
+-   [4773](event-4773.md)(F): A Kerberos service ticket request failed.
diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md
index b2c76daf1a..afb2069653 100644
--- a/windows/security/threat-protection/auditing/audit-kernel-object.md
+++ b/windows/security/threat-protection/auditing/audit-kernel-object.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md
index 81a615fbd6..8c631d2e0a 100644
--- a/windows/security/threat-protection/auditing/audit-logoff.md
+++ b/windows/security/threat-protection/auditing/audit-logoff.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md
index 2f4de511f2..fcd5e254ef 100644
--- a/windows/security/threat-protection/auditing/audit-logon.md
+++ b/windows/security/threat-protection/auditing/audit-logon.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
index 8fd95ccf30..a6f72640dc 100644
--- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md
index 44e3ef4880..8c46beb77a 100644
--- a/windows/security/threat-protection/auditing/audit-network-policy-server.md
+++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
index 990e574f0c..298b8a5061 100644
--- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
index ed3f8fa3f2..664c5f6b17 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
index 1a3cee2068..68fa5e72ef 100644
--- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
index 4fdbf61cac..075d245ab1 100644
--- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
index dd8800acac..fc6e2dbd2e 100644
--- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
index c3e7f98b0a..8f78be458c 100644
--- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
index b395ef62a2..d7b89004e2 100644
--- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md
index d129bae159..9c768d486b 100644
--- a/windows/security/threat-protection/auditing/audit-other-system-events.md
+++ b/windows/security/threat-protection/auditing/audit-other-system-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md
index 9c1c5cbed6..b0f231d898 100644
--- a/windows/security/threat-protection/auditing/audit-pnp-activity.md
+++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md
index 6b204e6613..53eec87d8c 100644
--- a/windows/security/threat-protection/auditing/audit-process-creation.md
+++ b/windows/security/threat-protection/auditing/audit-process-creation.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 03/16/2022
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md
index 863513add3..0a9089db1f 100644
--- a/windows/security/threat-protection/auditing/audit-process-termination.md
+++ b/windows/security/threat-protection/auditing/audit-process-termination.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md
index 3403bd8748..418fda413d 100644
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 01/05/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md
index f244e92a4c..faa143e4c6 100644
--- a/windows/security/threat-protection/auditing/audit-removable-storage.md
+++ b/windows/security/threat-protection/auditing/audit-removable-storage.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md
index ec13a2b45c..1b6a9b69ca 100644
--- a/windows/security/threat-protection/auditing/audit-rpc-events.md
+++ b/windows/security/threat-protection/auditing/audit-rpc-events.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md
index b2cacec3a5..4eb4577d13 100644
--- a/windows/security/threat-protection/auditing/audit-sam.md
+++ b/windows/security/threat-protection/auditing/audit-sam.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index eb76f1d581..8fd69b4b8a 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
@@ -83,7 +83,7 @@ This subcategory allows you to audit events generated by changes to security gro
   > [!IMPORTANT]
   > Event 4754(S) generates only for domain groups, so the Local sections in event [4731](event-4731.md) do not apply.
 
-- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4737 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference.
+- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4755 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference.
 
   > [!IMPORTANT]
   > Event 4755(S) generates only for domain groups, so the Local sections in event [4735](event-4735.md) do not apply.
diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md
index a9b4d3ea8f..93830b3271 100644
--- a/windows/security/threat-protection/auditing/audit-security-state-change.md
+++ b/windows/security/threat-protection/auditing/audit-security-state-change.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md
index 3a230a5cfe..ceef6d3134 100644
--- a/windows/security/threat-protection/auditing/audit-security-system-extension.md
+++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
index 3773c3c44d..becca46597 100644
--- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
+++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md
index 4b1edc838c..12308ff6e3 100644
--- a/windows/security/threat-protection/auditing/audit-special-logon.md
+++ b/windows/security/threat-protection/auditing/audit-special-logon.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md
index 58d0a44687..8d64f386ff 100644
--- a/windows/security/threat-protection/auditing/audit-system-integrity.md
+++ b/windows/security/threat-protection/auditing/audit-system-integrity.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md
index 74dc66d2c4..a504763fe3 100644
--- a/windows/security/threat-protection/auditing/audit-user-account-management.md
+++ b/windows/security/threat-protection/auditing/audit-user-account-management.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md
index 08a53b6cd8..27e1a7f23d 100644
--- a/windows/security/threat-protection/auditing/audit-user-device-claims.md
+++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/06/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
index 7623c4fb3c..7773933079 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md
index 7059ff21f3..9a6340c3a8 100644
--- a/windows/security/threat-protection/auditing/basic-audit-account-management.md
+++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
index a77f8d8468..6da1a9c54e 100644
--- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
index 075921f764..523fee4769 100644
--- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md
index 1376b57216..c9e7094492 100644
--- a/windows/security/threat-protection/auditing/basic-audit-object-access.md
+++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
index feb9487f03..bd7e9a9b7e 100644
--- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md
+++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
index c459cc1086..1382bf0fcb 100644
--- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
+++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
index 8adcb1235c..b7eb7ea1fd 100644
--- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
+++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md
index 9ea0655ee8..0af90ae965 100644
--- a/windows/security/threat-protection/auditing/basic-audit-system-events.md
+++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
index e8e67ff791..95d4e51fe0 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
index 85d95b74f6..9c9d050b55 100644
--- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
index 9b03c40bbf..9a49d95bbe 100644
--- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -8,7 +8,7 @@ ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 manager: aaroncz
 audience: ITPro
diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md
index 5757c2d6ae..c243b5aac7 100644
--- a/windows/security/threat-protection/auditing/event-1100.md
+++ b/windows/security/threat-protection/auditing/event-1100.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md
index 16c59d4352..f576776df5 100644
--- a/windows/security/threat-protection/auditing/event-1102.md
+++ b/windows/security/threat-protection/auditing/event-1102.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md
index 3f61cee0ab..bb5e126fa3 100644
--- a/windows/security/threat-protection/auditing/event-1104.md
+++ b/windows/security/threat-protection/auditing/event-1104.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md
index cac285228f..52cf7ef880 100644
--- a/windows/security/threat-protection/auditing/event-1105.md
+++ b/windows/security/threat-protection/auditing/event-1105.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md
index 68ae9463dc..82f001a25b 100644
--- a/windows/security/threat-protection/auditing/event-1108.md
+++ b/windows/security/threat-protection/auditing/event-1108.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md
index 8c603dd52e..fe0e35c6f0 100644
--- a/windows/security/threat-protection/auditing/event-4608.md
+++ b/windows/security/threat-protection/auditing/event-4608.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md
index 714b4c0d5a..d30d8aa1fe 100644
--- a/windows/security/threat-protection/auditing/event-4610.md
+++ b/windows/security/threat-protection/auditing/event-4610.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md
index 6c30ed7235..2730d51adc 100644
--- a/windows/security/threat-protection/auditing/event-4611.md
+++ b/windows/security/threat-protection/auditing/event-4611.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md
index 70ee3338ae..5be5bf7008 100644
--- a/windows/security/threat-protection/auditing/event-4612.md
+++ b/windows/security/threat-protection/auditing/event-4612.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md
index 5a7d10d8a8..03a7376a53 100644
--- a/windows/security/threat-protection/auditing/event-4614.md
+++ b/windows/security/threat-protection/auditing/event-4614.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md
index 92134c76a4..3032b10d53 100644
--- a/windows/security/threat-protection/auditing/event-4615.md
+++ b/windows/security/threat-protection/auditing/event-4615.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md
index fa1166e46d..62f34dc232 100644
--- a/windows/security/threat-protection/auditing/event-4616.md
+++ b/windows/security/threat-protection/auditing/event-4616.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md
index 8d50584182..0871962990 100644
--- a/windows/security/threat-protection/auditing/event-4618.md
+++ b/windows/security/threat-protection/auditing/event-4618.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md
index 56fa6c3379..3d5e633672 100644
--- a/windows/security/threat-protection/auditing/event-4621.md
+++ b/windows/security/threat-protection/auditing/event-4621.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md
index 50bec63d42..6fbd529f39 100644
--- a/windows/security/threat-protection/auditing/event-4622.md
+++ b/windows/security/threat-protection/auditing/event-4622.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md
index ad06ba99ab..244371e389 100644
--- a/windows/security/threat-protection/auditing/event-4624.md
+++ b/windows/security/threat-protection/auditing/event-4624.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 2379077b79..702684a0a3 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 01/03/2022
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md
index 804389426d..fc6a96544c 100644
--- a/windows/security/threat-protection/auditing/event-4626.md
+++ b/windows/security/threat-protection/auditing/event-4626.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md
index 111b2523c8..739f621949 100644
--- a/windows/security/threat-protection/auditing/event-4627.md
+++ b/windows/security/threat-protection/auditing/event-4627.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md
index 086b8f85cf..0c24208115 100644
--- a/windows/security/threat-protection/auditing/event-4634.md
+++ b/windows/security/threat-protection/auditing/event-4634.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md
index 05586a8c05..6a346735b9 100644
--- a/windows/security/threat-protection/auditing/event-4647.md
+++ b/windows/security/threat-protection/auditing/event-4647.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md
index 73012d0cf2..57e38cffb9 100644
--- a/windows/security/threat-protection/auditing/event-4648.md
+++ b/windows/security/threat-protection/auditing/event-4648.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md
index c4caa3d98d..ab9f2ef58e 100644
--- a/windows/security/threat-protection/auditing/event-4649.md
+++ b/windows/security/threat-protection/auditing/event-4649.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md
index 81803532eb..d019e5e260 100644
--- a/windows/security/threat-protection/auditing/event-4656.md
+++ b/windows/security/threat-protection/auditing/event-4656.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md
index 73a89ae5ff..35f1a2be85 100644
--- a/windows/security/threat-protection/auditing/event-4657.md
+++ b/windows/security/threat-protection/auditing/event-4657.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md
index 95ec14dff4..ed093c51b6 100644
--- a/windows/security/threat-protection/auditing/event-4658.md
+++ b/windows/security/threat-protection/auditing/event-4658.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md
index 348903da4c..8613c16cee 100644
--- a/windows/security/threat-protection/auditing/event-4660.md
+++ b/windows/security/threat-protection/auditing/event-4660.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md
index cbafd424c3..ffd0495d6f 100644
--- a/windows/security/threat-protection/auditing/event-4661.md
+++ b/windows/security/threat-protection/auditing/event-4661.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md
index 1b85e12b87..03c05ae001 100644
--- a/windows/security/threat-protection/auditing/event-4662.md
+++ b/windows/security/threat-protection/auditing/event-4662.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md
index 5a1134b2d1..e6eb49e26e 100644
--- a/windows/security/threat-protection/auditing/event-4663.md
+++ b/windows/security/threat-protection/auditing/event-4663.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md
index b6673c7380..80106ccf42 100644
--- a/windows/security/threat-protection/auditing/event-4664.md
+++ b/windows/security/threat-protection/auditing/event-4664.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md
index d0e48676ce..a2d1d9f284 100644
--- a/windows/security/threat-protection/auditing/event-4670.md
+++ b/windows/security/threat-protection/auditing/event-4670.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md
index 5e922fa30c..3c078e977d 100644
--- a/windows/security/threat-protection/auditing/event-4671.md
+++ b/windows/security/threat-protection/auditing/event-4671.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md
index c2f050300a..32e6c9eb6a 100644
--- a/windows/security/threat-protection/auditing/event-4672.md
+++ b/windows/security/threat-protection/auditing/event-4672.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index bb5004ff58..7dc7f54208 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md
index df0a45b3a2..80a9614ae6 100644
--- a/windows/security/threat-protection/auditing/event-4674.md
+++ b/windows/security/threat-protection/auditing/event-4674.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md
index 0b62ce8d8a..cdd97e8a9e 100644
--- a/windows/security/threat-protection/auditing/event-4675.md
+++ b/windows/security/threat-protection/auditing/event-4675.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md
index 45d85659b3..d56ba5367b 100644
--- a/windows/security/threat-protection/auditing/event-4688.md
+++ b/windows/security/threat-protection/auditing/event-4688.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 01/24/2022
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md
index 3d1ab863dd..c23269a82a 100644
--- a/windows/security/threat-protection/auditing/event-4689.md
+++ b/windows/security/threat-protection/auditing/event-4689.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md
index c019ad6c0e..b1247baf18 100644
--- a/windows/security/threat-protection/auditing/event-4690.md
+++ b/windows/security/threat-protection/auditing/event-4690.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md
index 6a3f99ac6d..abc7e7224a 100644
--- a/windows/security/threat-protection/auditing/event-4691.md
+++ b/windows/security/threat-protection/auditing/event-4691.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md
index d439754ca0..fd2df12df7 100644
--- a/windows/security/threat-protection/auditing/event-4692.md
+++ b/windows/security/threat-protection/auditing/event-4692.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md
index 3c3ccec111..e8fd42218d 100644
--- a/windows/security/threat-protection/auditing/event-4693.md
+++ b/windows/security/threat-protection/auditing/event-4693.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md
index c32e3f5f45..18eed045ab 100644
--- a/windows/security/threat-protection/auditing/event-4694.md
+++ b/windows/security/threat-protection/auditing/event-4694.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md
index 56c60185f8..7093744387 100644
--- a/windows/security/threat-protection/auditing/event-4695.md
+++ b/windows/security/threat-protection/auditing/event-4695.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md
index 9168383e9a..38800c2bd2 100644
--- a/windows/security/threat-protection/auditing/event-4696.md
+++ b/windows/security/threat-protection/auditing/event-4696.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md
index 216ab77c68..3775a7bda7 100644
--- a/windows/security/threat-protection/auditing/event-4697.md
+++ b/windows/security/threat-protection/auditing/event-4697.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md
index faf3e412ad..2609217fd3 100644
--- a/windows/security/threat-protection/auditing/event-4698.md
+++ b/windows/security/threat-protection/auditing/event-4698.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md
index 449c346434..87a10ab8bf 100644
--- a/windows/security/threat-protection/auditing/event-4699.md
+++ b/windows/security/threat-protection/auditing/event-4699.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md
index c1593bb721..0f8d3494fe 100644
--- a/windows/security/threat-protection/auditing/event-4700.md
+++ b/windows/security/threat-protection/auditing/event-4700.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md
index 106ed9b28e..ecd015fbae 100644
--- a/windows/security/threat-protection/auditing/event-4701.md
+++ b/windows/security/threat-protection/auditing/event-4701.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md
index e51feda768..68dfec7592 100644
--- a/windows/security/threat-protection/auditing/event-4702.md
+++ b/windows/security/threat-protection/auditing/event-4702.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index 3f5d60a214..effc1b4ddc 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md
index 8baf62d9d3..94bcdf96eb 100644
--- a/windows/security/threat-protection/auditing/event-4704.md
+++ b/windows/security/threat-protection/auditing/event-4704.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md
index 3efba6fe63..1030f0b6b6 100644
--- a/windows/security/threat-protection/auditing/event-4705.md
+++ b/windows/security/threat-protection/auditing/event-4705.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md
index f326216f0e..7fdea8fb2c 100644
--- a/windows/security/threat-protection/auditing/event-4706.md
+++ b/windows/security/threat-protection/auditing/event-4706.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md
index 55d9629ffc..e2a779b376 100644
--- a/windows/security/threat-protection/auditing/event-4707.md
+++ b/windows/security/threat-protection/auditing/event-4707.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md
index 20b49c9c8b..49ad5eeca7 100644
--- a/windows/security/threat-protection/auditing/event-4713.md
+++ b/windows/security/threat-protection/auditing/event-4713.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md
index f266113293..495cda1557 100644
--- a/windows/security/threat-protection/auditing/event-4714.md
+++ b/windows/security/threat-protection/auditing/event-4714.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md
index ab59295e22..6a09b30ae2 100644
--- a/windows/security/threat-protection/auditing/event-4715.md
+++ b/windows/security/threat-protection/auditing/event-4715.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md
index 1c77e985f8..12eafb94f3 100644
--- a/windows/security/threat-protection/auditing/event-4716.md
+++ b/windows/security/threat-protection/auditing/event-4716.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md
index d72fd9ca59..b02eef2f90 100644
--- a/windows/security/threat-protection/auditing/event-4717.md
+++ b/windows/security/threat-protection/auditing/event-4717.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md
index 03b924f369..14707ab644 100644
--- a/windows/security/threat-protection/auditing/event-4718.md
+++ b/windows/security/threat-protection/auditing/event-4718.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md
index b05dbcbc20..4cf66c7350 100644
--- a/windows/security/threat-protection/auditing/event-4719.md
+++ b/windows/security/threat-protection/auditing/event-4719.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md
index e1cfbc29b4..726f71bbbd 100644
--- a/windows/security/threat-protection/auditing/event-4720.md
+++ b/windows/security/threat-protection/auditing/event-4720.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md
index c8c30f7220..add2d048cc 100644
--- a/windows/security/threat-protection/auditing/event-4722.md
+++ b/windows/security/threat-protection/auditing/event-4722.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md
index ac4e3d2e04..7aad069614 100644
--- a/windows/security/threat-protection/auditing/event-4723.md
+++ b/windows/security/threat-protection/auditing/event-4723.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md
index 09d1e8a757..456ec46743 100644
--- a/windows/security/threat-protection/auditing/event-4724.md
+++ b/windows/security/threat-protection/auditing/event-4724.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md
index 84bed2bd84..55cad0f2a1 100644
--- a/windows/security/threat-protection/auditing/event-4725.md
+++ b/windows/security/threat-protection/auditing/event-4725.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md
index ed6d64686d..a947159c47 100644
--- a/windows/security/threat-protection/auditing/event-4726.md
+++ b/windows/security/threat-protection/auditing/event-4726.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md
index c288f85c6f..2c65171ef1 100644
--- a/windows/security/threat-protection/auditing/event-4731.md
+++ b/windows/security/threat-protection/auditing/event-4731.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md
index 11c945bcea..00d16da21d 100644
--- a/windows/security/threat-protection/auditing/event-4732.md
+++ b/windows/security/threat-protection/auditing/event-4732.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md
index e158ac5a84..926066fb81 100644
--- a/windows/security/threat-protection/auditing/event-4733.md
+++ b/windows/security/threat-protection/auditing/event-4733.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md
index 2e81dd497b..c2af62b2bc 100644
--- a/windows/security/threat-protection/auditing/event-4734.md
+++ b/windows/security/threat-protection/auditing/event-4734.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md
index 2e4ba076bf..a08fb0391f 100644
--- a/windows/security/threat-protection/auditing/event-4735.md
+++ b/windows/security/threat-protection/auditing/event-4735.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md
index de8fcd1cdc..61cd4e80e6 100644
--- a/windows/security/threat-protection/auditing/event-4738.md
+++ b/windows/security/threat-protection/auditing/event-4738.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md
index cfafc9acff..8b6090da8d 100644
--- a/windows/security/threat-protection/auditing/event-4739.md
+++ b/windows/security/threat-protection/auditing/event-4739.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md
index 82bd56c48f..9fae037e5f 100644
--- a/windows/security/threat-protection/auditing/event-4740.md
+++ b/windows/security/threat-protection/auditing/event-4740.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md
index b7f36e0237..a245d7e5ce 100644
--- a/windows/security/threat-protection/auditing/event-4741.md
+++ b/windows/security/threat-protection/auditing/event-4741.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md
index d9c538c5a2..6d58542822 100644
--- a/windows/security/threat-protection/auditing/event-4742.md
+++ b/windows/security/threat-protection/auditing/event-4742.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md
index 465301edbd..4f3da1ff73 100644
--- a/windows/security/threat-protection/auditing/event-4743.md
+++ b/windows/security/threat-protection/auditing/event-4743.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md
index de945822b8..94f70a7eae 100644
--- a/windows/security/threat-protection/auditing/event-4749.md
+++ b/windows/security/threat-protection/auditing/event-4749.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md
index d976995cab..98025cf33c 100644
--- a/windows/security/threat-protection/auditing/event-4750.md
+++ b/windows/security/threat-protection/auditing/event-4750.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md
index 7417a17f37..d28e5a4ace 100644
--- a/windows/security/threat-protection/auditing/event-4751.md
+++ b/windows/security/threat-protection/auditing/event-4751.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md
index e76939b914..937c2d5d78 100644
--- a/windows/security/threat-protection/auditing/event-4752.md
+++ b/windows/security/threat-protection/auditing/event-4752.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md
index b8ac802619..e03d2dad24 100644
--- a/windows/security/threat-protection/auditing/event-4753.md
+++ b/windows/security/threat-protection/auditing/event-4753.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md
index c730eb1235..28615743d5 100644
--- a/windows/security/threat-protection/auditing/event-4764.md
+++ b/windows/security/threat-protection/auditing/event-4764.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md
index 3c87e554ae..b7e4d12932 100644
--- a/windows/security/threat-protection/auditing/event-4765.md
+++ b/windows/security/threat-protection/auditing/event-4765.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md
index 2108a07108..6ec2b6bbf3 100644
--- a/windows/security/threat-protection/auditing/event-4766.md
+++ b/windows/security/threat-protection/auditing/event-4766.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md
index e106edc272..e18080c9e3 100644
--- a/windows/security/threat-protection/auditing/event-4767.md
+++ b/windows/security/threat-protection/auditing/event-4767.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md
index 037a6989a1..9af99fe83b 100644
--- a/windows/security/threat-protection/auditing/event-4768.md
+++ b/windows/security/threat-protection/auditing/event-4768.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 10/20/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md
index a3b8c712ac..2605d404c9 100644
--- a/windows/security/threat-protection/auditing/event-4769.md
+++ b/windows/security/threat-protection/auditing/event-4769.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
@@ -261,7 +261,7 @@ The table below contains the list of the most common error codes for this event:
 | 0x43 | KRB\_AP\_ERR\_NO\_TGT                  | No TGT was presented or available                                           | In user-to-user authentication if the service doesn't possess a ticket granting ticket, it should return the error KRB\_AP\_ERR\_NO\_TGT.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | 0x44 | KDC\_ERR\_WRONG\_REALM                 | Incorrect domain or principal                                               | Although this error rarely occurs, it occurs when a client presents a cross-realm TGT to a realm other than the one specified in the TGT. Typically, this results from incorrectly configured DNS.                                                                                                                                                                                                                                                                                                                                                                                                                           |
 
--   **Transited Services** \[Type = UnicodeString\]: this field contains list of SPNs which were requested if Kerberos delegation was used.
+-   **Transited Services** \[Type = UnicodeString\]: this field contains list of SPNs which were requested if constrained Kerberos delegation was used. 
 
 > **Note**&nbsp;&nbsp;**Service Principal Name (SPN)** is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host.
 
diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md
index 4cc852f971..e0206db3db 100644
--- a/windows/security/threat-protection/auditing/event-4770.md
+++ b/windows/security/threat-protection/auditing/event-4770.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md
index 2613c3b467..bad7f21c77 100644
--- a/windows/security/threat-protection/auditing/event-4771.md
+++ b/windows/security/threat-protection/auditing/event-4771.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md
index 345f69caeb..1bb81355f0 100644
--- a/windows/security/threat-protection/auditing/event-4772.md
+++ b/windows/security/threat-protection/auditing/event-4772.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md
index da91824310..a966cf2abd 100644
--- a/windows/security/threat-protection/auditing/event-4773.md
+++ b/windows/security/threat-protection/auditing/event-4773.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index d0f52fad53..5c9253d51a 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md
index 0d7bcb316f..35264e2c50 100644
--- a/windows/security/threat-protection/auditing/event-4775.md
+++ b/windows/security/threat-protection/auditing/event-4775.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md
index c8a9ec6ea6..736a967ea4 100644
--- a/windows/security/threat-protection/auditing/event-4776.md
+++ b/windows/security/threat-protection/auditing/event-4776.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/13/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md
index faf25d8424..f14f4b4a58 100644
--- a/windows/security/threat-protection/auditing/event-4777.md
+++ b/windows/security/threat-protection/auditing/event-4777.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md
index d8e0a7e284..d9a5bd2d94 100644
--- a/windows/security/threat-protection/auditing/event-4778.md
+++ b/windows/security/threat-protection/auditing/event-4778.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md
index 8630dfd13b..3ab94db6fb 100644
--- a/windows/security/threat-protection/auditing/event-4779.md
+++ b/windows/security/threat-protection/auditing/event-4779.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md
index 6cbf2068a6..8bc11f4997 100644
--- a/windows/security/threat-protection/auditing/event-4780.md
+++ b/windows/security/threat-protection/auditing/event-4780.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md
index 79a8d4b9d9..3918ee0ef1 100644
--- a/windows/security/threat-protection/auditing/event-4781.md
+++ b/windows/security/threat-protection/auditing/event-4781.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md
index 4bc46fec39..83020ee642 100644
--- a/windows/security/threat-protection/auditing/event-4782.md
+++ b/windows/security/threat-protection/auditing/event-4782.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md
index b12af0683a..4774459a71 100644
--- a/windows/security/threat-protection/auditing/event-4793.md
+++ b/windows/security/threat-protection/auditing/event-4793.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md
index 4484b2fda8..ed8e9aebdc 100644
--- a/windows/security/threat-protection/auditing/event-4794.md
+++ b/windows/security/threat-protection/auditing/event-4794.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md
index 980d130473..8c5e7d3c50 100644
--- a/windows/security/threat-protection/auditing/event-4798.md
+++ b/windows/security/threat-protection/auditing/event-4798.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md
index 0da5ecd1cd..a089e448f4 100644
--- a/windows/security/threat-protection/auditing/event-4799.md
+++ b/windows/security/threat-protection/auditing/event-4799.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md
index 7df74117a0..fcacf65cb0 100644
--- a/windows/security/threat-protection/auditing/event-4800.md
+++ b/windows/security/threat-protection/auditing/event-4800.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md
index c85128fdc2..94d9dee683 100644
--- a/windows/security/threat-protection/auditing/event-4801.md
+++ b/windows/security/threat-protection/auditing/event-4801.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md
index db0f725fb8..82492616cc 100644
--- a/windows/security/threat-protection/auditing/event-4802.md
+++ b/windows/security/threat-protection/auditing/event-4802.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md
index f802b88740..497a3a8d07 100644
--- a/windows/security/threat-protection/auditing/event-4803.md
+++ b/windows/security/threat-protection/auditing/event-4803.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md
index d0218f8b0d..be77d5a97c 100644
--- a/windows/security/threat-protection/auditing/event-4816.md
+++ b/windows/security/threat-protection/auditing/event-4816.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md
index 56eff0bfbe..e166782510 100644
--- a/windows/security/threat-protection/auditing/event-4817.md
+++ b/windows/security/threat-protection/auditing/event-4817.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md
index 802e07d8d9..127a71406e 100644
--- a/windows/security/threat-protection/auditing/event-4818.md
+++ b/windows/security/threat-protection/auditing/event-4818.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md
index ff590bf233..0e479a57b1 100644
--- a/windows/security/threat-protection/auditing/event-4819.md
+++ b/windows/security/threat-protection/auditing/event-4819.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md
index 186973544b..2e79af5e64 100644
--- a/windows/security/threat-protection/auditing/event-4826.md
+++ b/windows/security/threat-protection/auditing/event-4826.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md
index 7cbe35ae7d..cbed773c60 100644
--- a/windows/security/threat-protection/auditing/event-4864.md
+++ b/windows/security/threat-protection/auditing/event-4864.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md
index 2ee1eee9d2..8b792069f3 100644
--- a/windows/security/threat-protection/auditing/event-4865.md
+++ b/windows/security/threat-protection/auditing/event-4865.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md
index 93bcff89c1..2ec48bdf4f 100644
--- a/windows/security/threat-protection/auditing/event-4866.md
+++ b/windows/security/threat-protection/auditing/event-4866.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md
index 5188e70e84..b4affb0ff4 100644
--- a/windows/security/threat-protection/auditing/event-4867.md
+++ b/windows/security/threat-protection/auditing/event-4867.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md
index c9723497d5..a53fd03d58 100644
--- a/windows/security/threat-protection/auditing/event-4902.md
+++ b/windows/security/threat-protection/auditing/event-4902.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md
index 2108eb415c..1f7335e6da 100644
--- a/windows/security/threat-protection/auditing/event-4904.md
+++ b/windows/security/threat-protection/auditing/event-4904.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/07/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md
index af4f74d165..c710230070 100644
--- a/windows/security/threat-protection/auditing/event-4905.md
+++ b/windows/security/threat-protection/auditing/event-4905.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md
index 9208e75d52..2cdc197a9b 100644
--- a/windows/security/threat-protection/auditing/event-4906.md
+++ b/windows/security/threat-protection/auditing/event-4906.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md
index 71c6f4389e..91ed3cfa75 100644
--- a/windows/security/threat-protection/auditing/event-4907.md
+++ b/windows/security/threat-protection/auditing/event-4907.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md
index a7e2609569..58d9d7331a 100644
--- a/windows/security/threat-protection/auditing/event-4908.md
+++ b/windows/security/threat-protection/auditing/event-4908.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md
index a08a312aa7..6420bf04c1 100644
--- a/windows/security/threat-protection/auditing/event-4909.md
+++ b/windows/security/threat-protection/auditing/event-4909.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md
index a42f7d4976..a541352ac0 100644
--- a/windows/security/threat-protection/auditing/event-4910.md
+++ b/windows/security/threat-protection/auditing/event-4910.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md
index 62d52c4a39..c31636a2f6 100644
--- a/windows/security/threat-protection/auditing/event-4911.md
+++ b/windows/security/threat-protection/auditing/event-4911.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md
index 497e033748..152e9607f3 100644
--- a/windows/security/threat-protection/auditing/event-4912.md
+++ b/windows/security/threat-protection/auditing/event-4912.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md
index 249b87fddf..5da5f88ef9 100644
--- a/windows/security/threat-protection/auditing/event-4913.md
+++ b/windows/security/threat-protection/auditing/event-4913.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md
index 87aa133b56..371f4689c7 100644
--- a/windows/security/threat-protection/auditing/event-4928.md
+++ b/windows/security/threat-protection/auditing/event-4928.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md
index 9e2cebecfa..288d0528f8 100644
--- a/windows/security/threat-protection/auditing/event-4929.md
+++ b/windows/security/threat-protection/auditing/event-4929.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md
index d3358dfb20..ca6a21d07a 100644
--- a/windows/security/threat-protection/auditing/event-4930.md
+++ b/windows/security/threat-protection/auditing/event-4930.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md
index a7194bed81..0f1f2d11af 100644
--- a/windows/security/threat-protection/auditing/event-4931.md
+++ b/windows/security/threat-protection/auditing/event-4931.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md
index e93c24be96..574e020321 100644
--- a/windows/security/threat-protection/auditing/event-4932.md
+++ b/windows/security/threat-protection/auditing/event-4932.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md
index 74f78f813e..54e6d63dd5 100644
--- a/windows/security/threat-protection/auditing/event-4933.md
+++ b/windows/security/threat-protection/auditing/event-4933.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md
index 19906099da..363e2dea0f 100644
--- a/windows/security/threat-protection/auditing/event-4934.md
+++ b/windows/security/threat-protection/auditing/event-4934.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md
index 4e0c3d1f56..04b067063a 100644
--- a/windows/security/threat-protection/auditing/event-4935.md
+++ b/windows/security/threat-protection/auditing/event-4935.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md
index 01eda75a08..04fb5a689c 100644
--- a/windows/security/threat-protection/auditing/event-4936.md
+++ b/windows/security/threat-protection/auditing/event-4936.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md
index fa37062d68..ad871628bd 100644
--- a/windows/security/threat-protection/auditing/event-4937.md
+++ b/windows/security/threat-protection/auditing/event-4937.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md
index d152fa7bd0..d93811a130 100644
--- a/windows/security/threat-protection/auditing/event-4944.md
+++ b/windows/security/threat-protection/auditing/event-4944.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md
index 93de0900e5..8099cfeca6 100644
--- a/windows/security/threat-protection/auditing/event-4945.md
+++ b/windows/security/threat-protection/auditing/event-4945.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md
index 987fcd7711..077de83d96 100644
--- a/windows/security/threat-protection/auditing/event-4946.md
+++ b/windows/security/threat-protection/auditing/event-4946.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md
index 5a37c3b10a..7647e63929 100644
--- a/windows/security/threat-protection/auditing/event-4947.md
+++ b/windows/security/threat-protection/auditing/event-4947.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md
index 72913611bc..9000f97907 100644
--- a/windows/security/threat-protection/auditing/event-4948.md
+++ b/windows/security/threat-protection/auditing/event-4948.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md
index 76dd0e123b..188a147179 100644
--- a/windows/security/threat-protection/auditing/event-4949.md
+++ b/windows/security/threat-protection/auditing/event-4949.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md
index 1ec890e457..4b7c3ef8da 100644
--- a/windows/security/threat-protection/auditing/event-4950.md
+++ b/windows/security/threat-protection/auditing/event-4950.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md
index 00b861d546..3922a0d9bc 100644
--- a/windows/security/threat-protection/auditing/event-4951.md
+++ b/windows/security/threat-protection/auditing/event-4951.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md
index 68ff52f7f0..1b2c9a1677 100644
--- a/windows/security/threat-protection/auditing/event-4952.md
+++ b/windows/security/threat-protection/auditing/event-4952.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md
index 7e81b25fcc..dcb48de16e 100644
--- a/windows/security/threat-protection/auditing/event-4953.md
+++ b/windows/security/threat-protection/auditing/event-4953.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md
index 695bfd873d..42e1732841 100644
--- a/windows/security/threat-protection/auditing/event-4954.md
+++ b/windows/security/threat-protection/auditing/event-4954.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md
index d3a52d5b51..ab54b58db2 100644
--- a/windows/security/threat-protection/auditing/event-4956.md
+++ b/windows/security/threat-protection/auditing/event-4956.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md
index 2aeb05c373..0049947eee 100644
--- a/windows/security/threat-protection/auditing/event-4957.md
+++ b/windows/security/threat-protection/auditing/event-4957.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md
index 5db7fef518..f1cbaa0f1d 100644
--- a/windows/security/threat-protection/auditing/event-4958.md
+++ b/windows/security/threat-protection/auditing/event-4958.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md
index e7947201b5..5567fdf5b4 100644
--- a/windows/security/threat-protection/auditing/event-4964.md
+++ b/windows/security/threat-protection/auditing/event-4964.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md
index 57d8caa9b1..4caca31a8e 100644
--- a/windows/security/threat-protection/auditing/event-4985.md
+++ b/windows/security/threat-protection/auditing/event-4985.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md
index 57a2f34679..ff2c44088f 100644
--- a/windows/security/threat-protection/auditing/event-5024.md
+++ b/windows/security/threat-protection/auditing/event-5024.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md
index 5cc6c360e1..334431f02f 100644
--- a/windows/security/threat-protection/auditing/event-5025.md
+++ b/windows/security/threat-protection/auditing/event-5025.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md
index cb0c821e16..1633648148 100644
--- a/windows/security/threat-protection/auditing/event-5027.md
+++ b/windows/security/threat-protection/auditing/event-5027.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md
index b4cf9d9daf..c83b0a955a 100644
--- a/windows/security/threat-protection/auditing/event-5028.md
+++ b/windows/security/threat-protection/auditing/event-5028.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md
index 727e18d0b8..4050293075 100644
--- a/windows/security/threat-protection/auditing/event-5029.md
+++ b/windows/security/threat-protection/auditing/event-5029.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md
index cf0d618c0c..19faefd2f3 100644
--- a/windows/security/threat-protection/auditing/event-5030.md
+++ b/windows/security/threat-protection/auditing/event-5030.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md
index 577a8d4b8a..1187494a86 100644
--- a/windows/security/threat-protection/auditing/event-5031.md
+++ b/windows/security/threat-protection/auditing/event-5031.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md
index c03cf24c26..369d590db9 100644
--- a/windows/security/threat-protection/auditing/event-5032.md
+++ b/windows/security/threat-protection/auditing/event-5032.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md
index 720d4db20a..bd275a6463 100644
--- a/windows/security/threat-protection/auditing/event-5033.md
+++ b/windows/security/threat-protection/auditing/event-5033.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md
index f1bbdec7bb..bd017daa1f 100644
--- a/windows/security/threat-protection/auditing/event-5034.md
+++ b/windows/security/threat-protection/auditing/event-5034.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md
index 9884e30c6f..cda5f7ddc7 100644
--- a/windows/security/threat-protection/auditing/event-5035.md
+++ b/windows/security/threat-protection/auditing/event-5035.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md
index b33b0b7f4e..6421be47c1 100644
--- a/windows/security/threat-protection/auditing/event-5037.md
+++ b/windows/security/threat-protection/auditing/event-5037.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md
index 8fc4f1ce69..865a9e7de3 100644
--- a/windows/security/threat-protection/auditing/event-5038.md
+++ b/windows/security/threat-protection/auditing/event-5038.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md
index a69a2f51d9..3d9ba6fd9a 100644
--- a/windows/security/threat-protection/auditing/event-5039.md
+++ b/windows/security/threat-protection/auditing/event-5039.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md
index cbd5e8cd4f..706e02d603 100644
--- a/windows/security/threat-protection/auditing/event-5051.md
+++ b/windows/security/threat-protection/auditing/event-5051.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md
index d79db9f877..d67c948bf7 100644
--- a/windows/security/threat-protection/auditing/event-5056.md
+++ b/windows/security/threat-protection/auditing/event-5056.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md
index a9c17ce454..9c4c3bbbc7 100644
--- a/windows/security/threat-protection/auditing/event-5057.md
+++ b/windows/security/threat-protection/auditing/event-5057.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md
index b5420ecbbb..b8f43fd22c 100644
--- a/windows/security/threat-protection/auditing/event-5058.md
+++ b/windows/security/threat-protection/auditing/event-5058.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index 9fd58f5976..80656eb84c 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index 56c8924e9c..95c791073a 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index 26630fa96f..37ce0fe43d 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md
index 99771cf63c..8273fa0b06 100644
--- a/windows/security/threat-protection/auditing/event-5062.md
+++ b/windows/security/threat-protection/auditing/event-5062.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md
index 7b1e2f20be..111a1bebce 100644
--- a/windows/security/threat-protection/auditing/event-5063.md
+++ b/windows/security/threat-protection/auditing/event-5063.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md
index 50967e8e1d..3414385e9f 100644
--- a/windows/security/threat-protection/auditing/event-5064.md
+++ b/windows/security/threat-protection/auditing/event-5064.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md
index 607adf75b2..2543372fd8 100644
--- a/windows/security/threat-protection/auditing/event-5065.md
+++ b/windows/security/threat-protection/auditing/event-5065.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md
index a77382fdbd..6385f0488a 100644
--- a/windows/security/threat-protection/auditing/event-5066.md
+++ b/windows/security/threat-protection/auditing/event-5066.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md
index 83a9960d2c..16a2775d06 100644
--- a/windows/security/threat-protection/auditing/event-5067.md
+++ b/windows/security/threat-protection/auditing/event-5067.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md
index 1eec94b8e7..49659e38f5 100644
--- a/windows/security/threat-protection/auditing/event-5068.md
+++ b/windows/security/threat-protection/auditing/event-5068.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md
index d8914e5d08..ffcfb92ca9 100644
--- a/windows/security/threat-protection/auditing/event-5069.md
+++ b/windows/security/threat-protection/auditing/event-5069.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md
index 1e2423d3f3..079cb18504 100644
--- a/windows/security/threat-protection/auditing/event-5070.md
+++ b/windows/security/threat-protection/auditing/event-5070.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md
index cdebfbac73..e71aa708cc 100644
--- a/windows/security/threat-protection/auditing/event-5136.md
+++ b/windows/security/threat-protection/auditing/event-5136.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md
index 540d0187a2..e7d10b0197 100644
--- a/windows/security/threat-protection/auditing/event-5137.md
+++ b/windows/security/threat-protection/auditing/event-5137.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md
index 09c8e7ddeb..1120df1fc3 100644
--- a/windows/security/threat-protection/auditing/event-5138.md
+++ b/windows/security/threat-protection/auditing/event-5138.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md
index 2e65bd8c4c..09ca54dca4 100644
--- a/windows/security/threat-protection/auditing/event-5139.md
+++ b/windows/security/threat-protection/auditing/event-5139.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index e04f04c79d..d79d99892e 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md
index 5204b0bc87..e70a399593 100644
--- a/windows/security/threat-protection/auditing/event-5141.md
+++ b/windows/security/threat-protection/auditing/event-5141.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index 9f5e758229..790b6ea8f0 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index fb42c41529..e26f69e294 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index b9b86c4142..6d6a16e1af 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 191b70ddbe..32fef4024d 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md
index 25114d8d2b..291a541e11 100644
--- a/windows/security/threat-protection/auditing/event-5148.md
+++ b/windows/security/threat-protection/auditing/event-5148.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md
index adb0eeb2cc..0f37543acf 100644
--- a/windows/security/threat-protection/auditing/event-5149.md
+++ b/windows/security/threat-protection/auditing/event-5149.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md
index 9dce2ef7fe..aa56f896dc 100644
--- a/windows/security/threat-protection/auditing/event-5150.md
+++ b/windows/security/threat-protection/auditing/event-5150.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md
index acf986a555..22dcd9a63e 100644
--- a/windows/security/threat-protection/auditing/event-5151.md
+++ b/windows/security/threat-protection/auditing/event-5151.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index c051185452..363a095741 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md
index e969dc8a2e..a46227f056 100644
--- a/windows/security/threat-protection/auditing/event-5153.md
+++ b/windows/security/threat-protection/auditing/event-5153.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index ac6d1c65ff..76424d3ca5 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md
index 5bf71f6985..89e206fdbb 100644
--- a/windows/security/threat-protection/auditing/event-5155.md
+++ b/windows/security/threat-protection/auditing/event-5155.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index 724eaef46c..95b20ccfcf 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index 1e39f7ffb8..cce391d0d8 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index 38240c1959..7152b22478 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index ac4d655290..1c163b30dc 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index 6e3c96eb23..f961f15bab 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md
index a16faf1299..0f2be5a04a 100644
--- a/windows/security/threat-protection/auditing/event-5376.md
+++ b/windows/security/threat-protection/auditing/event-5376.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md
index 3507bd16cb..d5a1660220 100644
--- a/windows/security/threat-protection/auditing/event-5377.md
+++ b/windows/security/threat-protection/auditing/event-5377.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md
index fe25938e5e..25c68deee6 100644
--- a/windows/security/threat-protection/auditing/event-5378.md
+++ b/windows/security/threat-protection/auditing/event-5378.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md
index 0acc7c3617..d1ffd6b03d 100644
--- a/windows/security/threat-protection/auditing/event-5447.md
+++ b/windows/security/threat-protection/auditing/event-5447.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index 4318afccfa..0815f5d12f 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md
index e1c83e2ce0..bf786c1d2d 100644
--- a/windows/security/threat-protection/auditing/event-5633.md
+++ b/windows/security/threat-protection/auditing/event-5633.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md
index a16b225c22..a7ec0a5e10 100644
--- a/windows/security/threat-protection/auditing/event-5712.md
+++ b/windows/security/threat-protection/auditing/event-5712.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md
index 9883763620..47bfb7e52c 100644
--- a/windows/security/threat-protection/auditing/event-5888.md
+++ b/windows/security/threat-protection/auditing/event-5888.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md
index 35333b2c0a..21bced3526 100644
--- a/windows/security/threat-protection/auditing/event-5889.md
+++ b/windows/security/threat-protection/auditing/event-5889.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md
index 62ffc37aef..652453190a 100644
--- a/windows/security/threat-protection/auditing/event-5890.md
+++ b/windows/security/threat-protection/auditing/event-5890.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md
index f48236f8f6..b58495dff5 100644
--- a/windows/security/threat-protection/auditing/event-6144.md
+++ b/windows/security/threat-protection/auditing/event-6144.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md
index 6b7c90a16e..690cca9856 100644
--- a/windows/security/threat-protection/auditing/event-6145.md
+++ b/windows/security/threat-protection/auditing/event-6145.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/08/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md
index 574a3854b0..b740282ddf 100644
--- a/windows/security/threat-protection/auditing/event-6281.md
+++ b/windows/security/threat-protection/auditing/event-6281.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md
index dc64fd05a5..8ea567df22 100644
--- a/windows/security/threat-protection/auditing/event-6400.md
+++ b/windows/security/threat-protection/auditing/event-6400.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md
index 94f6633a46..6216a8ab19 100644
--- a/windows/security/threat-protection/auditing/event-6401.md
+++ b/windows/security/threat-protection/auditing/event-6401.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md
index 73129dfd29..6e00df66af 100644
--- a/windows/security/threat-protection/auditing/event-6402.md
+++ b/windows/security/threat-protection/auditing/event-6402.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md
index 58d24830a0..92b228cf4a 100644
--- a/windows/security/threat-protection/auditing/event-6403.md
+++ b/windows/security/threat-protection/auditing/event-6403.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md
index dbe0f13d14..ef4073df30 100644
--- a/windows/security/threat-protection/auditing/event-6404.md
+++ b/windows/security/threat-protection/auditing/event-6404.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md
index a4f439d202..63fc073a30 100644
--- a/windows/security/threat-protection/auditing/event-6405.md
+++ b/windows/security/threat-protection/auditing/event-6405.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md
index f0c92f84f6..057f4579b7 100644
--- a/windows/security/threat-protection/auditing/event-6406.md
+++ b/windows/security/threat-protection/auditing/event-6406.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md
index 5341074ad2..40c5e05deb 100644
--- a/windows/security/threat-protection/auditing/event-6407.md
+++ b/windows/security/threat-protection/auditing/event-6407.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md
index aafcea4c9c..6c5f475831 100644
--- a/windows/security/threat-protection/auditing/event-6408.md
+++ b/windows/security/threat-protection/auditing/event-6408.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md
index 4b002854ab..c1fbba806a 100644
--- a/windows/security/threat-protection/auditing/event-6409.md
+++ b/windows/security/threat-protection/auditing/event-6409.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md
index 26fa20d6b1..a2b8474480 100644
--- a/windows/security/threat-protection/auditing/event-6410.md
+++ b/windows/security/threat-protection/auditing/event-6410.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md
index 01223f3581..352f1eabbb 100644
--- a/windows/security/threat-protection/auditing/event-6416.md
+++ b/windows/security/threat-protection/auditing/event-6416.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md
index 447bcd58dc..e44f35c6ff 100644
--- a/windows/security/threat-protection/auditing/event-6419.md
+++ b/windows/security/threat-protection/auditing/event-6419.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md
index 80521a6822..951cd5e25d 100644
--- a/windows/security/threat-protection/auditing/event-6420.md
+++ b/windows/security/threat-protection/auditing/event-6420.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md
index aa1d7704f1..866bdda53e 100644
--- a/windows/security/threat-protection/auditing/event-6421.md
+++ b/windows/security/threat-protection/auditing/event-6421.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md
index 1a6e391654..7411ffa42b 100644
--- a/windows/security/threat-protection/auditing/event-6422.md
+++ b/windows/security/threat-protection/auditing/event-6422.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md
index 4b1f78c094..ebf46bad15 100644
--- a/windows/security/threat-protection/auditing/event-6423.md
+++ b/windows/security/threat-protection/auditing/event-6423.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md
index 81cd90103b..ef8f789bd2 100644
--- a/windows/security/threat-protection/auditing/event-6424.md
+++ b/windows/security/threat-protection/auditing/event-6424.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.localizationpriority: none
+ms.localizationpriority: low
 author: vinaypamnani-msft
 ms.date: 09/09/2021
 ms.reviewer: 
diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
index 9c710c203e..02b8e42af0 100644
--- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
@@ -174,7 +174,7 @@ The following table illustrates an analysis of computers in an organization.
  
 ### Regulatory requirements
 
-Many industries and locales have specific requirements for network operations and how resources are protected. In the health care and financial industries, for example, strict guidelines control who can access records and how the records are used. Many countries have strict privacy rules. To identify regulatory requirements, work with your organization's legal department and other departments responsible for these requirements. Then consider the security configuration and auditing options that you can use to comply with these regulations and verify compliance.
+Many industries and locales have specific requirements for network operations and how resources are protected. In the health care and financial industries, for example, strict guidelines control who can access records and how the records are used. Many countries/regions have strict privacy rules. To identify regulatory requirements, work with your organization's legal department and other departments responsible for these requirements. Then consider the security configuration and auditing options that you can use to comply with these regulations and verify compliance.
 
 For more information, see the [System Center Process Pack for IT GRC](/previous-versions/tn-archive/dd206732(v=technet.10)).
 
diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md
index 90e0745872..da20ec1bb0 100644
--- a/windows/security/threat-protection/auditing/security-auditing-overview.md
+++ b/windows/security/threat-protection/auditing/security-auditing-overview.md
@@ -31,7 +31,4 @@ Security auditing is one of the most powerful tools that you can use to maintain
 | Topic | Description |
 | - | - |
 |[Basic security audit policies](basic-security-audit-policies.md) |Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization. |
-|[Advanced security audit policies](./advanced-security-auditing.md) |Advanced security audit policy settings are found in **Security Settings\Advanced Audit Policy Configuration\System Audit Policies** and appear to overlap with basic security audit policies, but they're recorded and applied differently. |
-
-
-
+|[Advanced security audit policies](advanced-security-auditing.md) |Advanced security audit policy settings are found in **Security Settings\Advanced Audit Policy Configuration\System Audit Policies** and appear to overlap with basic security audit policies, but they're recorded and applied differently. |
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index 76f980c27e..005fb7d07d 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -5,7 +5,7 @@ ms.reviewer:
 ms.prod: windows-client
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.date: 08/14/2017
 ms.localizationpriority: medium
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/images/community.png b/windows/security/threat-protection/images/community.png
deleted file mode 100644
index 8d99720c6e..0000000000
Binary files a/windows/security/threat-protection/images/community.png and /dev/null differ
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index dfaa642ba7..ffc754aaf6 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -4,7 +4,7 @@ description: Describes the security capabilities in Windows client focused on th
 ms.prod: windows-client
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.topic: conceptual
 ms.technology: itpro-security
 ms.date: 12/31/2017
@@ -12,13 +12,7 @@ ms.date: 12/31/2017
 
 # Windows threat protection
 
-**Applies to:**
-- Windows 10
-- Windows 11
-
-In Windows client, hardware and software work together to help protect you from new and emerging threats. Expanded security protections in Windows 11 help boost security from the chip, to the cloud.  
-
-## Windows threat protection
+In Windows client, hardware and software work together to help protect you from new and emerging threats. Expanded security protections in Windows 11 help boost security from the chip, to the cloud.
 
 See the following articles to learn more about the different areas of Windows threat protection:
 
@@ -26,17 +20,18 @@ See the following articles to learn more about the different areas of Windows th
 - [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
 - [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders)
 - [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection)
-- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)
-- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
+- [Microsoft Defender Application Guard](../application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview.md)
+- [Microsoft Defender Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
+- [Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/)
 - [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)
-- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)
+- [Virtualization-Based Protection of Code Integrity](../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)
 - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
-- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md)
-- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)
+- [Windows Firewall](../operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md)
+- [Windows Sandbox](../application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md)
 
-### Next-generation protection
-Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. 
+## Next-generation protection
+
+Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time.
 
 - [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
 - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
deleted file mode 100644
index 8fbd730b70..0000000000
--- a/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
+++ /dev/null
@@ -1,78 +0,0 @@
----
-title: Configure the Group Policy settings for Microsoft Defender Application Guard 
-description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
-ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 08/22/2022
-ms.reviewer: 
-manager: aaroncz
-ms.custom: sasr
-ms.technology: itpro-security
-ms.topic: how-to
----
-
-# Configure Microsoft Defender Application Guard policy settings
-
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
-Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain.
-
-Application Guard uses both network isolation and application-specific settings.
-
-[!INCLUDE [microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management](../../../../includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md)]
-
-For more information about Microsoft Defender Application Guard (MDAG) for Edge in stand-alone mode, see [Microsoft Defender Application Guard overview](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview).
-
-## Network isolation settings
-
-These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
-
-> [!NOTE]
-> For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you don't need to configure network isolation policy to enable Application Guard for Microsoft Edge in managed mode.
-
-> [!NOTE]
-> You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the **Domains categorized as both work and personal** policy.
-
-|Policy name|Supported versions|Description|
-|-----------|------------------|-----------|
-|Private network ranges for apps | At least Windows Server 2012, Windows 8, or Windows RT| A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
-|Enterprise resource domains hosted in the cloud| At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (`|`) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
-|Domains categorized as both work and personal| At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. <p>This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
-
-## Network isolation settings wildcards
-
-|Value|Number of dots to the left|Meaning|
-|-----|--------------------------|-------|
-|`contoso.com`|0|Trust only the literal value of `contoso.com`.|
-|`www.contoso.com`|0|Trust only the literal value of `www.contoso.com`.|
-|`.contoso.com`|1|Trust any domain that ends with the text `contoso.com`. Matching sites include `spearphishingcontoso.com`, `contoso.com`, and `www.contoso.com`.|
-|`..contoso.com`|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include `shop.contoso.com`, `us.shop.contoso.com`, `www.us.shop.contoso.com`, but NOT `contoso.com` itself.|
-
-## Application-specific settings
-These settings, located at `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard`, can help you to manage your organization's implementation of Application Guard.
-
-|Name|Supported versions|Description|Options|
-|-----------|------------------|-----------|-------|
-|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 11 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** This is effective only in managed mode. Turns on the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns off the clipboard functionality for Application Guard.|
-|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 11 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** This is effective only in managed mode. Turns on the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for other printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Allow Persistence|Windows 10 Enterprise, 1709 or higher<p>Windows 11 Enterprise|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
-|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher<p>Windows 11 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
-|Allow files to download to host operating system|Windows 10 Enterprise or Pro, 1803 or higher<p>Windows 11 Enterprise or Pro|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.|
-|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<p>Windows 11 Enterprise|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** This is effective only in managed mode. Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won't load any third-party graphics drivers or interact with any connected graphics hardware.|
-|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<p>Windows 11 Enterprise|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
-|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise or Pro, 1809 or higher<p>Windows 11 Enterprise or Pro|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates aren't shared with Microsoft Defender Application Guard.|
-|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<p>Windows 11 Enterprise|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** This is effective only in managed mode. Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** Event logs aren't collected from your Application Guard container.|
-## Application Guard support dialog settings
-
-These settings are located at `Administrative Templates\Windows Components\Windows Security\Enterprise Customization`. If an error is encountered, you're presented with a dialog box. By default, this dialog box only contains the error information and a button for you to report it to Microsoft via the feedback hub. However, it's possible to provide additional information in the dialog box.
-
-[Use Group Policy to enable and customize contact information](/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information#use-group-policy-to-enable-and-customize-contact-information).
-
diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
index 9ce8d9bfcc..682b246cfa 100644
--- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
+++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
@@ -4,7 +4,7 @@ description: How to use Group Policy to override individual Process Mitigation O
 ms.prod: windows-client
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.localizationpriority: medium
 ms.technology: itpro-security
 ms.date: 12/31/2017
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index c72345df1e..365c09f330 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -1,11 +1,11 @@
 ---
-title: Mitigate threats by using Windows 10 security features 
+title: Mitigate threats by using Windows 10 security features
 description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
 ms.prod: windows-client
 ms.localizationpriority: medium
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.technology: itpro-security
 ms.date: 12/31/2017
 ms.topic: article
@@ -84,7 +84,7 @@ Windows Defender SmartScreen notifies users if they click on reported phishing a
 
 For Windows 10, Microsoft improved SmartScreen (now called Windows Defender SmartScreen) protection capability by integrating its app reputation abilities into the operating system itself, which allows Windows Defender SmartScreen to check the reputation of files downloaded from the Internet and warn users when they're about to run a high-risk downloaded file. The first time a user runs an app that originates from the Internet, Windows Defender SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, Windows Defender SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Microsoft Intune or Group Policy settings.
 
-For more information, see [Microsoft Defender SmartScreen overview](microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md).
+For more information, see [Microsoft Defender SmartScreen overview](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/).
 
 ### Microsoft Defender Antivirus
 
@@ -124,7 +124,7 @@ Data Execution Prevention (DEP) does exactly that, by substantially reducing the
 
 5. Click **OK**.
 
-You can now see which processes have DEP enabled. 
+You can now see which processes have DEP enabled.
 
 <!-- This might be a good place to mention the cmdlet that lets you see the same kind of output. -->
 
@@ -296,7 +296,7 @@ Some of the protections available in Windows 10 are provided through functions t
 | Extension point disable to block the use of certain third-party extension points | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)<br>\[PROCESS\_CREATION\_MITIGATION\_POLICY\_EXTENSION\_POINT\_DISABLE\_ALWAYS\_ON\] |
 | Heap terminate on corruption to protect the system against a corrupted heap      | [UpdateProcThreadAttribute function](/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute)<br>\[PROCESS\_CREATION\_MITIGATION\_POLICY\_HEAP\_TERMINATE\_ALWAYS\_ON\]  |
 
-## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit 
+## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit
 
 You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/topic/emet-mitigations-guidelines-b529d543-2a81-7b5a-d529-84b30e1ecee0), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore haven't been brought into Windows 10.
 
@@ -322,7 +322,7 @@ One of EMET's strengths is that it allows you to import and export configuration
 Install-Module -Name ProcessMitigations
 ```
 
-The Get-ProcessMitigation cmdlet gets the current mitigation settings from the registry or from a running process, or it can save all settings to an XML file. 
+The Get-ProcessMitigation cmdlet gets the current mitigation settings from the registry or from a running process, or it can save all settings to an XML file.
 
 To get the current settings on all running instances of notepad.exe:
 
@@ -377,7 +377,7 @@ ConvertTo-ProcessMitigationPolicy -EMETFilePath <String> -OutputFilePath <String
 Examples:
 
 - **Convert EMET settings to Windows 10 settings**: You can run ConvertTo-ProcessMitigationPolicy and provide an EMET XML settings file as input, which will generate a result file of Windows 10 mitigation settings. For example:
-    
+
     ```powershell
     ConvertTo-ProcessMitigationPolicy -EMETFilePath policy.xml -OutputFilePath result.xml
     ```
@@ -388,7 +388,7 @@ Examples:
     Set-ProcessMitigation -Name notepad.exe -Enable SEHOP -Disable MandatoryASLR,DEPATL
     ```
 
-- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](windows-defender-application-control/windows-defender-application-control-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections.
+- **Convert Attack surface reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMET's Attack surface reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy. For more information, see [Deploying Windows Defender Application Control (WDAC) policies](../application-security/application-control/windows-defender-application-control/deployment/wdac-deployment-guide.md). This completion will enable protections on Windows 10 equivalent to EMET's ASR protections.
 
 - **Convert Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET "Certificate Trust" XML file (pinning rules file), you can also use ConvertTo-ProcessMitigationPolicy to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](/windows/access-protection/enterprise-certificate-pinning). For example:
 
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 9681c928ff..a735631952 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -47,7 +47,7 @@ Because vulnerabilities can exist when this value is configured and when it's no
 
 ### Best practices
 
-The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) recommend a value of 10 could be an acceptable starting point for your organization.
+The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, [Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) recommend a value of 10 could be an acceptable starting point for your organization.
 
 As with other account lockout settings, this value is more of a guideline than a rule or best practice because there's no "one size fits all." For more information, see [Configuring Account Lockout](/archive/blogs/secguide/configuring-account-lockout).
 
@@ -117,7 +117,7 @@ Because vulnerabilities can exist when this value is configured and when it's no
     
 -   Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account.
 
-    [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but doesn't prevent a DoS attack.
+    [Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but doesn't prevent a DoS attack.
     
     Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it's needed to help mitigate massive lockouts caused by an attack on your systems.
 
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
index b19acf6ade..ab6175a99f 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
@@ -20,11 +20,13 @@ ms.technology: itpro-security
 # Accounts: Block Microsoft accounts
 
 **Applies to**
--   Windows 11
--   Windows 10
+-   Windows 10, version 1607 and earlier
 
 Describes the best practices, location, values, management, and security considerations for the **Accounts: Block Microsoft accounts** security policy setting.
 
+> [!IMPORTANT]
+> In Windows 10, version 1703 and later, this policy is no longer effective because the process for adding Microsoft Accounts changed. For Windows 10, version 1703 and later, instead of using this policy use the "Block all consumer Microsoft user account authentication" policy located under Computer Configuration\Administrative Templates\Windows Components\Microsoft account.
+
 ## Reference
 
 This setting prevents using the **Settings** app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services. For more information, see [Microsoft Accounts](/windows-server/identity/ad-ds/manage/understand-microsoft-accounts).
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
index fd5538b2a7..5c246fea41 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
@@ -1,8 +1,8 @@
 ---
-title: Allow log on locally - security policy setting 
+title: Allow log on locally - security policy setting
 description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on locally security policy setting.
 ms.assetid: d9e5e1f3-3bff-4da7-a9a2-4bb3e0c79055
-ms.reviewer: 
+ms.reviewer:
 ms.author: vinpa
 ms.prod: windows-client
 ms.mktglfcycl: deploy
@@ -29,7 +29,7 @@ Describes the best practices, location, values, policy management, and security
 
 This policy setting determines which users can start an interactive session on the device. Users must have this user right to log on over a Remote Desktop Services session that is running on a Windows-based member device or domain controller.
 > **Note:**  Users who do not have this right are still able to start a remote interactive session on the device if they have the **Allow logon through Remote Desktop Services** right.
- 
+
 Constant: SeInteractiveLogonRight
 
 ### Possible values
@@ -48,6 +48,7 @@ By default, the members of the following groups have this right on domain contro
 -   Account Operators
 -   Administrators
 -   Backup Operators
+-   Enterprise Domain Controllers
 -   Print Operators
 -   Server Operators
 
@@ -62,17 +63,17 @@ Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Pol
 
 ### Default values
 
-The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page.
+The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy's property page.
 
 | Server type or GPO | Default value |
 | - | - |
 | Default Domain Policy| Not Defined |
-| Default Domain Controller Policy | Account Operators<br>Administrators<br>Backup Operators<br>Print Operators<br>Server Operators |
+| Default Domain Controller Policy | Account Operators<br>Administrators<br>Backup Operators<br>Enterprise Domain Controllers<br>Print Operators<br>Server Operators |
 | Stand-Alone Server Default Settings| Administrators<br>Backup Operators<br>Users |
-| Domain Controller Effective Default Settings | Account Operators<br>Administrators<br>Backup Operators<br>Print Operators<br>Server Operators |
+| Domain Controller Effective Default Settings | Account Operators<br>Administrators<br>Backup Operators<br>Enterprise Domain Controllers<br>Print Operators<br>Server Operators |
 | Member Server Effective Default Settings | Administrators<br>Backup Operators<br>Users |
 | Client Computer Effective Default Settings | Administrators<br>Backup Operators<br>Users |
- 
+
 ## Policy management
 
 Restarting the device is not required to implement this change.
@@ -112,5 +113,5 @@ If you remove these default groups, you could limit the abilities of users who a
 
 ## Related topics
 - [User Rights Assignment](user-rights-assignment.md)
- 
- 
+
+
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index 63272a0b01..03d85f19cb 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -42,7 +42,7 @@ This policy setting allows you to specify an ACL in two different ways. You can
 
 -   Blank
 
-    This value represents how the local security policy deletes the policy enforcement key. This value deletes the policy and then sets it as Not defined. The Blank value is set by using the ACL editor to empty the list, and then pressing OK.
+    This value represents how the local security policy deletes the policy enforcement key. This value deletes the policy and then sets it as Not defined. To set a blank value, select "Define this policy setting" and leave the Security descriptor empty, and then select OK.
 
 ### Location
 
diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
index ec6ef4ec58..8f52bd244e 100644
--- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
@@ -86,7 +86,7 @@ Settings are applied in the following order through a Group Policy Object (GPO),
 When a local setting is greyed out, it indicates that a GPO currently controls that setting.
 
 > [!NOTE]
-> More information about configuring the policy can be found [here](./how-to-configure-security-policy-settings.md).
+> More information about configuring the policy can be found [here](how-to-configure-security-policy-settings.md).
 
 ## Security considerations
 
diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
index 8d0ace0072..6dcfe5687d 100644
--- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
@@ -1,93 +1,81 @@
 ---
-title: Configure security policy settings 
+title: Configure security policy settings
 description: Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.
-ms.assetid: 63b0967b-a9fe-4d92-90af-67469ee20320
-ms.reviewer: 
 ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
-audience: ITPro
-ms.collection: 
-  - highpri
-  - tier3
+ms.collection:
+- highpri
+- tier3
 ms.topic: conceptual
-ms.date: 04/19/2017
-ms.technology: itpro-security
+ms.date: 06/07/2023
+appliesto:
+- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
+
 # Configure security policy settings
 
-**Applies to**
--   Windows 11
--   Windows 10
-
-Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.
-
-You must have Administrators rights on the local device, or you must have the appropriate permissions to update a Group Policy Object (GPO) on the domain controller to perform these procedures.
+This article describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller. You must have Administrators rights on the local device, or you must have the appropriate permissions to update a Group Policy Object (GPO) on the domain controller to perform these procedures.
 
 When a local setting is inaccessible, it indicates that a GPO currently controls that setting.
 
-## <a href="" id="bkmk-local"></a>To configure a setting using the Local Security Policy console
+## To configure a setting using the Local Security Policy console
 
-1.  To open Local Security Policy, on the **Start** screen, type **secpol.msc**, and then press ENTER.
-2.  Under **Security Settings** of the console tree, do one of the following:
+1. To open Local Security Policy, on the **Start** screen, type **secpol.msc**, and then press ENTER.
+1. Under **Security Settings** of the console tree, do one of the following:
+   - Select **Account Policies** to edit the **Password Policy** or **Account Lockout Policy**.
+   - Select **Local Policies** to edit an **Audit Policy**, a **User Rights Assignment**, or **Security Options**.
+1. When you find the policy setting in the details pane, double-click the security policy that you want to modify.
+1. Modify the security policy setting, and then select **OK**.
 
-    -   Click **Account Policies** to edit the **Password Policy** or **Account Lockout Policy**.
-    -   Click **Local Policies** to edit an **Audit Policy**, a **User Rights Assignment**, or **Security Options**.
+> [!NOTE]
+>
+> - Some security policy settings require that the device be restarted before the setting takes effect.
+> - Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
 
-3.  When you find the policy setting in the details pane, double-click the security policy that you want to modify.
-4.  Modify the security policy setting, and then click **OK**.
-
-    > [!NOTE]
-    > -   Some security policy settings require that the device be restarted before the setting takes effect.
-    > -   Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
-     
-## <a href="" id="bkmk-domain"></a>To configure a security policy setting using the Local Group Policy Editor console
+## To configure a security policy setting using the Local Group Policy Editor console
 
 You must have the appropriate permissions to install and use the Microsoft Management Console (MMC), and to update a Group Policy Object (GPO) on the domain controller to perform these procedures.
 
-1.  Open the Local Group Policy Editor (gpedit.msc).
-2.  In the console tree, click **Computer Configuration**, click **Windows Settings**, and then click **Security Settings**.
-3.  Do one of the following:
+1. Open the Local Group Policy Editor (gpedit.msc).
+1. In the console tree, click **Computer Configuration**, select **Windows Settings**, and then select **Security Settings**.
+1. Do one of the following:
+   - Select **Account Policies** to edit the **Password Policy** or **Account Lockout Policy**.
+   - Select **Local Policies** to edit an **Audit Policy**, a **User Rights Assignment**, or **Security Options**.
+1. In the details pane, double-click the security policy setting that you want to modify.
 
-    -   Click **Account Policies** to edit the **Password Policy** or **Account Lockout Policy**.
-    -   Click **Local Policies** to edit an **Audit Policy**, a **User Rights Assignment**, or **Security Options**.
+   > [!NOTE]
+   > If this security policy has not yet been defined, select the **Define these policy settings** check box.
 
-4.  In the details pane, double-click the security policy setting that you want to modify.
-
-    > [!NOTE]
-    > If this security policy has not yet been defined, select the **Define these policy settings** check box.
-     
-5.  Modify the security policy setting, and then click **OK**.
+1. Modify the security policy setting, and then select **OK**.
 
 > [!NOTE]
 > If you want to configure security settings for many devices on your network, you can use the Group Policy Management Console.
- 
-## <a href="" id="bkmk-dc"></a>To configure a setting for a domain controller
+
+## To configure a setting for a domain controller
 
 The following procedure describes how to configure a security policy setting for only a domain controller (from the domain controller).
 
-1.  To open the domain controller security policy, in the console tree, locate *GroupPolicyObject \[ComputerName\]* Policy, click **Computer Configuration**, click **Windows Settings**, and then click **Security Settings**.
-2.  Do one of the following:
+1. To open the domain controller security policy, in the console tree, locate *GroupPolicyObject \[ComputerName\]* Policy, click **Computer Configuration**, click **Windows Settings**, and then click **Security Settings**.
+1. Do one of the following:
 
-    -   Double-click **Account Policies** to edit the **Password Policy**, **Account Lockout Policy**, or **Kerberos Policy**.
-    -   Click **Local Policies** to edit the **Audit Policy**, a **User Rights Assignment**, or **Security Options**.
+   - Double-click **Account Policies** to edit the **Password Policy**, **Account Lockout Policy**, or **Kerberos Policy**.
+   - Select **Local Policies** to edit the **Audit Policy**, a **User Rights Assignment**, or **Security Options**.
 
-3.  In the details pane, double-click the security policy that you want to modify.
+1. In the details pane, double-click the security policy that you want to modify.
 
-    > [!NOTE]
-    > If this security policy has not yet been defined, select the **Define these policy settings** check box.
-     
-4.  Modify the security policy setting, and then click **OK**.
+   > [!NOTE]
+   > If this security policy has not yet been defined, select the **Define these policy settings** check box.
+
+1. Modify the security policy setting, and then select **OK**.
 
 > [!IMPORTANT]
-> -   Always test a newly created policy in a test organizational unit before you apply it to your network.
-> -   When you change a security setting through a GPO and click **OK**, that setting will take effect the next time you refresh the settings.
- 
-## Related topics
+>
+> - Always test a newly created policy in a test organizational unit before you apply it to your network.
+> - When you change a security setting through a GPO and click **OK**, that setting will take effect the next time you refresh the settings.
+
+## Related articles
 
 - [Security policy settings reference](security-policy-settings-reference.md)
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
index aba7cdc252..1917c4b70b 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
@@ -1,5 +1,5 @@
 ---
-title: Interactive logon Don't display last signed-in 
+title: Interactive logon Don't display last signed-in
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display last user name security policy setting.
 ms.prod: windows-client
 ms.mktglfcycl: deploy
@@ -11,7 +11,7 @@ manager: aaroncz
 audience: ITPro
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.reviewer: 
+ms.reviewer:
 ms.author: vinpa
 ms.technology: itpro-security
 ---
@@ -19,8 +19,11 @@ ms.technology: itpro-security
 # Interactive logon: Don't display last signed-in
 
 **Applies to**
--   Windows 11
--   Windows 10
+- Windows 11
+- Windows 10
+- Windows Server 2022
+- Windows Server 2019
+- Windows Server 2016
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting. Before Windows 10 version 1703, this policy setting was named **Interactive logon:Do not display last user name.**
 
@@ -56,7 +59,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 | Domain controller effective default settings | Disabled|
 | Member server effective default settings | Disabled|
 | Effective GPO default settings on client computers | Disabled|
- 
+
 ## Policy management
 
 This section describes features and tools that are available to help you manage this policy.
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
index 29c230e657..eadc6514fe 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
@@ -1,8 +1,8 @@
 ---
-title: Interactive logon Don't display username at sign-in 
+title: Interactive logon Don't display username at sign-in
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting.
 ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
-ms.reviewer: 
+ms.reviewer:
 ms.author: vinpa
 ms.prod: windows-client
 ms.mktglfcycl: deploy
@@ -22,7 +22,9 @@ ms.technology: itpro-security
 **Applies to**
 - Windows 11
 - Windows 10
+- Windows Server 2022
 - Windows Server 2019
+- Windows Server 2016
 
 Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
 
@@ -89,7 +91,7 @@ Enable the **Interactive logon: Don't display user name at sign-in** setting.
 
 ### Potential impact
 
-Users must always type their usernames and passwords when they log on locally or to the domain. The sign in tiles of all logged on users aren't displayed.
+Users must always type their usernames and passwords when they log on locally or to the domain. The sign in tiles of all logged on users aren't displayed. When this policy is enabled, you will be unable to change the default credential provider to anything other than username/password. In addition, this policy may be incompatible with autologon and multi-factor unlock.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
index 4b962010b1..079531c038 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
@@ -52,7 +52,7 @@ encrypting the information and keeping the cached credentials in the system's re
 
 ### Best practices
 
-The [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) don't recommend configuring this setting. 
+The [Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) don't recommend configuring this setting. 
 
 ### Location
 
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index c4c432757d..8d49c17278 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -38,7 +38,7 @@ Requiring users to use long, complex passwords for authentication enhances netwo
 
 ### Best practices
 
-- Set **Interactive logon: Require Windows Hello for Business or smart card** to Enabled. All users will have to use smart cards to sign in to the network, or a Windows Hello for Business method. This requirement means that the organization must have a reliable public key infrastructure (PKI) in place, and provide smart cards and smart card readers for all users. For more information about password-less authentication, see [Windows Hello for Business overview](../../identity-protection/hello-for-business/hello-overview.md).
+- Set **Interactive logon: Require Windows Hello for Business or smart card** to Enabled. All users will have to use smart cards to sign in to the network, or a Windows Hello for Business method. This requirement means that the organization must have a reliable public key infrastructure (PKI) in place, and provide smart cards and smart card readers for all users. For more information about password-less authentication, see [Windows Hello for Business overview](../../identity-protection/hello-for-business/index.md).
 
 ### Location
 
@@ -92,4 +92,4 @@ All users of a device with this setting enabled must use smart cards or a Window
 ## Related articles
 
 - [Security Options](security-options.md)
-- [Windows Hello for Business overview](../../identity-protection/hello-for-business/hello-overview.md)
+- [Windows Hello for Business overview](../../identity-protection/hello-for-business/index.md)
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
index c193b4ef7d..e42c7f62fc 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
@@ -35,7 +35,7 @@ The **Minimum password age** policy setting determines the period of time (in da
 
 ### Best practices
 
-[Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) recommend setting **Minimum password age** to one day. 
+[Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) recommend setting **Minimum password age** to one day. 
 
 Setting the number of days to 0 allows immediate password changes. This setting isn't recommended. 
 Combining immediate password changes with password history allows someone to change a password repeatedly until the password history requirement is met and re-establish the original password again. 
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
index a9b7f2583f..770a44407d 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
@@ -55,12 +55,12 @@ The following table lists the actual and effective default values for this polic
 
 | Server type or Group Policy Object (GPO) | Default value |
 | - | - |
-| Default domain policy| Disabled| 
-| Default domain controller policy| Disabled| 
-| Stand-alone server default settings | Disabled| 
-| Domain controller effective default settings| Not defined| 
-| Member server effective default settings | Not defined| 
-| Effective GPO default settings on client computers | Not defined| 
+| Default domain policy| Not defined| 
+| Default domain controller policy| Not defined| 
+| Stand-alone server default settings | Not defined| 
+| Domain controller effective default settings| Disabled| 
+| Member server effective default settings | Disabled| 
+| Effective GPO default settings on client computers |Disabled| 
  
 ### Policy management
 
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index 42cb403da5..6b65885d98 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -172,4 +172,4 @@ If the policy is defined, admin tools, scripts and software that formerly enumer
 
 ## Next steps
 
-[Security Options](./security-options.md)
+[Security Options](security-options.md)
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index f0c1ef0a6c..dbc99216c2 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -90,7 +90,7 @@ There are no security audit event policies that can be configured to view output
 
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
 
-NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the 
+NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB relay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the 
 Kerberos version 5 protocol, or different authentication mechanisms, such as smart cards.
 
 ### Vulnerability
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index a8b2882f5b..34f17b6527 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -1,30 +1,22 @@
 ---
-title: Password must meet complexity requirements 
+title: Password must meet complexity requirements
 description: Describes the best practices, location, values, and security considerations for the Password must meet complexity requirements security policy setting.
-ms.assetid: 94482ae3-9dda-42df-9782-2f66196e6afe
-ms.reviewer: 
 ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 manager: aaroncz
-audience: ITPro
-ms.collection: 
-  - highpri
-  - tier3
+ms.collection:
+ - highpri
+ - tier3
 ms.topic: conceptual
-ms.technology: itpro-security
-ms.date: 12/31/2017
+ms.date: 06/07/2023
 ---
 
-# Password must meet complexity requirements
+  # Password must meet complexity requirements
 
 **Applies to**
--   Windows 11
--   Windows 10
+-  Windows 11
+-  Windows 10
 
 Describes the best practices, location, values, and security considerations for the **Password must meet complexity requirements** security policy setting.
 
@@ -32,41 +24,48 @@ Describes the best practices, location, values, and security considerations for
 
 The **Passwords must meet complexity requirements** policy setting determines whether passwords must meet a series of strong-password guidelines. When enabled, this setting requires passwords to meet the following requirements:
 
-1.  Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither of these checks is case-sensitive.
+1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither of these checks is case-sensitive.
 
-    The samAccountName is checked in its entirety only to determine whether it's part of the password. If the samAccountName is fewer than three characters long, this check is skipped.
-    The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens aren't checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it's ignored. So, this user couldn't have a password that included either "erin" or "hagens" as a substring anywhere in the password.
+   The samAccountName is checked in its entirety only to determine whether it's part of the password. If the samAccountName is fewer than three characters long, this check is skipped. The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens aren't checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it's ignored. So, this user couldn't have a password that included either "erin" or "hagens" as a substring anywhere in the password.
 
-2.  The password contains characters from three of the following categories:
+2. The password contains characters from three of the following categories:
 
-    -   Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
-    -   Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
-    -   Base 10 digits (0 through 9)
-    -   Non-alphanumeric characters (special characters): 
-        (~!@#$%^&*_-+=`|\\(){}\[\]:;"'<>,.?/)
-        Currency symbols such as the Euro or British Pound aren't counted as special characters for this policy setting.
-    -   Any Unicode character that's categorized as an alphabetic character but isn't uppercase or lowercase. This group includes Unicode characters from Asian languages.
+   - Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters).
+
+   - Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters).
+
+   - Base 10 digits (0 through 9).
+
+   - Non-alphanumeric characters (special characters):
+
+     ```
+     '-!"#$%&()*,./:;?@[]^_`{|}~+<=>
+     ```
+
+     Currency symbols such as the Euro or British Pound aren't counted as special characters for this policy setting.
+
+   - Any Unicode character that's categorized as an alphabetic character but isn't uppercase or lowercase. This group includes Unicode characters from Asian languages.
 
 Complexity requirements are enforced when passwords are changed or created.
 
-The rules that are included in the Windows Server password complexity requirements are part of Passfilt.dll, and they can't be directly modified.
+The rules that are included in the Windows Server password complexity requirements are part of `Passfilt.dll`, and they can't be directly modified.
 
 When enabled, the default Passfilt.dll may cause some more Help Desk calls for locked-out accounts, because users are used to passwords that contain only characters that are in the alphabet. But this policy setting is liberal enough that all users should get used to it.
 
-Other settings that can be included in a custom Passfilt.dll are the use of non–upper-row characters. To type upper-row characters, you hold the SHIFT key and press one of any of the keys on the number row of the keyboard (from 1 through 9 and 0).
+Other settings that can be included in a custom `Passfilt.dll` are the use of non-upper-row characters. To type upper-row characters, you hold the SHIFT key and press one of any of the keys on the number row of the keyboard (from 1 through 9 and 0).
 
 ### Possible values
 
--   Enabled
--   Disabled
--   Not defined
+- Enabled
+- Disabled
+- Not defined
 
 ### Best practices
 
 > [!TIP]
 > For the latest best practices, see [Password Guidance](https://www.microsoft.com/research/publication/password-guidance).
 
-Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 159,238,157,238,528 different possibilities for a single password. This setting makes a brute force attack difficult, but still not impossible.
+Set **Passwords must meet complexity requirements** to Enabled. This policy setting, combined with a minimum password length of 8, ensures that there are at least 159,238,157,238,528 different possibilities for a single password. This setting makes a brute force attack difficult, but still not impossible.
 
 The use of ALT key character combinations may greatly enhance the complexity of a password. However, requiring all users in an organization to adhere to such stringent password requirements might result in unhappy users and an over-worked Help Desk. Consider implementing a requirement in your organization to use ALT characters in the range from 0128 through 0159 as part of all administrator passwords. (ALT characters outside of that range can represent standard alphanumeric characters that don't add more complexity to the password.)
 
@@ -74,21 +73,21 @@ Short passwords that contain only alphanumeric characters are easy to compromise
 
 ### Location
 
-**Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy**
+`Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy`
 
 ### Default values
 
 The following table lists the actual and effective default policy values. Default values are also listed on the policy's property page.
 
-| Server type or Group Policy Object (GPO) | Default value |
-|---|---|
-| Default domain policy | Enabled |
-| Default domain controller policy | Enabled |
-| Stand-alone server default settings | Disabled |
-| Domain controller effective default settings | Enabled |
-| Member server effective default settings | Enabled|
-| Effective GPO default settings on client computers | Disabled |
- 
+| Server type or Group Policy Object (GPO)           | Default value |
+|----------------------------------------------------|---------------|
+| Default domain policy                              | Enabled       |
+| Default domain controller policy                   | Enabled       |
+| Stand-alone server default settings                | Disabled      |
+| Domain controller effective default settings       | Enabled       |
+| Member server effective default settings           | Enabled       |
+| Effective GPO default settings on client computers | Disabled      |
+
 ## Security considerations
 
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
@@ -107,10 +106,11 @@ When combined with a [Minimum password length](minimum-password-length.md) of 8,
 
 If the default configuration for password complexity is kept, more Help Desk calls for locked-out accounts could occur because users might not be used to passwords that contain non-alphabetical characters, or they might have problems entering passwords that contain accented characters or symbols on keyboards with different layouts. However, all users should be able to follow the complexity requirement with minimal difficulty.
 
-If your organization has more stringent security requirements, you can create a custom version of the Passfilt.dll file that allows the use of arbitrarily complex password strength rules. For example, a custom password filter might require the use of non-upper-row symbols. (Upper-row symbols are those symbols that require you to press and hold the SHIFT key and then press any of the keys on the number row of the keyboard, from 1 through 9 and 0.) A custom password filter might also perform a dictionary check to verify that the proposed password doesn't contain common dictionary words or fragments.
+If your organization has more stringent security requirements, you can create a custom version of the `Passfilt.dll` file that allows the use of arbitrarily complex password strength rules. For example, a custom password filter might require the use of non-upper-row symbols. (Upper-row symbols are those symbols that require you to press and hold the SHIFT key and then press any of the keys on the number row of the keyboard, from 1 through 9 and 0.) A custom password filter might also perform a dictionary check to verify that the proposed password doesn't contain common dictionary words or fragments.
 
-The use of ALT key character combinations may greatly enhance the complexity of a password. However, such stringent password requirements might result in more Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the 0128–0159 range. (ALT characters outside of this range can represent standard alphanumeric characters that wouldn't add more complexity to the password.)
+The use of ALT key character combinations may greatly enhance the complexity of a password. However, such stringent password requirements might result in more Help Desk requests. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the 0128-0159 range. (ALT characters outside of this range can represent standard alphanumeric characters that wouldn't add more complexity to the password.)
 
 ## Related articles
 
 - [Password Policy](/microsoft-365/admin/misc/password-policy-recommendations)
+
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index d4cd3aca74..ec962f77e0 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -40,7 +40,7 @@ The disadvantage of a high setting is that users lock themselves out for an inco
 
 Determine the threat level for your organization and balance that against the cost of your Help Desk support for password resets. Each organization will have specific requirements. 
 
-[Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15, but as with other account lockout settings, this value is more of a guideline than a rule or best practice because there's no "one size fits all." For more information, see [Configuring Account Lockout](/archive/blogs/secguide/configuring-account-lockout).
+[Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) recommend configuring the **Reset account lockout counter after** policy setting to 15, but as with other account lockout settings, this value is more of a guideline than a rule or best practice because there's no "one size fits all." For more information, see [Configuring Account Lockout](/archive/blogs/secguide/configuring-account-lockout).
 
 ### Location
 
@@ -69,7 +69,7 @@ Users can accidentally lock themselves out of their accounts if they mistype the
 
 ### Countermeasure
 
-[Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15.
+[Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md) recommend configuring the **Reset account lockout counter after** policy setting to 15.
 
 ### Potential impact
 
diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md
index a53ae544d8..39d6b0489e 100644
--- a/windows/security/threat-protection/security-policy-settings/security-options.md
+++ b/windows/security/threat-protection/security-policy-settings/security-options.md
@@ -108,7 +108,7 @@ For info about setting security policies, see [Configure security policy setting
 | [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)| Describes the best practices, location, values, management aspects, and security considerations for the **Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers** security policy setting. |
 | [Recovery console: Allow automatic administrative logon](recovery-console-allow-automatic-administrative-logon.md)| Describes the best practices, location, values, policy management, and security considerations for the **Recovery console: Allow automatic administrative logon** security policy setting. |
 | [Recovery console: Allow floppy copy and access to all drives and folders](recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)| Describes the best practices, location, values, policy management, and security considerations for the **Recovery console: Allow floppy copy and access to all drives and folders** security policy setting. |
-| [Shutdown: Allow system to be shut down without having to lg on](shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)| Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Allow system to be shut down without having to log on** security policy setting. |
+| [Shutdown: Allow system to be shut down without having to log on](shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)| Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Allow system to be shut down without having to log on** security policy setting. |
 | [Shutdown: Clear virtual memory pagefile](shutdown-clear-virtual-memory-pagefile.md)| Describes the best practices, location, values, policy management, and security considerations for the **Shutdown: Clear virtual memory pagefile** security policy setting.|
 | [System cryptography: Force strong key protection for user keys stored on the computer](system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)| Describes the best practices, location, values, policy management, and security considerations for the **System cryptography: Force strong key protection for user keys stored on the computer** security policy setting. |
 | [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)| This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for this policy setting. |
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index 69fa47377e..2d223e79b3 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -59,7 +59,7 @@ Additionally, if a data drive is password-protected, it can be accessed by a FIP
 
 We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it's operating in FIPS 140-2 approved mode.
 
-For a complete list of Microsoft-recommended configuration settings, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines). For more information about Windows and FIPS 140-2, see [FIPS 140 Validation](../fips-140-validation.md).
+For a complete list of Microsoft-recommended configuration settings, see [Windows security baselines](../../operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines.md). For more information about Windows and FIPS 140-2, see [FIPS 140 Validation](../fips-140-validation.md).
 
 ### Location
 
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
index d79b6fa29c..8502ded0f0 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -1,8 +1,8 @@
 ---
-title: UAC Run all administrators in Admin Approval Mode 
+title: UAC Run all administrators in Admin Approval Mode
 description: Learn about best practices, security considerations and more for the security policy setting, User Account Control Run all administrators in Admin Approval Mode.
 ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf
-ms.reviewer: 
+ms.reviewer:
 ms.author: vinpa
 ms.prod: windows-client
 ms.mktglfcycl: deploy
@@ -20,8 +20,8 @@ ms.technology: itpro-security
 # User Account Control: Run all administrators in Admin Approval Mode
 
 **Applies to**
--   Windows 11
--   Windows 10
+-   Windows 11
+-   Windows 10
 
 This article describes the best practices, location, values, policy management and security considerations for the **User Account Control: Run all administrators in Admin Approval Mode** security policy setting.
 
@@ -40,7 +40,7 @@ This policy setting determines the behavior of all User Account Control (UAC) po
     Admin Approval Mode and all related UAC policies are disabled.
 
     > [!NOTE]
-    > If this security setting is configured to **Disabled**, Windows Security app notifies the user that the overall security of the operating system has been reduced.
+    > If this security setting is configured to **Disabled**, **Windows Security** notifies the user that the overall security of the operating system has been reduced.
 
 ### Best practices
 
@@ -56,13 +56,13 @@ The following table lists the actual and effective default values for this polic
 
 | Server type or GPO | Default value |
 | - | - |
-| Default Domain Policy| Not defined| 
-| Default Domain Controller Policy | Not defined| 
-| Stand-Alone Server Default Settings | Enabled| 
-| DC Effective Default Settings | Enabled| 
-| Member Server Effective Default Settings| Enabled| 
-| Client Computer Effective Default Settings | Enabled| 
- 
+| Default Domain Policy| Not defined|
+| Default Domain Controller Policy | Not defined|
+| Stand-Alone Server Default Settings | Enabled|
+| DC Effective Default Settings | Enabled|
+| Member Server Effective Default Settings| Enabled|
+| Client Computer Effective Default Settings | Enabled|
+
 ## Policy management
 
 This section describes features and tools that are available to help you manage this policy.
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index d6fe96c0ba..3b1d1fd82f 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -4,7 +4,7 @@ description: Learn about an approach to collect events from devices in your orga
 ms.prod: windows-client
 author: aczechowski
 ms.author: aaroncz
-manager: dougeby
+manager: aaroncz
 ms.date: 02/28/2019
 ms.localizationpriority: medium
 ms.technology: itpro-security
@@ -666,4 +666,4 @@ You can get more info with the following links:
 -   [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90))
 -   [Event Query Schema](/windows/win32/wes/queryschema-schema)
 -   [Windows Event Collector](/windows/win32/wec/windows-event-collector)
--   [4625(F): An account failed to log on](./auditing/event-4625.md)
+-   [4625(F): An account failed to log on](auditing/event-4625.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
deleted file mode 100644
index 238a5d1884..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-title: AppLocker 
-description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
-ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
-ms.reviewer: 
-ms.author: vinpa
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: vinaypamnani-msft
-manager: aaroncz
-audience: ITPro
-ms.collection: 
-  - highpri
-  - tier3
-ms.topic: conceptual
-ms.date: 10/16/2017
-ms.technology: itpro-security
----
-
-# AppLocker
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
-
-> [!NOTE]
-> AppLocker is unable to control processes running under the system account on any operating system.
-
-AppLocker can help you:
-
--   Define rules based on file attributes that persist across app updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file path and hash.
--   Assign a rule to a security group or an individual user.
--   Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries, except the Registry Editor (regedit.exe).
--   Use audit-only mode to deploy the policy and understand its impact before enforcing it.
--   Create rules on a staging server, test them, then export them to your production environment and import them into a Group Policy Object.
--   Simplify creating and managing AppLocker rules by using Windows PowerShell.
-
-AppLocker helps reduce administrative overhead and helps reduce the organization's cost of managing computing resources by decreasing the number of Help Desk calls that result from users running unapproved apps. AppLocker addresses the following app security scenarios:
-
--   **Application inventory**
-
-    AppLocker has the ability to enforce its policy in an audit-only mode where all app access activity is registered in event logs. These events can be collected for further analysis. Windows PowerShell cmdlets also help you analyze this data programmatically.
-
--   **Protection against unwanted software**
-
-    AppLocker has the ability to deny apps from running when you exclude them from the list of allowed apps. When AppLocker rules are enforced in the production environment, any apps that aren't included in the allowed rules are blocked from running.
-
--   **Licensing conformance**
-
-    AppLocker can help you create rules that preclude unlicensed software from running and restrict licensed software to authorized users.
-
--   **Software standardization**
-
-    AppLocker policies can be configured to allow only supported or approved apps to run on computers within a business group. This configuration permits a more uniform app deployment.
-
--   **Manageability improvement**
-
-    AppLocker includes many improvements in manageability as compared to its predecessor Software Restriction Policies. Importing and exporting policies, automatic generation of rules from multiple files, audit-only mode deployment, and Windows PowerShell cmdlets are a few of the improvements over Software Restriction Policies.
-
-
-## When to use AppLocker
-
-In many organizations, information is the most valuable asset, and ensuring that only approved users have access to that information is imperative. Access control technologies, such as Active Directory Rights Management Services (AD RMS) and access control lists (ACLs), help control what users are allowed to access.
-
-However, when a user runs a process, that process has the same level of access to data that the user has. As a result, sensitive information could easily be deleted or transmitted out of the organization if a user knowingly or unknowingly runs malicious software. AppLocker can help mitigate these types of security breaches by restricting the files that users or groups are allowed to run.
-Software publishers are beginning to create more apps that can be installed by non-administrative users. This privilege could jeopardize an organization's written security policy and circumvent traditional app control solutions that rely on the inability of users to install apps. AppLocker creates an allowed list of approved files and apps to help prevent such per-user apps from running. Because AppLocker can control DLLs, it's also useful to control who can install and run ActiveX controls.
-
-AppLocker is ideal for organizations that currently use Group Policy to manage their PCs.
-
-The following are examples of scenarios in which AppLocker can be used:
-
--   Your organization's security policy dictates the use of only licensed software, so you need to prevent users from running unlicensed software and also restrict the use of licensed software to authorized users.
--   An app is no longer supported by your organization, so you need to prevent it from being used by everyone.
--   The potential that unwanted software can be introduced in your environment is high, so you need to reduce this threat.
--   The license to an app has been revoked or it's expired in your organization, so you need to prevent it from being used by everyone.
--   A new app or a new version of an app is deployed, and you need to prevent users from running the old version.
--   Specific software tools aren't allowed within the organization, or only specific users should have access to those tools.
--   A single user or small group of users needs to use a specific app that is denied for all others.
--   Some computers in your organization are shared by people who have different software usage needs, and you need to protect specific apps.
--   In addition to other measures, you need to control the access to sensitive data through app usage.
-
-> [!NOTE]
-> AppLocker is a defense-in-depth security feature and not a [security boundary](https://www.microsoft.com/msrc/windows-security-servicing-criteria). [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview) should be used when the goal is to provide robust protection against a threat and there are expected to be no by-design limitations that would prevent the security feature from achieving this goal.
-
-AppLocker can help you protect the digital assets within your organization, reduce the threat of malicious software being introduced into your environment, and improve the management of application control and the maintenance of application control policies.
-
-## Installing AppLocker
-
-AppLocker is included with enterprise-level editions of Windows. You can author AppLocker rules for a single computer or for a group of computers. For a single computer, you can author the rules by using the Local Security Policy editor (secpol.msc). For a group of computers, you can author the rules within a Group Policy Object by using the Group Policy Management Console (GPMC).
-
-> [!NOTE]
-> The GPMC is available in client computers running Windows only by installing the Remote Server Administration Tools. On computer running Windows Server, you must install the Group Policy Management feature.
- 
-### Using AppLocker on Server Core
-
-AppLocker on Server Core installations isn't supported.
-
-### Virtualization considerations
-
-You can administer AppLocker policies by using a virtualized instance of Windows provided it meets all the system requirements listed previously. You can also run Group Policy in a virtualized instance. However, you do risk losing the policies that you created and maintain if the virtualized instance is removed or fails.
-
-### Security considerations
-
-Application control policies specify which apps are allowed to run on the local computer.
-
-The variety of forms that malicious software can take make it difficult for users to know what is safe to run. When activated, malicious software can damage content on a hard disk drive, flood a network with requests to cause a denial-of-service (DoS) attack, send confidential information to the Internet, or compromise the security of a computer.
-
-The countermeasure is to create a sound design for your application control policies on PCs in your organization, and then thoroughly test the policies in a lab environment before you deploy them in a production environment. AppLocker can be part of your app control strategy because you can control what software is allowed to run on your computers.
-
-A flawed application control policy implementation can disable necessary applications or allow malicious or unintended software to run. Therefore, it's important that organizations dedicate sufficient resources to manage and troubleshoot the implementation of such policies.
-
-For more information about specific security issues, see [Security considerations for AppLocker](security-considerations-for-applocker.md).
-
-When you use AppLocker to create application control policies, you should be aware of the following security considerations:
-
--   Who has the rights to set AppLocker policies?
--   How do you validate that the policies are enforced?
--   What events should you audit?
-
-For reference in your security planning, the following table identifies the baseline settings for a PC with AppLocker installed:
-
-| Setting | Default value |
-| - | - |
-| Accounts created | None |
-| Authentication method | Not applicable | 
-| Management interfaces | AppLocker can be managed by using a Microsoft Management Console snap-in, Group Policy Management, and Windows PowerShell |
-| Ports opened | None | 
-| Minimum privileges required | Administrator on the local computer; Domain Admin, or any set of rights that allow you to create, edit and distribute Group Policy Objects. |
-| Protocols used | Not applicable | 
-| Scheduled Tasks | Appidpolicyconverter.exe is put in a scheduled task to be run on demand. |
-| Security Policies | None required. AppLocker creates security policies. | 
-| System Services required |Application Identity service (appidsvc) runs under LocalServiceAndNoImpersonation. |
-| Storage of credentials | None | 
- 
-## In this section
-
-| Topic | Description |
-| - | - |
-| [Administer AppLocker](administer-applocker.md) | This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies. |
-| [AppLocker design guide](applocker-policies-design-guide.md) | This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker. |
-| [AppLocker deployment guide](applocker-policies-deployment-guide.md) | This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies. |
-| [AppLocker technical reference](applocker-technical-reference.md) | This overview topic for IT professionals provides links to the topics in the technical reference. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
deleted file mode 100644
index 73c7ef9d1e..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ /dev/null
@@ -1,142 +0,0 @@
----
-title: Windows Defender Application Control Wizard Base Policy Creation
-description: Creating new base application control policies with the Microsoft Windows Defender Application (WDAC) Wizard.
-keywords: allow listing, block listing, security, malware
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: jsuther1974
-ms.author: vinpa
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 10/14/2020
-ms.technology: itpro-security
----
-
-# Creating a new Base Policy with the Wizard
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-
-When creating policies for use with Windows Defender Application Control (WDAC), it's recommended to start with a template policy, and then add or remove rules to suit your application control scenario. For this reason, the WDAC Wizard offers three template policies to start from and customize during the base policy creation workflow. Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a new application control policy from a template, configure the policy options, and the signer and file rules. 
-
-
-## Template Base Policies
-
-Each of the template policies has a unique set of policy allowlist rules that will affect the circle-of-trust and security model of the policy. The following table lists the policies in increasing order of trust and freedom. For instance, the Default Windows mode policy trusts fewer application publishers and signers than the Signed and Reputable mode policy. The Default Windows policy will have a smaller circle-of-trust with better security than the Signed and Reputable policy, but at the expense of compatibility.  
-
-
-| Template Base Policy | Description | 
-|---------------------------------|-------------------------------------------------------------------|
-| **Default Windows Mode**      | Default Windows mode will authorize the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li></ul>|
-| **Allow Microsoft Mode**      | Allow mode will authorize the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>*All Microsoft-signed software*</li></ul>|
-| **Signed and Reputable Mode** | Signed and Reputable mode will authorize the following components: </br><ul><li>Windows operating components - any binary installed by a fresh install of Windows</li><li>Apps installed from the Microsoft Store</li><li>Microsoft Office365 apps, OneDrive, and Microsoft Teams</li><li>Third-party [Windows Hardware Compatible drivers](/windows-hardware/drivers/install/whql-release-signature)</li><li>All Microsoft-signed software</li><li>*Files with good reputation per [Microsoft Defender's Intelligent Security Graph technology](use-windows-defender-application-control-with-intelligent-security-graph.md)*</li></ul>|
-
-*Italicized content denotes the changes in the current policy with respect to the policy prior.*
-
-More information about the Default Windows Mode and Allow Microsoft Mode policies can be accessed through the [Example Windows Defender Application Control base policies article](example-wdac-base-policies.md). 
-
-![Selecting a base template for the policy.](images/wdac-wizard-template-selection.png)
-
-Once the base template is selected, give the policy a name and choose where to save the application control policy on disk.
-
-## Configuring Policy Rules
-
-Upon page launch, policy rules will be automatically enabled/disabled depending on the chosen template from the previous page. Choose to enable or disable the desired policy rule options by pressing the slider button next to the policy rule titles. A short description of each rule will appear at the bottom of the page when the mouse hovers over the rule title. 
-
-### Policy Rules Description
-
-A description of each policy rule, beginning with the left-most column, is provided below. The [Policy rules article](select-types-of-rules-to-create.md#windows-defender-application-control-policy-rules) provides a full description of each policy rule. 
-
-| Rule option | Description |
-|------------ | ----------- |
-| **Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all Windows Defender Application Control policies. Setting this rule option allows the F8 menu to appear to physically present users. |
-| **Allow Supplemental Policies** | Use this option on a base policy to allow supplemental policies to expand it. |
-| **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 isn't supported and may have unintended results. |
-|**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
-| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). |
-| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
-| **Require WHQL** | By default, legacy drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Henceforth, every new Windows–compatible driver must be WHQL certified. |
-| **Update Policy without Rebooting** | Use this option to allow future Windows Defender Application Control policy updates to apply without requiring a system reboot. |
-| **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
-| **User Mode Code Integrity** | Windows Defender Application Control policies restrict both kernel-mode and user-mode binaries. By default, only kernel-mode binaries are restricted. Enabling this rule option validates user mode executables and scripts. |
-
-> [!div class="mx-imgBorder"]
-> ![Rule options UI for Windows Allowed mode policy.](images/wdac-wizard-rule-options-UI-advanced-collapsed.png)
-
-### Advanced Policy Rules Description
-
-Selecting the **+ Advanced Options** label will show another column of policy rules; advanced policy rules. A description of each policy rule is provided below. 
-
-| Rule option | Description |
-|------------ | ----------- |
-| **Boot Audit on Failure** | Used when the Windows Defender Application Control (WDAC) policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
-| **Disable Flight Signing** | If enabled, WDAC policies won't trust flightroot-signed binaries. This option would be used in the scenario in which organizations only want to run released binaries, not flight/preview-signed builds. |
-| **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that's only writable by an administrator) for any FileRule that allows a file based on FilePath. |
-| **Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries (DLLs). |
-| **Invalidate EAs on Reboot** | When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically revalidate the reputation for files that were authorized by the ISG.| 
-| **Require EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later, or Windows 11 drivers will meet this requirement. |
-
-![Rule options UI for Windows Allowed mode.](images/wdac-wizard-rule-options-UI.png)
-
-> [!NOTE]
-> We recommend that you **enable Audit Mode** initially because it allows you to test new Windows Defender Application Control policies before you enforce them. With audit mode, no application is blocked—instead the policy logs an event whenever an application outside the policy is started. For this reason, all templates have Audit Mode enabled by default. 
-
-## Creating custom file rules
-
-[File rules](select-types-of-rules-to-create.md#windows-defender-application-control-file-rule-levels) in an application control policy will specify the level at which applications will be identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting the **+ Custom Rules** will open the custom file rule conditions panel to create custom file rules for your policy. The Wizard supports four types of file rules: 
-
-### Publisher Rules
-
-The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The table below shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule. 
-
-| Rule Condition | WDAC Rule Level | Description |
-|------------ | ----------- | ----------- |
-| **Issuing CA** | PCACertificate | Highest available certificate is added to the signers. This certificate is typically the PCA certificate, one level below the root certificate. Any file signed by this certificate will be affected. |
-| **Publisher** | Publisher | This rule is a combination of the PCACertificate rule and the common name (CN) of the leaf certificate. Any file signed by a major CA but with a leaf from a specific company, for example, a device driver corp, is affected. |
-| **File version** | SignedVersion | This rule is a combination of PCACertificate, publisher, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. |
-| **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. |
-
-
-![Custom filepublisher file rule creation.](images/wdac-wizard-custom-publisher-rule.png)
-
-### Filepath Rules
-
-Filepath rules don't provide the same security guarantees that explicit signer rules do, as they're based on mutable access permissions. To create a filepath rule, select the file using the *Browse* button. 
-
-### File Attribute Rules
-
-The Wizard supports the creation of [file name rules](select-types-of-rules-to-create.md#windows-defender-application-control-filename-rules) based on authenticated file attributes. File name rules are useful when an application and its dependencies (for example, DLLs) may all share the same product name, for instance. This rule level allows users to easily create targeted policies based on the Product Name file name parameter. To select the file attribute to create the rule, move the slider on the Wizard to the desired attribute. The table below describes each of the supported file attributes off which to create a rule. 
-
-| Rule level | Description |
-|------------ | ----------- |
-| **Original Filename** | Specifies the original file name, or the name with which the file was first created, of the binary. |
-| **File description** | Specifies the file description provided by the developer of the binary. |
-| **Product name** | Specifies the name of the product with which the binary ships. |
-| **Internal name** | Specifies the internal name of the binary. |
-
-> [!div class="mx-imgBorder"]
-> ![Custom file attributes rule.](images/wdac-wizard-custom-file-attribute-rule.png)
-
-### File Hash Rules
-
-Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause extra administrative overhead to maintain the current product version's hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard will use file hash as the fallback in case a file rule can't be created using the specified file rule level.
-
-#### Deleting Signing Rules
-  
-The policy signing rules list table on the left of the page will document the allow and deny rules in the template, and any custom rules you create. Template signing rules and custom rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. You'll be prompted for another confirmation. Select `Yes` to remove the rule from the policy and the rules table. 
-
-## Up next
-
-- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
deleted file mode 100644
index 53a8d5c954..0000000000
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
+++ /dev/null
@@ -1,116 +0,0 @@
----
-title: Windows Defender Application Control Wizard Supplemental Policy Creation
-description: Creating supplemental application control policies with the WDAC Wizard.
-keywords: allowlisting, blocklisting, security, malware, supplemental policy
-ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: windows-client
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-audience: ITPro
-author: jgeurten
-ms.reviewer: isbrahm
-ms.author: vinpa
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 10/14/2020
-ms.technology: itpro-security
----
-
-# Creating a new Supplemental Policy with the Wizard
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-
-Beginning in Windows 10 version 1903, Windows Defender Application Control (WDAC) supports the creation of multiple active policies on a device. One or more supplemental policies allow customers to expand a [WDAC base policy](wdac-wizard-create-base-policy.md) to increase the circle of trust of the policy. A supplemental policy can expand only one base policy, but multiple supplementals can expand the same base policy. When supplemental policies are being used, applications allowed by the base or its supplemental policy/policies will be allowed to execute.
-
-Prerequisite information about application control can be accessed through the [WDAC design guide](windows-defender-application-control-design-guide.md). This page outlines the steps to create a supplemental application control policy, configure the policy options, and the signer and file rules.
-
-## Expanding a Base Policy
-
-Once the Supplemental Policy type is chosen on the New Policy page, policy name and file dialog fields can be used to name and save the supplemental policy. The next step requires selecting a base policy to expand. To expand a base policy, the base must allow supplemental policies. The WDAC Wizard will verify if the base policy allows supplementals and will show the following confirmation. 
-
-![Base policy allows supplemental policies.](images/wdac-wizard-supplemental-expandable.png)
-
-If the base policy isn't configured for supplemental policies, the Wizard will attempt to convert the policy to one that can be supplemented. Once successful, the Wizard will show a dialog demonstrating that the addition of the Allow Supplemental Policy rule was completed.  
-
-![Wizard confirms modification of base policy.](images/wdac-wizard-confirm-base-policy-modification.png)
-
-Policies that can't be supplemented, for instance, a supplemental policy, will be detected by the Wizard and will show the following error. Only a base policy can be supplemented. More information on supplemental policies can be found on our [Multiple Policies article](deploy-multiple-windows-defender-application-control-policies.md).
-
-![Wizard detects a bad base policy.](images/wdac-wizard-supplemental-not-base.png)
-
-## Configuring Policy Rules
-
-Upon page launch, policy rules will be automatically enabled/disabled depending on the chosen base policy from the previous page. Most of the supplemental policy rules must be inherited from the base policy. The Wizard will automatically parse the base policy and set the required supplemental policy rules to match the base policy rules. Inherited policy rules will be grayed out and won't be modifiable in the user interface. 
-
-A short description of the rule will be shown at the bottom of the page when the cursor is placed on the rule title. 
-
-### Configurable Supplemental Policy Rules Description
-
-There are only three policy rules that can be configured by the supplemental policy. A description of each policy rule, beginning with the left-most column, is provided below. Selecting the **+ Advanced Options** label will show another column of policy rules; advanced policy rules. 
-
-
-| Rule option | Description |
-|------------ | ----------- |
-| **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
-| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
-| **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
-
-![Rule options UI for Windows Allowed mode.](images/wdac-wizard-supplemental-policy-rule-options-UI.png)
-
-## Creating custom file rules
-
-File rules in an application control policy will specify the level at which applications will be identified and trusted. File rules are the main mechanism for defining trust in the application control policy. Selecting the **+ Custom Rules** will open the custom file rule conditions panel to create and customize targeted file rules for your policy. The Wizard supports four types of file rules: 
-
-### Publisher Rules
-
-The Publisher file rule type uses properties in the code signing certificate chain to base file rules. Once the file to base the rule off of, called the *reference file*, is selected, use the slider to indicate the specificity of the rule.  The table below shows the relationship between the slider placement, the corresponding Windows Defender Application Control (WDAC) rule level, and its description. The lower the placement on the table and the UI slider, the greater the specificity of the rule. 
-
-| Rule Condition | WDAC Rule Level | Description |
-|------------ | ----------- | ----------- |
-| **Issuing CA** | PCACertificate | Highest available certificate is added to the signers. This certificate is typically the PCA certificate, one level below the root certificate. Any file signed by this certificate will be affected. |
-| **Publisher** | Publisher | This rule is a combination of the PCACertificate rule and the common name (CN) of the leaf certificate. Any file signed by a major CA but with a leaf from a specific company, for example, a device driver publisher, is affected. |
-| **File version** | SignedVersion | This rule is a combination of the PCACertificate and Publisher rule, and a version number. Anything from the specified publisher with a version at or above the one specified is affected. |
-| **File name** | FilePublisher | Most specific. Combination of the file name, publisher, and PCA certificate and a minimum version number. Files from the publisher with the specified name and greater or equal to the specified version are affected. |
-
-
-![Custom filepublisher file rule creation.](images/wdac-wizard-custom-publisher-rule.png)
-
-### Filepath Rules
-
-Filepath rules don't provide the same security guarantees that explicit signer rules do, as they're based on mutable access permissions. To create a filepath rule, select the file using the *Browse* button. 
-
-### File Attribute Rules
-
-The Wizard supports the creation of [file name rules](select-types-of-rules-to-create.md#windows-defender-application-control-filename-rules) based on authenticated file attributes. File name rules are useful when an application and its dependencies (for example, DLLs) may all share the same product name, for instance. This rule level allows users to easily create targeted policies based on the Product Name file name. To select the file attribute to create the rule, move the slider on the Wizard to the desired attribute. The table below describes each of the supported file attributes off which to create a rule. 
-
-| Rule level | Description |
-|------------ | ----------- |
-| **Original Filename** | Specifies the original file name, or the name with which the file was first created, of the binary. |
-| **File description** | Specifies the file description provided by the developer of the binary. |
-| **Product name** | Specifies the name of the product with which the binary ships. |
-| **Internal name** | Specifies the internal name of the binary. |
-
-
-![Custom file attributes rule.](images/wdac-wizard-custom-file-attribute-rule.png)
-
-### File Hash Rules
-
-Lastly, the Wizard supports creating file rules using the hash of the file. Although this level is specific, it can cause extra administrative overhead to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. By default, the Wizard will use file hash as the fallback in case a file rule can't be created using the specified file rule level. 
-
-
-#### Deleting Signing Rules 
-  
-The table on the left of the page will document the allow and deny rules in the template, and any custom rules you create. Rules can be deleted from the policy by selecting the rule from the rules list table. Once the rule is highlighted, press the delete button underneath the table. you'll be prompted for another confirmation. Select `Yes` to remove the rule from the policy and the rules table. 
-
-## Up next
-
-- [Editing a Windows Defender Application Control (WDAC) policy using the Wizard](wdac-wizard-editing-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
deleted file mode 100644
index b85fb0dfe8..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-account-protection.md
+++ /dev/null
@@ -1,51 +0,0 @@
----
-title: Account protection in the Windows Security app
-description: Use the Account protection section to manage security for your account and sign in to Microsoft.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-ms.technology: itpro-security
-ms.topic: article
----
-
-
-# Account protection
-
-**Applies to**
-
-- Windows 10 and later
-
-The **Account protection** section contains information and settings for account protection and sign-in. You can get more information about these capabilities from the following list: 
-
-- [Microsoft Account](https://account.microsoft.com/account/faq)
-- [Windows Hello for Business](../../identity-protection/hello-for-business/hello-identity-verification.md)
-- [Lock your Windows 10 PC automatically when you step away from it](https://support.microsoft.com/help/4028111/windows-lock-your-windows-10-pc-automatically-when-you-step-away-from)
-
-You can also choose to hide the section from users of the device. This is useful if you don't want your employees to access or view user-configured options for these features.
-
-## Hide the Account protection section
-
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
-
-You can only configure these settings by using Group Policy.
-
->[!IMPORTANT]
->### Requirements
->
->You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and select  **Edit**.
-
-3.  In the **Group Policy Management Editor** go to **Computer configuration** and select **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Account protection**.
-
-6.  Open the **Hide the Account protection area** setting and set it to **Enabled**. Select **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
->[!NOTE]
->If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->  
->![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
deleted file mode 100644
index bfc66838f7..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: Device & performance health in the Windows Security app
-description: Use the Device & performance health section to see the status of the machine and note any storage, update, battery, driver, or hardware configuration issues
-ms.date: 12/31/2018
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.technology: itpro-security
-ms.topic: article
----
-
-
-# Device performance and health
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they're seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
-
-The [Windows 10 IT pro troubleshooting topic](/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](/windows/windows-10/) can also be helpful for resolving issues.
-
-
-In Windows 10, version 1709 and later, the section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
-
-
-## Hide the Device performance & health section
-
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
-
-This section can be hidden only by using Group Policy.
-
->[!IMPORTANT]
->### Requirements
->
->You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Device performance and health**.
-
-6.  Open the **Hide the Device performance and health area** setting and set it to **Enabled**. Click **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
->[!NOTE]
->If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->  
->![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
deleted file mode 100644
index d56e6ecd4f..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-title: Device security in the Windows Security app
-description: Use the Device security section to manage security built into your device, including virtualization-based security.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-manager: aaroncz
-ms.technology: itpro-security
-ms.topic: article
----
-
-# Device security
-
-**Applies to**
-
-- Windows 10 and later
-
-The **Device security** section contains information and settings for built-in device security.
-
-You can choose to hide the section from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
-
-## Hide the Device security section
-
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app. You can hide the device security section by using Group Policy only.
-
-> [!IMPORTANT]
-> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-2.  In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
-
-3.  Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-
-4.  Open the **Hide the Device security area** setting and set it to **Enabled**. Select **OK**.
-
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
->[!NOTE]
->If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->  
->![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
-
-## Disable the Clear TPM button
-If you don't want users to be able to click the **Clear TPM** button in the Windows Security app, you can disable it.
-
-> [!IMPORTANT]
-> You must have Windows 10, version 1809 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-2.  In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
-
-3.  Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-
-4.  Open the **Disable the Clear TPM button** setting and set it to **Enabled**. Select **OK**.
-
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
-## Hide the TPM Firmware Update recommendation
-If you don't want users to see the recommendation to update TPM firmware, you can disable it.
-
-1.  On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-2.  In **Group Policy Management Editor**, go to **Computer configuration** and then select **Administrative templates**.
-
-3.  Expand the tree to **Windows components** > **Windows Security** > **Device security**.
-
-4.  Open the **Hide the TPM Firmware Update recommendation** setting and set it to **Enabled**. Select **OK**.
-
-5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
deleted file mode 100644
index f4a6bb11c6..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Family options in the Windows Security app
-description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options aren't intended for business environments.
-ms.prod: windows-client
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-ms.technology: itpro-security
-ms.topic: article
----
-
-
-# Family options
-
-**Applies to**
-
-- Windows 10 and later
-
-The **Family options** section contains links to settings and further information for parents of a Windows 10 PC. It isn't intended for enterprise or business environments.
-
-Home users can learn more at the [Help protection your family online in Windows Security topic at support.microsoft.com](https://support.microsoft.com/help/4013209/windows-10-protect-your-family-online-in-windows-defender)
-
-In Windows 10, version 1709, the section can be hidden from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to this section.
-
-
-## Hide the Family options section
-
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
-
-This section can be hidden only by using Group Policy.
-
->[!IMPORTANT]
->### Requirements
->
->You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Family options**.
-
-6.  Open the **Hide the Family options area** setting and set it to **Enabled**. Click **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
->[!NOTE]
->If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->  
->![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
deleted file mode 100644
index 1d0d162d10..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-firewall-network-protection.md
+++ /dev/null
@@ -1,49 +0,0 @@
----
-title: Firewall and network protection in the Windows Security app
-description: Use the Firewall & network protection section to see the status of and make changes to firewalls and network connections for the machine.
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.date: 12/31/2018
-ms.technology: itpro-security
-ms.topic: article
----
-
-
-# Firewall and network protection
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-The **Firewall & network protection** section contains information about the firewalls and network connections used by the machine, including the status of Windows Defender Firewall and any other third-party firewalls. IT administrators and IT pros can get configuration guidance from the [Windows Defender Firewall with Advanced Security documentation library](../windows-firewall/windows-firewall-with-advanced-security.md).
-
-In Windows 10, version 1709 and later, the section can be hidden from users of the machine. This information is useful if you don't want employees in your organization to see or have access to user-configured options for the features shown in the section.
-
-
-## Hide the Firewall & network protection section
-
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
-
-This section can be hidden only by using Group Policy.
-
->[!IMPORTANT]
->### Requirements
->
->You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the Group Policy Management Console, right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Firewall and network protection**.
-
-6.  Open the **Hide the Firewall and network protection area** setting and set it to **Enabled**. Click **OK**.
-
-7.  Deploy the updated GPO as you normally do. 
-
->[!NOTE]
->If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->  
->![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
-
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
deleted file mode 100644
index cfb558208e..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md
+++ /dev/null
@@ -1,88 +0,0 @@
----
-title: Virus and threat protection in the Windows Security app
-description: Use the Virus & threat protection section to see and configure Microsoft Defender Antivirus, Controlled folder access, and 3rd-party AV products.
-keywords: wdav, smartscreen, antivirus, wdsc, exploit, protection, hide
-search.product: eADQiWindows 10XVcnh
-ms.prod: windows-client
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security
-ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.reviewer: 
-manager: aaroncz
-ms.technology: itpro-security
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# Virus and threat protection
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-The **Virus & threat protection** section contains information and settings for antivirus protection from Microsoft Defender Antivirus and third-party AV products.
-
-In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. These settings include Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions if there's a ransomware attack.
-
-IT administrators and IT pros can get more configuration information from these articles:
-
-- [Microsoft Defender Antivirus in the Windows Security app](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus)
-- [Microsoft Defender Antivirus documentation library](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10)
-- [Protect important folders with Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)
-- [Defend yourself from cybercrime with new Office 365 capabilities](https://blogs.office.com/en-us/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/)
-- [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365)
-- [Ransomware detection and recovering your files](https://support.office.com/en-us/article/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f?ui=en-US&rs=en-US&ad=US)
-
-You can hide the **Virus & threat protection** section or the **Ransomware protection** area from users of the machine. This option can be useful if you don't want employees in your organization to see or have access to user-configured options for these features.
-
-
-## Hide the Virus & threat protection section
-
-You can choose to hide the entire section by using Group Policy. The section won't appear on the home page of the Windows Security app, and its icon won't be shown on the navigation bar on the side of the app.
-
-This section can be hidden only by using Group Policy.
-
->[!IMPORTANT]
->### Requirements
->
->You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
-
-6.  Open the **Hide the Virus and threat protection area** setting and set it to **Enabled**. Click **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). 
-
->[!NOTE]
->If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->  
->![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png)
-
-## Hide the Ransomware protection area
-
-You can choose to hide the **Ransomware protection** area by using Group Policy. The area won't appear on the **Virus & threat protection** section of the Windows Security app.
-
-This area can be hidden only by using Group Policy.
-
->[!IMPORTANT]
->### Requirements
->
->You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
-
-1.  On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**.
-
-3.  In **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.
-
-5.  Expand the tree to **Windows components > Windows Security > Virus and threat protection**.
-
-6.  Open the **Hide the Ransomware data recovery area** setting and set it to **Enabled**. Click **OK**.
-
-7. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy).
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
deleted file mode 100644
index 41b535c96b..0000000000
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ /dev/null
@@ -1,107 +0,0 @@
----
-title: The Windows Security app
-description: The Windows Security app brings together common Windows security features into one place.
-search.product: eADQiWindows 10XVcnh
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: vinaypamnani-msft
-ms.author: vinpa
-ms.reviewer: 
-manager: aaroncz
-ms.technology: itpro-security
-ms.collection: 
-  - highpri
-  - tier2
-ms.date: 12/31/2017
-ms.topic: article
----
-
-# The Windows Security app
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-This library describes the Windows Security app, and provides information on configuring certain features, including:
-
-<a id="customize-notifications-from-the-windows-defender-security-center"></a>
-
-- [Showing and customizing contact information on the app and in notifications](wdsc-customize-contact-information.md)
-- [Hiding notifications](wdsc-hide-notifications.md)
-
-In Windows 10, version 1709 and later, the app also shows information from third-party antivirus and firewall apps.
-
-In Windows 10, version 1803, the app has two new areas: **Account protection** and **Device security**.
-
-![Screenshot of the Windows Security app showing that the device is protected and five icons for each of the features.](images/security-center-home.png)
-
-> [!NOTE]
-> The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal console that is used to review and manage [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/).
-
-You can't uninstall the Windows Security app, but you can do one of the following actions:
-
-- Disable the interface on Windows Server 2016.
-- Hide all of the sections on client computers.
-- Disable Microsoft Defender Antivirus, if needed. For more information, see [Enable and configure Microsoft Defender Antivirus always-on protection in group policy](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus).
-
-For more information about each section, options for configuring the sections, and how to hide each of them, see the following articles:
-
-- [Virus & threat protection](wdsc-virus-threat-protection.md), which has information and access to antivirus ransomware protection settings and notifications, including Controlled folder access, and sign-in to Microsoft OneDrive.
-- [Account protection](wdsc-account-protection.md), which has information and access to sign-in and account protection settings.
-- [Firewall & network protection](wdsc-firewall-network-protection.md), which has information and access to firewall settings, including Windows Defender Firewall.
-- [App & browser control](wdsc-app-browser-control.md), covering Windows Defender SmartScreen settings and Exploit protection mitigations.
-- [Device security](wdsc-device-security.md), which provides access to built-in device security settings.
-- [Device performance & health](wdsc-device-performance-health.md), which has information about drivers, storage space, and general Windows Update issues.  
-- [Family options](wdsc-family-options.md), which include access to parental controls along with tips and information for keeping kids safe online.
-
-> [!NOTE]
-> If you hide all sections then the app will show a restricted interface, as in the following screenshot:
->
-> ![Windows Security app with all sections hidden by group policy.](images/wdsc-all-hide.png)
-
-## Open the Windows Security app
-
-- Select the icon in the notification area on the taskbar.
-
-    ![Screenshot of the icon for the Windows Security app on the Windows task bar.](images/security-center-taskbar.png)
-- Search the Start menu for **Windows Security**.
-
-    ![Screenshot of the Start menu showing the results of a search for the Windows Security app, the first option with a large shield symbol is selected.](images/security-center-start-menu.png)
-- Open an area from Windows **Settings**.
-
-    ![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
-
-> [!NOTE]
-> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, will generally take precedence over the settings in the Windows Security.
-
-## How the Windows Security app works with Windows security features
-
-> [!IMPORTANT]
-> Microsoft Defender Antivirus  and the Windows Security app use similarly named services for specific purposes.  
->
-> The Windows Security app uses the Windows Security Service (*SecurityHealthService* or *Windows Security Health Service*), which in turn utilizes the Windows Security Center Service (*wscsvc*). This service makes sure that the app provides the most up-to-date information about the protection status on the endpoint. This information includes protection offered by third-party antivirus products, Windows Defender Firewall, third-party firewalls, and other security protection.
->
-> These services don't affect the state of Microsoft Defender Antivirus. Disabling or modifying these services won't disable Microsoft Defender Antivirus. It will lead to a lowered protection state on the endpoint, even if you're using a third-party antivirus product.
->
-> Microsoft Defender Antivirus will be [disabled automatically when a third-party antivirus product is installed and kept up to date](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility).
->
-> Disabling the Windows Security Center Service won't disable Microsoft Defender Antivirus or [Windows Defender Firewall](../windows-firewall/windows-firewall-with-advanced-security.md).
-
-> [!WARNING]
-> If you disable the Windows Security Center Service, or configure its associated group policy settings to prevent it from starting or running, the Windows Security app may display stale or inaccurate information about any antivirus or firewall products you have installed on the device.
->
-> It may also prevent Microsoft Defender Antivirus from enabling itself if you have an old or outdated third-party antivirus, or if you uninstall any third-party antivirus products you may have previously installed.
->
-> This will significantly lower the protection of your device and could lead to malware infection.
-
-The Windows Security app operates as a separate app or process from each of the individual features, and will display notifications through the Action Center.
-
-It acts as a collector or single place to see the status and perform some configuration for each of the features.
-
-If you disable any of the individual features, it will prevent that feature from reporting its status in the Windows Security app. For example, if you disable a feature through group policy or other management tools, such as Microsoft Configuration Manager. The Windows Security app itself will still run and show status for the other security features.
-
-> [!IMPORTANT]
-> If you individually disable any of the services, it won't disable the other services or the Windows Security app.
-
-For example, [using a third-party antivirus will disable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility). However, the Windows Security app will still run, show its icon in the taskbar, and display information about the other features, such as Windows Defender SmartScreen and Windows Defender Firewall.
diff --git a/windows/security/toc.yml b/windows/security/toc.yml
new file mode 100644
index 0000000000..74469d7972
--- /dev/null
+++ b/windows/security/toc.yml
@@ -0,0 +1,19 @@
+items:
+- name: Introduction to Windows security
+  href: introduction.md
+- name: Security features licensing and edition requirements
+  href: licensing-and-edition-requirements.md
+- name: Security foundations
+  href: security-foundations/toc.yml
+- name: Hardware security
+  href: hardware-security/toc.yml
+- name: Operating system security
+  href: operating-system-security/toc.yml
+- name: Application security
+  href: application-security/toc.yml
+- name: Identity protection
+  href: identity-protection/toc.yml
+- name: Cloud security
+  href: cloud-security/toc.yml
+- name: Windows Privacy 🔗
+  href: /windows/privacy
\ No newline at end of file
diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 6383501d7e..9919114fdb 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -1,7 +1,7 @@
 ---
 title: Resources for deprecated features in the Windows client
-description: Resources and details for deprecated features in the Windows Client.
-ms.date: 02/14/2023
+description: Resources and details for deprecated features in the Windows client.
+ms.date: 09/23/2023
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
@@ -23,7 +23,51 @@ This article provides additional resources about [deprecated features for Window
 
 ## VBScript
 
-VBScript will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before being fully retired in future Windows releases. Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript. 
+VBScript will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before being retired in future Windows releases. Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript.
+ 
+## TLS versions 1.0 and 1.1 disablement resources
+
+Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 are disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1.
+
+The following information can help IT professionals to:
+
+- Identify issues related to TLS 1.0 and 1.1 disablement
+- Re-enable TLS 1.0 and 1.1, if needed
+
+For developer guidance and for a list of common applications known to rely on TLS 1.0 or 1.1, see the [Announcing the disablement of TLS 1.0 and TLS 1.1 in Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-1-0-and-tls-1-1-soon-to-be-disabled-in-windows/ba-p/3887947) blog post.
+
+### TLS diagnostic events
+
+Applications that fail when TLS 1.0 and 1.1 are disabled can be identified by reviewing the event logs. In the System Event Log, SChannel EventID 36871 may be logged with the following description:
+
+`A fatal error occurred while creating a TLS <client/server> credential. The internal error state is 10013. The SSPI client process is <process ID>.`
+
+### TLS 1.0 and 1.1 guidance for IT professionals
+
+The impact of disabling TLS versions 1.0 and 1.1 depends on the Windows applications using TLS. For example, TLS 1.0 and TLS 1.1 are already disabled by [Microsoft 365](/lifecycle/announcements/transport-layer-security-1x-disablement) products as well as [WinHTTP and WinINet API surfaces](https://support.microsoft.com/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e). Most newer versions of applications support TLS 1.2 or higher protocol versions. If an application starts failing after this change, the first step is to discover if a newer version of the application has TLS 1.2 or TLS 1.3 support.
+
+Using the system default settings for the best balance of security and performance is recommended. Organizations that limit TLS cipher suites using [Group Policy](/windows-server/security/tls/manage-tls) or [PowerShell cmdlets](/powershell/module/tls) should also verify that [cipher suites](/windows/win32/secauthn/tls-cipher-suites-in-windows-11) needed for TLS 1.3 and TLS 1.2 are enabled.
+
+If there are no alternatives available and TLS 1.0 or TLS 1.1 is needed, the protocol versions can be re-enabled with a system [registry setting](/windows-server/security/tls/tls-registry-settings). To override a system default and set a (D)TLS or SSL protocol version to the **Enabled** state:
+
+   - **TLS 1.0**:
+     ```registry
+     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
+           "Enabled" = dword:00000001
+     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
+           "Enabled" = dword:00000001
+     ```
+
+   - **TLS 1.1**:
+
+     ```registry
+     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
+           "Enabled" = dword:00000001
+     [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
+           "Enabled" = dword:00000001
+     ```
+
+Re-enabling TLS 1.0 or TLS 1.1 on machines should only be done as a last resort, and as a temporary solution until incompatible applications can be updated or replaced. Support for these legacy TLS versions may be completely removed in the future.
 
 ## Microsoft Support Diagnostic Tool resources
 
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index ae2d404644..d3ef319ee9 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
-description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
-ms.date: 12/05/2022
+description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
+ms.date: 09/23/2023
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
@@ -36,7 +36,11 @@ The features in this article are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Deprecation announced |
 | ----------- | --------------------- | ---- |
-| VBScript <!--7954828--> | VBScript is deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript) | **TBD** |
+| VBScript <!--7954828--> | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript) | September 2023 |
+| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt.  | September 1, 2023 |
+| AllJoyn |  Microsoft's implementation of AllJoyn which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) has been deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity).  | August 17, 2023 |
+| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023| 
+| Cortana in Windows <!--7987543--> | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 | 
 | Microsoft Support Diagnostic Tool (MSDT) <!--6968128--> | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 |
 | Universal Windows Platform (UWP) Applications for 32-bit Arm <!--7116112-->| This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.</br> </br> Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 |
 | Update Compliance <!--7260188-->| [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
@@ -48,6 +52,7 @@ The features in this article are no longer being actively developed, and might b
 | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Companion Device Framework | The [Companion Device Framework](/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
 | Dynamic Disks | The [Dynamic Disks](/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
+| Microsoft BitLocker Administration and Monitoring (MBAM)| [Microsoft BitLocker Administration and Monitoring (MBAM)](/microsoft-desktop-optimization-pack/mbam-v25/), part of the [Microsoft Desktop Optimization Pack (MDOP)](/lifecycle/announcements/mdop-extended) is no longer being developed. | September, 2019 |
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
 | Package State Roaming (PSR) |  PSR will be removed in a future update. PSR allows non-Microsoft developers to access roaming data on devices, enabling developers of UWP applications to write data to Windows and synchronize it to other instantiations of Windows for that user. <br>&nbsp;<br>The recommended replacement for PSR is [Azure App Service](/azure/app-service/). Azure App Service is widely supported, well documented, reliable, and supports cross-platform/cross-ecosystem scenarios such as iOS, Android and web. <br>&nbsp;<br>PSR was removed in Windows 11.| 1909 |
@@ -58,7 +63,6 @@ The features in this article are no longer being actively developed, and might b
 | Print 3D app | 3D Builder is the recommended 3D printing app. To 3D print objects on new Windows devices, customers must first install 3D Builder from the Store.| 1903 |
 |Companion device dynamic lock APIS|The companion device framework (CDF) APIs enable wearables and other devices to unlock a PC. In Windows 10, version 1709, we introduced [Dynamic Lock](/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock), including an inbox method using Bluetooth to detect whether a user is present and lock or unlock the PC. Because of this reason, and because non-Microsoft partners didn't adopt the CDF method, we're no longer developing CDF Dynamic Lock APIs.| 1809 |
 |OneSync service|The OneSync service synchronizes data for the Mail, Calendar, and People apps. We've added a sync engine to the Outlook app that provides the same synchronization.| 1809 |
-|Snipping Tool|The Snipping Tool is an application included in Windows 10 that is used to capture screenshots, either the full screen or a smaller, custom "snip" of the screen. In Windows 10, version 1809, we're [introducing a new universal app, Snip & Sketch](https://blogs.windows.com/windowsexperience/2018/05/03/announcing-windows-10-insider-preview-build-17661/#8xbvP8vMO0lF20AM.97). It provides the same screen snipping abilities plus other features. You can launch Snip & Sketch directly and start a snip from there, or just press WIN + Shift + S. Snip & Sketch can also be launched from the "Screen snip" button in the Action Center. We're no longer developing the Snipping Tool as a separate app but are instead consolidating its functionality into Snip & Sketch.| 1809 |
 |[Software Restriction Policies](/windows-server/identity/software-restriction-policies/software-restriction-policies) in Group Policy|Instead of using the Software Restriction Policies through Group Policy, you can use [AppLocker](/windows/security/threat-protection/applocker/applocker-overview) or [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control) to control which apps users can access and what code can run in the kernel.| 1803 |
 |[Offline symbol packages](/windows-hardware/drivers/debugger/debugger-download-symbols) (Debug symbol MSIs)|We're no longer making the symbol packages available as a downloadable MSI. Instead, the [Microsoft Symbol Server is moving to be an Azure-based symbol store](/archive/blogs/windbg/update-on-microsofts-symbol-server). If you need the Windows symbols, connect to the Microsoft Symbol Server to cache your symbols locally or use a manifest file with SymChk.exe on a computer with internet access.| 1803 |
 |Windows Help Viewer (WinHlp32.exe)|All Windows help information is [available online](https://support.microsoft.com/products/windows?os=windows-10). The Windows Help Viewer is no longer supported in Windows 10. For more information, see [Error opening Help in Windows-based programs: "Feature not included" or "Help not supported"](https://support.microsoft.com/topic/error-opening-help-in-windows-based-programs-feature-not-included-or-help-not-supported-3c841463-d67c-6062-0ee7-1a149da3973b).| 1803 |
@@ -88,3 +92,4 @@ The features in this article are no longer being actively developed, and might b
 |`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019.|
 
 
+
diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json
index cdfcb018fb..036ef0bfa2 100644
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@@ -39,9 +39,8 @@
         "tier2"
       ],
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
-      "uhfHeaderId": "MSDocsHeader-M365-IT",
+      "uhfHeaderId": "MSDocsHeader-Windows",
       "ms.topic": "article",
-      "audience": "ITPro",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
       "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
diff --git a/windows/whats-new/index.yml b/windows/whats-new/index.yml
index b99c54cd1c..193ffc24a8 100644
--- a/windows/whats-new/index.yml
+++ b/windows/whats-new/index.yml
@@ -14,7 +14,7 @@ metadata:
     - tier1
   author: aczechowski
   ms.author: aaroncz
-  manager: dougeby
+  manager: aaroncz
   ms.date: 11/14/2022
   localization_priority: medium
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 52223f9e9b..99cf0f87aa 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -208,14 +208,14 @@ Windows Hello for Business now supports FIDO 2.0 authentication for Azure AD Joi
 
 For more information, see: [Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/#OdKBg3pwJQcEKCbJ.97)
 
-#### Windows Defender Credential Guard
+#### Credential Guard
 
-Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.
+Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.
 
-Windows Defender Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory-joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode.
+Credential Guard has always been an optional feature, but Windows 10 in S mode turns on this functionality by default when the machine has been Azure Active Directory-joined. This feature provides an added level of security when connecting to domain resources not normally present on devices running Windows 10 in S mode.
 
 > [!NOTE]
-> Windows Defender Credential Guard is available only to S mode devices or Enterprise and Education Editions.
+> Credential Guard is available only to S mode devices or Enterprise and Education Editions.
 
 For more information, see [Credential Guard Security Considerations](/windows/security/identity-protection/credential-guard/credential-guard-requirements#security-considerations).
 
@@ -456,7 +456,7 @@ Windows 10 Enterprise LTSC 2019 adds many new [configuration service providers (
 
 Some of the other new CSPs are:
 
-- The [DynamicManagement CSP](/windows/client-management/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can't reach the management server when the location or network changes. The dynamic management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
+- The [DynamicManagement CSP](/windows/client-management/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country/region to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can't reach the management server when the location or network changes. The dynamic management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
 
 - The [CleanPC CSP](/windows/client-management/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data.
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
index 48b3e3b651..c07ad692ea 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -74,7 +74,7 @@ Windows Defender Firewall also now supports [Windows Subsystem for Linux (WSL)](
 
 ### Virus and threat protection
 
-[Attack surface area reduction](/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) - IT admins can configure devices with advanced web protection that enables them to define allowlists and blocklists for specific URL's and IP addresses.
+[Attack surface area reduction](/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) - IT admins can configure devices with advanced web protection that enables them to define allowlists and blocklists for specific URLs and IP addresses.
 [Next generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10) - Controls have been extended to protection from ransomware, credential misuse, and attacks that are transmitted through removable storage.
   - Integrity enforcement capabilities - Enable remote runtime attestation of Windows 10 platform.
   - [Tamper-proofing](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection) capabilities - Uses virtualization-based security to isolate critical Microsoft Defender for Endpoint security capabilities away from the OS and attackers.
@@ -149,9 +149,9 @@ Windows Hello enhancements include:
 
 ### Credential protection
 
-#### Windows Defender Credential Guard
+#### Credential Guard
 
-[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard) is now available for ARM64 devices, for extra protection against credential theft for enterprises deploying ARM64 devices in their organizations, such as Surface Pro X.
+[Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard) is now available for ARM64 devices, for extra protection against credential theft for enterprises deploying ARM64 devices in their organizations, such as Surface Pro X.
 
 ### Privacy controls
 
diff --git a/windows/whats-new/temporary-enterprise-feature-control.md b/windows/whats-new/temporary-enterprise-feature-control.md
index 4db66dd6c4..b20be1c0ab 100644
--- a/windows/whats-new/temporary-enterprise-feature-control.md
+++ b/windows/whats-new/temporary-enterprise-feature-control.md
@@ -45,4 +45,4 @@ You can use a policy to enable features that are behind temporary enterprise fea
 - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\\**Enable features introduced via servicing that are off by default**
 
 - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)
-   - In the Intune [settings catalog](/intune/configuration/settings-catalog), this setting is named **Allow Temporary Enterprise Feature Control** under the **Windows Update for Business** category.
+   - In the Intune [settings catalog](/mem/intune/configuration/settings-catalog), this setting is named **Allow Temporary Enterprise Feature Control** under the **Windows Update for Business** category.
diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index 8a8e9a3e7e..b62a1a7579 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -212,7 +212,7 @@ Windows 10, version 1703 adds many new [configuration service providers (CSPs)](
 
 Some of the other new CSPs are:
 
-- The [DynamicManagement CSP](/windows/client-management/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
+- The [DynamicManagement CSP](/windows/client-management/mdm/dynamicmanagement-csp) allows you to manage devices differently depending on location, network, or time. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country/region to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs.
 
 - The [CleanPC CSP](/windows/client-management/mdm/cleanpc-csp) allows removal of user-installed and pre-installed applications, with the option to persist user data.
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md
index 55b211215b..4f608c1dd6 100644
--- a/windows/whats-new/whats-new-windows-10-version-1709.md
+++ b/windows/whats-new/whats-new-windows-10-version-1709.md
@@ -80,7 +80,7 @@ The AssignedAccess CSP has been expanded to make it easy for administrators to c
 ## Security
 
 >[!NOTE]
->Windows security features have been rebranded as Windows Defender security features, including Windows Defender Device Guard, Windows Defender Credential Guard, and Windows Defender Firewall.
+>Windows security features have been rebranded as Windows Defender security features, including Windows Defender Device Guard, Credential Guard, and Windows Defender Firewall.
 
 **Windows security baselines** have been updated for Windows 10. A [security baseline](/windows/device-security/windows-security-baselines) is a group of Microsoft-recommended configuration settings and explains their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](/windows/device-security/security-compliance-toolkit-10).
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index b617d899f5..ad971e7d6a 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -141,11 +141,11 @@ You can add specific rules for a WSL process in Windows Defender Firewall, just
 
 We introduced new group policies and Modern Device Management settings to manage Microsoft Edge. The new policies include enabling and disabling full-screen mode, printing, favorites bar, and saving history; preventing certificate error overrides; configuring the Home button and startup options; setting the New Tab page and Home button URL, and managing extensions. Learn more about the [new Microsoft Edge policies](/microsoft-edge/deploy/change-history-for-microsoft-edge).
 
-### Windows Defender Credential Guard is supported by default on 10S devices that are Azure Active Directory-joined
+### Credential Guard is supported by default on 10S devices that are Azure Active Directory-joined
 
-Windows Defender Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.
+Credential Guard is a security service in Windows 10 built to protect Active Directory (AD) domain credentials so that they can't be stolen or misused by malware on a user's machine. It's designed to protect against well-known threats such as Pass-the-Hash and credential harvesting.
 
-Windows Defender Credential Guard has always been an optional feature, but Windows 10-S turns on this functionality by default when the machine has been Azure Active Directory-joined. This functionality provides an added level of security when connecting to domain resources not normally present on 10-S devices. Windows Defender Credential Guard is available only to S-Mode devices or Enterprise and Education Editions. 
+Credential Guard has always been an optional feature, but Windows 10-S turns on this functionality by default when the machine has been Azure Active Directory-joined. This functionality provides an added level of security when connecting to domain resources not normally present on 10-S devices. Credential Guard is available only to S-Mode devices or Enterprise and Education Editions. 
 
 ### Windows 10 Pro S Mode requires a network connection
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md
index 602a7fcac7..d40de13c9d 100644
--- a/windows/whats-new/whats-new-windows-10-version-1909.md
+++ b/windows/whats-new/whats-new-windows-10-version-1909.md
@@ -41,9 +41,9 @@ If you're using Windows Update for Business, you'll receive the Windows 10, vers
 
 ## Security
 
-### Windows Defender Credential Guard
+### Credential Guard
 
-[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard) is now available for ARM64 devices, for extra protection against credential theft for enterprises deploying ARM64 devices in their organizations, such as Surface Pro X.
+[Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard) is now available for ARM64 devices, for extra protection against credential theft for enterprises deploying ARM64 devices in their organizations, such as Surface Pro X.
 
 ### Microsoft BitLocker
 
@@ -55,7 +55,10 @@ Windows 10, version 1909 also includes two new features called **Key-rolling** a
 
 ### Transport Layer Security (TLS)
 
-An experimental implementation of TLS 1.3 is included in Windows 10, version 1909. TLS 1.3 disabled by default system wide. If you enable TLS 1.3 on a device for testing, then it can also be enabled in Internet Explorer 11.0 and Microsoft Edge by using Internet Options. For beta versions of Microsoft Edge on Chromium, TLS 1.3 isn't built on the Windows TLS stack, and is instead configured independently, using the **Edge://flags** dialog. Also see [Microsoft Edge platform status](https://developer.microsoft.com/microsoft-edge/status/tls13/)
+An experimental implementation of TLS 1.3 is included in Windows 10, version 1909. TLS 1.3 is disabled by default system wide. If you enable TLS 1.3 on a device for testing, then it can also be enabled in Internet Explorer 11.0 and Microsoft Edge by using Internet Options. For beta versions of Microsoft Edge on Chromium, TLS 1.3 isn't built on the Windows TLS stack, and is instead configured independently, using the **Edge://flags** dialog. Also see [Microsoft Edge platform status](https://developer.microsoft.com/microsoft-edge/status/tls13/)
+
+>[!NOTE]
+>The experiental implementation of TLS 1.3 isn't supported. TLS 1.3 is only supported on Windows 11 and Server 2022. For more information, see [Protocols in TLS/SSL (Schannel SSP)](/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-).
 
 ## Virtualization
 
diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md
index 37a10475d2..a433405b4e 100644
--- a/windows/whats-new/whats-new-windows-10-version-20H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-20H2.md
@@ -25,7 +25,7 @@ This article lists new and updated features and content that is of interest to I
 
 As with previous fall releases, Windows 10, version 20H2 is a scoped set of features for select performance improvements, enterprise features, and quality enhancements. As an [H2-targeted release](/lifecycle/faq/windows), 20H2 is serviced for 30 months from the release date for devices running Windows 10 Enterprise or Windows 10 Education editions. 
 
-To download and install Windows 10, version 20H2, use Windows Update (**Settings > Update & Security > Windows Update**). For more information, including a video, see [How to get the Windows 10 October 2020 Update](https://community.windows.com/videos/how-to-get-the-windows-10-october-2020-update/7c7_mWN0wi8). 
+To download and install Windows 10, version 20H2, use Windows Update (**Settings > Update & Security > Windows Update**).
 
 ## Microsoft Edge
 
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index 6a7edcc281..b09c1ab588 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -11,7 +11,7 @@ ms.collection:
   - highpri
   - tier2
 ms.technology: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 08/11/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2</a>
 ---
@@ -40,7 +40,7 @@ For more information, see [Microsoft Pluton security processor](/windows/securit
 <!--6286059, 6063796-->
 **Enhanced Phishing Protection** in **Microsoft Defender SmartScreen** helps protect Microsoft school or work passwords against phishing and unsafe usage on websites and in applications. Enhanced Phishing Protection works alongside Windows security protections to help protect Windows 11 work or school sign-in passwords.
 
-For more information, see [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen) and [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog.
+For more information, see [Enhanced Phishing Protection in Microsoft Defender SmartScreen](/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection) and [Protect passwords with enhanced phishing protection](https://aka.ms/EnhancedPhishingProtectionBlog) in the Windows IT Pro blog.
 
 ## Smart App Control
 <!-- 6286281-->
@@ -50,9 +50,9 @@ For more information, see [Smart App Control](/windows/security/threat-protectio
 
 ## Credential Guard
 <!--6289166-->
-Compatible Windows 11 Enterprise version 22H2 devices will have **Windows Defender Credential Guard** turned on by default. This changes the default state of the feature in Windows, though system administrators can still modify this enablement state.
+Compatible Windows 11 Enterprise version 22H2 devices will have **Credential Guard** turned on by default. This changes the default state of the feature in Windows, though system administrators can still modify this enablement state.
 
-For more information, see [Manage Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-manage).
+For more information, see [Manage Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard-manage).
 
 ## Malicious and vulnerable driver blocking
 <!--6286432-->
diff --git a/windows/whats-new/windows-11-overview.md b/windows/whats-new/windows-11-overview.md
index 90928f5742..2bab9205d6 100644
--- a/windows/whats-new/windows-11-overview.md
+++ b/windows/whats-new/windows-11-overview.md
@@ -152,7 +152,7 @@ For more information on the security features you can configure, manage, and enf
 
 - Your Windows 10 apps will also work on Windows 11. **[App Assure](https://www.microsoft.com/fasttrack/microsoft-365/app-assure)** is also available if there are some issues.
 
-  You can continue to use **MSIX packages** for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use **Windows Package Manager** to install Windows apps. You can create **Azure virtual desktops** that run Windows 11. Use **Azure Virtual desktop with MSIX app attach** to virtualize desktops and apps. For more information on these features, see [Overview of apps on Windows client devices](/windows/application-management/apps-in-windows-10).
+  You can continue to use **MSIX packages** for your UWP, Win32, WPF, and WinForm desktop application files. Continue to use **Windows Package Manager** to install Windows apps. You can create **Azure virtual desktops** that run Windows 11. Use **Azure Virtual desktop with MSIX app attach** to virtualize desktops and apps. For more information on these features, see [Overview of apps on Windows client devices](/windows/application-management/overview-windows-apps).
 
   In the **Settings** app > **Apps**, users can manage some of the app settings. For example, they can get apps anywhere, but let the user know if there's a comparable app in the Microsoft Store. They can also choose which apps start when they sign in.
 
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index 346990f31f..fa33976e89 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -11,7 +11,7 @@ ms.collection:
   - highpri
   - tier1
 ms.technology: itpro-fundamentals
-ms.date: 12/31/2017
+ms.date: 08/11/2023
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -103,9 +103,9 @@ Microsoft's compatibility promise for Windows 10 is maintained for Windows 11. D
 
 If you run into compatibility issues or want to ensure that your organization's applications are compatible from day one, App Assure and Test Base for Microsoft 365 can help. 
 
-**App Assure**: With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft will help you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats. 
+- **App Assure**: With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft will help you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats.
 
-**Test Base for Microsoft 365**: For software publishers, systems integrators, and IT administrators, [Test Base for Microsoft 365](https://aka.ms/testbase) is a service that allows you to validate your apps across various Windows features and quality updates and environments in a Microsoft-managed Azure environment. Enterprise organizations can also nominate their software publishers for participation by completing a short form.  
+- **Test Base for Microsoft 365**: [Test Base](https://portal.azure.com/?feature.Win11=true%2F#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/Microsoft.TestBase) is a cloud testing platform that can help you evaluate applications readiness for Windows 11 upgrade or migration. IT administrators, software publishers, and system integrators can find desired test cases throughout the entire Windows validation lifecycle. Tests include, but aren't limited to, in-place upgrade validation, monthly quality updates, and tests against Windows preview features.
 
 You might already be using App Assure and Test Base in your Windows 10 environment. Both of these tools will continue to function with Windows 11. 
 
diff --git a/windows/whats-new/windows-licensing.md b/windows/whats-new/windows-licensing.md
index 3a56385d67..d6f384c4f5 100644
--- a/windows/whats-new/windows-licensing.md
+++ b/windows/whats-new/windows-licensing.md
@@ -7,7 +7,7 @@ ms.author: paoloma
 manager: aaroncz
 ms.collection:
 - tier2
-ms.topic: conceptual
+ms.topic: overview
 ms.date: 05/04/2023
 appliesto:
 - ✅ <a href=/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
@@ -67,7 +67,7 @@ The following table describes the unique Windows Enterprise edition features:
 
 | OS-based feature | Description |
 |-|-|
-|**[Windows Defender Credential Guard][WIN-1]**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
+|**[Credential Guard][WIN-1]**|Protects against user credential harvesting and pass-the-hash attacks or pass the token attacks.|
 |**[Managed Microsoft Defender Application Guard (MDAG) for Microsoft Edge][WIN-11]**| Isolates enterprise-defined untrusted sites with virtualization-based security from Windows, protecting your organization while users browse the Internet.|
 |**[Modern BitLocker Management][WIN-2]** | Allows you to eliminate on-premises tools to monitor and support BitLocker recovery scenarios. |  
 |**[Personal Data Encryption][WIN-3]**|Encrypts individual's content using Windows Hello for Business to link the encryption keys to user credentials.|
@@ -135,13 +135,13 @@ In most cases, the Windows Pro edition comes pre-installed on a business-class d
 - A developer that is developing applications that must be tested and certified on Pro, as that is how it will be delivered to customers
 - A Windows Pro device that was pre-configured for a specific purpose and is certified on Pro only
 
-In these cases, you want the PC to be configured, secured, monitored, and updated with the enterprise management and security tools that come with the Windows Enterprise user subscription. Your Windows Enterprise E3 subscriptions does not block these scenarios.
+In these cases, you want the PC to be configured, secured, monitored, and updated with the enterprise management and security tools that come with the Windows Enterprise user subscription. Your Windows Enterprise E3 subscription doesn't block these scenarios.
 
 The following table lists the Windows 11 Enterprise features and their Windows edition requirements:
 
 | OS-based feature |Windows Pro|Windows Enterprise|
 |-|-|-|
-|**[Windows Defender Credential Guard][WIN-1]**|❌|Yes|
+|**[Credential Guard][WIN-1]**|❌|Yes|
 |**[Microsoft Defender Application Guard (MDAG) for Microsoft Edge][WIN-11]**|Yes|Yes|
 |**[Modern BitLocker Management][WIN-2]**|Yes|Yes|
 |**[Personal data encryption (PDE)][WIN-3]**|❌|Yes|